summaryrefslogtreecommitdiffstats
path: root/qa/suites/rgw/crypt/2-kms
diff options
context:
space:
mode:
Diffstat (limited to 'qa/suites/rgw/crypt/2-kms')
l---------qa/suites/rgw/crypt/2-kms/.qa1
-rw-r--r--qa/suites/rgw/crypt/2-kms/barbican.yaml92
-rw-r--r--qa/suites/rgw/crypt/2-kms/kmip.yaml37
-rw-r--r--qa/suites/rgw/crypt/2-kms/testing.yaml6
-rw-r--r--qa/suites/rgw/crypt/2-kms/vault_kv.yaml25
-rw-r--r--qa/suites/rgw/crypt/2-kms/vault_old.yaml24
-rw-r--r--qa/suites/rgw/crypt/2-kms/vault_transit.yaml29
7 files changed, 214 insertions, 0 deletions
diff --git a/qa/suites/rgw/crypt/2-kms/.qa b/qa/suites/rgw/crypt/2-kms/.qa
new file mode 120000
index 000000000..a602a0353
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/.qa
@@ -0,0 +1 @@
+../.qa/ \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml
new file mode 100644
index 000000000..0c75a131c
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml
@@ -0,0 +1,92 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: barbican
+ rgw keystone barbican project: rgwcrypt
+ rgw keystone barbican user: rgwcrypt-user
+ rgw keystone barbican password: rgwcrypt-pass
+ rgw keystone barbican domain: Default
+ rgw keystone api version: 3
+ rgw keystone accepted roles: admin,Member,creator
+ rgw keystone implicit tenants: true
+ rgw keystone accepted admin roles: admin
+ rgw swift enforce content length: true
+ rgw swift account in url: true
+ rgw swift versioning enabled: true
+ rgw keystone admin project: admin
+ rgw keystone admin user: admin
+ rgw keystone admin password: ADMIN
+ rgw keystone admin domain: Default
+ rgw:
+ client.0:
+ use-keystone-role: client.0
+ use-barbican-role: client.0
+
+tasks:
+- tox: [ client.0 ]
+- keystone:
+ client.0:
+ force-branch: stable/2023.1
+ services:
+ - name: swift
+ type: object-store
+ description: Swift Service
+ projects:
+ - name: rgwcrypt
+ description: Encryption Tenant
+ domain: default
+ - name: barbican
+ description: Barbican
+ domain: default
+ - name: s3
+ description: S3 project
+ domain: default
+ users:
+ - name: rgwcrypt-user
+ password: rgwcrypt-pass
+ project: rgwcrypt
+ domain: default
+ - name: barbican-user
+ password: barbican-pass
+ project: barbican
+ domain: default
+ - name: s3-user
+ password: s3-pass
+ project: s3
+ domain: default
+ roles: [ name: Member, name: creator ]
+ role-mappings:
+ - name: Member
+ user: rgwcrypt-user
+ project: rgwcrypt
+ - name: admin
+ user: barbican-user
+ project: barbican
+ - name: creator
+ user: s3-user
+ project: s3
+- barbican:
+ client.0:
+ force-branch: stable/xena
+ use-keystone-role: client.0
+ keystone_authtoken:
+ auth_plugin: password
+ username: barbican-user
+ password: barbican-pass
+ user_domain_name: Default
+ rgw_user:
+ tenantName: rgwcrypt
+ username: rgwcrypt-user
+ password: rgwcrypt-pass
+ secrets:
+ - name: my-key-1
+ base64: a2V5MS5GcWVxKzhzTGNLaGtzQkg5NGVpb1FKcFpGb2c=
+ tenantName: s3
+ username: s3-user
+ password: s3-pass
+ - name: my-key-2
+ base64: a2V5Mi5yNUNNMGFzMVdIUVZxcCt5NGVmVGlQQ1k4YWg=
+ tenantName: s3
+ username: s3-user
+ password: s3-pass
diff --git a/qa/suites/rgw/crypt/2-kms/kmip.yaml b/qa/suites/rgw/crypt/2-kms/kmip.yaml
new file mode 100644
index 000000000..0057d954e
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/kmip.yaml
@@ -0,0 +1,37 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: kmip
+ rgw crypt kmip ca path: /etc/ceph/kmiproot.crt
+ rgw crypt kmip client cert: /etc/ceph/kmip-client.crt
+ rgw crypt kmip client key: /etc/ceph/kmip-client.key
+ rgw crypt kmip kms key template: pykmip-$keyid
