openstack
/
puppet-barbican
Code Issues Proposed changes

Replace legacy facts and use fact hash 

... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: I6e76d095bb0f78ef4962f1150da94e4d4153a374
This commit is contained in:
Takashi Kajinami 2023-03-01 13:36:48 +09:00
parent 626681f04d
commit 729f5d286c
35 changed files with 340 additions and 388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
manifests/api.pp
View File

@ -24,47 +24,47 @@
# #
# [*max_allowed_secret_in_bytes*] # [*max_allowed_secret_in_bytes*]
# (optional) Maximum allowed secret size to be stored. # (optional) Maximum allowed secret size to be stored.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*max_allowed_request_size_in_bytes*] # [*max_allowed_request_size_in_bytes*]
# (optional) Maximum request size against the barbican API. # (optional) Maximum request size against the barbican API.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*default_transport_url*] # [*default_transport_url*]
# (optional) Connection url for oslo messaging backend. An example rabbit url # (optional) Connection url for oslo messaging backend. An example rabbit url
# would be, rabbit://user:pass@host:port/virtual_host # would be, rabbit://user:pass@host:port/virtual_host
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*rpc_response_timeout*] # [*rpc_response_timeout*]
# (Optional) Seconds to wait for a response from a call. # (Optional) Seconds to wait for a response from a call.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*control_exchange*] # [*control_exchange*]
# (Optional) The default exchange under which topics are scoped. May be # (Optional) The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the transport_url # overridden by an exchange name specified in the transport_url
# option. # option.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*notification_transport_url*] # [*notification_transport_url*]
# (optional) Connection url for oslo messaging notifications backend. An # (optional) Connection url for oslo messaging notifications backend. An
# example rabbit url would be, rabbit://user:pass@host:port/virtual_host # example rabbit url would be, rabbit://user:pass@host:port/virtual_host
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*notification_driver*] # [*notification_driver*]
# (optional) Driver to use for oslo messaging notifications backend. # (optional) Driver to use for oslo messaging notifications backend.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*notification_topics*] # [*notification_topics*]
# (optional) Topics to use for oslo messaging notifications backend. # (optional) Topics to use for oslo messaging notifications backend.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*rabbit_use_ssl*] # [*rabbit_use_ssl*]
# (optional) Connect over SSL for RabbitMQ # (optional) Connect over SSL for RabbitMQ
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*rabbit_ha_queues*] # [*rabbit_ha_queues*]
# (optional) Use HA queues in RabbitMQ. # (optional) Use HA queues in RabbitMQ.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*rabbit_heartbeat_timeout_threshold*] # [*rabbit_heartbeat_timeout_threshold*]
# (optional) Number of seconds after which the RabbitMQ broker is considered # (optional) Number of seconds after which the RabbitMQ broker is considered
@ -72,14 +72,14 @@
# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently # Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently
# closed, resulting in missed or lost messages from the queue. # closed, resulting in missed or lost messages from the queue.
# (Requires kombu >= 3.0.7 and amqp >= 1.4.0) # (Requires kombu >= 3.0.7 and amqp >= 1.4.0)
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*rabbit_heartbeat_rate*] # [*rabbit_heartbeat_rate*]
# (optional) How often during the rabbit_heartbeat_timeout_threshold period to # (optional) How often during the rabbit_heartbeat_timeout_threshold period to
# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2 # check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2
# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked # when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked
# every 30 seconds. # every 30 seconds.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*rabbit_heartbeat_in_pthread*] # [*rabbit_heartbeat_in_pthread*]
# (Optional) EXPERIMENTAL: Run the health check heartbeat thread # (Optional) EXPERIMENTAL: Run the health check heartbeat thread
@ -89,43 +89,43 @@
# example if the parent process have monkey patched the # example if the parent process have monkey patched the
# stdlib by using eventlet/greenlet then the heartbeat # stdlib by using eventlet/greenlet then the heartbeat
# will be run through a green thread. # will be run through a green thread.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*amqp_durable_queues*] # [*amqp_durable_queues*]
# (optional) Define queues as "durable" to rabbitmq. # (optional) Define queues as "durable" to rabbitmq.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*enable_queue*] # [*enable_queue*]
# (optional) Enable asynchronous queuing # (optional) Enable asynchronous queuing
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*queue_namespace*] # [*queue_namespace*]
# (optional) Namespace for the queue # (optional) Namespace for the queue
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*queue_topic*] # [*queue_topic*]
# (optional) Topic for the queue # (optional) Topic for the queue
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*queue_version*] # [*queue_version*]
# (optional) Version for the task API # (optional) Version for the task API
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*queue_server_name*] # [*queue_server_name*]
# (optional) Server name for RPC service # (optional) Server name for RPC service
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*enabled_secretstore_plugins*] # [*enabled_secretstore_plugins*]
# (optional) Enabled secretstore plugins. Multiple plugins # (optional) Enabled secretstore plugins. Multiple plugins
# are defined in a list eg. ['store_crypto', dogtag_crypto'] # are defined in a list eg. ['store_crypto', dogtag_crypto']
# Used when multiple_secret_stores_enabled is not set to true. # Used when multiple_secret_stores_enabled is not set to true.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*enabled_crypto_plugins*] # [*enabled_crypto_plugins*]
# (optional) Enabled crypto_plugins. Multiple plugins # (optional) Enabled crypto_plugins. Multiple plugins
# are defined in a list eg. ['simple_crypto','p11_crypto'] # are defined in a list eg. ['simple_crypto','p11_crypto']
# Used when multiple_secret_stores_enabled is not set to true. # Used when multiple_secret_stores_enabled is not set to true.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*enabled_secret_stores*] # [*enabled_secret_stores*]
# (optional) Enabled secretstores. This is the configuration # (optional) Enabled secretstores. This is the configuration
@ -142,46 +142,46 @@
# [*enabled_certificate_plugins*] # [*enabled_certificate_plugins*]
# (optional) Enabled certificate plugins as a list. # (optional) Enabled certificate plugins as a list.
# e.g. ['snakeoil_ca', 'dogtag'] # e.g. ['snakeoil_ca', 'dogtag']
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*enabled_certificate_event_plugins*] # [*enabled_certificate_event_plugins*]
# (optional) Enabled certificate event plugins as a list # (optional) Enabled certificate event plugins as a list
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kombu_ssl_ca_certs*] # [*kombu_ssl_ca_certs*]
# (optional) SSL certification authority file (valid only if SSL enabled). # (optional) SSL certification authority file (valid only if SSL enabled).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kombu_ssl_certfile*] # [*kombu_ssl_certfile*]
# (optional) SSL cert file (valid only if SSL enabled). # (optional) SSL cert file (valid only if SSL enabled).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kombu_ssl_keyfile*] # [*kombu_ssl_keyfile*]
# (optional) SSL key file (valid only if SSL enabled). # (optional) SSL key file (valid only if SSL enabled).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kombu_ssl_version*] # [*kombu_ssl_version*]
# (optional) SSL version to use (valid only if SSL enabled). # (optional) SSL version to use (valid only if SSL enabled).
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
