Fix missing session options for Barbican key manager 

Change-Id: I9afd84c6ea14b504612d33f66b0c6ded91c8ce54
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025年09月10日 23:43:49 +09:00
parent 9718f428f5
commit e449a0bb21

View File

@@ -41,6 +41,29 @@
#(Optional)Theserviceusesservicetokenfeaturewhenthisissetastrue.
#Defaultsto$facts['os_service_default']
#
#[*insecure*]
#(Optional)Iftrue,explicitlyallowTLSwithoutcheckingservercert
#againstanycertificateauthorities.WARNING:notrecommended.Usewith
#caution.
#Defaultsto$facts['os_service_default']
#
#[*cafile*]
#(Optional)APEMencodedCertificateAuthoritytousewhenverifyingHTTPs
#connections.
#Defaultsto$facts['os_service_default'].
#
#[*certfile*]
#(Optional)Requiredifidentityserverrequiresclientcertificate
#Defaultsto$facts['os_service_default'].
#
#[*keyfile*]
#(Optional)Requiredifidentityserverrequiresclientcertificate
#Defaultsto$facts['os_service_default'].
#
#[*timeout*]
#(Optional)Timeoutvalueforconnectingtobarbicaninseconds.
#Defaultsto$facts['os_service_default']
#
defineoslo::key_manager::barbican(
$config=$name,
$barbican_endpoint=$facts['os_service_default'],
@@ -51,6 +74,11 @@ define oslo::key_manager::barbican (
$barbican_endpoint_type=$facts['os_service_default'],
$barbican_region_name=$facts['os_service_default'],
$send_service_user_token=$facts['os_service_default'],
$insecure=$facts['os_service_default'],
$cafile=$facts['os_service_default'],
$certfile=$facts['os_service_default'],
$keyfile=$facts['os_service_default'],
$timeout=$facts['os_service_default'],
){
$barbican_options = {
'barbican/barbican_endpoint' => { value => $barbican_endpoint },
@@ -61,6 +89,11 @@ define oslo::key_manager::barbican (
'barbican/barbican_endpoint_type'=>{ value => $barbican_endpoint_type },
'barbican/barbican_region_name'=>{ value => $barbican_region_name },
'barbican/send_service_user_token'=>{ value => $send_service_user_token },
'barbican/insecure'=>{ value => $insecure },
'barbican/cafile'=>{ value => $cafile },
'barbican/certfile'=>{ value => $certfile },
'barbican/keyfile'=>{ value => $keyfile },
'barbican/timeout'=>{ value => $timeout },
}
create_resources($config,$barbican_options)

View File

@@ -62,6 +62,10 @@
#(Optional)Requiredifidentityserverrequiresclientcertificate
#Defaultsto$facts['os_service_default'].
#
#[*timeout*]
#(Optional)Timeoutvalueforconnectingtokeystoneinseconds.
#Defaultsto$facts['os_service_default']
#
#[*region_name*]
#(Optional)Theregioninwhichtheidentityservercanbefound.
#Defaultsto$facts['os_service_default'].
@@ -80,6 +84,7 @@ define oslo::key_manager::barbican::service_user (
$cafile=$facts['os_service_default'],
$certfile=$facts['os_service_default'],
$keyfile=$facts['os_service_default'],
$timeout=$facts['os_service_default'],
$region_name=$facts['os_service_default'],
){
if is_service_default($system_scope) {
@@ -95,10 +100,6 @@ define oslo::key_manager::barbican::service_user (
$service_user_options={
'barbican_service_user/auth_type' => { 'value' => $auth_type },
'barbican_service_user/auth_version'=>{ 'value' => $auth_version },
'barbican_service_user/cafile'=>{ 'value' => $cafile },
'barbican_service_user/certfile'=>{ 'value' => $certfile },
'barbican_service_user/keyfile'=>{ 'value' => $keyfile },
'barbican_service_user/region_name'=>{ 'value' => $region_name },
'barbican_service_user/auth_url'=>{ 'value' => $auth_url },
'barbican_service_user/username'=>{ 'value' => $username },
'barbican_service_user/password'=>{ 'value' => $password, 'secret' => true },
@@ -107,6 +108,11 @@ define oslo::key_manager::barbican::service_user (
'barbican_service_user/project_domain_name'=>{ 'value' => $project_domain_name_real },
'barbican_service_user/system_scope'=>{ 'value' => $system_scope },
'barbican_service_user/insecure'=>{ 'value' => $insecure },
'barbican_service_user/cafile'=>{ 'value' => $cafile },
'barbican_service_user/certfile'=>{ 'value' => $certfile },
'barbican_service_user/keyfile'=>{ 'value' => $keyfile },
'barbican_service_user/timeout'=>{ 'value' => $timeout },
'barbican_service_user/region_name'=>{ 'value' => $region_name },
}
create_resources($name,$service_user_options)

