| Marc Koderer | 3529ea7 | 2016-12-02 13:21:03 +0100 | [diff] [blame] | 1 | # Copyright 2016 SAP SE |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| 16 | from oslo_config import cfg |
| 17 | |
| 18 | service_option = cfg.BoolOpt("barbican", |
| 19 | default=True, |
| 20 | help="Whether or not barbican is expected to be " |
| 21 | "available") |
| Jackie Truong | ab903f3 | 2017-04-10 18:03:27 -0400 | [diff] [blame] | 22 | |
| Douglas Mendizábal | e654464 | 2021-04-01 16:50:38 -0500 | [diff] [blame] | 23 | barbican_tempest_group = cfg.OptGroup( |
| 24 | name='barbican_tempest', |
| 25 | title='Key Manager (Barbican) service options' |
| 26 | ) |
| 27 | |
| 28 | BarbicanGroupOpts = [ |
| 29 | cfg.BoolOpt('enable_multiple_secret_stores', |
| 30 | default=False, |
| 31 | help="Flag to enable mulitple secret store tests") |
| 32 | ] |
| 33 | |
| Jackie Truong | ab903f3 | 2017-04-10 18:03:27 -0400 | [diff] [blame] | 34 | ephemeral_storage_encryption_group = cfg.OptGroup( |
| 35 | name="ephemeral_storage_encryption", |
| 36 | title="Ephemeral storage encryption options") |
| 37 | |
| 38 | EphemeralStorageEncryptionGroup = [ |
| 39 | cfg.BoolOpt('enabled', |
| 40 | default=False, |
| 41 | help="Does the test environment support ephemeral storage " |
| 42 | "encryption?"), |
| 43 | cfg.StrOpt('cipher', |
| 44 | default='aes-xts-plain64', |
| 45 | help="The cipher and mode used to encrypt ephemeral storage. " |
| 46 | "AES-XTS is recommended by NIST specifically for disk " |
| 47 | "storage, and the name is shorthand for AES encryption " |
| 48 | "using the XTS encryption mode. Available ciphers depend " |
| 49 | "on kernel support. At the command line, type " |
| 50 | "'cryptsetup benchmark' to determine the available " |
| 51 | "options (and see benchmark results), or go to " |
| 52 | "/proc/crypto."), |
| 53 | cfg.IntOpt('key_size', |
| 54 | default=256, |
| 55 | help="The key size used to encrypt ephemeral storage."), |
| 56 | ] |
| Colleen Murphy | 62ec85c | 2019-04-03 09:27:05 -0700 | [diff] [blame] | 57 | |
| 58 | image_signature_verification_group = cfg.OptGroup( |
| 59 | name="image_signature_verification", |
| 60 | title="Image Signature Verification Options") |
| 61 | |
| 62 | ImageSignatureVerificationGroup = [ |
| 63 | cfg.BoolOpt('enforced', |
| 64 | default=True, |
| 65 | help="Does the test environment enforce glance image " |
| 66 | "verification?"), |
| 67 | ] |
| Ade Lee | c80b00a | 2021-02-09 14:49:41 -0500 | [diff] [blame] | 68 | |
| 69 | barbican_rbac_scope_verification_group = cfg.OptGroup( |
| 70 | name="barbican_rbac_scope_verification", |
| 71 | title="Barbican RBAC Verification Options") |
| 72 | |
| 73 | BarbicanRBACScopeVerificationGroup = [ |
| 74 | cfg.BoolOpt('enforce_scope', |
| 75 | default=False, |
| 76 | help="Does barbican enforce scope and user " |
| 77 | "scope-aware policies?"), |
| 78 | ] |