Commit Graph

236 Commits

Author SHA1 Message Date
Takashi Kajinami 9a728d5a5d Expose rabbit_transient_quorum_queue
Depends-on: https://review.opendev.org/911021
Change-Id: Icdc456fb132d74037dff7ce5c502994103061258
2024-03-13 16:14:10 +09:00
Takashi Kajinami d2625af949 Deprecate parameters for certificate plugins
... because certificate plugins were deprecated some time ago in
Barbican and are being removed in this cycle.

Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640
Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed
2024-03-08 13:41:21 +09:00
Zuul 9c0930273d Merge "Refactor resource dependencies" 2024-02-29 08:15:12 +00:00
Takashi Kajinami 33492bfc70 Support [queue] asynchronous_workers option
... which determines number of processes launched in barbican-worker.

Change-Id: Ia31a7d440ba3102afa7b5972fe893cfb4f1817a1
2024-02-25 16:54:46 +00:00
Takashi Kajinami 276812bec6 healthcheck: Expose ignore_proxied_requests parameter
Depends-on: https://review.opendev.org/909807
Change-Id: Id5c5cb90a50983357d0c8001eedefedb3fd60f4d
2024-02-22 03:04:48 +00:00
Takashi Kajinami 7040e66812 Refactor resource dependencies
This refactors resource dependencies to improve the following points.

 - Avoid unnecessary dependencies across services. For example aodh
   service does not require cinder db.

 - Restart only api service when config files like paste.ini, which
   are used only be api service is changed.

Change-Id: Iad138f5d2e8c7427e02b889c43c26f00213636f3
2024-02-17 21:23:16 +09:00
Zuul 926d47ea1d Merge "healthcheck: Expose allowed_source_ranges" 2024-01-18 16:42:11 +00:00
Takashi Kajinami 7c460507f2 healthcheck: Expose allowed_source_ranges
... which was added to puppet-oslo recently.

Depends-on: https://review.opendev.org/905557
Change-Id: I5d81635643b0cb8ceac80702e2d539db73c598e9
2024-01-17 02:39:52 +09:00
Zuul b23fc4b8cb Merge "vault: Drop redundant hard-coded default of use_ssl" 2023-12-15 18:21:08 +00:00
Takashi Kajinami 01ececb278 vault: Drop redundant hard-coded default of use_ssl
... because the option defaults to false in Barbican itself.

Change-Id: I328421404969571111a24d9c8a42c3da884a512b
2023-12-15 16:50:35 +09:00
Takashi Kajinami 5bd12fd7f4 kmip: Leverage the service default
The kmip plugin uses the reasonable default tcp port (5969) in case
the port option is not set.

Change-Id: Ic32a397e93479f7d54e22e3f94e35c7c95dbbca4
2023-12-15 16:42:32 +09:00
Takashi Kajinami 19f9032983 Use new openstackclient tag
The new openstackclient tag was added so that we can get all resources
about openstack CLI more easily. This adds this tag to barbicanclient
because the package provides some sub-commands.

Change-Id: I8f1f8b4a6de6ca0d95c2f53a89a1d50a6c82d29e
2023-11-19 16:16:23 +00:00
Takashi Kajinami 7bcaae05f6 Remove cleanup of [DEFAULT] bind_host and bind_port
The cleanup logic was added before 2023.1 release so we can assume
these options are purged before a deployment is upgraded.

Change-Id: If6949bb89b01104abe09515c6b93f7d7fed709d5
2023-10-13 21:49:08 +09:00
Takashi Kajinami 2f4fe1dac3 Remove usage of deleted manifest_dir
Recent update in rspec-puppet removed some of the config interfaces for
old puppet versions[1]. This drops usage of these interfaces to resolve
the following error in unit tests.

```
An error occurred while loading ./spec/unit/provider/manila_spec.rb.
Failure/Error: c.manifest_dir = File.join(fixture_path, 'manifests')

NoMethodError:
  undefined method `manifest_dir='...
```

[1] 316d95923c

Change-Id: I32d647ddd8faf036af14817f94c7c8e3e26178b1
2023-10-11 11:52:42 +09:00
Takashi Kajinami 122686e238 RabbitMQ: Add support for quorum queue options
Depends-on: https://review.opendev.org/894866
Change-Id: I55b5eb5d6139f464f633d5c13827fea91378e3b7
2023-09-14 22:48:48 +09:00
Tobias Urdin c38323518b Add per module policy service refresh
Updating the policies for this project should only
refresh the services that reads it.

