summaryrefslogtreecommitdiffstats
path: root/qa/suites/rgw/crypt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--qa/suites/rgw/crypt/%0
l---------qa/suites/rgw/crypt/.qa1
l---------qa/suites/rgw/crypt/0-cluster/.qa1
l---------qa/suites/rgw/crypt/0-cluster/fixed-1.yaml1
l---------qa/suites/rgw/crypt/1-ceph-install/.qa1
-rw-r--r--qa/suites/rgw/crypt/1-ceph-install/install.yaml7
l---------qa/suites/rgw/crypt/2-kms/.qa1
-rw-r--r--qa/suites/rgw/crypt/2-kms/barbican.yaml94
-rw-r--r--qa/suites/rgw/crypt/2-kms/kmip.yaml37
-rw-r--r--qa/suites/rgw/crypt/2-kms/testing.yaml6
-rw-r--r--qa/suites/rgw/crypt/2-kms/vault_kv.yaml25
-rw-r--r--qa/suites/rgw/crypt/2-kms/vault_old.yaml24
-rw-r--r--qa/suites/rgw/crypt/2-kms/vault_transit.yaml23
l---------qa/suites/rgw/crypt/3-rgw/.qa1
-rw-r--r--qa/suites/rgw/crypt/3-rgw/rgw.yaml12
-rw-r--r--qa/suites/rgw/crypt/4-tests/+0
l---------qa/suites/rgw/crypt/4-tests/.qa1
-rw-r--r--qa/suites/rgw/crypt/4-tests/s3tests.yaml16
l---------qa/suites/rgw/crypt/ignore-pg-availability.yaml1
19 files changed, 252 insertions, 0 deletions
diff --git a/qa/suites/rgw/crypt/% b/qa/suites/rgw/crypt/%
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/qa/suites/rgw/crypt/%
diff --git a/qa/suites/rgw/crypt/.qa b/qa/suites/rgw/crypt/.qa
new file mode 120000
index 000000000..a602a0353
--- /dev/null
+++ b/qa/suites/rgw/crypt/.qa
@@ -0,0 +1 @@
+../.qa/ \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/0-cluster/.qa b/qa/suites/rgw/crypt/0-cluster/.qa
new file mode 120000
index 000000000..a602a0353
--- /dev/null
+++ b/qa/suites/rgw/crypt/0-cluster/.qa
@@ -0,0 +1 @@
+../.qa/ \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/0-cluster/fixed-1.yaml b/qa/suites/rgw/crypt/0-cluster/fixed-1.yaml
new file mode 120000
index 000000000..435ea3c75
--- /dev/null
+++ b/qa/suites/rgw/crypt/0-cluster/fixed-1.yaml
@@ -0,0 +1 @@
+../../../../clusters/fixed-1.yaml \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/1-ceph-install/.qa b/qa/suites/rgw/crypt/1-ceph-install/.qa
new file mode 120000
index 000000000..a602a0353
--- /dev/null
+++ b/qa/suites/rgw/crypt/1-ceph-install/.qa
@@ -0,0 +1 @@
+../.qa/ \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/1-ceph-install/install.yaml b/qa/suites/rgw/crypt/1-ceph-install/install.yaml
new file mode 100644
index 000000000..07a08b9a6
--- /dev/null
+++ b/qa/suites/rgw/crypt/1-ceph-install/install.yaml
@@ -0,0 +1,7 @@
+overrides:
+ ceph:
+ wait-for-scrub: false
+
+tasks:
+- install:
+- ceph:
diff --git a/qa/suites/rgw/crypt/2-kms/.qa b/qa/suites/rgw/crypt/2-kms/.qa
new file mode 120000
index 000000000..a602a0353
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/.qa
@@ -0,0 +1 @@
+../.qa/ \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml
new file mode 100644
index 000000000..94c43895f
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml
@@ -0,0 +1,94 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: barbican
+ rgw keystone barbican project: rgwcrypt
+ rgw keystone barbican user: rgwcrypt-user
+ rgw keystone barbican password: rgwcrypt-pass
+ rgw keystone barbican domain: Default
+ rgw keystone api version: 3
+ rgw keystone accepted roles: admin,Member,creator
+ rgw keystone implicit tenants: true
+ rgw keystone accepted admin roles: admin
+ rgw swift enforce content length: true
+ rgw swift account in url: true
+ rgw swift versioning enabled: true
+ rgw keystone admin project: admin
+ rgw keystone admin user: admin
+ rgw keystone admin password: ADMIN
+ rgw keystone admin domain: Default
+ rgw:
