Add parameters for Barbican for image signing
Change-Id: I9e87e7b927fa595d05e1ac872fa1aa1cbe40e5eb
This commit is contained in:
parent
26c38c1bd2
commit
9d5c6a43ee
|
@ -275,6 +275,21 @@
|
|||
# (optional) Maximum number of results that could be returned by a request
|
||||
# Default: $::os_service_default.
|
||||
#
|
||||
# [*keymgr_backend*]
|
||||
# (optional) Key Manager service class.
|
||||
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*keymgr_encryption_api_url*]
|
||||
# (optional) Key Manager service URL
|
||||
# Example of valid value: https://localhost:9311/v1
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*keymgr_encryption_auth_url*]
|
||||
# (optional) Auth URL for keymgr authentication. Should be in format
|
||||
# http://auth_url:5000/v3
|
||||
# Defaults to undef
|
||||
#
|
||||
# === deprecated parameters:
|
||||
#
|
||||
# [*known_stores*]
|
||||
|
@ -344,6 +359,9 @@ class glance::api(
|
|||
$validation_options = {},
|
||||
$limit_param_default = $::os_service_default,
|
||||
$api_limit_max = $::os_service_default,
|
||||
$keymgr_backend = undef,
|
||||
$keymgr_encryption_api_url = undef,
|
||||
$keymgr_encryption_auth_url = undef,
|
||||
# DEPRECATED PARAMETERS
|
||||
$known_stores = false,
|
||||
) inherits glance {
|
||||
|
@ -502,6 +520,14 @@ class glance::api(
|
|||
'DEFAULT/registry_client_key_file': value => $registry_client_key_file;
|
||||
}
|
||||
|
||||
if $keymgr_backend {
|
||||
glance_api_config {
|
||||
'key_manager/backend': value => $keymgr_backend;
|
||||
'barbican/barbican_endpoint': value => $keymgr_encryption_api_url;
|
||||
'barbican/auth_endpoint': value => $keymgr_encryption_auth_url;
|
||||
}
|
||||
}
|
||||
|
||||
if $manage_service {
|
||||
if $enabled {
|
||||
$service_ensure = 'running'
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- Add new options glance::api::keymgr_* to allow
|
||||
glance-api to interact with Barbican to store and
|
||||
retrieve secrets for features like image signing.
|
|
@ -387,6 +387,21 @@ describe 'glance::api' do
|
|||
)}
|
||||
|
||||
end
|
||||
|
||||
describe 'with barbican parameters' do
|
||||
let :params do
|
||||
default_params.merge!({
|
||||
:keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
||||
:keymgr_encryption_api_url => 'https://localhost:9311/v1',
|
||||
:keymgr_encryption_auth_url => 'https://localhost:5000/v3',
|
||||
})
|
||||
end
|
||||
it 'should set keymgr parameters' do
|
||||
is_expected.to contain_glance_api_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
|
||||
is_expected.to contain_glance_api_config('barbican/barbican_endpoint').with_value('https://localhost:9311/v1')
|
||||
is_expected.to contain_glance_api_config('barbican/auth_endpoint').with_value('https://localhost:5000/v3')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'glance::api Debian' do
|
||||
|
|
Loading…
Reference in New Issue