Add config option for Barbican endpoint type

This change willl allow the user to specify the endpoint
type for Barbican.  The allowed values are: public, internal,
and admin.  The default value will be 'public' since this is
the current value.

Change-Id: Ic89519ed3a9c347a9fff245ec231aa575b42f1ac
Closes-bug: 1767473
This commit is contained in:
Ellen Batbouta 2018-05-01 12:22:20 -04:00
parent 27ed9c629d
commit 777b1cce10
3 changed files with 22 additions and 4 deletions

View File

@ -70,6 +70,12 @@ barbican_opts = [
default=True, default=True,
help='Specifies if insecure TLS (https) requests. If False, ' help='Specifies if insecure TLS (https) requests. If False, '
'the server\'s certificate will not be validated'), 'the server\'s certificate will not be validated'),
cfg.StrOpt('barbican_endpoint_type',
default='public',
choices=['public', 'internal', 'admin'],
help='Specifies the type of endpoint. Allowed values are: '
'public, private, and admin'),
] ]
BARBICAN_OPT_GROUP = 'barbican' BARBICAN_OPT_GROUP = 'barbican'
@ -183,12 +189,13 @@ class BarbicanKeyManager(key_manager.KeyManager):
raise exception.Forbidden(reason=msg) raise exception.Forbidden(reason=msg)
def _get_barbican_endpoint(self, auth, sess): def _get_barbican_endpoint(self, auth, sess):
if self.conf.barbican.barbican_endpoint: barbican = self.conf.barbican
return self.conf.barbican.barbican_endpoint if barbican.barbican_endpoint:
return barbican.barbican_endpoint
else: else:
service_parameters = {'service_type': 'key-manager', service_parameters = {'service_type': 'key-manager',
'service_name': 'barbican', 'service_name': 'barbican',
'interface': 'public'} 'interface': barbican.barbican_endpoint_type}
return auth.get_endpoint(sess, **service_parameters) return auth.get_endpoint(sess, **service_parameters)
def _create_base_url(self, auth, sess, endpoint): def _create_base_url(self, auth, sess, endpoint):

View File

@ -40,7 +40,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
barbican_api_version=None, auth_endpoint=None, barbican_api_version=None, auth_endpoint=None,
retry_delay=None, number_of_retries=None, verify_ssl=None, retry_delay=None, number_of_retries=None, verify_ssl=None,
api_class=None, vault_root_token_id=None, vault_url=None, api_class=None, vault_root_token_id=None, vault_url=None,
vault_ssl_ca_crt_file=None, vault_use_ssl=None): vault_ssl_ca_crt_file=None, vault_use_ssl=None,
barbican_endpoint_type=None):
"""Set defaults for configuration values. """Set defaults for configuration values.
Overrides the default options values. Overrides the default options values.
@ -56,6 +57,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
:param vault_url: Use this for the url for vault. :param vault_url: Use this for the url for vault.
:param vault_use_ssl: Use this to force vault driver to use ssl. :param vault_use_ssl: Use this to force vault driver to use ssl.
:param vault_ssl_ca_crt_file: Use this for the CA file for vault. :param vault_ssl_ca_crt_file: Use this for the CA file for vault.
:param barbican_endpoint_type: Use this to specify the type of URL.
: Valid values are: public, internal or admin.
""" """
conf.register_opts(km.key_manager_opts, group='key_manager') conf.register_opts(km.key_manager_opts, group='key_manager')
if bkm: if bkm:
@ -87,6 +90,9 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
if verify_ssl is not None: if verify_ssl is not None:
conf.set_default('verify_ssl', verify_ssl, conf.set_default('verify_ssl', verify_ssl,
group=bkm.BARBICAN_OPT_GROUP) group=bkm.BARBICAN_OPT_GROUP)
if barbican_endpoint_type is not None:
conf.set_default('barbican_endpoint_type', barbican_endpoint_type,
group=bkm.BARBICAN_OPT_GROUP)
if vkm is not None: if vkm is not None:
if vault_root_token_id is not None: if vault_root_token_id is not None:

View File

@ -66,3 +66,8 @@ class TestOptions(base.TestCase):
options.set_defaults(conf, verify_ssl=True) options.set_defaults(conf, verify_ssl=True)
self.assertEqual(verify_ssl, self.assertEqual(verify_ssl,
conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl) conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl)
barbican_endpoint_type = 'internal'
options.set_defaults(conf, barbican_endpoint_type='internal')
result_type = conf.get(bkm.BARBICAN_OPT_GROUP).barbican_endpoint_type
self.assertEqual(barbican_endpoint_type, result_type)