Merge "Add config option for Barbican endpoint type"

This commit is contained in:
Zuul 2018-05-09 15:59:02 +00:00 committed by Gerrit Code Review
commit 6336a59b9b
3 changed files with 22 additions and 4 deletions

View File

@ -70,6 +70,12 @@ barbican_opts = [
default=True,
help='Specifies if insecure TLS (https) requests. If False, '
'the server\'s certificate will not be validated'),
cfg.StrOpt('barbican_endpoint_type',
default='public',
choices=['public', 'internal', 'admin'],
help='Specifies the type of endpoint. Allowed values are: '
'public, private, and admin'),
]
BARBICAN_OPT_GROUP = 'barbican'
@ -183,12 +189,13 @@ class BarbicanKeyManager(key_manager.KeyManager):
raise exception.Forbidden(reason=msg)
def _get_barbican_endpoint(self, auth, sess):
if self.conf.barbican.barbican_endpoint:
return self.conf.barbican.barbican_endpoint
barbican = self.conf.barbican
if barbican.barbican_endpoint:
return barbican.barbican_endpoint
else:
service_parameters = {'service_type': 'key-manager',
'service_name': 'barbican',
'interface': 'public'}
'interface': barbican.barbican_endpoint_type}
return auth.get_endpoint(sess, **service_parameters)
def _create_base_url(self, auth, sess, endpoint):

View File

@ -40,7 +40,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
barbican_api_version=None, auth_endpoint=None,
retry_delay=None, number_of_retries=None, verify_ssl=None,
api_class=None, vault_root_token_id=None, vault_url=None,
vault_ssl_ca_crt_file=None, vault_use_ssl=None):
vault_ssl_ca_crt_file=None, vault_use_ssl=None,
barbican_endpoint_type=None):
"""Set defaults for configuration values.
Overrides the default options values.
@ -56,6 +57,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
:param vault_url: Use this for the url for vault.
:param vault_use_ssl: Use this to force vault driver to use ssl.
:param vault_ssl_ca_crt_file: Use this for the CA file for vault.
:param barbican_endpoint_type: Use this to specify the type of URL.
: Valid values are: public, internal or admin.
"""
conf.register_opts(km.key_manager_opts, group='key_manager')
if bkm:
@ -87,6 +90,9 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
if verify_ssl is not None:
conf.set_default('verify_ssl', verify_ssl,
group=bkm.BARBICAN_OPT_GROUP)
if barbican_endpoint_type is not None:
conf.set_default('barbican_endpoint_type', barbican_endpoint_type,
group=bkm.BARBICAN_OPT_GROUP)
if vkm is not None:
if vault_root_token_id is not None:

View File

@ -66,3 +66,8 @@ class TestOptions(base.TestCase):
options.set_defaults(conf, verify_ssl=True)
self.assertEqual(verify_ssl,
conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl)
barbican_endpoint_type = 'internal'
options.set_defaults(conf, barbican_endpoint_type='internal')
result_type = conf.get(bkm.BARBICAN_OPT_GROUP).barbican_endpoint_type
self.assertEqual(barbican_endpoint_type, result_type)