+ client.0:
+ use-keystone-role: client.0
+ use-barbican-role: client.0
+
+tasks:
+- tox: [ client.0 ]
+- keystone:
+ client.0:
+ sha1: 17.0.0.0rc2
+ force-branch: master
+ projects:
+ - name: rgwcrypt
+ description: Encryption Tenant
+ domain: default
+ - name: barbican
+ description: Barbican
+ domain: default
+ - name: s3
+ description: S3 project
+ domain: default
+ users:
+ - name: rgwcrypt-user
+ password: rgwcrypt-pass
+ project: rgwcrypt
+ domain: default
+ - name: barbican-user
+ password: barbican-pass
+ project: barbican
+ domain: default
+ - name: s3-user
+ password: s3-pass
+ project: s3
+ domain: default
+ roles: [ name: Member, name: creator ]
+ role-mappings:
+ - name: Member
+ user: rgwcrypt-user
+ project: rgwcrypt
+ - name: admin
+ user: barbican-user
+ project: barbican
+ - name: creator
+ user: s3-user
+ project: s3
+ services:
+ - name: swift
+ type: object-store
+ description: Swift Service
+- barbican:
+ client.0:
+ sha1: 5.0.1
+ force-branch: master
+ use-keystone-role: client.0
+ keystone_authtoken:
+ auth_plugin: password
+ username: barbican-user
+ password: barbican-pass
+ user_domain_name: Default
+ rgw_user:
+ tenantName: rgwcrypt
+ username: rgwcrypt-user
+ password: rgwcrypt-pass
+ secrets:
+ - name: my-key-1
+ base64: a2V5MS5GcWVxKzhzTGNLaGtzQkg5NGVpb1FKcFpGb2c=
+ tenantName: s3
+ username: s3-user
+ password: s3-pass
+ - name: my-key-2
+ base64: a2V5Mi5yNUNNMGFzMVdIUVZxcCt5NGVmVGlQQ1k4YWg=
+ tenantName: s3
+ username: s3-user
+ password: s3-pass
diff --git a/qa/suites/rgw/crypt/2-kms/kmip.yaml b/qa/suites/rgw/crypt/2-kms/kmip.yaml
new file mode 100644
index 000000000..0057d954e
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/kmip.yaml
@@ -0,0 +1,37 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: kmip
+ rgw crypt kmip ca path: /etc/ceph/kmiproot.crt
+ rgw crypt kmip client cert: /etc/ceph/kmip-client.crt
+ rgw crypt kmip client key: /etc/ceph/kmip-client.key
+ rgw crypt kmip kms key template: pykmip-$keyid
+ rgw:
+ client.0:
+ use-pykmip-role: client.0
+
+tasks:
+- openssl_keys:
+ kmiproot:
+ client: client.0
+ cn: kmiproot
+ key-type: rsa:4096
+ kmip-server:
+ client: client.0
+ ca: kmiproot
+ kmip-client:
+ client: client.0
+ ca: kmiproot
+ cn: rgw-client
+- exec:
+ client.0:
+ - chmod 644 /home/ubuntu/cephtest/ca/kmip-client.key
+- pykmip:
+ client.0:
+ clientca: kmiproot
+ servercert: kmip-server
+ clientcert: kmip-client
+ secrets:
+ - name: pykmip-my-key-1
+ - name: pykmip-my-key-2
diff --git a/qa/suites/rgw/crypt/2-kms/testing.yaml b/qa/suites/rgw/crypt/2-kms/testing.yaml
new file mode 100644
index 000000000..e02f9caad
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/testing.yaml
@@ -0,0 +1,6 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: testing
+ rgw crypt s3 kms encryption_keys: testkey-1=YmluCmJvb3N0CmJvb3N0LWJ1aWxkCmNlcGguY29uZgo= testkey-2=aWIKTWFrZWZpbGUKbWFuCm91dApzcmMKVGVzdGluZwo=
diff --git a/qa/suites/rgw/crypt/2-kms/vault_kv.yaml b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml
new file mode 100644
index 000000000..9ee9366d0
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml
@@ -0,0 +1,25 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: vault
+ rgw crypt vault auth: token
+ rgw crypt vault secret engine: kv
+ rgw crypt vault prefix: /v1/kv/data
+ rgw:
+ client.0:
+ use-vault-role: client.0
+
+tasks:
+- vault:
+ client.0:
+ install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip
+ install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458
+ root_token: test_root_token
