Add Barbican integration
This patch adds Barbican integration to Cinder
Change-Id: Idcae88e485ac32bdb013807ea88aaf0ce18f6b3f
Related-PROD: PROD-15205
diff --git a/.kitchen.yml b/.kitchen.yml
index 4a31b11..01c5fda 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -114,4 +114,9 @@
pillars-from-files:
cinder.sls: tests/pillar/vsp_single.sls
+ - name: volume_single_barbican
+ provisioner:
+ pillars-from-files:
+ cinder.sls: tests/pillar/volume_single_barbican.sls
+
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.travis.yml b/.travis.yml
index 9570c9b..62f155b 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -37,6 +37,8 @@
- PLATFORM=trevorj/salty-whales:xenial OS_VERSION=ocata SUITE=volume_single
- PLATFORM=trevorj/salty-whales:trusty OS_VERSION=mitaka SUITE=vsp_single
- PLATFORM=trevorj/salty-whales:xenial OS_VERSION=ocata SUITE=vsp_single
+ - PLATFORM=trevorj/salty-whales:trusty OS_VERSION=mitaka SUITE=volume_single_barbican
+ - PLATFORM=trevorj/salty-whales:xenial OS_VERSION=ocata SUITE=volume_single_barbican
before_script:
- set -o pipefail
diff --git a/README.rst b/README.rst
index 99a4ffe..1dc3850 100644
--- a/README.rst
+++ b/README.rst
@@ -62,6 +62,8 @@
audit:
enabled: false
osapi_max_limit: 500
+ barbican:
+ enabled: true
cinder:
volume:
@@ -109,6 +111,8 @@
pool: SAS7K2
audit:
enabled: false
+ barbican:
+ enabled: true
Enable CORS parameters
@@ -671,6 +675,14 @@
key:
conn_speed: fibre-10G
+Enable Barbican integration
+
+.. code-block:: yaml
+
+ cinder:
+ controller:
+ barbican:
+ enabled: true
Documentation and Bugs
============================
diff --git a/cinder/files/ocata/cinder.conf.controller.Debian b/cinder/files/ocata/cinder.conf.controller.Debian
index 9d2e42b..7e28979 100644
--- a/cinder/files/ocata/cinder.conf.controller.Debian
+++ b/cinder/files/ocata/cinder.conf.controller.Debian
@@ -179,8 +179,12 @@
{%- endif %}
auth_version = v3
+{%- if controller.get('barbican', {}).get('enabled', False) %}
+[key_manager]
+api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager
[barbican]
-auth_endpoint=http://{{ controller.identity.host }}:5000
+auth_endpoint = {{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.get('host', 'localhost') }}:{{ controller.identity.get('port', '5000') }}/v3
+{%- endif %}
[database]
idle_timeout=3600
diff --git a/cinder/files/ocata/cinder.conf.volume.Debian b/cinder/files/ocata/cinder.conf.volume.Debian
index 04d8cc0..b17a903 100644
--- a/cinder/files/ocata/cinder.conf.volume.Debian
+++ b/cinder/files/ocata/cinder.conf.volume.Debian
@@ -167,8 +167,12 @@
{%- endif %}
auth_version = v3
+{%- if volume.get('barbican', {}).get('enabled', False) %}
+[key_manager]
+api_class = castellan.key_manager.barbican_key_manager.BarbicanKeyManager
[barbican]
-auth_endpoint=http://{{ volume.identity.host }}:5000
+auth_endpoint = {{ volume.identity.get('protocol', 'http') }}://{{ volume.identity.get('host', 'localhost') }}:{{ volume.identity.get('port', '5000') }}/v3
+{%- endif %}
[database]
idle_timeout=3600
diff --git a/tests/pillar/volume_single_barbican.sls b/tests/pillar/volume_single_barbican.sls
new file mode 100644
index 0000000..5f28d06
--- /dev/null
+++ b/tests/pillar/volume_single_barbican.sls
@@ -0,0 +1,40 @@
+cinder:
+ volume:
+ enabled: true
+ version: ocata
+ barbican:
+ enabled: true
+ osapi:
+ host: 127.0.0.1
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ port: 3306
+ name: cinder
+ user: cinder
+ password: password
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ port: 35357
+ tenant: service
+ user: cinder
+ password: password
+ endpoint_type: internalURL
+ region: regionOne
+ glance:
+ host: 127.0.0.1
+ port: 9292
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ port: 5672
+ user: openstack
+ password: password
+ virtual_host: '/openstack'
+ storage:
+ engine: storwize
+ host: 192.168.0.1
+ port: 22
+ user: username
+ password: pass