From 19fcec84d8d7d21e796c7624e521b60d28ee21ed Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 20:45:59 +0200 Subject: Adding upstream version 16.2.11+ds. Signed-off-by: Daniel Baumann --- qa/suites/rgw/crypt/% | 0 qa/suites/rgw/crypt/.qa | 1 + qa/suites/rgw/crypt/0-cluster/.qa | 1 + qa/suites/rgw/crypt/0-cluster/fixed-1.yaml | 1 + qa/suites/rgw/crypt/1-ceph-install/.qa | 1 + qa/suites/rgw/crypt/1-ceph-install/install.yaml | 7 ++ qa/suites/rgw/crypt/2-kms/.qa | 1 + qa/suites/rgw/crypt/2-kms/barbican.yaml | 94 +++++++++++++++++++++++++ qa/suites/rgw/crypt/2-kms/kmip.yaml | 37 ++++++++++ qa/suites/rgw/crypt/2-kms/testing.yaml | 6 ++ qa/suites/rgw/crypt/2-kms/vault_kv.yaml | 25 +++++++ qa/suites/rgw/crypt/2-kms/vault_old.yaml | 24 +++++++ qa/suites/rgw/crypt/2-kms/vault_transit.yaml | 23 ++++++ qa/suites/rgw/crypt/3-rgw/.qa | 1 + qa/suites/rgw/crypt/3-rgw/rgw.yaml | 12 ++++ qa/suites/rgw/crypt/4-tests/+ | 0 qa/suites/rgw/crypt/4-tests/.qa | 1 + qa/suites/rgw/crypt/4-tests/s3tests.yaml | 16 +++++ qa/suites/rgw/crypt/ignore-pg-availability.yaml | 1 + 19 files changed, 252 insertions(+) create mode 100644 qa/suites/rgw/crypt/% create mode 120000 qa/suites/rgw/crypt/.qa create mode 120000 qa/suites/rgw/crypt/0-cluster/.qa create mode 120000 qa/suites/rgw/crypt/0-cluster/fixed-1.yaml create mode 120000 qa/suites/rgw/crypt/1-ceph-install/.qa create mode 100644 qa/suites/rgw/crypt/1-ceph-install/install.yaml create mode 120000 qa/suites/rgw/crypt/2-kms/.qa create mode 100644 qa/suites/rgw/crypt/2-kms/barbican.yaml create mode 100644 qa/suites/rgw/crypt/2-kms/kmip.yaml create mode 100644 qa/suites/rgw/crypt/2-kms/testing.yaml create mode 100644 qa/suites/rgw/crypt/2-kms/vault_kv.yaml create mode 100644 qa/suites/rgw/crypt/2-kms/vault_old.yaml create mode 100644 qa/suites/rgw/crypt/2-kms/vault_transit.yaml create mode 120000 qa/suites/rgw/crypt/3-rgw/.qa create mode 100644 qa/suites/rgw/crypt/3-rgw/rgw.yaml create mode 100644 qa/suites/rgw/crypt/4-tests/+ create mode 120000 qa/suites/rgw/crypt/4-tests/.qa create mode 100644 qa/suites/rgw/crypt/4-tests/s3tests.yaml create mode 120000 qa/suites/rgw/crypt/ignore-pg-availability.yaml (limited to 'qa/suites/rgw/crypt') diff --git a/qa/suites/rgw/crypt/% b/qa/suites/rgw/crypt/% new file mode 100644 index 000000000..e69de29bb diff --git a/qa/suites/rgw/crypt/.qa b/qa/suites/rgw/crypt/.qa new file mode 120000 index 000000000..a602a0353 --- /dev/null +++ b/qa/suites/rgw/crypt/.qa @@ -0,0 +1 @@ +../.qa/ \ No newline at end of file diff --git a/qa/suites/rgw/crypt/0-cluster/.qa b/qa/suites/rgw/crypt/0-cluster/.qa new file mode 120000 index 000000000..a602a0353 --- /dev/null +++ b/qa/suites/rgw/crypt/0-cluster/.qa @@ -0,0 +1 @@ +../.qa/ \ No newline at end of file diff --git a/qa/suites/rgw/crypt/0-cluster/fixed-1.yaml b/qa/suites/rgw/crypt/0-cluster/fixed-1.yaml new file mode 120000 index 000000000..435ea3c75 --- /dev/null +++ b/qa/suites/rgw/crypt/0-cluster/fixed-1.yaml @@ -0,0 +1 @@ +../../../../clusters/fixed-1.yaml \ No newline at end of file diff --git a/qa/suites/rgw/crypt/1-ceph-install/.qa b/qa/suites/rgw/crypt/1-ceph-install/.qa new file mode 120000 index 000000000..a602a0353 --- /dev/null +++ b/qa/suites/rgw/crypt/1-ceph-install/.qa @@ -0,0 +1 @@ +../.qa/ \ No newline at end of file diff --git a/qa/suites/rgw/crypt/1-ceph-install/install.yaml