Barbican Support for Luna HSM

Signed-off-by: Mauricio Harley <[email protected]>

Author: Mauricio Harley

api/v1beta1/barbicanapi_types.go

@@ -58,9 +58,6 @@ type APIOverrideSpec struct {
 	Service map[service.Endpoint]service.RoutedOverrideSpec `json:"service,omitempty"`
 }
 
-// +kubebuilder:validation:Enum=simple_crypto;pkcs11
-type SecretStore string
-
 // BarbicanAPISpec defines the desired state of BarbicanAPI
 type BarbicanAPISpec struct {
 	BarbicanTemplate `json:",inline"`

api/v1beta1/barbicanworker_types.go

@@ -51,7 +51,7 @@ type BarbicanWorkerSpec struct {
         // +kubebuilder:validation:Optional
         // +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=2
-        EnabledSecretStores []SecretStore `json:"enabledSecretStores"`
+        EnabledSecretStores []SecretStore `json:"enabledSecretStores,omitempty"`
 
         // +kubebuilder:validation:Optional
         // +kubebuilder:default="simple_crypto"

templates/barbican/config/00-default.conf

@@ -1,9 +1,9 @@
 [DEFAULT]
 # keep this for backward compatibility
 sql_connection = {{ .DatabaseConnection }}
-{{ if (index . "ServiceURL") }}
+{{- if (index . "ServiceURL") }}
 host_href = {{ .ServiceURL }}
-{{ end }}
+{{- end }}
 debug = true
 transport_url = {{ .TransportURL }}
 log_file = {{ .LogFile }}
@@ -13,7 +13,7 @@ max_retries=-1
 db_max_retries=-1
 connection={{ .DatabaseConnection }}
 
-{{ if (index . "KeystoneAuthURL") }}
+{{- if (index . "KeystoneAuthURL") }}
 [keystone_authtoken]
 auth_version = v3
 auth_url={{ .KeystoneAuthURL }}
@@ -24,7 +24,7 @@ password = {{ .ServicePassword }}
 project_name=service
 project_domain_name=Default
 interface = internal
-{{ end }}
+{{- end }}
 
 [keystone_notifications]
 enable = true
@@ -33,40 +33,42 @@ topic = barbican_notifications
 [oslo_messaging_notifications]
 driver=messagingv2
 
-{{ if (index . "EnableSecureRBAC") }}
+{{- if (index . "EnableSecureRBAC") }}
 [oslo_policy]
 enforce_scope = {{ .EnableSecureRBAC }}
 enforce_new_defaults = {{ .EnableSecureRBAC }}
-{{ end }}
+{{- end }}
 
 [queue]
 enable = true
 
 [secretstore]
 enable_multiple_secret_stores = true
 stores_lookup_suffix = {{ .EnabledSecretStores }}
-
+# enabled_secretstore_plugins = store_crypto
 {{ if .SimpleCryptoEnabled }}
-[secretstore:software]
+[secretstore:simple_crypto]
 secret_store_plugin = store_crypto
 crypto_plugin = simple_crypto
-{{ end }}
-{{ if eq .GlobalDefaultSecretStore "simple_crypto" }}  global_default = true {{ end }}
+{{- if eq .GlobalDefaultSecretStore "simple_crypto" }}
+global_default = true
+{{- end }}
 
-{{ if .SimpleCryptoEnabled }}
 [simple_crypto_plugin]
 plugin_name = Software Only Crypto
-{{ end }}
-{{ if (index . "SimpleCryptoKEK") }} kek = {{ .SimpleCryptoKEK }} {{ end }}
-
+{{- if (index . "SimpleCryptoKEK") }}
+kek = {{ .SimpleCryptoKEK }}
+{{- end }}
+{{- end }}
 {{ if and (index . "HSMEnabled") .HSMEnabled }}
 [secretstore:pkcs11]
 secret_store_plugin = store_crypto
 crypto_plugin = p11_crypto
+{{- if eq .GlobalDefaultSecretStore "pkcs11" }}
+global_default = true
 {{ end }}
-{{ if eq .GlobalDefaultSecretStore "pkcs11" }} global_default = true {{ end }}
 
-{{ if and (index . "HSMEnabled") .HSMEnabled }}
+>>>>>>> cb6279b (Barbican Support for Luna HSM)
 [p11_crypto_plugin]
 library_path = {{ .HSMLibraryPath }}
 token_serial_number = {{ .HSMTokenSerialNumber }}