From 4e1d8ae5a03c1751ba57df5ef6eff23bfff11d69 Mon Sep 17 00:00:00 2001 From: James Page Date: Wed, 10 Oct 2018 17:05:21 +0100 Subject: [PATCH] Enable KV mountpoint configuration for Vault Add configuration option to support end-user configuration of the KV store mountpoint used in Vault for storage of keys. Change-Id: I4f136f5f356e3f25df09a513f0a7683082f5ce0f Related-Bug: 1797148 Depends-On: I625a819c2b9b542677258de709a9c520fb86858b --- barbican/plugin/vault_secret_store.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/barbican/plugin/vault_secret_store.py b/barbican/plugin/vault_secret_store.py index 4705b46e1..4e0539cda 100644 --- a/barbican/plugin/vault_secret_store.py +++ b/barbican/plugin/vault_secret_store.py @@ -23,6 +23,7 @@ from oslo_log import log LOG = log.getLogger(__name__) DEFAULT_VAULT_URL = "http://127.0.0.1:8200" +DEFAULT_MOUNTPOINT = "secret" vault_opt_group = cfg.OptGroup(name='vault_plugin', title='Vault Plugin') vault_opts = [ @@ -32,6 +33,10 @@ vault_opts = [ help='AppRole role_id for authentication with vault'), cfg.StrOpt('approle_secret_id', help='AppRole secret_id for authentication with vault'), + cfg.StrOpt('kv_mountpoint', + default=DEFAULT_MOUNTPOINT, + help='Mountpoint of KV store in Vault to use, for example: ' + '{}'.format(DEFAULT_MOUNTPOINT)), cfg.StrOpt('vault_url', default=DEFAULT_VAULT_URL, help='Use this endpoint to connect to Vault, for example: ' @@ -75,6 +80,7 @@ class VaultSecretStore(css.CastellanSecretStore): vault_root_token_id=conf.vault_plugin.root_token_id, vault_approle_role_id=conf.vault_plugin.approle_role_id, vault_approle_secret_id=conf.vault_plugin.approle_secret_id, + vault_kv_mountpoint=conf.vault_plugin.kv_mountpoint, vault_url=conf.vault_plugin.vault_url, vault_ssl_ca_crt_file=conf.vault_plugin.ssl_ca_crt_file, vault_use_ssl=conf.vault_plugin.use_ssl