+ engine: kv
+ prefix: /v1/kv/data/
+ secrets:
+ - path: my-key-1
+ secret: a2V5MS5GcWVxKzhzTGNLaGtzQkg5NGVpb1FKcFpGb2c=
+ - path: my-key-2
+ secret: a2V5Mi5yNUNNMGFzMVdIUVZxcCt5NGVmVGlQQ1k4YWg=
diff --git a/qa/suites/rgw/crypt/2-kms/vault_old.yaml b/qa/suites/rgw/crypt/2-kms/vault_old.yaml
new file mode 100644
index 000000000..4befc1ecf
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/vault_old.yaml
@@ -0,0 +1,24 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: vault
+ rgw crypt vault auth: token
+ rgw crypt vault secret engine: transit
+ rgw crypt vault prefix: /v1/transit/export/encryption-key/
+ rgw:
+ client.0:
+ use-vault-role: client.0
+
+tasks:
+- vault:
+ client.0:
+ install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip
+ install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458
+ root_token: test_root_token
+ engine: transit
+ flavor: old
+ prefix: /v1/transit/keys/
+ secrets:
+ - path: my-key-1
+ - path: my-key-2
diff --git a/qa/suites/rgw/crypt/2-kms/vault_transit.yaml b/qa/suites/rgw/crypt/2-kms/vault_transit.yaml
new file mode 100644
index 000000000..fe8c8409d
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/vault_transit.yaml
@@ -0,0 +1,23 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ rgw crypt s3 kms backend: vault
+ rgw crypt vault auth: token
+ rgw crypt vault secret engine: transit
+ rgw crypt vault prefix: /v1/transit/
+ rgw:
+ client.0:
+ use-vault-role: client.0
+
+tasks:
+- vault:
+ client.0:
+ install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip
+ install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458
+ root_token: test_root_token
+ engine: transit
+ prefix: /v1/transit/keys/
+ secrets:
+ - path: my-key-1
+ - path: my-key-2
diff --git a/qa/suites/rgw/crypt/3-rgw/.qa b/qa/suites/rgw/crypt/3-rgw/.qa
new file mode 120000
index 000000000..a602a0353
--- /dev/null
+++ b/qa/suites/rgw/crypt/3-rgw/.qa
@@ -0,0 +1 @@
+../.qa/ \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/3-rgw/rgw.yaml b/qa/suites/rgw/crypt/3-rgw/rgw.yaml
new file mode 100644
index 000000000..ee8d62af0
--- /dev/null
+++ b/qa/suites/rgw/crypt/3-rgw/rgw.yaml
@@ -0,0 +1,12 @@
+overrides:
+ ceph:
+ conf:
+ client:
+ setuser: ceph
+ setgroup: ceph
+ rgw crypt require ssl: false
+ debug rgw: 20
+
+tasks:
+- rgw:
+ client.0:
diff --git a/qa/suites/rgw/crypt/4-tests/+ b/qa/suites/rgw/crypt/4-tests/+
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/qa/suites/rgw/crypt/4-tests/+
diff --git a/qa/suites/rgw/crypt/4-tests/.qa b/qa/suites/rgw/crypt/4-tests/.qa
new file mode 120000
index 000000000..a602a0353
--- /dev/null
+++ b/qa/suites/rgw/crypt/4-tests/.qa
@@ -0,0 +1 @@
+../.qa/ \ No newline at end of file
diff --git a/qa/suites/rgw/crypt/4-tests/s3tests.yaml b/qa/suites/rgw/crypt/4-tests/s3tests.yaml
new file mode 100644
index 000000000..c92bf3edd
--- /dev/null
+++ b/qa/suites/rgw/crypt/4-tests/s3tests.yaml
@@ -0,0 +1,16 @@
+tasks:
+- s3tests:
+ client.0:
+ force-branch: ceph-pacific
+ barbican:
+ kms_key: my-key-1
+ kms_key2: my-key-2
+ vault_kv:
+ key_path: my-key-1
+ key_path2: my-key-2
+ vault_old:
+ key_path: my-key-1/1
+ key_path2: my-key-2/1
+ vault_transit:
+ key_path: my-key-1
+ key_path2: my-key-2
diff --git a/qa/suites/rgw/crypt/ignore-pg-availability.yaml b/qa/suites/rgw/crypt/ignore-pg-availability.yaml
new file mode 120000
index 000000000..32340b1fa
--- /dev/null
+++ b/qa/suites/rgw/crypt/ignore-pg-availability.yaml
@@ -0,0 +1 @@
+.qa/rgw/ignore-pg-availability.yaml \ No newline at end of file