Adding ability to configure identity protocol
The patch adds ability to configure identity protocol
according to set from below:
barbican:
server:
identity:
protocol:
https or http
Change-Id: Ic04b6dd4fc8a33e022fe2d3d4cbedc4151f5f98e
diff --git a/barbican/files/ocata/barbican.conf.Debian b/barbican/files/ocata/barbican.conf.Debian
index 83f73e1..b3fe9aa 100644
--- a/barbican/files/ocata/barbican.conf.Debian
+++ b/barbican/files/ocata/barbican.conf.Debian
@@ -16,7 +16,11 @@
# blank. Blank is needed to override default config value which is
# 'http://localhost:9311'.
### host_href = http://localhost:9311
-host_href = {{ server.get('host_href', '') }}
+{%- if server.host_href is defined %}
+host_href = {{ server.host_href }}
+{%- else %}
+host_href =
+{%- endif %}
# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
@@ -471,8 +475,8 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri = http://{{ server.identity.host }}:5000
-auth_url = http://{{ server.identity.host }}:35357
+auth_uri = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
interface = {{ server.identity.get('endpoint_type', 'internal') }}
{%- if server.cache is defined %}
@@ -483,6 +487,10 @@
region_name = {{ server.get('region', 'RegionOne') }}
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
# clients are redirected to this endpoint to authenticate. Although this
diff --git a/barbican/files/pike/barbican.conf.Debian b/barbican/files/pike/barbican.conf.Debian
index 83f73e1..b3fe9aa 100644
--- a/barbican/files/pike/barbican.conf.Debian
+++ b/barbican/files/pike/barbican.conf.Debian
@@ -16,7 +16,11 @@
# blank. Blank is needed to override default config value which is
# 'http://localhost:9311'.
### host_href = http://localhost:9311
-host_href = {{ server.get('host_href', '') }}
+{%- if server.host_href is defined %}
+host_href = {{ server.host_href }}
+{%- else %}
+host_href =
+{%- endif %}
# Log to this file. Make sure you do not set the same log
# file for both the API and registry servers!
@@ -471,8 +475,8 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri = http://{{ server.identity.host }}:5000
-auth_url = http://{{ server.identity.host }}:35357
+auth_uri = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
interface = {{ server.identity.get('endpoint_type', 'internal') }}
{%- if server.cache is defined %}
@@ -483,6 +487,10 @@
region_name = {{ server.get('region', 'RegionOne') }}
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile = {{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
+
# Complete "public" Identity API endpoint. This endpoint should not be an
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
# clients are redirected to this endpoint to authenticate. Although this