---
driver:
  name: docker
  hostname: barbican.ci.local
  use_sudo: false

provisioner:
  name: salt_solo
  salt_install: bootstrap
  salt_bootstrap_url: https://bootstrap.saltstack.com
  salt_version: latest
  require_chef: false
  log_level: error
  formula: barbican
  grains:
    noservices: True
  dependencies:
    - name: apache
      repo: git
      source: https://gerrit.mcp.mirantis.com/salt-formulas/apache
      branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
    - name: keystone
      repo: git
      source: https://gerrit.mcp.mirantis.com/salt-formulas/keystone
      branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
    - name: oslo_templates
      repo: git
      source: https://gerrit.mcp.mirantis.com/salt-formulas/oslo-templates
      branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
  state_top:
    base:
      "*":
        - apache
        - barbican
  pillars:
    barbican_plugins.sls:
      barbican:
        server:
          plugin:
            vault:
              schema: https
              host: localhost
              port: 8200
              root_token_id: s.hpamtsbW5vcHFyc3R1dnd4eXo
              approle_role_id: role_id
              approle_secret_id: secret_id
              kv_mountpoint: secret
              ssl_ca_crt_file: '/etc/barbican/ssl/vault/CA.crt'
              cacert: |
                -----BEGIN CERTIFICATE-----
                MIIF0TCCA7mgAwIBAgIJAOkTQnjLz6rEMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
                -----END CERTIFICATE-----
    ssl.sls:
      barbican:
        server:
          identity:
            engine: keystone
            host: 10.0.106.20
            port: 35357
            domain: default
            tenant: service
            user: barbican
            password: password
          database:
            engine: "mysql+pymysql"
            host: 10.0.106.20
            port: 3306
            name: barbican
            user: barbican
            password: password
            x509:
              enabled: True
              ca_file: /etc/barbican/ssl/mysql/ca-cert.pem
              key_file: /etc/barbican/ssl/mysql/client-key.pem
              cert_file: /etc/barbican/ssl/mysql/client-cert.pem
              cacert: |
                -----BEGIN CERTIFICATE-----
                MIIFzzCCA7egAwIBAgIIe7zZ8hCvkgowDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
                -----END CERTIFICATE-----
              cert: |
                -----BEGIN CERTIFICATE-----
                MIIGSjCCBDKgAwIBAgIJAIHRPs2rZbLvMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
                -----END CERTIFICATE-----
              key: |
                -----BEGIN RSA PRIVATE KEY-----
                MIIJKQIBAAKCAgEAq0m4kOIITliYea07yJnlSRNY0o6NaykiteSfHGauiub4lNQJ
                -----END RSA PRIVATE KEY-----
            ssl:
              enabled: True
              cacert_file: /etc/barbican/ssl/mysql/ca-cert.pem
              cacert: |
                -----BEGIN CERTIFICATE-----
                MIIFzzCCA7egAwIBAgIIe7zZ8hCvkgowDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
                -----END CERTIFICATE-----
              message_queue:
                engine: rabbitmq
                user: openstack
                password: password
                virtual_host: '/openstack'
                members:
                - host: 10.10.10.10
                  port: 5672
                - host: 10.10.10.11
                  port: 5672
                - host: 10.10.10.12
                  port: 5672
                port: 5671
                ssl:
                  # Case #1: specify cacert file and ca cert body explicitly
                  enabled: True
                  cacert_file: /etc/barbican/ssl/rabbitmq_cacert.pem
                  cacert: |
                      -----BEGIN CERTIFICATE-----
                      MIIF0TCCA7mgAwIBAgIJAMHIQpWZYGDTMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
                      BAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0GA1UEBwwGUHJhZ3Vl
                      MREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MTQxMTI2MDdaFw0yNzA4MTIxMTI2
                      MDdaMEoxCzAJBgNVBAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0G
                      A1UEBwwGUHJhZ3VlMREwDwYDVQQKDAhNaXJhbnRpczCCAiIwDQYJKoZIhvcNAQEB
                      BQADggIPADCCAgoCggIBAL596jeUmim5bo0J52vPylX8xZOCaCvW9wlSYbk143dU
                      x7sqlAbPePvN6jj44BrYV01F4rCn9uxuaFLrbjF4rUDp81F0yMqghwyLmlTgJBOq
                      AMNiEtrBUwmenJPuM55IYeO9OFbPeBvZyqKy2IG18GbK35QE85rOgaEfgDIkVeV9
                      yNB8b+yftn3ebRZCceU5lx/o+w2eQkuyloy1F5QC7U2MhGF2ekLX79s8x+LNlbiO
                      EF1D/FWFor3HY9DwNlg7U99mVID2Bj8lPPt4dW8JDMKkghh+S797l3H6RYKHhIvs
                      wi+50ljhk5nHl+qCooGKuGZ2WokrGXWkoDfrrpl//7FFRPwauoU/akDVfoWYffqx
                      jnvlQFkAlI3S5F/vwJGI1JGvPv5p5uRxPJEeMI0Sp9bVrznHGCgaJyY+vIBoZCwS
                      i0t16gsgeezcu44Y65crv4XNOBKOS+KqvMwdzzukOj9YsYwNnlLly0VvTEdxTwwI
                      7NopRglUQrLusjZ5wwe23kf07xVxC98e1LRQzR5oEAUKkDrQzjmXBfcV92GrE3s7
                      1L4dvfXUE1mVxabhBCoS6kO3JQGPK+1LJDIs/F0uVVtOy/oz6mIdV2scCteFRAbm
                      BhfEoVbaYNlUxlNGno2I/HEep4P0DrFPQi0ZmGfvNO6t3EvTSnWcsUL9h55wZ3Pl
                      AgMBAAGjgbkwgbYwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
                      FN2inIsMteL9vxR8Lo0yHI+4KaDGMHoGA1UdIwRzMHGAFN2inIsMteL9vxR8Lo0y
                      HI+4KaDGoU6kTDBKMQswCQYDVQQGEwJjejEXMBUGA1UEAwwOU2FsdCBNYXN0ZXIg
                      Q0ExDzANBgNVBAcMBlByYWd1ZTERMA8GA1UECgwITWlyYW50aXOCCQDByEKVmWBg
                      0zANBgkqhkiG9w0BAQsFAAOCAgEAq8yv5IZWHyZuySpe85GCfdn4VFfSw6O1tdOZ
                      7PnCNGqkLie3D0X5VIymDkEwSGrvRtAKvtRajej/1/T2lNJNzQaqQObMK9UpXMmu
                      g0qjAjYjbYMRS+4V1FJiyxxqyvE//XO+Jznj3jnF6IDnTYJp3tCUswvUYRSpAErP
                      CwtvBLzPhF9t3W+ElcrgM7UNDPRoVlun0q6FH4WAAKuuqXfJaEbe9XrkR+cBlP4O
                      7utdveEREw0cONoFtHM/yVwb9ovaitMEA/b6qH286cJ59zXJbhMe7+n9dFlMnAAh
                      WfayyLzlaOjxicGMPcmUMRh9n8fml7bR3mekL1BGZt451kH3+FSfjPpF3hqVqb3c
                      8LZsCrD10UYUOOQ1zyE8YaeQ6UgNW7LFJlngvNLAZKxRupc0FNGgDTMr8sgdBBeR
                      gH0cp+h4mDusEzYpaPIqci5+UOMelK/SMIYzMtD1ogZp/c9qIGh5nXwRkspHGrtk
                      ay6yizlPyY4QS1dOD/8nhGRbp5OQF1o5ZUtXlnaFHeLK7zl9iddqSvBVUNFdpDz+
                      uVYHAw4O2T7J7ge+gGgmjRPQjW1+O+jFWlSkO+7iFjdIOTZ6tpqYEglh0khgM8b5
                      V0MAVuww51/1DqirRG6Ge/3Sw44eDZID22jjCwLrDH0GSX76cDTe6Bx/WS0Wg7y/
                      /86PB1o=
                      -----END CERTIFICATE-----
    top.sls:
      base:
        "*":
          - barbican
          - linux_repo_openstack
          - release