# available on some distributions. # available on some distributions.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kombu_reconnect_delay*] # [*kombu_reconnect_delay*]
# (optional) How long to wait before reconnecting in response to an AMQP # (optional) How long to wait before reconnecting in response to an AMQP
# consumer cancel notification. # consumer cancel notification.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kombu_failover_strategy*] # [*kombu_failover_strategy*]
# (Optional) Determines how the next RabbitMQ node is chosen in case the one # (Optional) Determines how the next RabbitMQ node is chosen in case the one
# we are currently connected to becomes unavailable. Takes effect only if # we are currently connected to becomes unavailable. Takes effect only if
# more than one RabbitMQ node is provided in config. (string value) # more than one RabbitMQ node is provided in config. (string value)
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kombu_compression*] # [*kombu_compression*]
# (optional) Possible values are: gzip, bz2. If not set compression will not # (optional) Possible values are: gzip, bz2. If not set compression will not
# be used. This option may notbe available in future versions. EXPERIMENTAL. # be used. This option may notbe available in future versions. EXPERIMENTAL.
# (string value) # (string value)
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*auth_strategy*] # [*auth_strategy*]
# (optional) authentication type # (optional) authentication type
@ -202,7 +202,7 @@
# [*db_auto_create*] # [*db_auto_create*]
# (optional) Barbican API server option to create the database # (optional) Barbican API server option to create the database
# automatically when the server starts. # automatically when the server starts.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*service_name*] # [*service_name*]
# (optional) Name of the service that will be providing the # (optional) Name of the service that will be providing the
@ -216,67 +216,67 @@
# [*enable_proxy_headers_parsing*] # [*enable_proxy_headers_parsing*]
# (Optional) Enable paste middleware to handle SSL requests through # (Optional) Enable paste middleware to handle SSL requests through
# HTTPProxyToWSGI middleware. # HTTPProxyToWSGI middleware.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*max_request_body_size*] # [*max_request_body_size*]
# (Optional) Set max request body size # (Optional) Set max request body size
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*max_limit_paging*] # [*max_limit_paging*]
# (Optional) Maximum page size for the 'limit' paging URL parameter. # (Optional) Maximum page size for the 'limit' paging URL parameter.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*default_limit_paging*] # [*default_limit_paging*]
# (Optional) Default page size for the 'limit' paging URL parameter. # (Optional) Default page size for the 'limit' paging URL parameter.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
class barbican::api ( class barbican::api (
$package_ensure = 'present', $package_ensure = 'present',
$bind_host = '0.0.0.0', $bind_host = '0.0.0.0',
$bind_port = '9311', $bind_port = '9311',
$host_href = undef, $host_href = undef,
$max_allowed_secret_in_bytes = $::os_service_default, $max_allowed_secret_in_bytes = $facts['os_service_default'],
$max_allowed_request_size_in_bytes = $::os_service_default, $max_allowed_request_size_in_bytes = $facts['os_service_default'],
$default_transport_url = $::os_service_default, $default_transport_url = $facts['os_service_default'],
$rpc_response_timeout = $::os_service_default, $rpc_response_timeout = $facts['os_service_default'],
$control_exchange = $::os_service_default, $control_exchange = $facts['os_service_default'],
$notification_transport_url = $::os_service_default, $notification_transport_url = $facts['os_service_default'],
$notification_driver = $::os_service_default, $notification_driver = $facts['os_service_default'],
$notification_topics = $::os_service_default, $notification_topics = $facts['os_service_default'],
$rabbit_use_ssl = $::os_service_default, $rabbit_use_ssl = $facts['os_service_default'],
$rabbit_heartbeat_timeout_threshold = $::os_service_default, $rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
$rabbit_heartbeat_rate = $::os_service_default, $rabbit_heartbeat_rate = $facts['os_service_default'],
$rabbit_heartbeat_in_pthread = $::os_service_default, $rabbit_heartbeat_in_pthread = $facts['os_service_default'],
$rabbit_ha_queues = $::os_service_default, $rabbit_ha_queues = $facts['os_service_default'],
$amqp_durable_queues = $::os_service_default, $amqp_durable_queues = $facts['os_service_default'],
$enable_queue = $::os_service_default, $enable_queue = $facts['os_service_default'],
$queue_namespace = $::os_service_default, $queue_namespace = $facts['os_service_default'],
$queue_topic = $::os_service_default, $queue_topic = $facts['os_service_default'],
$queue_version = $::os_service_default, $queue_version = $facts['os_service_default'],
$queue_server_name = $::os_service_default, $queue_server_name = $facts['os_service_default'],
$enabled_secretstore_plugins = $::os_service_default, $enabled_secretstore_plugins = $facts['os_service_default'],
$enabled_crypto_plugins = $::os_service_default, $enabled_crypto_plugins = $facts['os_service_default'],
$enabled_secret_stores = 'simple_crypto', $enabled_secret_stores = 'simple_crypto',
$multiple_secret_stores_enabled = false, $multiple_secret_stores_enabled = false,
$enabled_certificate_plugins = $::os_service_default, $enabled_certificate_plugins = $facts['os_service_default'],
$enabled_certificate_event_plugins = $::os_service_default, $enabled_certificate_event_plugins = $facts['os_service_default'],
$kombu_ssl_ca_certs = $::os_service_default, $kombu_ssl_ca_certs = $facts['os_service_default'],
$kombu_ssl_certfile = $::os_service_default, $kombu_ssl_certfile = $facts['os_service_default'],
$kombu_ssl_keyfile = $::os_service_default, $kombu_ssl_keyfile = $facts['os_service_default'],
$kombu_ssl_version = $::os_service_default, $kombu_ssl_version = $facts['os_service_default'],
$kombu_reconnect_delay = $::os_service_default, $kombu_reconnect_delay = $facts['os_service_default'],
$kombu_failover_strategy = $::os_service_default, $kombu_failover_strategy = $facts['os_service_default'],
$kombu_compression = $::os_service_default, $kombu_compression = $facts['os_service_default'],
$auth_strategy = 'keystone', $auth_strategy = 'keystone',
$manage_service = true, $manage_service = true,
$enabled = true, $enabled = true,
$sync_db = true, $sync_db = true,
$db_auto_create = $::os_service_default, $db_auto_create = $facts['os_service_default'],
$service_name = $::barbican::params::api_service_name, $service_name = $::barbican::params::api_service_name,
$enable_proxy_headers_parsing = $::os_service_default, $enable_proxy_headers_parsing = $facts['os_service_default'],
$max_request_body_size = $::os_service_default, $max_request_body_size = $facts['os_service_default'],
$max_limit_paging = $::os_service_default, $max_limit_paging = $facts['os_service_default'],
$default_limit_paging = $::os_service_default, $default_limit_paging = $facts['os_service_default'],
) inherits barbican::params { ) inherits barbican::params {
include barbican::deps include barbican::deps
@ -292,7 +292,7 @@ class barbican::api (
# basic service config # basic service config
if $host_href == undef { if $host_href == undef {
$host_href_real = "http://${::fqdn}:${bind_port}" $host_href_real = "http://${facts['networking']['fqdn']}:${bind_port}"
} else { } else {
$host_href_real = $host_href $host_href_real = $host_href
} }
@ -399,7 +399,7 @@ class barbican::api (
if $service_name == $::barbican::params::api_service_name { if $service_name == $::barbican::params::api_service_name {
if $::operatingsystem == 'Ubuntu' { if $facts['os']['name'] == 'Ubuntu' {
fail('With Ubuntu packages the service_name must be set to httpd as there is no eventlet init script.') fail('With Ubuntu packages the service_name must be set to httpd as there is no eventlet init script.')
} }
@ -413,7 +413,7 @@ class barbican::api (
} }
# Debian is using UWSGI, not gunicorn # Debian is using UWSGI, not gunicorn
if $::operatingsystem != 'Debian' { if $facts['os']['name'] != 'Debian' {
file_line { 'Modify bind_port in gunicorn-config.py': file_line { 'Modify bind_port in gunicorn-config.py':
path => '/etc/barbican/gunicorn-config.py', path => '/etc/barbican/gunicorn-config.py',
line => "bind = '${bind_host}:${bind_port}'", line => "bind = '${bind_host}:${bind_port}'",
@ -424,7 +424,7 @@ class barbican::api (
} elsif $service_name == 'httpd' { } elsif $service_name == 'httpd' {
# Ubuntu packages does not have a barbican-api service # Ubuntu packages does not have a barbican-api service
if $::operatingsystem != 'Ubuntu' { if $facts['os']['name'] != 'Ubuntu' {
service { 'barbican-api': service { 'barbican-api':
ensure => 'stopped', ensure => 'stopped',
name => $::barbican::params::api_service_name, name => $::barbican::params::api_service_name,

