Add parameters for Barbican for image signing

Change-Id: I9e87e7b927fa595d05e1ac872fa1aa1cbe40e5eb
This commit is contained in:
Ade Lee 2017-11-29 23:22:51 -05:00
parent 26c38c1bd2
commit 9d5c6a43ee
3 changed files with 46 additions and 0 deletions

View File

@ -275,6 +275,21 @@
# (optional) Maximum number of results that could be returned by a request
# Default: $::os_service_default.
#
# [*keymgr_backend*]
# (optional) Key Manager service class.
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
# Defaults to undef.
#
# [*keymgr_encryption_api_url*]
# (optional) Key Manager service URL
# Example of valid value: https://localhost:9311/v1
# Defaults to undef
#
# [*keymgr_encryption_auth_url*]
# (optional) Auth URL for keymgr authentication. Should be in format
# http://auth_url:5000/v3
# Defaults to undef
#
# === deprecated parameters:
#
# [*known_stores*]
@ -344,6 +359,9 @@ class glance::api(
$validation_options = {},
$limit_param_default = $::os_service_default,
$api_limit_max = $::os_service_default,
$keymgr_backend = undef,
$keymgr_encryption_api_url = undef,
$keymgr_encryption_auth_url = undef,
# DEPRECATED PARAMETERS
$known_stores = false,
) inherits glance {
@ -502,6 +520,14 @@ class glance::api(
'DEFAULT/registry_client_key_file': value => $registry_client_key_file;
}
if $keymgr_backend {
glance_api_config {
'key_manager/backend': value => $keymgr_backend;
'barbican/barbican_endpoint': value => $keymgr_encryption_api_url;
'barbican/auth_endpoint': value => $keymgr_encryption_auth_url;
}
}
if $manage_service {
if $enabled {
$service_ensure = 'running'

View File

@ -0,0 +1,5 @@
---
features:
- Add new options glance::api::keymgr_* to allow
glance-api to interact with Barbican to store and
retrieve secrets for features like image signing.

View File

@ -387,6 +387,21 @@ describe 'glance::api' do
)}
end
describe 'with barbican parameters' do
let :params do
default_params.merge!({
:keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
:keymgr_encryption_api_url => 'https://localhost:9311/v1',
:keymgr_encryption_auth_url => 'https://localhost:5000/v3',
})
end
it 'should set keymgr parameters' do
is_expected.to contain_glance_api_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
is_expected.to contain_glance_api_config('barbican/barbican_endpoint').with_value('https://localhost:9311/v1')
is_expected.to contain_glance_api_config('barbican/auth_endpoint').with_value('https://localhost:5000/v3')
end
end
end
shared_examples_for 'glance::api Debian' do