Add key manager parameters

Added needed key manager parameters for volume encryption.
Also moved the api_class parameter from volume.pp to api.pp
because this parameter is used by cinder-api and not cinder-volume

Change-Id: I1f76bb29b79604b131078b9a895516e1f507409f

manifests/api.pp

@@ -41,6 +41,16 @@
 #   (optional) Auth URL associated with the OpenStack privileged account.
 #   Defaults to $::os_service_default.
 #
+# [*keymgr_api_class*]
+#   (optional) Key Manager service class.
+#   Example of valid value: cinder.keymgr.barbican.BarbicanKeyManager
+#   Defaults to $::os_service_default
+#
+# [*keymgr_encryption_api_url*]
+#   (optional) Key Manager service URL
+#   Example of valid value: https://localhost:9311/v1
+#   Defaults to $::os_service_default
+#
 # [*keymgr_encryption_auth_url*]
 #   (optional) Auth URL for keymgr authentication. Should be in format
 #   http://auth_url:5000/v3
@@ -191,6 +201,8 @@ class cinder::api (
   $os_privileged_user_password  = $::os_service_default,
   $os_privileged_user_tenant    = $::os_service_default,
   $os_privileged_user_auth_url  = $::os_service_default,
+  $keymgr_api_class             = $::os_service_default,
+  $keymgr_encryption_api_url    = $::os_service_default,
   $keymgr_encryption_auth_url   = $::os_service_default,
   $service_workers              = $::processorcount,
   $package_ensure               = 'present',
@@ -334,6 +346,8 @@ class cinder::api (
     'keystone_authtoken/auth_uri':          value => $auth_uri;
     'keystone_authtoken/identity_uri':      value => $identity_uri;
     'keystone_authtoken/memcached_servers': value => join(any2array($memcached_servers), ',');
+    'keymgr/api_class':                     value => $keymgr_api_class;
+    'keymgr/encryption_api_url':            value => $keymgr_encryption_api_url;
     'keymgr/encryption_auth_url':           value => $keymgr_encryption_auth_url;
   }
 

manifests/volume.pp

@@ -29,11 +29,6 @@
 #   for example "-c3" for idle only priority.
 #   Defaults to $::os_service_default.
 #
-# [*keymgr_api_class*]
-#   (optional) Key Manager service.
-#   Example of valid value: cinder.keymgr.barbican.BarbicanKeyManager
-#   Defaults to $::os_service_default
-#
 class cinder::volume (
   $package_ensure      = 'present',
   $enabled             = true,
@@ -41,7 +36,6 @@ class cinder::volume (
   $volume_clear        = $::os_service_default,
   $volume_clear_size   = $::os_service_default,
   $volume_clear_ionice = $::os_service_default,
-  $keymgr_api_class    = $::os_service_default,
 ) {
 
   include ::cinder::params
@@ -84,6 +78,5 @@ class cinder::volume (
     'DEFAULT/volume_clear':        value => $volume_clear;
     'DEFAULT/volume_clear_size':   value => $volume_clear_size;
     'DEFAULT/volume_clear_ionice': value => $volume_clear_ionice;
-    'keymgr/api_class':            value => $keymgr_api_class;
   }
 }

spec/classes/cinder_api_spec.rb

@@ -70,6 +70,8 @@ describe 'cinder::api' do
         is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_password').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_tenant').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('DEFAULT/os_privileged_user_auth_url').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cinder_config('keymgr/api_class').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_cinder_config('keymgr/encryption_api_url').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('keymgr/encryption_auth_url').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_cinder_config('oslo_middleware/enable_proxy_headers_parsing').with('value' => '<SERVICE DEFAULT>')
       end
@@ -374,6 +376,22 @@ describe 'cinder::api' do
 
       it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
     end
+
+    describe 'with barbican parameters' do
+      let :params do
+        req_params.merge!({
+          :keymgr_api_class           => 'cinder.keymgr.barbican.BarbicanKeyManager',
+          :keymgr_encryption_api_url  => 'https://localhost:9311/v1',
+          :keymgr_encryption_auth_url => 'https://localhost:5000/v3',
+        })
+      end
+      it 'should set keymgr parameters' do
+        is_expected.to contain_cinder_config('keymgr/api_class').with_value('cinder.keymgr.barbican.BarbicanKeyManager')
+        is_expected.to contain_cinder_config('keymgr/encryption_api_url').with_value('https://localhost:9311/v1')
+        is_expected.to contain_cinder_config('keymgr/encryption_auth_url').with_value('https://localhost:5000/v3')
+      end
+    end
+
   end
 
   on_supported_os({

spec/classes/cinder_volume_spec.rb

@@ -18,7 +18,6 @@ describe 'cinder::volume' do
   it { is_expected.to contain_cinder_config('DEFAULT/volume_clear').with_value('<SERVICE DEFAULT>') }
   it { is_expected.to contain_cinder_config('DEFAULT/volume_clear_size').with_value('<SERVICE DEFAULT>') }
   it { is_expected.to contain_cinder_config('DEFAULT/volume_clear_ionice').with_value('<SERVICE DEFAULT>') }
-  it { is_expected.to contain_cinder_config('keymgr/api_class').with_value('<SERVICE DEFAULT>') }
 
   describe 'with manage_service false' do
     let :params do
@@ -43,15 +42,4 @@ describe 'cinder::volume' do
       is_expected.to contain_cinder_config('DEFAULT/volume_clear_ionice').with_value('-c3')
     end
   end
-
-  describe 'with barbican parameters' do
-    let :params do
-      {
-        'keymgr_api_class' => 'cinder.keymgr.barbican.BarbicanKeyManager',
-      }
-    end
-    it 'should set keymgr parameters' do
-      is_expected.to contain_cinder_config('keymgr/api_class').with_value('cinder.keymgr.barbican.BarbicanKeyManager')
-    end
-  end
 end