78
manifests/api/logging.pp
View File

@ -6,72 +6,72 @@
# #
# [*debug*] # [*debug*]
# (Optional) Should the daemons log debug messages # (Optional) Should the daemons log debug messages
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*use_syslog*] # [*use_syslog*]
# (Optional) Use syslog for logging. # (Optional) Use syslog for logging.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*use_json*] # [*use_json*]
# (Optional) Use json for logging. # (Optional) Use json for logging.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*use_journal*] # [*use_journal*]
# (Optional) Use journal for logging. # (Optional) Use journal for logging.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*use_stderr*] # [*use_stderr*]
# (Optional) Use stderr for logging # (Optional) Use stderr for logging
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*log_facility*] # [*log_facility*]
# (Optional) Syslog facility to receive log lines. # (Optional) Syslog facility to receive log lines.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*log_dir*] # [*log_dir*]
# (Optional) Directory where logs should be stored. # (Optional) Directory where logs should be stored.
# If set to $::os_service_default, it will not log to any directory. # If set to $facts['os_service_default'], it will not log to any directory.
# Defaults to '/var/log/barbican' # Defaults to '/var/log/barbican'
# #
# [*log_file*] # [*log_file*]
# (Optional) File where logs should be stored. # (Optional) File where logs should be stored.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*watch_log_file*] # [*watch_log_file*]
# (Optional) Uses logging handler designed to watch file system (boolean value). # (Optional) Uses logging handler designed to watch file system (boolean value).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# #
# [*logging_context_format_string*] # [*logging_context_format_string*]
# (Optional) Format string to use for log messages with context. # (Optional) Format string to use for log messages with context.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ # Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [%(request_id)s %(user_identity)s] %(instance)s%(message)s' # [%(request_id)s %(user_identity)s] %(instance)s%(message)s'
# #
# [*logging_default_format_string*] # [*logging_default_format_string*]
# (Optional) Format string to use for log messages without context. # (Optional) Format string to use for log messages without context.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ # Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [-] %(instance)s%(message)s' # [-] %(instance)s%(message)s'
# #
# [*logging_debug_format_suffix*] # [*logging_debug_format_suffix*]
# (Optional) Formatted data to append to log format when level is DEBUG. # (Optional) Formatted data to append to log format when level is DEBUG.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: '%(funcName)s %(pathname)s:%(lineno)d' # Example: '%(funcName)s %(pathname)s:%(lineno)d'
# #
# [*logging_exception_prefix*] # [*logging_exception_prefix*]
# (Optional) Prefix each line of exception output with this format. # (Optional) Prefix each line of exception output with this format.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' # Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
# #
# [*log_config_append*] # [*log_config_append*]
# (Optional) The name of an additional logging configuration file. # (Optional) The name of an additional logging configuration file.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# See https://docs.python.org/2/howto/logging.html # See https://docs.python.org/2/howto/logging.html
# #
# [*default_log_levels*] # [*default_log_levels*]
# (Optional) Hash of logger (keys) and level (values) pairs. # (Optional) Hash of logger (keys) and level (values) pairs.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: # Example:
# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', # { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
# 'sqlalchemy' => 'WARN', 'suds' => 'INFO', # 'sqlalchemy' => 'WARN', 'suds' => 'INFO',
@ -83,50 +83,50 @@
# #
# [*publish_errors*] # [*publish_errors*]
# (Optional) Publish error events (boolean value). # (Optional) Publish error events (boolean value).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*fatal_deprecations*] # [*fatal_deprecations*]
# (Optional) Make deprecations fatal (boolean value) # (Optional) Make deprecations fatal (boolean value)
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*instance_format*] # [*instance_format*]
# (Optional) If an instance is passed with the log message, format it # (Optional) If an instance is passed with the log message, format it
# like this (string value). # like this (string value).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: '[instance: %(uuid)s] ' # Example: '[instance: %(uuid)s] '
# #
# [*instance_uuid_format*] # [*instance_uuid_format*]
# (Optional) If an instance UUID is passed with the log message, format # (Optional) If an instance UUID is passed with the log message, format
# it like this (string value). # it like this (string value).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: instance_uuid_format='[instance: %(uuid)s] ' # Example: instance_uuid_format='[instance: %(uuid)s] '
# #
# [*log_date_format*] # [*log_date_format*]
# (Optional) Format string for %%(asctime)s in log records. # (Optional) Format string for %%(asctime)s in log records.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# Example: 'Y-%m-%d %H:%M:%S' # Example: 'Y-%m-%d %H:%M:%S'
# #
class barbican::api::logging( class barbican::api::logging(
$use_syslog = $::os_service_default, $use_syslog = $facts['os_service_default'],
$use_json = $::os_service_default, $use_json = $facts['os_service_default'],
$use_journal = $::os_service_default, $use_journal = $facts['os_service_default'],
$use_stderr = $::os_service_default, $use_stderr = $facts['os_service_default'],
$log_facility = $::os_service_default, $log_facility = $facts['os_service_default'],
$log_dir = '/var/log/barbican', $log_dir = '/var/log/barbican',
$log_file = $::os_service_default, $log_file = $facts['os_service_default'],
$watch_log_file = $::os_service_default, $watch_log_file = $facts['os_service_default'],
$debug = $::os_service_default, $debug = $facts['os_service_default'],
$logging_context_format_string = $::os_service_default, $logging_context_format_string = $facts['os_service_default'],
$logging_default_format_string = $::os_service_default, $logging_default_format_string = $facts['os_service_default'],
$logging_debug_format_suffix = $::os_service_default, $logging_debug_format_suffix = $facts['os_service_default'],
$logging_exception_prefix = $::os_service_default, $logging_exception_prefix = $facts['os_service_default'],
$log_config_append = $::os_service_default, $log_config_append = $facts['os_service_default'],
$default_log_levels = $::os_service_default, $default_log_levels = $facts['os_service_default'],
$publish_errors = $::os_service_default, $publish_errors = $facts['os_service_default'],
$fatal_deprecations = $::os_service_default, $fatal_deprecations = $facts['os_service_default'],
$instance_format = $::os_service_default, $instance_format = $facts['os_service_default'],
$instance_uuid_format = $::os_service_default, $instance_uuid_format = $facts['os_service_default'],
$log_date_format = $::os_service_default, $log_date_format = $facts['os_service_default'],
) { ) {
include barbican::deps include barbican::deps

24
manifests/cors.pp
View File

@ -8,41 +8,41 @@
# (Optional) Indicate whether this resource may be shared with the domain # (Optional) Indicate whether this resource may be shared with the domain
# received in the requests "origin" header. # received in the requests "origin" header.
# (string value) # (string value)
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*allow_credentials*] # [*allow_credentials*]
# (Optional) Indicate that the actual request can include user credentials. # (Optional) Indicate that the actual request can include user credentials.
# (boolean value) # (boolean value)
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*expose_headers*] # [*expose_headers*]
# (Optional) Indicate which headers are safe to expose to the API. # (Optional) Indicate which headers are safe to expose to the API.
# (list value) # (list value)
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*max_age*] # [*max_age*]
# (Optional) Maximum cache age of CORS preflight requests. # (Optional) Maximum cache age of CORS preflight requests.
# (integer value) # (integer value)
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*allow_methods*] # [*allow_methods*]
# (Optional) Indicate which methods can be used during the actual request. # (Optional) Indicate which methods can be used during the actual request.
# (list value) # (list value)
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*allow_headers*] # [*allow_headers*]
# (Optional) Indicate which header field names may be used during the actual # (Optional) Indicate which header field names may be used during the actual
# request. # request.
# (list value) # (list value)
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
class barbican::cors ( class barbican::cors (
$allowed_origin = $::os_service_default, $allowed_origin = $facts['os_service_default'],
$allow_credentials = $::os_service_default, $allow_credentials = $facts['os_service_default'],
$expose_headers = $::os_service_default, $expose_headers = $facts['os_service_default'],
$max_age = $::os_service_default, $max_age = $facts['os_service_default'],
$allow_methods = $::os_service_default, $allow_methods = $facts['os_service_default'],
$allow_headers = $::os_service_default, $allow_headers = $facts['os_service_default'],
) { ) {
include barbican::deps include barbican::deps

36
manifests/db.pp
View File

@ -10,59 +10,59 @@
# #
# [*database_connection_recycle_time*] # [*database_connection_recycle_time*]
# Timeout when db connections should be reaped. # Timeout when db connections should be reaped.
# (Optional) Defaults to $::os_service_default # (Optional) Defaults to $facts['os_service_default']
# #
# [*database_max_retries*] # [*database_max_retries*]
# Maximum number of database connection retries during startup. # Maximum number of database connection retries during startup.
# Setting -1 implies an infinite retry count. # Setting -1 implies an infinite retry count.
# NOTE: This is currently NOT used until barbican correctly leverages oslo. # NOTE: This is currently NOT used until barbican correctly leverages oslo.
# (Optional) Defaults to $::os_service_default # (Optional) Defaults to $facts['os_service_default']
# #
# [*database_retry_interval*] # [*database_retry_interval*]
# Interval between retries of opening a database connection. # Interval between retries of opening a database connection.
# NOTE: This is currently NOT used until barbican correctly leverages oslo. # NOTE: This is currently NOT used until barbican correctly leverages oslo.
# (Optional) Defaults to $::os_service_default # (Optional) Defaults to $facts['os_service_default']
# #
# [*database_max_pool_size*] # [*database_max_pool_size*]
# Maximum number of SQL connections to keep open in a pool. # Maximum number of SQL connections to keep open in a pool.
# NOTE: This is currently NOT used until barbican correctly leverages oslo. # NOTE: This is currently NOT used until barbican correctly leverages oslo.
# (Optional) Defaults to $::os_service_default # (Optional) Defaults to $facts['os_service_default']
# #
# [*database_max_overflow*] # [*database_max_overflow*]
# If set, use this value for max_overflow with sqlalchemy. # If set, use this value for max_overflow with sqlalchemy.
# (Optional) Defaults to $::os_service_default # (Optional) Defaults to $facts['os_service_default']
# #
# [*database_pool_size*] # [*database_pool_size*]
# Number of SQL connections to keep open in a pool. # Number of SQL connections to keep open in a pool.
# NOTE: This is currently used until barbican correctly leverages oslo and # NOTE: This is currently used until barbican correctly leverages oslo and
# will be removed during a later release. # will be removed during a later release.
# (Optional) Defaults to $::os_service_default # (Optional) Defaults to $facts['os_service_default']
# #
# [*database_db_max_retries*] # [*database_db_max_retries*]
# (Optional) Maximum retries in case of connection error or deadlock error # (Optional) Maximum retries in case of connection error or deadlock error
# before error is raised. Set to -1 to specify an infinite retry count. # before error is raised. Set to -1 to specify an infinite retry count.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*database_pool_timeout*] # [*database_pool_timeout*]
# (Optional) If set, use this value for pool_timeout with SQLAlchemy. # (Optional) If set, use this value for pool_timeout with SQLAlchemy.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*mysql_enable_ndb*] # [*mysql_enable_ndb*]
# (Optional) If True, transparently enables support for handling MySQL # (Optional) If True, transparently enables support for handling MySQL
# Cluster (NDB). # Cluster (NDB).
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
class barbican::db ( class barbican::db (
$database_connection = 'sqlite:////var/lib/barbican/barbican.sqlite', $database_connection = 'sqlite:////var/lib/barbican/barbican.sqlite',
$database_connection_recycle_time = $::os_service_default, $database_connection_recycle_time = $facts['os_service_default'],
$database_max_pool_size = $::os_service_default, $database_max_pool_size = $facts['os_service_default'],
$database_max_retries = $::os_service_default, $database_max_retries = $facts['os_service_default'],
$database_retry_interval = $::os_service_default, $database_retry_interval = $facts['os_service_default'],
$database_max_overflow = $::os_service_default, $database_max_overflow = $facts['os_service_default'],
$database_pool_size = $::os_service_default, $database_pool_size = $facts['os_service_default'],
$database_db_max_retries = $::os_service_default, $database_db_max_retries = $facts['os_service_default'],
$database_pool_timeout = $::os_service_default, $database_pool_timeout = $facts['os_service_default'],
$mysql_enable_ndb = $::os_service_default, $mysql_enable_ndb = $facts['os_service_default'],
) { ) {
include barbican::deps include barbican::deps

