blob: 67a7986848f6768e897f5330f7e33dc7dab56f18 [file] [log] [blame]
Marc Koderer3529ea72016-12-02 13:21:03 +01001# Copyright 2016 SAP SE
2# All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15
16from oslo_config import cfg
17
18service_option = cfg.BoolOpt("barbican",
19 default=True,
20 help="Whether or not barbican is expected to be "
21 "available")
Jackie Truongab903f32017-04-10 18:03:27 -040022
23ephemeral_storage_encryption_group = cfg.OptGroup(
24 name="ephemeral_storage_encryption",
25 title="Ephemeral storage encryption options")
26
27EphemeralStorageEncryptionGroup = [
28 cfg.BoolOpt('enabled',
29 default=False,
30 help="Does the test environment support ephemeral storage "
31 "encryption?"),
32 cfg.StrOpt('cipher',
33 default='aes-xts-plain64',
34 help="The cipher and mode used to encrypt ephemeral storage. "
35 "AES-XTS is recommended by NIST specifically for disk "
36 "storage, and the name is shorthand for AES encryption "
37 "using the XTS encryption mode. Available ciphers depend "
38 "on kernel support. At the command line, type "
39 "'cryptsetup benchmark' to determine the available "
40 "options (and see benchmark results), or go to "
41 "/proc/crypto."),
42 cfg.IntOpt('key_size',
43 default=256,
44 help="The key size used to encrypt ephemeral storage."),
45]
Colleen Murphy62ec85c2019-04-03 09:27:05 -070046
47image_signature_verification_group = cfg.OptGroup(
48 name="image_signature_verification",
49 title="Image Signature Verification Options")
50
51ImageSignatureVerificationGroup = [
52 cfg.BoolOpt('enforced',
53 default=True,
54 help="Does the test environment enforce glance image "
55 "verification?"),
56]
Ade Leec80b00a2021-02-09 14:49:41 -050057
58barbican_rbac_scope_verification_group = cfg.OptGroup(
59 name="barbican_rbac_scope_verification",
60 title="Barbican RBAC Verification Options")
61
62BarbicanRBACScopeVerificationGroup = [
63 cfg.BoolOpt('enforce_scope',
64 default=False,
65 help="Does barbican enforce scope and user "
66 "scope-aware policies?"),
67]