Change-Id: I42153ec891feb569a9614166104be5382d893f96
2023-06-26 00:03:26 +02:00
Takashi Kajinami 729f5d286c Replace legacy facts and use fact hash
... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: I6e76d095bb0f78ef4962f1150da94e4d4153a374
2023-03-01 16:51:25 +09:00
Takashi Kajinami 626681f04d CentOS: Install barbican-retry service
RDO now provides the package to launch the barbican-retry service[1].
This change ensures the package and the service are configured by
the corresponding class.

[1] https://review.rdoproject.org/r/c/openstack/barbican-distgit/+/40434

Change-Id: I134feadb75b397bc159a8fe9e3dbc87915339785
2023-02-26 15:14:03 +09:00
Takashi Kajinami acd9bf3373 Expose policy_default_rule
The option has been managed by the underlying puppet-oslo module but
has not been configurable. This introduces the parameter to customize
the option.

Change-Id: I7eb5ab771da3b6e2c446f4d8e83394a544fd147d
2023-01-23 14:27:53 +09:00
Takashi Kajinami 334a0686c2 Enable memcached in acceptance tests
... because it is required as cache backend.

Change-Id: If92f66b6c3a7031f228ab969671afacd3db9ebea
2022-09-06 23:51:08 +09:00
Takashi Kajinami eb2b84ea8f Fix inconsistent parameter/resource names of wsgi::apache
The barbican::wsgi::apache class names a few parameters and resources
differently from the other modules. To make its interface and
implementation consistent with the other implementations, this renames
these inconsistent names. The old parameter names are kept but will be
removed in a future release.

Change-Id: I49ca51e4ea7a2404dfdbd0c88ce39339750da4f6
2022-08-26 15:46:37 +09:00
Takashi Kajinami 38981908d8 Add Apache WSGI logging parameters for pipe/syslog
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)

Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: I77f1d65b1f6085fdb1205de9654a8d6d2da496f5
2022-08-26 15:00:26 +09:00
Takashi Kajinami 5d4084a951 Remove the temporal logic to fix barbican_api pipeline
The old wrong value should be fixed when the deployment is updated to
stable/yoga, and the logic is no longer used in stable/zed and later.

Related-Bug: #1946378
Change-Id: I699847c127e5890857446585ededc9d860b0dc78
2022-08-20 12:10:13 +09:00
Takashi Kajinami 577a44a522 Adapt to new type validation in puppetlabs-apache
The puppetlabs-apache module is enforcing more strict data type
validation[1].

This change updates the default values to adapt to that change.

[1] f41251e336

Closes-Bug: #1983300
Depends-on: https://review.opendev.org/851652
Change-Id: I9573f53e24dcf0666e4649189ccd8fcab0dbcc26
2022-08-02 16:56:24 +09:00
Zuul b50eb0a28a Merge "Remove support for [p11_crypto_plugin] token_label" 2022-08-01 08:46:43 +00:00
Zuul 9a343b0de5 Merge "Debian/Ubuntu: Enable validations in acceptance tests" 2022-08-01 08:05:30 +00:00
Zuul 4440b6cf82 Merge "Expose headers option of apache::vhost" 2022-07-30 15:26:03 +00:00
Takashi Kajinami c7db104678 Revert "CentOS 9: Disable unit tests dependent on puppet-postgresql"
This reverts commit d8067ab5a2.

Reason for revert:
puppet-postgresql 8.1.0 was released and now the module supports RHEL 9
(and CentOS 9 effectively).

Note:
This change adds the service_provider fact in test fact data because
it is required by puppet-postgresql.

Depends-on: https://review.opendev.org/850705
Change-Id: I8916f2eae939dd03126035ca2d52c8da50caf501
2022-07-24 00:37:38 +09:00
Takashi Kajinami cb89bdacb3 Debian/Ubuntu: Enable validations in acceptance tests
Now a few deployment validations are implemented in acceptance tests
but these are enabled in only CentOS/RHEL. This enables these in Debian
and Ubuntu because there is no distro-specific requirement.

Change-Id: I7b50f49fe4316c83f169bfdbdd5d79a5e3b9b253
2022-07-16 06:33:14 +09:00
Zuul 8d919fc211 Merge "Add acceptance tests for config management resources" 2022-07-15 19:51:43 +00:00
Takashi Kajinami b8c8d1f245 Fix wrong test description
The value with a white space should be accepted instead of being
rejected. This change fixes the wrong test case description and makes
sure the description explains what is actually tested.

Change-Id: I0f7853c62b88ea423590f5c75eb47f7597f15a01
2022-07-11 23:25:21 +09:00
Takashi Kajinami 93e7add0b5 Add acceptance tests for config management resources
Change-Id: I348bd6d07c9c6a99bb14bdaec4039649c25da0b5
2022-07-10 12:34:06 +09:00
Takashi Kajinami 72299ab60d Expose headers option of apache::vhost
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.