16
manifests/healthcheck.pp
View File

@ -6,28 +6,28 @@
# #
# [*detailed*] # [*detailed*]
# (Optional) Show more detailed information as part of the response. # (Optional) Show more detailed information as part of the response.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*backends*] # [*backends*]
# (Optional) Additional backends that can perform health checks and report # (Optional) Additional backends that can perform health checks and report
# that information back as part of a request. # that information back as part of a request.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*disable_by_file_path*] # [*disable_by_file_path*]
# (Optional) Check the presence of a file to determine if an application # (Optional) Check the presence of a file to determine if an application
# is running on a port. # is running on a port.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*disable_by_file_paths*] # [*disable_by_file_paths*]
# (Optional) Check the presence of a file to determine if an application # (Optional) Check the presence of a file to determine if an application
# is running on a port. Expects a "port:path" list of strings. # is running on a port. Expects a "port:path" list of strings.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
class barbican::healthcheck ( class barbican::healthcheck (
$detailed = $::os_service_default, $detailed = $facts['os_service_default'],
$backends = $::os_service_default, $backends = $facts['os_service_default'],
$disable_by_file_path = $::os_service_default, $disable_by_file_path = $facts['os_service_default'],
$disable_by_file_paths = $::os_service_default, $disable_by_file_paths = $facts['os_service_default'],
) { ) {
include barbican::deps include barbican::deps

116
manifests/keystone/authtoken.pp
View File

@ -10,7 +10,7 @@
# #
# [*password*] # [*password*]
# (Optional) Password to create for the service user # (Optional) Password to create for the service user
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*auth_url*] # [*auth_url*]
# (Optional) The URL to use for authentication. # (Optional) The URL to use for authentication.
@ -30,17 +30,17 @@
# #
# [*system_scope*] # [*system_scope*]
# (Optional) Scope for system operations # (Optional) Scope for system operations
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*insecure*] # [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert # (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities. WARNING: not recommended. Use with # against any certificate authorities. WARNING: not recommended. Use with
# caution. # caution.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*auth_section*] # [*auth_section*]
# (Optional) Config Section from which to load plugin specific options # (Optional) Config Section from which to load plugin specific options
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*auth_type*] # [*auth_type*]
# (Optional) Authentication type to load # (Optional) Authentication type to load
@ -52,26 +52,26 @@
# #
# [*auth_version*] # [*auth_version*]
# (Optional) API version of the admin Identity API endpoint. # (Optional) API version of the admin Identity API endpoint.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*cache*] # [*cache*]
# (Optional) Env key for the swift cache. # (Optional) Env key for the swift cache.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*cafile*] # [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs # (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections. # connections.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*certfile*] # [*certfile*]
# (Optional) Required if identity server requires client certificate # (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*delay_auth_decision*] # [*delay_auth_decision*]
# (Optional) Do not handle authorization requests within the middleware, but # (Optional) Do not handle authorization requests within the middleware, but
# delegate the authorization decision to downstream WSGI components. Boolean # delegate the authorization decision to downstream WSGI components. Boolean
# value # value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*enforce_token_bind*] # [*enforce_token_bind*]
# (Optional) Used to control the use and type of token binding. Can be set # (Optional) Used to control the use and type of token binding. Can be set
@ -81,57 +81,57 @@
# type is unknown the token will be rejected. "required" any form of token # type is unknown the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a binding method that # binding is needed to be allowed. Finally the name of a binding method that
# must be present in tokens. String value. # must be present in tokens. String value.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*http_connect_timeout*] # [*http_connect_timeout*]
# (Optional) Request timeout value for communicating with Identity API # (Optional) Request timeout value for communicating with Identity API
# server. # server.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*http_request_max_retries*] # [*http_request_max_retries*]
# (Optional) How many times are we trying to reconnect when communicating # (Optional) How many times are we trying to reconnect when communicating
# with Identity API Server. Integer value # with Identity API Server. Integer value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*include_service_catalog*] # [*include_service_catalog*]
# (Optional) Indicate whether to set the X-Service-Catalog header. If False, # (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will # middleware will not ask for service catalog on token validation and will
# not set the X-Service-Catalog header. Boolean value. # not set the X-Service-Catalog header. Boolean value.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*keyfile*] # [*keyfile*]
# (Optional) Required if identity server requires client certificate # (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_pool_conn_get_timeout*] # [*memcache_pool_conn_get_timeout*]
# (Optional) Number of seconds that an operation will wait to get a memcached # (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. Integer value # client connection from the pool. Integer value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_pool_dead_retry*] # [*memcache_pool_dead_retry*]
# (Optional) Number of seconds memcached server is considered dead before it # (Optional) Number of seconds memcached server is considered dead before it
# is tried again. Integer value # is tried again. Integer value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_pool_maxsize*] # [*memcache_pool_maxsize*]
# (Optional) Maximum total number of open connections to every memcached # (Optional) Maximum total number of open connections to every memcached
# server. Integer value # server. Integer value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_pool_socket_timeout*] # [*memcache_pool_socket_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in # (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value # the pool before it is closed. Integer value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_pool_unused_timeout*] # [*memcache_pool_unused_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in # (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value # the pool before it is closed. Integer value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_secret_key*] # [*memcache_secret_key*]
# (Optional, mandatory if memcache_security_strategy is defined) This string # (Optional, mandatory if memcache_security_strategy is defined) This string
# is used for key derivation. # is used for key derivation.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_security_strategy*] # [*memcache_security_strategy*]
# (Optional) If defined, indicate whether token data should be authenticated # (Optional) If defined, indicate whether token data should be authenticated
@ -139,17 +139,17 @@
# HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the # HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will # cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization. # raise an exception on initialization.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcache_use_advanced_pool*] # [*memcache_use_advanced_pool*]
# (Optional) Use the advanced (eventlet safe) memcached client pool. The # (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x Boolean value # advanced pool will only work under python 2.x Boolean value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*memcached_servers*] # [*memcached_servers*]
# (Optional) Optionally specify a list of memcached server(s) to use for # (Optional) Optionally specify a list of memcached server(s) to use for
# caching. If left undefined, tokens will instead be cached in-process. # caching. If left undefined, tokens will instead be cached in-process.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*manage_memcache_package*] # [*manage_memcache_package*]
# (Optional) Whether to install the python-memcache package. # (Optional) Whether to install the python-memcache package.
@ -157,13 +157,13 @@
# #
# [*region_name*] # [*region_name*]
# (Optional) The region in which the identity server can be found. # (Optional) The region in which the identity server can be found.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*token_cache_time*] # [*token_cache_time*]
# (Optional) In order to prevent excessive effort spent validating tokens, # (Optional) In order to prevent excessive effort spent validating tokens,
# the middleware caches previously-seen tokens for a configurable duration # the middleware caches previously-seen tokens for a configurable duration
# (in seconds). Set to -1 to disable caching completely. Integer value # (in seconds). Set to -1 to disable caching completely. Integer value
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*service_token_roles*] # [*service_token_roles*]
# (Optional) A choice of roles that must be present in a service token. # (Optional) A choice of roles that must be present in a service token.
@ -173,66 +173,66 @@
# here are applied as an ANY check so any role in this list # here are applied as an ANY check so any role in this list
# must be present. For backwards compatibility reasons this # must be present. For backwards compatibility reasons this
# currently only affects the allow_expired check. (list value) # currently only affects the allow_expired check. (list value)
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*service_token_roles_required*] # [*service_token_roles_required*]
# (optional) backwards compatibility to ensure that the service tokens are # (optional) backwards compatibility to ensure that the service tokens are
# compared against a list of possible roles for validity # compared against a list of possible roles for validity
# true/false # true/false
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*service_type*] # [*service_type*]
# (Optional) The name or type of the service as it appears in the service # (Optional) The name or type of the service as it appears in the service
# catalog. This is used to validate tokens that have restricted access rules. # catalog. This is used to validate tokens that have restricted access rules.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*interface*] # [*interface*]
# (Optional) Interface to use for the Identity API endpoint. Valid values are # (Optional) Interface to use for the Identity API endpoint. Valid values are
# "public", "internal" or "admin". # "public", "internal" or "admin".
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*params*] # [*params*]
# (Optional) Hash of additional parameters to pass through to the keystone # (Optional) Hash of additional parameters to pass through to the keystone
# authtoken class. Values set here override the individual parameters above. # authtoken class. Values set here override the individual parameters above.
# #
class barbican::keystone::authtoken( class barbican::keystone::authtoken(
$password = $::os_service_default, $password = $facts['os_service_default'],
$username = 'barbican', $username = 'barbican',
$auth_url = 'http://localhost:5000', $auth_url = 'http://localhost:5000',
$project_name = 'services', $project_name = 'services',
$user_domain_name = 'Default', $user_domain_name = 'Default',
$project_domain_name = 'Default', $project_domain_name = 'Default',
$system_scope = $::os_service_default, $system_scope = $facts['os_service_default'],
$insecure = $::os_service_default, $insecure = $facts['os_service_default'],
$auth_section = $::os_service_default, $auth_section = $facts['os_service_default'],
$auth_type = 'password', $auth_type = 'password',
$www_authenticate_uri = 'http://localhost:5000', $www_authenticate_uri = 'http://localhost:5000',
$auth_version = $::os_service_default, $auth_version = $facts['os_service_default'],
$cache = $::os_service_default, $cache = $facts['os_service_default'],
$cafile = $::os_service_default, $cafile = $facts['os_service_default'],
$certfile = $::os_service_default, $certfile = $facts['os_service_default'],
$delay_auth_decision = $::os_service_default, $delay_auth_decision = $facts['os_service_default'],
$enforce_token_bind = $::os_service_default, $enforce_token_bind = $facts['os_service_default'],
$http_connect_timeout = $::os_service_default, $http_connect_timeout = $facts['os_service_default'],
$http_request_max_retries = $::os_service_default, $http_request_max_retries = $facts['os_service_default'],
$include_service_catalog = $::os_service_default, $include_service_catalog = $facts['os_service_default'],
$keyfile = $::os_service_default, $keyfile = $facts['os_service_default'],
$memcache_pool_conn_get_timeout = $::os_service_default, $memcache_pool_conn_get_timeout = $facts['os_service_default'],
$memcache_pool_dead_retry = $::os_service_default, $memcache_pool_dead_retry = $facts['os_service_default'],
$memcache_pool_maxsize = $::os_service_default, $memcache_pool_maxsize = $facts['os_service_default'],
$memcache_pool_socket_timeout = $::os_service_default, $memcache_pool_socket_timeout = $facts['os_service_default'],
$memcache_pool_unused_timeout = $::os_service_default, $memcache_pool_unused_timeout = $facts['os_service_default'],
$memcache_secret_key = $::os_service_default, $memcache_secret_key = $facts['os_service_default'],
$memcache_security_strategy = $::os_service_default, $memcache_security_strategy = $facts['os_service_default'],
$memcache_use_advanced_pool = $::os_service_default, $memcache_use_advanced_pool = $facts['os_service_default'],
$memcached_servers = $::os_service_default, $memcached_servers = $facts['os_service_default'],
$manage_memcache_package = false, $manage_memcache_package = false,
$region_name = $::os_service_default, $region_name = $facts['os_service_default'],
$token_cache_time = $::os_service_default, $token_cache_time = $facts['os_service_default'],
$service_token_roles = $::os_service_default, $service_token_roles = $facts['os_service_default'],
$service_token_roles_required = $::os_service_default, $service_token_roles_required = $facts['os_service_default'],
$service_type = $::os_service_default, $service_type = $facts['os_service_default'],
$interface = $::os_service_default, $interface = $facts['os_service_default'],
$params = {}, $params = {},
) { ) {

