Add config option for Barbican endpoint type

This change willl allow the user to specify the endpoint
type for Barbican.  The allowed values are: public, internal,
and admin.  The default value will be 'public' since this is
the current value.

Change-Id: Ic89519ed3a9c347a9fff245ec231aa575b42f1ac
Closes-bug: 1767473

castellan/key_manager/barbican_key_manager.py

@@ -70,6 +70,12 @@ barbican_opts = [
                 default=True,
                 help='Specifies if insecure TLS (https) requests. If False, '
                      'the server\'s certificate will not be validated'),
+    cfg.StrOpt('barbican_endpoint_type',
+               default='public',
+               choices=['public', 'internal', 'admin'],
+               help='Specifies the type of endpoint.  Allowed values are: '
+                    'public, private, and admin'),
+
 ]
 
 BARBICAN_OPT_GROUP = 'barbican'
@@ -183,12 +189,13 @@ class BarbicanKeyManager(key_manager.KeyManager):
             raise exception.Forbidden(reason=msg)
 
     def _get_barbican_endpoint(self, auth, sess):
-        if self.conf.barbican.barbican_endpoint:
-            return self.conf.barbican.barbican_endpoint
+        barbican = self.conf.barbican
+        if barbican.barbican_endpoint:
+            return barbican.barbican_endpoint
         else:
             service_parameters = {'service_type': 'key-manager',
                                   'service_name': 'barbican',
-                                  'interface': 'public'}
+                                  'interface': barbican.barbican_endpoint_type}
             return auth.get_endpoint(sess, **service_parameters)
 
     def _create_base_url(self, auth, sess, endpoint):

castellan/options.py

@@ -40,7 +40,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
                  barbican_api_version=None, auth_endpoint=None,
                  retry_delay=None, number_of_retries=None, verify_ssl=None,
                  api_class=None, vault_root_token_id=None, vault_url=None,
-                 vault_ssl_ca_crt_file=None, vault_use_ssl=None):
+                 vault_ssl_ca_crt_file=None, vault_use_ssl=None,
+                 barbican_endpoint_type=None):
     """Set defaults for configuration values.
 
     Overrides the default options values.
@@ -56,6 +57,8 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
     :param vault_url: Use this for the url for vault.
     :param vault_use_ssl: Use this to force vault driver to use ssl.
     :param vault_ssl_ca_crt_file: Use this for the CA file for vault.
+    :param barbican_endpoint_type: Use this to specify the type of URL.
+    :                              Valid values are: public, internal or admin.
     """
     conf.register_opts(km.key_manager_opts, group='key_manager')
     if bkm:
@@ -87,6 +90,9 @@ def set_defaults(conf, backend=None, barbican_endpoint=None,
         if verify_ssl is not None:
             conf.set_default('verify_ssl', verify_ssl,
                              group=bkm.BARBICAN_OPT_GROUP)
+        if barbican_endpoint_type is not None:
+            conf.set_default('barbican_endpoint_type', barbican_endpoint_type,
+                             group=bkm.BARBICAN_OPT_GROUP)
 
     if vkm is not None:
         if vault_root_token_id is not None:

castellan/tests/unit/test_options.py

@@ -66,3 +66,8 @@ class TestOptions(base.TestCase):
         options.set_defaults(conf, verify_ssl=True)
         self.assertEqual(verify_ssl,
                          conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl)
+
+        barbican_endpoint_type = 'internal'
+        options.set_defaults(conf, barbican_endpoint_type='internal')
+        result_type = conf.get(bkm.BARBICAN_OPT_GROUP).barbican_endpoint_type
+        self.assertEqual(barbican_endpoint_type, result_type)