+ rgw:
+ client.0:
+ use-pykmip-role: client.0
+
+tasks:
+- openssl_keys:
+ kmiproot:
+ client: client.0
+ cn: kmiproot
+ key-type: rsa:4096
+ kmip-server:
+ client: client.0
+ ca: kmiproot
+ kmip-client:
+ client: client.0
+ ca: kmiproot
+ cn: rgw-client
+- exec:
+ client.0:
+ - chmod 644 /home/ubuntu/cephtest/ca/kmip-client.key
+- pykmip:
+ client.0:
+ clientca: kmiproot
+ servercert: kmip-server
+ clientcert: kmip-client
+ secrets:
+ - name: pykmip-my-key-1
+ - name: pykmip-my-key-2
diff --git a/qa/suites/rgw/crypt/2-kms/testing.yaml b/qa/suites/rgw/crypt/2-kms/testing.yaml
new file mode 100644
index 000000000..e02f9caad
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/testing.yaml
@@ -0,0 +1,6 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: testing
+ rgw crypt s3 kms encryption_keys: testkey-1=YmluCmJvb3N0CmJvb3N0LWJ1aWxkCmNlcGguY29uZgo= testkey-2=aWIKTWFrZWZpbGUKbWFuCm91dApzcmMKVGVzdGluZwo=
diff --git a/qa/suites/rgw/crypt/2-kms/vault_kv.yaml b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml
new file mode 100644
index 000000000..9ee9366d0
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml
@@ -0,0 +1,25 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: vault
+ rgw crypt vault auth: token
+ rgw crypt vault secret engine: kv
+ rgw crypt vault prefix: /v1/kv/data
+ rgw:
+ client.0:
+ use-vault-role: client.0
+
+tasks:
+- vault:
+ client.0:
+ install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip
+ install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458
+ root_token: test_root_token
+ engine: kv
+ prefix: /v1/kv/data/
+ secrets:
+ - path: my-key-1
+ secret: a2V5MS5GcWVxKzhzTGNLaGtzQkg5NGVpb1FKcFpGb2c=
+ - path: my-key-2
+ secret: a2V5Mi5yNUNNMGFzMVdIUVZxcCt5NGVmVGlQQ1k4YWg=
diff --git a/qa/suites/rgw/crypt/2-kms/vault_old.yaml b/qa/suites/rgw/crypt/2-kms/vault_old.yaml
new file mode 100644
index 000000000..4befc1ecf
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/vault_old.yaml
@@ -0,0 +1,24 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: vault
+ rgw crypt vault auth: token
+ rgw crypt vault secret engine: transit
+ rgw crypt vault prefix: /v1/transit/export/encryption-key/
+ rgw:
+ client.0:
+ use-vault-role: client.0
+
+tasks:
+- vault:
+ client.0:
+ install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip
+ install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458
+ root_token: test_root_token
+ engine: transit
+ flavor: old
+ prefix: /v1/transit/keys/
+ secrets:
+ - path: my-key-1
+ - path: my-key-2
diff --git a/qa/suites/rgw/crypt/2-kms/vault_transit.yaml b/qa/suites/rgw/crypt/2-kms/vault_transit.yaml
new file mode 100644
index 000000000..d20bb52bc
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/vault_transit.yaml
@@ -0,0 +1,29 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: vault
+ rgw crypt vault auth: token
+ rgw crypt vault secret engine: transit
+ rgw crypt vault prefix: /v1/transit/
+ rgw crypt sse s3 backend: vault
+ rgw crypt sse s3 vault auth: token
+ rgw crypt sse s3 vault secret engine: transit
+ rgw crypt sse s3 vault prefix: /v1/transit/
+ rgw:
+ client.0:
+ use-vault-role: client.0
+ s3tests:
+ with-sse-s3: true
+
+tasks:
+- vault:
+ client.0:
+ install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip
+ install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458
+ root_token: test_root_token
+ engine: transit
+ prefix: /v1/transit/keys/
+ secrets:
+ - path: my-key-1
+ - path: my-key-2
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 23:05:51 +0000