20
manifests/keystone/notification.pp
View File

@ -6,23 +6,23 @@
# #
# [*enable_keystone_notification*] # [*enable_keystone_notification*]
# (optional) Enable keystone notification listener functionality # (optional) Enable keystone notification listener functionality
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*keystone_notification_control_exchange*] # [*keystone_notification_control_exchange*]
# (optional) The default exchange under which topics are scoped. # (optional) The default exchange under which topics are scoped.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*keystone_notification_topic*] # [*keystone_notification_topic*]
# (optional) Keystone notification queue topic name. # (optional) Keystone notification queue topic name.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*keystone_notification_allow_requeue*] # [*keystone_notification_allow_requeue*]
# (optional) Requeues notification in case of notification processing error. # (optional) Requeues notification in case of notification processing error.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*keystone_notification_thread_pool_size*] # [*keystone_notification_thread_pool_size*]
# (optional) max threads to be used for notification server # (optional) max threads to be used for notification server
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*package_ensure*] # [*package_ensure*]
# (Optional) The state of the barbican-keystone-listener package. # (Optional) The state of the barbican-keystone-listener package.
@ -33,11 +33,11 @@
# Defaults to true # Defaults to true
# #
class barbican::keystone::notification ( class barbican::keystone::notification (
$enable_keystone_notification = $::os_service_default, $enable_keystone_notification = $facts['os_service_default'],
$keystone_notification_control_exchange = $::os_service_default, $keystone_notification_control_exchange = $facts['os_service_default'],
$keystone_notification_topic = $::os_service_default, $keystone_notification_topic = $facts['os_service_default'],
$keystone_notification_allow_requeue = $::os_service_default, $keystone_notification_allow_requeue = $facts['os_service_default'],
$keystone_notification_thread_pool_size = $::os_service_default, $keystone_notification_thread_pool_size = $facts['os_service_default'],
$package_ensure = 'present', $package_ensure = 'present',
$manage_service = true, $manage_service = true,
) { ) {

7
manifests/params.pp
View File

@ -10,7 +10,7 @@ class barbican::params {
$group = 'barbican' $group = 'barbican'
$dogtag_client_package = 'pki-base' $dogtag_client_package = 'pki-base'
case $::osfamily { case $facts['os']['family'] {
'RedHat': { 'RedHat': {
$common_package_name = 'openstack-barbican-common' $common_package_name = 'openstack-barbican-common'
$api_package_name = 'openstack-barbican-api' $api_package_name = 'openstack-barbican-api'
@ -38,8 +38,7 @@ class barbican::params {
$barbican_wsgi_script_source = '/usr/bin/barbican-wsgi-api' $barbican_wsgi_script_source = '/usr/bin/barbican-wsgi-api'
} }
default: { default: {
fail("Unsupported osfamily: ${::osfamily} operating system") fail("Unsupported osfamily: ${facts['os']['family']}")
} }
}
} # Case $::osfamily
} }