This change also adds support for request_headers so that both request
headers and response headers can customized.

Change-Id: I0e78f2183ffe14c310ee5c5632c203258c8c85cd
2022-06-30 11:11:50 +09:00
Takashi Kajinami f606fd1ca3 Remove support for [p11_crypto_plugin] token_label
... because it was deprecated during Wallaby cycle[1].

[1] 4403fe7247

Change-Id: Ia9b89d92256f51d5a48a19849715335f6856e839
2022-06-23 12:41:44 +09:00
Rajesh Tailor 3b1ecbed5c Fix some typos in parameter descriptions
Change-Id: I634698c222da7e5f570ac3bd2cdee924457791bd
2022-06-17 16:38:08 +05:30
Takashi Kajinami 109ea49acb api: Deprecate unused ssl parameters
These parameters are used by oslo.service library but Barbican does not
provide wsgi servce based on the library.

Change-Id: Ie035ec4a4dbce089e9911e11f91c2c013998192b
2022-05-19 14:47:45 +09:00
Zuul 3af0df5bb4 Merge "Remove non-existing bind_host/port" 2022-05-11 10:22:21 +00:00
Takashi Kajinami 043774f389 Remove non-existing bind_host/port
The bind_host parameter and the bind_port parameter are not implemented
in current Barbican. This change removes these ineffective parameters
from barbican.conf.

Change-Id: I7758a6e852795c5410e6dab023ce612f44ee27fd
2022-05-09 09:48:46 +09:00
Zuul fdda2d13a4 Merge "apache+mod_wsgi: Disable SSL by default" 2022-05-08 13:38:33 +00:00
Takashi Kajinami 6e8df9739a apache+mod_wsgi: Disable SSL by default
During the previous cycle, a warning message was added to inform users
of this change.

Now the default value is updated so that SSL is disabled by default.

Change-Id: I72cf30d418b99ba06c4d5738544acb1930d4806f
2022-05-06 20:41:43 +09:00
Zuul cb66231bbe Merge "Add general basic functionality to the base barbican class" 2022-05-06 04:48:24 +00:00
Takashi Kajinami 700b5e4148 Add general basic functionality to the base barbican class
This is the prep work to migrate some common parameters from the api
class to the base class, and implements basic functionality so that
the base class provides consistent functionality in all modules.

Change-Id: I0e20b135e8c29f1d27d39d2940d49ea30a1f512c
2022-04-26 10:06:23 +09:00
Takashi Kajinami 7912e8d09a simple_crypto: kek should be secret
... because the parameter takes encryption key.

Change-Id: I2d20cffb14295d560135ab1f1907da8b7ca3fc94
2022-04-25 15:41:23 +09:00
Takashi Kajinami 092b9e7050 Refactor barbican::plugins::kmip
* Use $::os_service_default instead of undef. These are effectively
  same but $::os_service_default is globally used

* Make sure the unused parameters are reset

Change-Id: Id6ce9d200a094429098257a0070dea0605fe4565
2022-03-21 23:06:36 +09:00
Takashi Kajinami 0d4580b27d Create a separate class for [retry_scheduler] parameters
This change adds an independent class for [retry_scheduler] parameters,
because these parameters are used not by the api service but the retry
daemon.

Currently no distro provides a package to install the service so
the new class only set parameters, which is incomplete. This will be
fixed once the packaging issue is resolved.

Change-Id: Ib8b649c2e5ac5fee5e5a3bd52caeb21780fc1f61
2022-03-14 09:39:01 +09:00
Takashi Kajinami 8166a080b9 Fix unit tests of barbican::api
This change ensures that default values are tested in unit tests. Also,
test cases for retry_scheduler parameters are added.

Change-Id: I69caa4e29ea4018105166bc879c6a93622df256a
2022-03-14 01:11:41 +09:00
Takashi Kajinami d8067ab5a2 CentOS 9: Disable unit tests dependent on puppet-postgresql
The puppt-postgresql module does not support CentOS 9 yet and requires
some version parameters to be run on CentOS 9. This change disables
unit tests requiring that module, until the module supports CentOS 9.

Change-Id: Icff8be15e0180d620488a80504208c12b8be6aac
2022-02-16 00:17:31 +09:00
Takashi Kajinami d7804328ab Avoid testing details of oslo::messaging(::*)
... so that any change in puppet-oslo would not directly break unit
tests.

Change-Id: I2582c9d0df640c3fd7f7f7d6ecae981b0b9591a5
2022-01-23 22:31:00 +09:00
Zuul b19934a74b Merge "Do not define service resource when service management is disabled" 2022-01-10 20:18:52 +00:00
Zuul bdded914ce Merge "Accept system scope credentials for Keystone API request" 2022-01-08 00:11:53 +00:00