| Marc Koderer | 3529ea7 | 2016-12-02 13:21:03 +0100 | [diff] [blame] | 1 | # Copyright 2016 SAP SE |
| 2 | # All Rights Reserved. |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 5 | # not use this file except in compliance with the License. You may obtain |
| 6 | # a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 | # License for the specific language governing permissions and limitations |
| 14 | # under the License. |
| 15 | |
| 16 | from oslo_config import cfg |
| 17 | |
| 18 | service_option = cfg.BoolOpt("barbican", |
| 19 | default=True, |
| 20 | help="Whether or not barbican is expected to be " |
| 21 | "available") |
| Jackie Truong | ab903f3 | 2017-04-10 18:03:27 -0400 | [diff] [blame] | 22 | |
| Ade Lee | 519aa80 | 2022-05-06 12:33:06 -0400 | [diff] [blame] | 23 | key_manager_group = cfg.OptGroup( |
| 24 | name='key_manager', |
| 25 | title='Key Manager (Barbican) service options' |
| 26 | ) |
| 27 | |
| 28 | KeyManagerOpts = [ |
| 29 | cfg.StrOpt('min_microversion', |
| 30 | default=None, |
| 31 | help="Lower version of the test target microversion range. " |
| 32 | "The format is 'X.Y', where 'X' and 'Y' are int values. " |
| 33 | "Tempest selects tests based on the range between " |
| 34 | "min_microversion and max_microversion. " |
| 35 | "If both values are not specified, Tempest avoids tests " |
| 36 | "which require a microversion. Valid values are string " |
| 37 | "with format 'X.Y' or string 'latest'"), |
| 38 | cfg.StrOpt('max_microversion', |
| 39 | default=None, |
| 40 | help="Upper version of the test target microversion range. " |
| 41 | "The format is 'X.Y', where 'X' and 'Y' are int values. " |
| 42 | "Tempest selects tests based on the range between " |
| 43 | "min_microversion and max_microversion. " |
| 44 | "If both values are not specified, Tempest avoids tests " |
| 45 | "which require a microversion. Valid values are string " |
| Lukáš Piwowarski | b18a6bf | 2023-04-25 17:48:44 +0200 | [diff] [blame] | 46 | "with format 'X.Y' or string 'latest'"), |
| 47 | cfg.StrOpt('region', |
| 48 | default='regionOne', |
| 49 | help="The barbican region name to use. If no such region is" |
| 50 | "found in the service catalog, the first found one is " |
| 51 | "used.") |
| Ade Lee | 519aa80 | 2022-05-06 12:33:06 -0400 | [diff] [blame] | 52 | ] |
| 53 | |
| Douglas Mendizábal | e654464 | 2021-04-01 16:50:38 -0500 | [diff] [blame] | 54 | barbican_tempest_group = cfg.OptGroup( |
| 55 | name='barbican_tempest', |
| 56 | title='Key Manager (Barbican) service options' |
| 57 | ) |
| 58 | |
| 59 | BarbicanGroupOpts = [ |
| 60 | cfg.BoolOpt('enable_multiple_secret_stores', |
| 61 | default=False, |
| 62 | help="Flag to enable mulitple secret store tests") |
| 63 | ] |
| 64 | |
| Jackie Truong | ab903f3 | 2017-04-10 18:03:27 -0400 | [diff] [blame] | 65 | ephemeral_storage_encryption_group = cfg.OptGroup( |
| 66 | name="ephemeral_storage_encryption", |
| 67 | title="Ephemeral storage encryption options") |
| 68 | |
| 69 | EphemeralStorageEncryptionGroup = [ |
| 70 | cfg.BoolOpt('enabled', |
| 71 | default=False, |
| 72 | help="Does the test environment support ephemeral storage " |
| 73 | "encryption?"), |
| 74 | cfg.StrOpt('cipher', |
| 75 | default='aes-xts-plain64', |
| 76 | help="The cipher and mode used to encrypt ephemeral storage. " |
| 77 | "AES-XTS is recommended by NIST specifically for disk " |
| 78 | "storage, and the name is shorthand for AES encryption " |
| 79 | "using the XTS encryption mode. Available ciphers depend " |
| 80 | "on kernel support. At the command line, type " |
| 81 | "'cryptsetup benchmark' to determine the available " |
| 82 | "options (and see benchmark results), or go to " |
| 83 | "/proc/crypto."), |
| 84 | cfg.IntOpt('key_size', |
| 85 | default=256, |
| 86 | help="The key size used to encrypt ephemeral storage."), |
| 87 | ] |
| Colleen Murphy | 62ec85c | 2019-04-03 09:27:05 -0700 | [diff] [blame] | 88 | |
| 89 | image_signature_verification_group = cfg.OptGroup( |
| 90 | name="image_signature_verification", |
| 91 | title="Image Signature Verification Options") |
| 92 | |
| 93 | ImageSignatureVerificationGroup = [ |
| 94 | cfg.BoolOpt('enforced', |
| 95 | default=True, |
| 96 | help="Does the test environment enforce glance image " |
| 97 | "verification?"), |
| Lukáš Piwowarski | bf80ee0 | 2023-04-20 12:00:47 +0200 | [diff] [blame] | 98 | cfg.BoolOpt('certificate_validation', |
| 99 | default=True, |
| 100 | help="Does the test environment enforce image signature" |
| 101 | "certificate validation?") |
| Colleen Murphy | 62ec85c | 2019-04-03 09:27:05 -0700 | [diff] [blame] | 102 | ] |
| Ade Lee | c80b00a | 2021-02-09 14:49:41 -0500 | [diff] [blame] | 103 | |
| 104 | barbican_rbac_scope_verification_group = cfg.OptGroup( |
| 105 | name="barbican_rbac_scope_verification", |
| 106 | title="Barbican RBAC Verification Options") |
| 107 | |
| 108 | BarbicanRBACScopeVerificationGroup = [ |
| 109 | cfg.BoolOpt('enforce_scope', |
| 110 | default=False, |
| 111 | help="Does barbican enforce scope and user " |
| 112 | "scope-aware policies?"), |
| 113 | ] |