f8decc73fc
Change-Id: I7aaa242ee1ecbfcbcc7502b0ce8e5a9191d307f2 Depends-On: I07e52897897f453382f74aa4fdaa98c37e6eca30
71 lines
2.5 KiB
YAML
71 lines
2.5 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
Barbican API PKCS#11 crypto backend configured with Puppet
|
|
|
|
parameters:
|
|
# Required default parameters
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
BarbicanPkcs11CryptoLibraryPath:
|
|
description: Path to vendor PKCS11 library
|
|
type: string
|
|
BarbicanPkcs11CryptoLogin:
|
|
description: Password to login to PKCS11 session
|
|
type: string
|
|
hidden: true
|
|
BarbicanPkcs11CryptoMKEKLabel:
|
|
description: Label for Master KEK
|
|
type: string
|
|
BarbicanPkcs11CryptoMKEKLength:
|
|
description: Length of Master KEK in bytes
|
|
type: number
|
|
BarbicanPkcs11CryptoHMACLabel:
|
|
description: Label for the HMAC key
|
|
type: string
|
|
BarbicanPkcs11CryptoSlotId:
|
|
description: Slot Id for the HSM
|
|
type: number
|
|
BarbicanPkcs11CryptoGlobalDefault:
|
|
description: Whether this plugin is the global default plugin
|
|
type: boolean
|
|
default: false
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Barbican PKCS#11 backend.
|
|
value:
|
|
service_name: barbican_backend_pkcs11_crypto
|
|
config_settings:
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_library_path {get_param: BarbicanPkcs11CryptoLibraryPath}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_login {get_param: BarbicanPkcs11CryptoLogin}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_mkek_label: {get_param: BarbicanPkcs11CryptoMKEKLabel}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_mkek_length: {get_param: BarbicanPkcs11CryptoMKEKLength}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_hmac_label: {get_param: BarbicanPkcs11CryptoHMACLabel}
|
|
barbican::plugins::p11_crypto::p11_crypto_plugin_slot_id: {get_param: BarbicanPkcs11CryptoSlotId}
|
|
barbican::plugins::p11_crypto::global_default: {get_param: BarbicanPkcs11CryptoGlobalDefault}
|