Add config option for Barbican endpoint type
This change willl allow the user to specify the endpoint
type for Barbican. The allowed values are: public, internal,
and admin. The default value will be 'public' since this is
the current value.
Change-Id: Ic89519ed3a9c347a9fff245ec231aa575b42f1ac
Closes-bug: 1767473
Ellen Batbouta
5 years ago
| 69 | 69 | default=True, |
| 70 | 70 | help='Specifies if insecure TLS (https) requests. If False, ' |
| 71 | 71 | 'the server\'s certificate will not be validated'), |
| 72 | cfg.StrOpt('barbican_endpoint_type', | |
| 73 | default='public', | |
| 74 | choices=['public', 'internal', 'admin'], | |
| 75 | help='Specifies the type of endpoint. Allowed values are: ' | |
| 76 | 'public, private, and admin'), | |
| 77 | ||
| 72 | 78 | ] |
| 73 | 79 | |
| 74 | 80 | BARBICAN_OPT_GROUP = 'barbican' |
| 182 | 188 | raise exception.Forbidden(reason=msg) |
| 183 | 189 | |
| 184 | 190 | def _get_barbican_endpoint(self, auth, sess): |
| 185 | if self.conf.barbican.barbican_endpoint: | |
| 186 | return self.conf.barbican.barbican_endpoint | |
| 191 | barbican = self.conf.barbican | |
| 192 | if barbican.barbican_endpoint: | |
| 193 | return barbican.barbican_endpoint | |
| 187 | 194 | else: |
| 188 | 195 | service_parameters = {'service_type': 'key-manager', |
| 189 | 196 | 'service_name': 'barbican', |
| 190 | 'interface': 'public'} | |
| 197 | 'interface': barbican.barbican_endpoint_type} | |
| 191 | 198 | return auth.get_endpoint(sess, **service_parameters) |
| 192 | 199 | |
| 193 | 200 | def _create_base_url(self, auth, sess, endpoint): |
| 39 | 39 | barbican_api_version=None, auth_endpoint=None, |
| 40 | 40 | retry_delay=None, number_of_retries=None, verify_ssl=None, |
| 41 | 41 | api_class=None, vault_root_token_id=None, vault_url=None, |
| 42 | vault_ssl_ca_crt_file=None, vault_use_ssl=None): | |
| 42 | vault_ssl_ca_crt_file=None, vault_use_ssl=None, | |
| 43 | barbican_endpoint_type=None): | |
| 43 | 44 | """Set defaults for configuration values. |
| 44 | 45 | |
| 45 | 46 | Overrides the default options values. |
| 55 | 56 | :param vault_url: Use this for the url for vault. |
| 56 | 57 | :param vault_use_ssl: Use this to force vault driver to use ssl. |
| 57 | 58 | :param vault_ssl_ca_crt_file: Use this for the CA file for vault. |
| 59 | :param barbican_endpoint_type: Use this to specify the type of URL. | |
| 60 | : Valid values are: public, internal or admin. | |
| 58 | 61 | """ |
| 59 | 62 | conf.register_opts(km.key_manager_opts, group='key_manager') |
| 60 | 63 | if bkm: |
| 85 | 88 | group=bkm.BARBICAN_OPT_GROUP) |
| 86 | 89 | if verify_ssl is not None: |
| 87 | 90 | conf.set_default('verify_ssl', verify_ssl, |
| 91 | group=bkm.BARBICAN_OPT_GROUP) | |
| 92 | if barbican_endpoint_type is not None: | |
| 93 | conf.set_default('barbican_endpoint_type', barbican_endpoint_type, | |
| 88 | 94 | group=bkm.BARBICAN_OPT_GROUP) |
| 89 | 95 | |
| 90 | 96 | if vkm is not None: |
| 65 | 65 | options.set_defaults(conf, verify_ssl=True) |
| 66 | 66 | self.assertEqual(verify_ssl, |
| 67 | 67 | conf.get(bkm.BARBICAN_OPT_GROUP).verify_ssl) |
| 68 | ||
| 69 | barbican_endpoint_type = 'internal' | |
| 70 | options.set_defaults(conf, barbican_endpoint_type='internal') | |
| 71 | result_type = conf.get(bkm.BARBICAN_OPT_GROUP).barbican_endpoint_type | |
| 72 | self.assertEqual(barbican_endpoint_type, result_type) |