28
manifests/plugins/dogtag.pp
View File

@ -13,31 +13,31 @@
# #
# [*dogtag_plugin_pem_path*] # [*dogtag_plugin_pem_path*]
# (optional) Path to KRA agent PEM file # (optional) Path to KRA agent PEM file
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*dogtag_plugin_dogtag_host*] # [*dogtag_plugin_dogtag_host*]
# (optional) Host for the Dogtag server # (optional) Host for the Dogtag server
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*dogtag_plugin_dogtag_port*] # [*dogtag_plugin_dogtag_port*]
# (optional) Host for the Dogtag server # (optional) Host for the Dogtag server
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*dogtag_plugin_nss_db_path*] # [*dogtag_plugin_nss_db_path*]
# (optional) Path to plugin NSS DB # (optional) Path to plugin NSS DB
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*dogtag_plugin_simple_cmc_profile*] # [*dogtag_plugin_simple_cmc_profile*]
# (optional) Profile for simple CMC enrollment. # (optional) Profile for simple CMC enrollment.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*dogtag_plugin_ca_expiration_time*] # [*dogtag_plugin_ca_expiration_time*]
# (optional) Expiration time for the Dogtag CA entry in days # (optional) Expiration time for the Dogtag CA entry in days
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*dogtag_plugin_plugin_working_dir*] # [*dogtag_plugin_plugin_working_dir*]
# (optional) Working directory for Dogtag plugin # (optional) Working directory for Dogtag plugin
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*global_default*] # [*global_default*]
# (optional) set plugin as global default # (optional) set plugin as global default
@ -46,13 +46,13 @@
class barbican::plugins::dogtag ( class barbican::plugins::dogtag (
$dogtag_plugin_nss_password, $dogtag_plugin_nss_password,
$dogtag_plugin_ensure_package = 'present', $dogtag_plugin_ensure_package = 'present',
$dogtag_plugin_pem_path = $::os_service_default, $dogtag_plugin_pem_path = $facts['os_service_default'],
$dogtag_plugin_dogtag_host = $::os_service_default, $dogtag_plugin_dogtag_host = $facts['os_service_default'],
$dogtag_plugin_dogtag_port = $::os_service_default, $dogtag_plugin_dogtag_port = $facts['os_service_default'],
$dogtag_plugin_nss_db_path = $::os_service_default, $dogtag_plugin_nss_db_path = $facts['os_service_default'],
$dogtag_plugin_simple_cmc_profile = $::os_service_default, $dogtag_plugin_simple_cmc_profile = $facts['os_service_default'],
$dogtag_plugin_ca_expiration_time = $::os_service_default, $dogtag_plugin_ca_expiration_time = $facts['os_service_default'],
$dogtag_plugin_plugin_working_dir = $::os_service_default, $dogtag_plugin_plugin_working_dir = $facts['os_service_default'],
$global_default = false, $global_default = false,
) { ) {

20
manifests/plugins/kmip.pp
View File

@ -12,27 +12,27 @@
# #
# [*kmip_plugin_username*] # [*kmip_plugin_username*]
# (optional) username for KMIP device # (optional) username for KMIP device
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kmip_plugin_password*] # [*kmip_plugin_password*]
# (optional) password for KMIP device. This parameter is required # (optional) password for KMIP device. This parameter is required
# when the kmip_plugin_username parameter is set. # when the kmip_plugin_username parameter is set.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kmip_plugin_keyfile*] # [*kmip_plugin_keyfile*]
# (optional) key file for KMIP device. This parameter is required when # (optional) key file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set. # the kmip_plugin_username parameter is not set.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kmip_plugin_certfile*] # [*kmip_plugin_certfile*]
# (optional) cert file for KMIP device. This parameter is required when # (optional) cert file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set. # the kmip_plugin_username parameter is not set.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kmip_plugin_ca_certs*] # [*kmip_plugin_ca_certs*]
# (optional) ca certs file for KMIP device. This parameter is required when # (optional) ca certs file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set. # the kmip_plugin_username parameter is not set.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*global_default*] # [*global_default*]
# (optional) set plugin as global default # (optional) set plugin as global default
@ -41,11 +41,11 @@
class barbican::plugins::kmip ( class barbican::plugins::kmip (
$kmip_plugin_host, $kmip_plugin_host,
$kmip_plugin_port, $kmip_plugin_port,
$kmip_plugin_username = $::os_service_default, $kmip_plugin_username = $facts['os_service_default'],
$kmip_plugin_password = $::os_service_default, $kmip_plugin_password = $facts['os_service_default'],
$kmip_plugin_keyfile = $::os_service_default, $kmip_plugin_keyfile = $facts['os_service_default'],
$kmip_plugin_certfile = $::os_service_default, $kmip_plugin_certfile = $facts['os_service_default'],
$kmip_plugin_ca_certs = $::os_service_default, $kmip_plugin_ca_certs = $facts['os_service_default'],
$global_default = false, $global_default = false,
) { ) {

36
manifests/plugins/p11_crypto.pp
View File

@ -21,46 +21,46 @@
# #
# [*p11_crypto_plugin_token_serial_number*] # [*p11_crypto_plugin_token_serial_number*]
# (optional) Serial number to identify PKCS#11 token # (optional) Serial number to identify PKCS#11 token
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_token_labels*] # [*p11_crypto_plugin_token_labels*]
# (optional) List of comma-separated labels to identify # (optional) List of comma-separated labels to identify
# PKCS#11 tokens to be used. # PKCS#11 tokens to be used.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_slot_id*] # [*p11_crypto_plugin_slot_id*]
# (optional) HSM Slot id # (optional) HSM Slot id
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_encryption_mechanism*] # [*p11_crypto_plugin_encryption_mechanism*]
# (optional) PKCS#11 Mechanism used for encryption # (optional) PKCS#11 Mechanism used for encryption
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_hmac_key_type*] # [*p11_crypto_plugin_hmac_key_type*]
# (optional) PKCS#11 Key Type for key used in HMAC # (optional) PKCS#11 Key Type for key used in HMAC
# operations. # operations.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_hmac_keygen_mechanism*] # [*p11_crypto_plugin_hmac_keygen_mechanism*]
# (optional) PKCS#11 Mechanism used to generate HMAC Key # (optional) PKCS#11 Mechanism used to generate HMAC Key
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_aes_gcm_generate_iv*] # [*p11_crypto_plugin_aes_gcm_generate_iv*]
# (optional) When using the CKM_AES_GCM mechanism, this option # (optional) When using the CKM_AES_GCM mechanism, this option
# specifies whether the IV should be generated by Barbican. # specifies whether the IV should be generated by Barbican.
# Setting this to false will defer IV generation to the HSM # Setting this to false will defer IV generation to the HSM
# which is not standard but is required for some HSMs. # which is not standard but is required for some HSMs.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_os_locking_ok*] # [*p11_crypto_plugin_os_locking_ok*]
# (optional) Enable CKF_OS_LOCKING_OK flag when initializing # (optional) Enable CKF_OS_LOCKING_OK flag when initializing
# the PKCS#11 client library. # the PKCS#11 client library.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*p11_crypto_plugin_always_set_cka_sensitive*] # [*p11_crypto_plugin_always_set_cka_sensitive*]
# (optional) Always set CKA_SENSITIVE when generating keys. # (optional) Always set CKA_SENSITIVE when generating keys.
# In some HSMs extractable keys cannot be marked sensitive. # In some HSMs extractable keys cannot be marked sensitive.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*global_default*] # [*global_default*]
# (optional) set plugin as global default # (optional) set plugin as global default
@ -72,15 +72,15 @@ class barbican::plugins::p11_crypto (
$p11_crypto_plugin_mkek_label, $p11_crypto_plugin_mkek_label,
$p11_crypto_plugin_mkek_length, $p11_crypto_plugin_mkek_length,
$p11_crypto_plugin_hmac_label, $p11_crypto_plugin_hmac_label,
$p11_crypto_plugin_token_serial_number = $::os_service_default, $p11_crypto_plugin_token_serial_number = $facts['os_service_default'],
$p11_crypto_plugin_token_labels = $::os_service_default, $p11_crypto_plugin_token_labels = $facts['os_service_default'],
$p11_crypto_plugin_slot_id = $::os_service_default, $p11_crypto_plugin_slot_id = $facts['os_service_default'],
$p11_crypto_plugin_encryption_mechanism = $::os_service_default, $p11_crypto_plugin_encryption_mechanism = $facts['os_service_default'],
$p11_crypto_plugin_hmac_key_type = $::os_service_default, $p11_crypto_plugin_hmac_key_type = $facts['os_service_default'],
$p11_crypto_plugin_hmac_keygen_mechanism = $::os_service_default, $p11_crypto_plugin_hmac_keygen_mechanism = $facts['os_service_default'],
$p11_crypto_plugin_aes_gcm_generate_iv = $::os_service_default, $p11_crypto_plugin_aes_gcm_generate_iv = $facts['os_service_default'],
$p11_crypto_plugin_os_locking_ok = $::os_service_default, $p11_crypto_plugin_os_locking_ok = $facts['os_service_default'],
$p11_crypto_plugin_always_set_cka_sensitive = $::os_service_default, $p11_crypto_plugin_always_set_cka_sensitive = $facts['os_service_default'],
$global_default = false, $global_default = false,
) { ) {

4
manifests/plugins/simple_crypto.pp
View File

@ -6,14 +6,14 @@
# #
# [*simple_crypto_plugin_kek*] # [*simple_crypto_plugin_kek*]
# (optional) Key encryption key to be used by Simple Crypto Plugin. # (optional) Key encryption key to be used by Simple Crypto Plugin.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*global_default*] # [*global_default*]
# (optional) set plugin as global default # (optional) set plugin as global default
# Defaults to false # Defaults to false
# #
class barbican::plugins::simple_crypto ( class barbican::plugins::simple_crypto (
$simple_crypto_plugin_kek = $::os_service_default, $simple_crypto_plugin_kek = $facts['os_service_default'],
$global_default = false, $global_default = false,
) { ) {