View File

@@ -0,0 +1,14 @@
---
features:
- |
The following parameters have been added to
the ``oslo::key_manager::barbican`` defined resource type.
- ``insecure``
- ``cafile``
- ``certfile``
- ``keyfile``
- |
The new ``oslo::key_manager::barbican::service_type::timeout`` parameter
has been added.

View File

@@ -26,6 +26,7 @@ describe 'oslo::key_manager::barbican::service_user' do
is_expected.to contain_keystone_config('barbican_service_user/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican_service_user/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican_service_user/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican_service_user/timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican_service_user/region_name').with_value('<SERVICE DEFAULT>')
end
end
@@ -45,6 +46,7 @@ describe 'oslo::key_manager::barbican::service_user' do
:cafile => 'cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'somekey.key',
:timeout => 60,
:region_name => 'MyRegion',
})
end
@@ -61,6 +63,7 @@ describe 'oslo::key_manager::barbican::service_user' do
is_expected.to contain_keystone_config('barbican_service_user/cafile').with_value(params[:cafile])
is_expected.to contain_keystone_config('barbican_service_user/certfile').with_value(params[:certfile])
is_expected.to contain_keystone_config('barbican_service_user/keyfile').with_value(params[:keyfile])
is_expected.to contain_keystone_config('barbican_service_user/timeout').with_value(params[:timeout])
is_expected.to contain_keystone_config('barbican_service_user/region_name').with_value(params[:region_name])
end
end

View File

@@ -20,6 +20,11 @@ describe 'oslo::key_manager::barbican' do
is_expected.to contain_keystone_config('barbican/barbican_endpoint_type').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican/barbican_region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican/send_service_user_token').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican/insecure').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican/cafile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican/certfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican/keyfile').with_value('<SERVICE DEFAULT>')
is_expected.to contain_keystone_config('barbican/timeout').with_value('<SERVICE DEFAULT>')
end
end
@@ -34,6 +39,11 @@ describe 'oslo::key_manager::barbican' do
:barbican_endpoint_type => 'public',
:barbican_region_name => 'regionOne',
:send_service_user_token => true,
:insecure => false,
:cafile => 'cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'somekey.key',
:timeout => 60,
}
end
@@ -46,6 +56,11 @@ describe 'oslo::key_manager::barbican' do
is_expected.to contain_keystone_config('barbican/barbican_endpoint_type').with_value('public')
is_expected.to contain_keystone_config('barbican/barbican_region_name').with_value('regionOne')
is_expected.to contain_keystone_config('barbican/send_service_user_token').with_value(true)
is_expected.to contain_keystone_config('barbican/insecure').with_value(false)
is_expected.to contain_keystone_config('barbican/cafile').with_value('cafile.pem')
is_expected.to contain_keystone_config('barbican/certfile').with_value('certfile.crt')
is_expected.to contain_keystone_config('barbican/keyfile').with_value('somekey.key')
is_expected.to contain_keystone_config('barbican/timeout').with_value(60)
end
end
end
Reference in New Issue
openstack/puppet-oslo
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.

The note is not visible to the blocked user.