44ef2a3ec1
The new master branch should point now to rocky. So, HOT templates should specify that they might contain features for rocky release [1] Also, this submission updates the yaml validation to use only latest heat_version alias. There are cases in which we will need to set the version for specific templates i.e. mixed versions, so there is added a variable to assign specific templates to specific heat_version aliases, avoiding the introductions of error by bulk replacing the the old version in new releases. [1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#rocky Change-Id: Ib17526d9cc453516d99d4659ee5fa51a5aa7fb4b
71 lines
2.5 KiB
YAML
71 lines
2.5 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Barbican API PKCS#11 crypto backend configured with Puppet
|
|
|
|
parameters:
|
|
# Required default parameters
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
BarbicanPkcs11CryptoLibraryPath:
|
|
description: Path to vendor PKCS11 library
|
|
type: string
|
|
BarbicanPkcs11CryptoLogin:
|
|
description: Password to login to PKCS11 session
|
|
type: string
|
|
hidden: true
|
|
BarbicanPkcs11CryptoMKEKLabel:
|
|
description: Label for Master KEK
|
|
type: string
|
|
BarbicanPkcs11CryptoMKEKLength:
|
|
description: Length of Master KEK in bytes
|
|
type: number
|
|
BarbicanPkcs11CryptoHMACLabel:
|
|
description: Label for the HMAC key
|
|
type: string
|
|
BarbicanPkcs11CryptoSlotId:
|
|
description: Slot Id for the HSM
|
|
type: number
|
|
BarbicanPkcs11CryptoGlobalDefault:
|
|
description: Whether this plugin is the global default plugin
|
|
type: boolean
|
|
default: false
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Barbican PKCS#11 backend.
|
|
value:
|
|
service_name: barbican_backend_pkcs11_crypto
|
|
config_settings:
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_library_path {get_param: BarbicanPkcs11CryptoLibraryPath}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_login {get_param: BarbicanPkcs11CryptoLogin}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_mkek_label: {get_param: BarbicanPkcs11CryptoMKEKLabel}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_mkek_length: {get_param: BarbicanPkcs11CryptoMKEKLength}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_hmac_label: {get_param: BarbicanPkcs11CryptoHMACLabel}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_slot_id: {get_param: BarbicanPkcs11CryptoSlotId}
|
|
barbican::plugins::p11_crypto::global_default: {get_param: BarbicanPkcs11CryptoGlobalDefault}
|