From 1f787a05a767b8ef1a1705f117f344ca8569757e Mon Sep 17 00:00:00 2001
From: Jimmy McCrory <jimmy.mccrory@gmail.com>
Date: Mon, 30 Jan 2017 17:08:30 -0800
Subject: [PATCH] Add variable to enable integration with barbican

Add a new variable, 'cinder_barbican_enabled', that will handle setting
the configuration options required to make use of barbican.

Change-Id: If9aaa19bff5be25c46df067387ef83ce81d14ca1
---
 defaults/main.yml        | 3 +++
 templates/cinder.conf.j2 | 9 +++++++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index d1e524bb..4b2b22fe 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -33,6 +33,9 @@ cinder_bin: "/openstack/venvs/cinder-{{ cinder_venv_tag }}/bin"
 cinder_venv_download: "{{ not cinder_developer_mode | bool }}"
 cinder_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/cinder.tgz
 
+# Enable/Disable Barbican
+cinder_barbican_enabled: False
+
 # Enable/Disable Ceilometer
 cinder_ceilometer_enabled: False
 
diff --git a/templates/cinder.conf.j2 b/templates/cinder.conf.j2
index 7ac77dbd..73edeae5 100644
--- a/templates/cinder.conf.j2
+++ b/templates/cinder.conf.j2
@@ -126,8 +126,13 @@ profiler_enabled = {{ cinder_profiler_enabled }}
 trace_sqlalchemy = {{ cinder_profiler_trace_sqlalchemy }}
 hmac_keys = {{ cinder_profiler_hmac_key }}
 
-[keymgr]
-encryption_auth_url = {{ keystone_service_internaluri }}/v3
+{% if cinder_barbican_enabled %}
+[barbican]
+auth_endpoint = {{ keystone_service_internaluri }}/v3
+
+[key_manager]
+api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+{% endif %}
 
 [keystone_authtoken]
 insecure = {{ keystone_service_internaluri_insecure | bool }}