diff --git a/manifests/key_manager/barbican.pp b/manifests/key_manager/barbican.pp index 944cf4e6..ceb33cff 100644 --- a/manifests/key_manager/barbican.pp +++ b/manifests/key_manager/barbican.pp @@ -37,6 +37,29 @@ # (Optional) The service uses service token feature when this is set as true. # Defaults to $facts['os_service_default'] # +# [*insecure*] +# (Optional) If true, explicitly allow TLS without checking server cert +# against any certificate authorities. WARNING: not recommended. Use with +# caution. +# Defaults to $facts['os_service_default'] +# +# [*cafile*] +# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs +# connections. +# Defaults to $facts['os_service_default']. +# +# [*certfile*] +# (Optional) Required if identity server requires client certificate +# Defaults to $facts['os_service_default']. +# +# [*keyfile*] +# (Optional) Required if identity server requires client certificate +# Defaults to $facts['os_service_default']. +# +# [*timeout*] +# (Optional) Timeout value for connecting to barbican in seconds. +# Defaults to $facts['os_service_default'] +# class glance::key_manager::barbican ( $barbican_endpoint = $facts['os_service_default'], $barbican_api_version = $facts['os_service_default'], @@ -46,6 +69,11 @@ class glance::key_manager::barbican ( $barbican_endpoint_type = $facts['os_service_default'], $barbican_region_name = $facts['os_service_default'], $send_service_user_token = $facts['os_service_default'], + $insecure = $facts['os_service_default'], + $cafile = $facts['os_service_default'], + $certfile = $facts['os_service_default'], + $keyfile = $facts['os_service_default'], + $timeout = $facts['os_service_default'], ) { include glance::deps @@ -58,5 +86,10 @@ class glance::key_manager::barbican ( barbican_endpoint_type => $barbican_endpoint_type, barbican_region_name => $barbican_region_name, send_service_user_token => $send_service_user_token, + insecure => $insecure, + cafile => $cafile, + certfile => $certfile, + keyfile => $keyfile, + timeout => $timeout, } } diff --git a/manifests/key_manager/barbican/service_user.pp b/manifests/key_manager/barbican/service_user.pp index 8750fe6c..fb5a9b35 100644 --- a/manifests/key_manager/barbican/service_user.pp +++ b/manifests/key_manager/barbican/service_user.pp @@ -58,6 +58,10 @@ # (Optional) Required if identity server requires client certificate # Defaults to $facts['os_service_default']. # +# [*timeout*] +# (Optional) Timeout value for connecting to keystone in seconds. +# Defaults to $facts['os_service_default'] +# # [*region_name*] # (Optional) The region in which the identity server can be found. # Defaults to $facts['os_service_default']. @@ -76,6 +80,7 @@ class glance::key_manager::barbican::service_user ( $cafile = $facts['os_service_default'], $certfile = $facts['os_service_default'], $keyfile = $facts['os_service_default'], + $timeout = $facts['os_service_default'], $region_name = $facts['os_service_default'], ) { include glance::deps @@ -94,6 +99,7 @@ class glance::key_manager::barbican::service_user ( cafile => $cafile, certfile => $certfile, keyfile => $keyfile, + timeout => $timeout, region_name => $region_name, } } diff --git a/releasenotes/notes/key-manager-session-options-dfaecde2e9362bb9.yaml b/releasenotes/notes/key-manager-session-options-dfaecde2e9362bb9.yaml new file mode 100644 index 00000000..f6cbb111 --- /dev/null +++ b/releasenotes/notes/key-manager-session-options-dfaecde2e9362bb9.yaml @@ -0,0 +1,15 @@ +--- +features: + - | + The following parameters have been added to + the ``glance::key_manager::barbican`` class. + + - ``insecure`` + - ``cafile`` + - ``certfile`` + - ``keyfile`` + - ``timeout`` + + - | + The new ``glance::key_manager::barbican::service_user::timeout`` parameter + has been added. diff --git a/spec/classes/glance_key_manager_barbican_service_user_spec.rb b/spec/classes/glance_key_manager_barbican_service_user_spec.rb index 89d53c3d..017f7a78 100644 --- a/spec/classes/glance_key_manager_barbican_service_user_spec.rb +++ b/spec/classes/glance_key_manager_barbican_service_user_spec.rb @@ -23,6 +23,7 @@ describe 'glance::key_manager::barbican::service_user' do :cafile => '', :certfile => '', :keyfile => '', + :timeout => '', :region_name => '', ) } @@ -43,6 +44,7 @@ describe 'glance::key_manager::barbican::service_user' do :cafile => '/opt/stack/data/cafile.pem', :certfile => 'certfile.crt', :keyfile => 'keyfile', + :timeout => 60, :region_name => 'regionOne', }) end @@ -62,6 +64,7 @@ describe 'glance::key_manager::barbican::service_user' do :cafile => '/opt/stack/data/cafile.pem', :certfile => 'certfile.crt', :keyfile => 'keyfile', + :timeout => 60, :region_name => 'regionOne', ) } diff --git a/spec/classes/glance_key_manager_barbican_spec.rb b/spec/classes/glance_key_manager_barbican_spec.rb index 5046a500..6a67af7f 100644 --- a/spec/classes/glance_key_manager_barbican_spec.rb +++ b/spec/classes/glance_key_manager_barbican_spec.rb @@ -13,6 +13,11 @@ describe 'glance::key_manager::barbican' do :barbican_endpoint_type => '', :barbican_region_name => '', :send_service_user_token => '', + :insecure => '', + :cafile => '', + :certfile => '', + :keyfile => '', + :timeout => '', ) } end @@ -28,6 +33,11 @@ describe 'glance::key_manager::barbican' do :barbican_endpoint_type => 'public', :barbican_region_name => 'regionOne', :send_service_user_token => true, + :insecure => false, + :cafile => 'cafile.pem', + :certfile => 'certfile.crt', + :keyfile => 'somekey.key', + :timeout => 60, } end @@ -41,6 +51,11 @@ describe 'glance::key_manager::barbican' do :barbican_endpoint_type => 'public', :barbican_region_name => 'regionOne', :send_service_user_token => true, + :insecure => false, + :cafile => 'cafile.pem', + :certfile => 'certfile.crt', + :keyfile => 'somekey.key', + :timeout => 60, ) } end