1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
# == Class: cinder::key_manager::barbican
#
# Setup and configure Barbican Key Manager options
#
# === Parameters
#
# [*barbican_endpoint*]
# (Optional) Use this endpoint to connect to Barbican.
# Defaults to $facts['os_service_default']
#
# [*barbican_api_version*]
# (Optional) Version of the Barbican API.
# Defaults to $facts['os_service_default']
#
# [*auth_endpoint*]
# (Optional) Use this endpoint to connect to Keystone.
# Defaults to $facts['os_service_default']
#
# [*retry_delay*]
# (Optional) Number of seconds to wait before retrying poll for key creation
# completion.
# Defaults to $facts['os_service_default']
#
# [*number_of_retries*]
# (Optional) Number of times to retry poll fo key creation completion.
# Defaults to $facts['os_service_default']
#
# [*barbican_endpoint_type*]
# (Optional) Specifies the type of endpoint.
# Defaults to $facts['os_service_default']
#
# [*barbican_region_name*]
# (Optional) Specifies the region of the chosen endpoint.
# Defaults to $facts['os_service_default']
#
# [*send_service_user_token*]
# (Optional) The service uses service token feature when this is set as true.
# Defaults to $facts['os_service_default']
#
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities. WARNING: not recommended. Use with
# caution.
# Defaults to $facts['os_service_default']
#
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $facts['os_service_default'].
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*timeout*]
# (Optional) Timeout value for connecting to barbican in seconds.
# Defaults to $facts['os_service_default']
#
class cinder::key_manager::barbican (
$barbican_endpoint = $facts['os_service_default'],
$barbican_api_version = $facts['os_service_default'],
$auth_endpoint = $facts['os_service_default'],
$retry_delay = $facts['os_service_default'],
$number_of_retries = $facts['os_service_default'],
$barbican_endpoint_type = $facts['os_service_default'],
$barbican_region_name = $facts['os_service_default'],
$send_service_user_token = $facts['os_service_default'],
$insecure = $facts['os_service_default'],
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$timeout = $facts['os_service_default'],
) {
include cinder::deps
oslo::key_manager::barbican { 'cinder_config':
barbican_endpoint => $barbican_endpoint,
barbican_api_version => $barbican_api_version,
auth_endpoint => $auth_endpoint,
retry_delay => $retry_delay,
number_of_retries => $number_of_retries,
barbican_endpoint_type => $barbican_endpoint_type,
barbican_region_name => $barbican_region_name,
send_service_user_token => $send_service_user_token,
insecure => $insecure,
cafile => $cafile,
certfile => $certfile,
keyfile => $keyfile,
timeout => $timeout,
}
}
|
