| Marc Koderer | 3529ea7 | 2016-12-02 13:21:03 +0100 | [diff] [blame] | 1 | # Copyright 2016 SAP SE |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| 16 | from oslo_config import cfg |
| 17 | |
| 18 | service_option = cfg.BoolOpt("barbican", |
| 19 | default=True, |
| 20 | help="Whether or not barbican is expected to be " |
| 21 | "available") |
| Jackie Truong | ab903f3 | 2017-04-10 18:03:27 -0400 | [diff] [blame] | 22 | |
| Ade Lee | 519aa80 | 2022-05-06 12:33:06 -0400 | [diff] [blame^] | 23 | key_manager_group = cfg.OptGroup( |
| 24 | name='key_manager', |
| 25 | title='Key Manager (Barbican) service options' |
| 26 | ) |
| 27 | |
| 28 | KeyManagerOpts = [ |
| 29 | cfg.StrOpt('min_microversion', |
| 30 | default=None, |
| 31 | help="Lower version of the test target microversion range. " |
| 32 | "The format is 'X.Y', where 'X' and 'Y' are int values. " |
| 33 | "Tempest selects tests based on the range between " |
| 34 | "min_microversion and max_microversion. " |
| 35 | "If both values are not specified, Tempest avoids tests " |
| 36 | "which require a microversion. Valid values are string " |
| 37 | "with format 'X.Y' or string 'latest'"), |
| 38 | cfg.StrOpt('max_microversion', |
| 39 | default=None, |
| 40 | help="Upper version of the test target microversion range. " |
| 41 | "The format is 'X.Y', where 'X' and 'Y' are int values. " |
| 42 | "Tempest selects tests based on the range between " |
| 43 | "min_microversion and max_microversion. " |
| 44 | "If both values are not specified, Tempest avoids tests " |
| 45 | "which require a microversion. Valid values are string " |
| 46 | "with format 'X.Y' or string 'latest'") |
| 47 | ] |
| 48 | |
| Douglas Mendizábal | e654464 | 2021-04-01 16:50:38 -0500 | [diff] [blame] | 49 | barbican_tempest_group = cfg.OptGroup( |
| 50 | name='barbican_tempest', |
| 51 | title='Key Manager (Barbican) service options' |
| 52 | ) |
| 53 | |
| 54 | BarbicanGroupOpts = [ |
| 55 | cfg.BoolOpt('enable_multiple_secret_stores', |
| 56 | default=False, |
| 57 | help="Flag to enable mulitple secret store tests") |
| 58 | ] |
| 59 | |
| Jackie Truong | ab903f3 | 2017-04-10 18:03:27 -0400 | [diff] [blame] | 60 | ephemeral_storage_encryption_group = cfg.OptGroup( |
| 61 | name="ephemeral_storage_encryption", |
| 62 | title="Ephemeral storage encryption options") |
| 63 | |
| 64 | EphemeralStorageEncryptionGroup = [ |
| 65 | cfg.BoolOpt('enabled', |
| 66 | default=False, |
| 67 | help="Does the test environment support ephemeral storage " |
| 68 | "encryption?"), |
| 69 | cfg.StrOpt('cipher', |
| 70 | default='aes-xts-plain64', |
| 71 | help="The cipher and mode used to encrypt ephemeral storage. " |
| 72 | "AES-XTS is recommended by NIST specifically for disk " |
| 73 | "storage, and the name is shorthand for AES encryption " |
| 74 | "using the XTS encryption mode. Available ciphers depend " |
| 75 | "on kernel support. At the command line, type " |
| 76 | "'cryptsetup benchmark' to determine the available " |
| 77 | "options (and see benchmark results), or go to " |
| 78 | "/proc/crypto."), |
| 79 | cfg.IntOpt('key_size', |
| 80 | default=256, |
| 81 | help="The key size used to encrypt ephemeral storage."), |
| 82 | ] |
| Colleen Murphy | 62ec85c | 2019-04-03 09:27:05 -0700 | [diff] [blame] | 83 | |
| 84 | image_signature_verification_group = cfg.OptGroup( |
| 85 | name="image_signature_verification", |
| 86 | title="Image Signature Verification Options") |
| 87 | |
| 88 | ImageSignatureVerificationGroup = [ |
| 89 | cfg.BoolOpt('enforced', |
| 90 | default=True, |
| 91 | help="Does the test environment enforce glance image " |
| 92 | "verification?"), |
| 93 | ] |
| Ade Lee | c80b00a | 2021-02-09 14:49:41 -0500 | [diff] [blame] | 94 | |
| 95 | barbican_rbac_scope_verification_group = cfg.OptGroup( |
| 96 | name="barbican_rbac_scope_verification", |
| 97 | title="Barbican RBAC Verification Options") |
| 98 | |
| 99 | BarbicanRBACScopeVerificationGroup = [ |
| 100 | cfg.BoolOpt('enforce_scope', |
| 101 | default=False, |
| 102 | help="Does barbican enforce scope and user " |
| 103 | "scope-aware policies?"), |
| 104 | ] |