Add config option for Barbican endpoint type
This change willl allow the user to specify the endpoint type for Barbican. The allowed values are: public, internal, and admin. The default value will be 'public' since this is the current value. Change-Id: Ic89519ed3a9c347a9fff245ec231aa575b42f1ac Closes-bug: 1767473
This commit is contained in:
parent
27ed9c629d
commit
777b1cce10
@ -70,6 +70,12 @@ barbican_opts = [
|
|||||||
default=True,
|
default=True,
|
||||||
help='Specifies if insecure TLS (https) requests. If False, '
|
help='Specifies if insecure TLS (https) requests. If False, '
|
||||||
'the server\'s certificate will not be validated'),
|
'the server\'s certificate will not be validated'),
|
||||||
|
cfg.StrOpt('barbican_endpoint_type',
|
||||||
|
default='public',
|
||||||
|
choices=['public', 'internal', 'admin'],
|
||||||
|
help='Specifies the type of endpoint. Allowed values are: '
|
||||||
|
'public, private, and admin'),
|
||||||
|
|
||||||
]
|
]
|
||||||
|
|
||||||
BARBICAN_OPT_GROUP = 'barbican'
|
BARBICAN_OPT_GROUP = 'barbican'
|
||||||
@ -183,12 +189,13 @@ class BarbicanKeyManager(key_manager.KeyManager):
|
|||||||
raise exception.Forbidden(reason=msg)
|
raise exception.Forbidden(reason=msg)
|
||||||
|
|
||||||
def _get_barbican_endpoint(self, auth, sess):
|
def _get_barbican_endpoint(self, auth, sess):
|
||||||
if self.conf.barbican.barbican_endpoint:
|
barbican = self.conf.barbican
|
||||||
return self.conf.barbican.barbican_endpoint
|
if barbican.barbican_endpoint:
|
||||||
|
return barbican.barbican_endpoint
|
||||||
else:
|
else:
|
||||||
service_parameters = {'service_type': 'key-manager',
|
service_parameters = {'service_type': 'key-manager',
|
||||||
'service_name': 'barbican',
|
'service_name': 'barbican',
|
||||||
'interface': 'public'}
|
'interface': barbican.barbican_endpoint_type}
|
||||||
return auth.get_endpoint(sess, **service_parameters)
|
return auth.get_endpoint(sess, **service_parameters)
|
||||||
|
|
||||||
def _create_base_url(self, auth, sess, endpoint):
|
def _create_base_url(self, auth, sess, endpoint):
|
||||||
|
@ -40,7 +40,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
|
|||||||
barbican_api_version=None, auth_endpoint=None,
|
barbican_api_version=None, auth_endpoint=None,
|
||||||
retry_delay=None, number_of_retries=None, verify_ssl=None,
|
retry_delay=None, number_of_retries=None, verify_ssl=None,
|
||||||
api_class=None, vault_root_token_id=None, vault_url=None,
|
api_class=None, vault_root_token_id=None, vault_url=None,
|
||||||
vault_ssl_ca_crt_file=None, vault_use_ssl=None):
|
vault_ssl_ca_crt_file=None, vault_use_ssl=None,
|
||||||
|
barbican_endpoint_type=None):
|
||||||
"""Set defaults for configuration values.
|
"""Set defaults for configuration values.
|
||||||
|
|
||||||
Overrides the default options values.
|
Overrides the default options values.
|
||||||
@ -56,6 +57,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
|
|||||||
:param vault_url: Use this for the url for vault.
|
:param vault_url: Use this for the url for vault.
|
||||||
:param vault_use_ssl: Use this to force vault driver to use ssl.
|
:param vault_use_ssl: Use this to force vault driver to use ssl.
|
||||||
:param vault_ssl_ca_crt_file: Use this for the CA file for vault.
|
:param vault_ssl_ca_crt_file: Use this for the CA file for vault.
|
||||||
|
:param barbican_endpoint_type: Use this to specify the type of URL.
|
||||||
|
: Valid values are: public, internal or admin.
|
||||||
"""
|
"""
|
||||||
conf.register_opts(km.key_manager_opts, group='key_manager')
|
conf.register_opts(km.key_manager_opts, group='key_manager')
|
||||||
if bkm:
|
if bkm:
|
||||||
@ -87,6 +90,9 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
|
|||||||
if verify_ssl is not None:
|
if verify_ssl is not None:
|
||||||
conf.set_default('verify_ssl', verify_ssl,
|
conf.set_default('verify_ssl', verify_ssl,
|
||||||
group=bkm.BARBICAN_OPT_GROUP)
|
group=bkm.BARBICAN_OPT_GROUP)
|
||||||
|
if barbican_endpoint_type is not None:
|
||||||
|
conf.set_default('barbican_endpoint_type', barbican_endpoint_type,
|
||||||
|
group=bkm.BARBICAN_OPT_GROUP)
|
||||||
|
|
||||||
if vkm is not None:
|
if vkm is not None:
|
||||||
if vault_root_token_id is not None:
|
if vault_root_token_id is not None:
|
||||||
|
@ -66,3 +66,8 @@ class TestOptions(base.TestCase):
|
|||||||
options.set_defaults(conf, verify_ssl=True)
|
options.set_defaults(conf, verify_ssl=True)
|
||||||
self.assertEqual(verify_ssl,
|
self.assertEqual(verify_ssl,
|
||||||
conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl)
|
conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl)
|
||||||
|
|
||||||
|
barbican_endpoint_type = 'internal'
|
||||||
|
options.set_defaults(conf, barbican_endpoint_type='internal')
|
||||||
|
result_type = conf.get(bkm.BARBICAN_OPT_GROUP).barbican_endpoint_type
|
||||||
|
self.assertEqual(barbican_endpoint_type, result_type)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user