blob: 67a7986848f6768e897f5330f7e33dc7dab56f18 [file] [log] [blame]
# Copyright 2016 SAP SE
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
service_option = cfg.BoolOpt("barbican",
default=True,
help="Whether or not barbican is expected to be "
"available")
ephemeral_storage_encryption_group = cfg.OptGroup(
name="ephemeral_storage_encryption",
title="Ephemeral storage encryption options")
EphemeralStorageEncryptionGroup = [
cfg.BoolOpt('enabled',
default=False,
help="Does the test environment support ephemeral storage "
"encryption?"),
cfg.StrOpt('cipher',
default='aes-xts-plain64',
help="The cipher and mode used to encrypt ephemeral storage. "
"AES-XTS is recommended by NIST specifically for disk "
"storage, and the name is shorthand for AES encryption "
"using the XTS encryption mode. Available ciphers depend "
"on kernel support. At the command line, type "
"'cryptsetup benchmark' to determine the available "
"options (and see benchmark results), or go to "
"/proc/crypto."),
cfg.IntOpt('key_size',
default=256,
help="The key size used to encrypt ephemeral storage."),
]
image_signature_verification_group = cfg.OptGroup(
name="image_signature_verification",
title="Image Signature Verification Options")
ImageSignatureVerificationGroup = [
cfg.BoolOpt('enforced',
default=True,
help="Does the test environment enforce glance image "
"verification?"),
]
barbican_rbac_scope_verification_group = cfg.OptGroup(
name="barbican_rbac_scope_verification",
title="Barbican RBAC Verification Options")
BarbicanRBACScopeVerificationGroup = [
cfg.BoolOpt('enforce_scope',
default=False,
help="Does barbican enforce scope and user "
"scope-aware policies?"),
]