24
manifests/plugins/vault.pp
View File

@ -6,23 +6,23 @@
# #
# [*vault_url*] # [*vault_url*]
# (optional) The Vault URL. # (optional) The Vault URL.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*root_token_id*] # [*root_token_id*]
# (optional) Vault Root Token ID. # (optional) Vault Root Token ID.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*approle_role_id*] # [*approle_role_id*]
# (optional) Set the approle role ID. # (optional) Set the approle role ID.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*approle_secret_id*] # [*approle_secret_id*]
# (optional) Set the approle secret ID. # (optional) Set the approle secret ID.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*kv_mountpoint*] # [*kv_mountpoint*]
# (optional) Set the mountpoint of the KV. # (optional) Set the mountpoint of the KV.
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*use_ssl*] # [*use_ssl*]
# (optional) Enable or disable SSL # (optional) Enable or disable SSL
@ -30,20 +30,20 @@
# #
# [*ssl_ca_crt_file*] # [*ssl_ca_crt_file*]
# (optional) Set the ssl CA cert file # (optional) Set the ssl CA cert file
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*global_default*] # [*global_default*]
# (optional) set plugin as global default # (optional) set plugin as global default
# Defaults to false # Defaults to false
# #
class barbican::plugins::vault ( class barbican::plugins::vault (
$vault_url = $::os_service_default, $vault_url = $facts['os_service_default'],
$root_token_id = $::os_service_default, $root_token_id = $facts['os_service_default'],
$approle_role_id = $::os_service_default, $approle_role_id = $facts['os_service_default'],
$approle_secret_id = $::os_service_default, $approle_secret_id = $facts['os_service_default'],
$kv_mountpoint = $::os_service_default, $kv_mountpoint = $facts['os_service_default'],
$use_ssl = false, $use_ssl = false,
$ssl_ca_crt_file = $::os_service_default, $ssl_ca_crt_file = $facts['os_service_default'],
$global_default = false, $global_default = false,
) { ) {

16
manifests/policy.pp
View File

@ -6,12 +6,12 @@
# #
# [*enforce_scope*] # [*enforce_scope*]
# (Optional) Whether or not to enforce scope when evaluating policies. # (Optional) Whether or not to enforce scope when evaluating policies.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*enforce_new_defaults*] # [*enforce_new_defaults*]
# (Optional) Whether or not to use old deprecated defaults when evaluating # (Optional) Whether or not to use old deprecated defaults when evaluating
# policies. # policies.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*policies*] # [*policies*]
# (Optional) Set of policies to configure for barbican # (Optional) Set of policies to configure for barbican
@ -34,11 +34,11 @@
# #
# [*policy_default_rule*] # [*policy_default_rule*]
# (Optional) Default rule. Enforced when a requested rule is not found. # (Optional) Default rule. Enforced when a requested rule is not found.
# Defaults to $::os_service_default. # Defaults to $facts['os_service_default'].
# #
# [*policy_dirs*] # [*policy_dirs*]
# (Optional) Path to the barbican policy folder # (Optional) Path to the barbican policy folder
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*purge_config*] # [*purge_config*]
# (optional) Whether to set only the specified policy rules in the policy # (optional) Whether to set only the specified policy rules in the policy
@ -46,12 +46,12 @@
# Defaults to false. # Defaults to false.
# #
class barbican::policy ( class barbican::policy (
$enforce_scope = $::os_service_default, $enforce_scope = $facts['os_service_default'],
$enforce_new_defaults = $::os_service_default, $enforce_new_defaults = $facts['os_service_default'],
$policies = {}, $policies = {},
$policy_path = '/etc/barbican/policy.yaml', $policy_path = '/etc/barbican/policy.yaml',
$policy_default_rule = $::os_service_default, $policy_default_rule = $facts['os_service_default'],
$policy_dirs = $::os_service_default, $policy_dirs = $facts['os_service_default'],
$purge_config = false, $purge_config = false,
) { ) {

20
manifests/quota.pp
View File

@ -6,30 +6,30 @@
# #
# [*quota_secrets*] # [*quota_secrets*]
# (optional) default number of secrets allowed per project # (optional) default number of secrets allowed per project
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*quota_orders*] # [*quota_orders*]
# (optional) default number of orders allowed per project # (optional) default number of orders allowed per project
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*quota_containers*] # [*quota_containers*]
# (optional) default number of containers allowed per project # (optional) default number of containers allowed per project
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*quota_consumers*] # [*quota_consumers*]
# (optional) default number of consumers allowed per project # (optional) default number of consumers allowed per project
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*quota_cas*] # [*quota_cas*]
# (optional) default number of CAs allowed per project # (optional) default number of CAs allowed per project
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
class barbican::quota ( class barbican::quota (
$quota_secrets = $::os_service_default, $quota_secrets = $facts['os_service_default'],
$quota_orders = $::os_service_default, $quota_orders = $facts['os_service_default'],
$quota_containers = $::os_service_default, $quota_containers = $facts['os_service_default'],
$quota_consumers = $::os_service_default, $quota_consumers = $facts['os_service_default'],
$quota_cas = $::os_service_default, $quota_cas = $facts['os_service_default'],
) { ) {
include barbican::deps include barbican::deps

10
manifests/retry_scheduler.pp
View File

@ -18,18 +18,18 @@
# #
# [*initial_delay_seconds*] # [*initial_delay_seconds*]
# (optional) Seconds (float) to wait before starting retry scheduler # (optional) Seconds (float) to wait before starting retry scheduler
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
# [*periodic_interval_max_seconds*] # [*periodic_interval_max_seconds*]
# (optional) Seconds (float) to wait between starting retry scheduler # (optional) Seconds (float) to wait between starting retry scheduler
# Defaults to $::os_service_default # Defaults to $facts['os_service_default']
# #
class barbican::retry_scheduler ( class barbican::retry_scheduler (
$package_ensure = 'present', $package_ensure = 'present',
$manage_service = true, $manage_service = true,
$enabled = true, $enabled = true,
$initial_delay_seconds = $::os_service_default, $initial_delay_seconds = $facts['os_service_default'],
$periodic_interval_max_seconds = $::os_service_default, $periodic_interval_max_seconds = $facts['os_service_default'],
){ ){
include barbican::deps include barbican::deps
@ -40,7 +40,7 @@ class barbican::retry_scheduler (
'retry_scheduler/periodic_interval_max_seconds': value => $periodic_interval_max_seconds; 'retry_scheduler/periodic_interval_max_seconds': value => $periodic_interval_max_seconds;
} }
case $::osfamily { case $facts['os']['family'] {
'RedHat': { 'RedHat': {
package { 'barbican-retry': package { 'barbican-retry':
ensure => $package_ensure, ensure => $package_ensure,

8
manifests/wsgi/apache.pp
View File

@ -11,7 +11,7 @@
# #
# [*servername*] # [*servername*]
# (Optional) The servername for the virtualhost. # (Optional) The servername for the virtualhost.
# Defaults to $::fqdn # Defaults to $facts['networking']['fqdn']
# #
# [*port*] # [*port*]
# (Optional) The port. # (Optional) The port.
@ -31,7 +31,7 @@
# #
# [*workers*] # [*workers*]
# (Optional) Number of WSGI workers to spawn. # (Optional) Number of WSGI workers to spawn.
# Defaults to $::os_workers # Defaults to $facts['os_workers']
# #
# [*priority*] # [*priority*]
# (Optional) The priority for the vhost. # (Optional) The priority for the vhost.
@ -115,12 +115,12 @@
# Copyright 2015 Red Hat Inc. <licensing@redhat.com> # Copyright 2015 Red Hat Inc. <licensing@redhat.com>
# #
class barbican::wsgi::apache ( class barbican::wsgi::apache (
$servername = $::fqdn, $servername = $facts['networking']['fqdn'],
$port = 9311, $port = 9311,
$bind_host = undef, $bind_host = undef,
$path = '/', $path = '/',
$ssl = false, $ssl = false,
$workers = $::os_workers, $workers = $facts['os_workers'],
$ssl_cert = undef, $ssl_cert = undef,
$ssl_key = undef, $ssl_key = undef,
$ssl_chain = undef, $ssl_chain = undef,

6
manifests/wsgi/uwsgi.pp
View File

@ -11,7 +11,7 @@
# #
# [*processes*] # [*processes*]
# (Optional) Number of processes. # (Optional) Number of processes.
# Defaults to $::os_workers. # Defaults to $facts['os_workers'].
# #
# [*threads*] # [*threads*]
# (Optional) Number of threads. # (Optional) Number of threads.
@ -22,14 +22,14 @@
# Defaults to 100 # Defaults to 100
# #
class barbican::wsgi::uwsgi ( class barbican::wsgi::uwsgi (
$processes = $::os_workers, $processes = $facts['os_workers'],
$threads = 32, $threads = 32,
$listen_queue_size = 100, $listen_queue_size = 100,
){ ){
include barbican::deps include barbican::deps
if $::operatingsystem != 'Debian'{ if $facts['os']['name'] != 'Debian'{
warning('This class is only valid for Debian, as other operating systems are not using uwsgi by default.') warning('This class is only valid for Debian, as other operating systems are not using uwsgi by default.')
} }

