openstack/puppet-glance
Code Issues Proposed changes

Fix missing session options for Barbican key manager

Browse Source 
Depends-on: https://review.opendev.org/960389
Change-Id: I20a85ac440e0d8d110bca05613d4c5b1a757809f
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-09-18 00:57:37 +09:00
parent 5848dd8b47
commit 17921d79ed
5 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
manifests/key_manager/barbican.pp
View File

@@ -37,6 +37,29 @@
# (Optional) The service uses service token feature when this is set as true.
# Defaults to $facts['os_service_default']
#
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities. WARNING: not recommended. Use with
# caution.
# Defaults to $facts['os_service_default']
#
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $facts['os_service_default'].
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*timeout*]
# (Optional) Timeout value for connecting to barbican in seconds.
# Defaults to $facts['os_service_default']
#
class glance::key_manager::barbican (
$barbican_endpoint = $facts['os_service_default'],
$barbican_api_version = $facts['os_service_default'],
@@ -46,6 +69,11 @@ class glance::key_manager::barbican (
$barbican_endpoint_type = $facts['os_service_default'],
$barbican_region_name = $facts['os_service_default'],
$send_service_user_token = $facts['os_service_default'],
$insecure = $facts['os_service_default'],
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$timeout = $facts['os_service_default'],
) {
include glance::deps
@@ -58,5 +86,10 @@ class glance::key_manager::barbican (
barbican_endpoint_type => $barbican_endpoint_type,
barbican_region_name => $barbican_region_name,
send_service_user_token => $send_service_user_token,
insecure => $insecure,
cafile => $cafile,
certfile => $certfile,
keyfile => $keyfile,
timeout => $timeout,
}
}

6
manifests/key_manager/barbican/service_user.pp
View File

@@ -58,6 +58,10 @@
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*timeout*]
# (Optional) Timeout value for connecting to keystone in seconds.
# Defaults to $facts['os_service_default']
#
# [*region_name*]
# (Optional) The region in which the identity server can be found.
# Defaults to $facts['os_service_default'].
@@ -76,6 +80,7 @@ class glance::key_manager::barbican::service_user (
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$timeout = $facts['os_service_default'],
$region_name = $facts['os_service_default'],
) {
include glance::deps
@@ -94,6 +99,7 @@ class glance::key_manager::barbican::service_user (
cafile => $cafile,
certfile => $certfile,
keyfile => $keyfile,
timeout => $timeout,
region_name => $region_name,
}
}

15
releasenotes/notes/key-manager-session-options-dfaecde2e9362bb9.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
features:
- |
The following parameters have been added to
the ``glance::key_manager::barbican`` class.
- ``insecure``
- ``cafile``
- ``certfile``
- ``keyfile``
- ``timeout``
- |
The new ``glance::key_manager::barbican::service_user::timeout`` parameter
has been added.

3
spec/classes/glance_key_manager_barbican_service_user_spec.rb
View File

@@ -23,6 +23,7 @@ describe 'glance::key_manager::barbican::service_user' do
:cafile => '<SERVICE DEFAULT>',
:certfile => '<SERVICE DEFAULT>',
:keyfile => '<SERVICE DEFAULT>',
:timeout => '<SERVICE DEFAULT>',
:region_name => '<SERVICE DEFAULT>',
)
}
@@ -43,6 +44,7 @@ describe 'glance::key_manager::barbican::service_user' do
:cafile => '/opt/stack/data/cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'keyfile',
:timeout => 60,
:region_name => 'regionOne',
})
end
@@ -62,6 +64,7 @@ describe 'glance::key_manager::barbican::service_user' do
:cafile => '/opt/stack/data/cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'keyfile',
:timeout => 60,
:region_name => 'regionOne',
)
}

15
spec/classes/glance_key_manager_barbican_spec.rb
View File

@@ -13,6 +13,11 @@ describe 'glance::key_manager::barbican' do
:barbican_endpoint_type => '<SERVICE DEFAULT>',
:barbican_region_name => '<SERVICE DEFAULT>',
:send_service_user_token => '<SERVICE DEFAULT>',
:insecure => '<SERVICE DEFAULT>',
:cafile => '<SERVICE DEFAULT>',
:certfile => '<SERVICE DEFAULT>',
:keyfile => '<SERVICE DEFAULT>',
:timeout => '<SERVICE DEFAULT>',
)
}
end
@@ -28,6 +33,11 @@ describe 'glance::key_manager::barbican' do
:barbican_endpoint_type => 'public',
:barbican_region_name => 'regionOne',
:send_service_user_token => true,
:insecure => false,
:cafile => 'cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'somekey.key',
:timeout => 60,
}
end
@@ -41,6 +51,11 @@ describe 'glance::key_manager::barbican' do
:barbican_endpoint_type => 'public',
:barbican_region_name => 'regionOne',
:send_service_user_token => true,
:insecure => false,
:cafile => 'cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'somekey.key',
:timeout => 60,
)
}
end