verifier:
  name: inspec
  sudo: true

docker_images:
  - &xenial-20177 <%=ENV['IMAGE_XENIAL_20177'] || 'docker-dev-local.docker.mirantis.net/mirantis/drivetrain/salt-formulas-ci/salt-formulas-ci-xenial-2017.7:latest'%>

platforms:
  - name: xenial-2017.7
    driver_config:
      image: *xenial-20177
      platform: ubuntu

suites:
<% for os_version in ['pike', 'queens', 'rocky'] %>
  - name: control_single_<%=os_version%>
    provisioner:
      pillars-from-files:
        barbican.sls: tests/pillar/control_single.sls
        linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
      pillars:
        release.sls:
          barbican:
            server:
              version: <%=os_version%>
        top.sls:
          base:
            "*":
              - barbican
              - linux_repo_openstack
              - release
              <% unless os_version == 'ocata' || os_version == 'pike' %>
              - barbican_plugins
              <% end %>

  - name: control_cluster_<%=os_version%>
    provisioner:
      pillars-from-files:
        barbican.sls: tests/pillar/control_cluster.sls
        linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
      pillars:
        release.sls:
          barbican:
            server:
              version: <%=os_version%>
        top.sls:
          base:
            "*":
              - barbican
              - linux_repo_openstack
              - release
              <% unless os_version == 'ocata' || os_version == 'pike' %>
              - barbican_plugins
              <% end %>

  - name: control_single_ssl_<%=os_version%>
    provisioner:
      pillars-from-files:
        barbican.sls: tests/pillar/control_single.sls
        linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
      pillars:
        release.sls:
          barbican:
            server:
              version: <%=os_version%>
        top.sls:
          base:
            "*":
              - barbican
              - linux_repo_openstack
              - release
              - ssl

  - name: control_cluster_ssl_<%=os_version%>
    provisioner:
      pillars-from-files:
        barbican.sls: tests/pillar/control_cluster.sls
        linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
      pillars:
        release.sls:
          barbican:
            server:
              version: <%=os_version%>
        top.sls:
          base:
            "*":
              - barbican
              - linux_repo_openstack
              - release
              - ssl
<% end %>
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125