6
spec/classes/barbican_api_logging_spec.rb
View File

@ -146,11 +146,7 @@ describe 'barbican::api::logging' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_configures 'barbican-api-logging' it_configures 'barbican-api-logging'

12
spec/classes/barbican_api_spec.rb
View File

@ -129,10 +129,6 @@ describe 'barbican::api' do
default_params.merge(param_set) default_params.merge(param_set)
end end
let :host_ref do
"http://${::fqdn}:$param_hash[:bind_port]"
end
it { is_expected.to contain_class('barbican::deps') } it { is_expected.to contain_class('barbican::deps') }
it { is_expected.to contain_class('barbican::db') } it { is_expected.to contain_class('barbican::db') }
it { is_expected.to contain_class('barbican::policy') } it { is_expected.to contain_class('barbican::policy') }
@ -295,14 +291,10 @@ describe 'barbican::api' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 7,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
case facts[:osfamily] case facts[:os]['family']
when 'RedHat' when 'RedHat'
let (:platform_params) do let (:platform_params) do
{ :service_name => 'openstack-barbican-api' } { :service_name => 'openstack-barbican-api' }

6
spec/classes/barbican_client_spec.rb
View File

@ -53,13 +53,11 @@ describe 'barbican::client' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:fqdn => 'some.host.tld',
}))
end end
let(:platform_params) do let(:platform_params) do
case facts[:osfamily] case facts[:os]['family']
when 'Debian' when 'Debian'
{ :client_package_name => 'python3-barbicanclient' } { :client_package_name => 'python3-barbicanclient' }
when 'RedHat' when 'RedHat'

6
spec/classes/barbican_db_mysql_spec.rb
View File

@ -81,11 +81,7 @@ describe 'barbican::db::mysql' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_configures 'barbican db mysql' it_configures 'barbican db mysql'

6
spec/classes/barbican_db_spec.rb
View File

@ -74,11 +74,7 @@ describe 'barbican::db' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_behaves_like 'barbican::db' it_behaves_like 'barbican::db'

5
spec/classes/barbican_db_sync_spec.rb
View File

@ -89,10 +89,7 @@ describe 'barbican::db::sync' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:os_workers => 8,
:concat_basedir => '/var/lib/puppet/concat'
}))
end end
it_configures 'barbican-dbsync' it_configures 'barbican-dbsync'

2
spec/classes/barbican_init_spec.rb
View File

@ -36,7 +36,7 @@ describe 'barbican' do
end end
let(:platform_params) do let(:platform_params) do
case facts[:osfamily] case facts[:os]['family']
when 'Debian' when 'Debian'
{ :barbican_common_package => 'barbican-common' } { :barbican_common_package => 'barbican-common' }
when 'RedHat' when 'RedHat'

2
spec/classes/barbican_keystone_notification_spec.rb
View File

@ -108,7 +108,7 @@ describe 'barbican::keystone::notification' do
end end
let (:platform_params) do let (:platform_params) do
case facts[:osfamily] case facts[:os]['family']
when 'RedHat' when 'RedHat'
{ {
:keystone_listener_package_name => 'openstack-barbican-keystone-listener', :keystone_listener_package_name => 'openstack-barbican-keystone-listener',

2
spec/classes/barbican_plugins_dogtag_spec.rb
View File

@ -86,7 +86,7 @@ describe 'barbican::plugins::dogtag' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge!(OSDefaults.get_facts( :os_workers => '7' )) facts.merge!(OSDefaults.get_facts())
end end
it_behaves_like 'barbican::plugins::dogtag' it_behaves_like 'barbican::plugins::dogtag'

6
spec/classes/barbican_plugins_kmip_spec.rb
View File

@ -99,11 +99,7 @@ describe 'barbican::plugins::kmip' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_configures 'barbican plugins kmip' it_configures 'barbican plugins kmip'

6
spec/classes/barbican_plugins_p11_crypto_spec.rb
View File

@ -101,11 +101,7 @@ describe 'barbican::plugins::p11_crypto' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_configures 'barbican plugins p11_crypto' it_configures 'barbican plugins p11_crypto'

6
spec/classes/barbican_plugins_simple_crypto_spec.rb
View File

@ -73,11 +73,7 @@ describe 'barbican::plugins::simple_crypto' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_configures 'barbican plugins simple_crypto' it_configures 'barbican plugins simple_crypto'

6
spec/classes/barbican_plugins_vault_spec.rb
View File

@ -109,11 +109,7 @@ describe 'barbican::plugins::vault' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_configures 'barbican plugins vault' it_configures 'barbican plugins vault'

26
spec/classes/barbican_quota_spec.rb
View File

@ -24,21 +24,21 @@ describe 'barbican::quota' do
shared_examples_for 'barbican quota' do shared_examples_for 'barbican quota' do
let :default_params do let :default_params do
{ {
:quota_secrets => '<SERVICE DEFAULT>', :quota_secrets => '<SERVICE DEFAULT>',
:quota_orders => '<SERVICE DEFAULT>', :quota_orders => '<SERVICE DEFAULT>',
:quota_containers => '<SERVICE DEFAULT>', :quota_containers => '<SERVICE DEFAULT>',
:quota_consumers => '<SERVICE DEFAULT>', :quota_consumers => '<SERVICE DEFAULT>',
:quota_cas => '<SERVICE DEFAULT>', :quota_cas => '<SERVICE DEFAULT>',
} }
end end
[{}, [{},
{ {
:quota_secrets => 100, :quota_secrets => 100,
:quota_orders => 100, :quota_orders => 100,
:quota_containers => 100, :quota_containers => 100,
:quota_consumers => 100, :quota_consumers => 100,
:quota_cas => 10, :quota_cas => 10,
} }
].each do |param_set| ].each do |param_set|
@ -72,11 +72,7 @@ describe 'barbican::quota' do
}).each do |os,facts| }).each do |os,facts|
context "on #{os}" do context "on #{os}" do
let (:facts) do let (:facts) do
facts.merge(OSDefaults.get_facts({ facts.merge(OSDefaults.get_facts())
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end end
it_configures 'barbican quota' it_configures 'barbican quota'

4
spec/classes/barbican_retry_scheduler_spec.rb
View File

@ -61,7 +61,7 @@ describe 'barbican::retry_scheduler' do
end end
let(:platform_params) do let(:platform_params) do
case facts[:osfamily] case facts[:os]['family']
when 'Debian' when 'Debian'
{} {}
when 'RedHat' when 'RedHat'
@ -73,7 +73,7 @@ describe 'barbican::retry_scheduler' do
end end
it_behaves_like 'barbican::retry_scheduler' it_behaves_like 'barbican::retry_scheduler'
if facts[:osfamily] == 'RedHat' if facts[:os]['family'] == 'RedHat'
it_behaves_like 'barbican::retry_scheduler in RedHat' it_behaves_like 'barbican::retry_scheduler in RedHat'
end end
end end

2
spec/classes/barbican_worker_spec.rb
View File

@ -76,7 +76,7 @@ describe 'barbican::worker' do
facts.merge(OSDefaults.get_facts()) facts.merge(OSDefaults.get_facts())
end end
case facts[:osfamily] case facts[:os]['family']
when 'RedHat' when 'RedHat'
let (:platform_params) do let (:platform_params) do
{ {

8
spec/classes/barbican_wsgi_apache_spec.rb
View File

@ -29,7 +29,7 @@ describe 'barbican::wsgi::apache' do
:group => 'barbican', :group => 'barbican',
:path => '/', :path => '/',
:priority => 10, :priority => 10,
:servername => facts[:fqdn], :servername => 'foo.example.com',
:ssl => false, :ssl => false,
:threads => 1, :threads => 1,
:user => 'barbican', :user => 'barbican',
@ -165,14 +165,12 @@ describe 'barbican::wsgi::apache' do
}).each do |os,facts| }).each do |os,facts|
let (:facts) do let (:facts) do
facts.merge!(OSDefaults.get_facts({ facts.merge!(OSDefaults.get_facts({
:os_workers => 8, :os_workers => 8,
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld'
})) }))
end end
let(:platform_params) do let(:platform_params) do
case facts[:osfamily] case facts[:os]['family']
when 'Debian' when 'Debian'
{ {
:wsgi_script_path => '/usr/lib/cgi-bin/barbican', :wsgi_script_path => '/usr/lib/cgi-bin/barbican',