b/qa/suites/rgw/crypt/1-ceph-install/install.yaml new file mode 100644 index 000000000..07a08b9a6 --- /dev/null +++ b/qa/suites/rgw/crypt/1-ceph-install/install.yaml @@ -0,0 +1,7 @@ +overrides: + ceph: + wait-for-scrub: false + +tasks: +- install: +- ceph: diff --git a/qa/suites/rgw/crypt/2-kms/.qa b/qa/suites/rgw/crypt/2-kms/.qa new file mode 120000 index 000000000..a602a0353 --- /dev/null +++ b/qa/suites/rgw/crypt/2-kms/.qa @@ -0,0 +1 @@ +../.qa/ \ No newline at end of file diff --git a/qa/suites/rgw/crypt/2-kms/barbican.yaml b/qa/suites/rgw/crypt/2-kms/barbican.yaml new file mode 100644 index 000000000..94c43895f --- /dev/null +++ b/qa/suites/rgw/crypt/2-kms/barbican.yaml @@ -0,0 +1,94 @@ +overrides: + ceph: + conf: + client: + rgw crypt s3 kms backend: barbican + rgw keystone barbican project: rgwcrypt + rgw keystone barbican user: rgwcrypt-user + rgw keystone barbican password: rgwcrypt-pass + rgw keystone barbican domain: Default + rgw keystone api version: 3 + rgw keystone accepted roles: admin,Member,creator + rgw keystone implicit tenants: true + rgw keystone accepted admin roles: admin + rgw swift enforce content length: true + rgw swift account in url: true + rgw swift versioning enabled: true + rgw keystone admin project: admin + rgw keystone admin user: admin + rgw keystone admin password: ADMIN + rgw keystone admin domain: Default + rgw: + client.0: + use-keystone-role: client.0 + use-barbican-role: client.0 + +tasks: +- tox: [ client.0 ] +- keystone: + client.0: + sha1: 17.0.0.0rc2 + force-branch: master + projects: + - name: rgwcrypt + description: Encryption Tenant + domain: default + - name: barbican + description: Barbican + domain: default + - name: s3 + description: S3 project + domain: default + users: + - name: rgwcrypt-user + password: rgwcrypt-pass + project: rgwcrypt + domain: default + - name: barbican-user + password: barbican-pass + project: barbican + domain: default + - name: s3-user + password: s3-pass + project: s3 + domain: default + roles: [ name: Member, name: creator ] + role-mappings: + - name: Member + user: rgwcrypt-user + project: rgwcrypt + - name: admin + user: barbican-user + project: barbican + - name: creator + user: s3-user + project: s3 + services: + - name: swift + type: object-store + description: Swift Service +- barbican: + client.0: + sha1: 5.0.1 + force-branch: master + use-keystone-role: client.0 + keystone_authtoken: + auth_plugin: password + username: barbican-user + password: barbican-pass + user_domain_name: Default + rgw_user: + tenantName: rgwcrypt + username: rgwcrypt-user + password: rgwcrypt-pass + secrets: + - name: my-key-1 + base64: a2V5MS5GcWVxKzhzTGNLaGtzQkg5NGVpb1FKcFpGb2c= + tenantName: s3 + username: s3-user + password: s3-pass + - name: my-key-2 + base64: a2V5Mi5yNUNNMGFzMVdIUVZxcCt5NGVmVGlQQ1k4YWg= + tenantName: s3 + username: s3-user + password: s3-pass diff --git a/qa/suites/rgw/crypt/2-kms/kmip.yaml b/qa/suites/rgw/crypt/2-kms/kmip.yaml new file mode 100644 index 000000000..0057d954e --- /dev/null +++ b/qa/suites/rgw/crypt/2-kms/kmip.yaml @@ -0,0 +1,37 @@ +overrides: + ceph: + conf: + client: + rgw crypt s3 kms backend: kmip + rgw crypt kmip ca path: /etc/ceph/kmiproot.crt + rgw crypt kmip client cert: /etc/ceph/kmip-client.crt + rgw crypt kmip client key: /etc/ceph/kmip-client.key + rgw crypt kmip kms key template: pykmip-$keyid + rgw: + client.0: + use-pykmip-role: client.0 + +tasks: +- openssl_keys: + kmiproot: + client: client.0 + cn: kmiproot + key-type: rsa:4096 + kmip-server: + client: client.0 + ca: kmiproot + kmip-client: + client: client.0 + ca: kmiproot + cn: rgw-client +- exec: + client.0: + - chmod 644 /home/ubuntu/cephtest/ca/kmip-client.key +- pykmip: + client.0: + clientca: kmiproot + servercert: kmip-server + clientcert: kmip-client + secrets: + - name: pykmip-my-key-1 + - name: pykmip-my-key-2 diff --git a/qa/suites/rgw/crypt/2-kms/testing.yaml b/qa/suites/rgw/crypt/2-kms/testing.yaml new file mode 100644 index 000000000..e02f9caad --- /dev/null +++ b/qa/suites/rgw/crypt/2-kms/testing.yaml @@ -0,0 +1,6 @@ +overrides: + ceph: + conf: + client: + rgw crypt s3 kms backend: testing + rgw crypt s3 kms encryption_keys: testkey-1=YmluCmJvb3N0CmJvb3N0LWJ1aWxkCmNlcGguY29uZgo= testkey-2=aWIKTWFrZWZpbGUKbWFuCm91dApzcmMKVGVzdGluZwo= diff --git a/qa/suites/rgw/crypt/2-kms/vault_kv.yaml b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml new file mode 100644 index 000000000..9ee9366d0 --- /dev/null +++ b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml @@ -0,0 +1,25 @@ +overrides: + ceph: + conf: + client: + rgw crypt s3 kms backend: vault + rgw crypt vault auth: token + rgw crypt vault secret engine: kv + rgw crypt vault prefix: /v1/kv/data + rgw: + client.0: + use-vault-role: client.0 + +tasks: +- vault: + client.0: + install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip + install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458 + root_token: test_root_token + engine: kv + prefix: /v1/kv/data/ + secrets: + - path: my-key-1 + secret: a2V5MS5GcWVxKzhzTGNLaGtzQkg5NGVpb1FKcFpGb2c= + - path: my-key-2 + secret: a2V5Mi5yNUNNMGFzMVdIUVZxcCt5NGVmVGlQQ1k4YWg= diff --git a/qa/suites/rgw/crypt/2-kms/vault_old.yaml b/qa/suites/rgw/crypt/2-kms/vault_old.yaml new file mode 100644 index 000000000..4befc1ecf --- /dev/null +++ b/qa/suites/rgw/crypt/2-kms/vault_old.yaml @@ -0,0 +1,24 @@ +overrides: + ceph: + conf: + client: + rgw crypt s3 kms backend: vault + rgw crypt vault auth: token + rgw crypt vault secret engine: transit + rgw crypt vault prefix: /v1/transit/export/encryption-key/ + rgw: + client.0: + use-vault-role: client.0 + +tasks: +- vault: + client.0: + install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip + install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458 + root_token: test_root_token + engine: transit + flavor: old + prefix: /v1/transit/keys/ + secrets: + - path: my-key-1 + - path: my-key-2 diff --git a/qa/suites/rgw/crypt/2-kms/vault_transit.yaml b/qa/suites/rgw/crypt/2-kms/vault_transit.yaml new file mode 100644 index 000000000..fe8c8409d --- /dev/null +++ b/qa/suites/rgw/crypt/2-kms/vault_transit.yaml @@ -0,0 +1,23 @@ +overrides: + ceph: + conf: + client: + rgw crypt s3 kms backend: vault + rgw crypt vault auth: token + rgw crypt vault secret engine: transit + rgw crypt vault prefix: /v1/transit/ + rgw: + client.0: + use-vault-role: client.0 + +tasks: +- vault: + client.0: + install_url: https://releases.hashicorp.com/vault/1.2.2/vault_1.2.2_linux_amd64.zip + install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458 + root_token: test_root_token + engine: transit + prefix: /v1/transit/keys/ + secrets: + - path: my-key-1 + - path: my-key-2 diff --git a/qa/suites/rgw/crypt/3-rgw/.qa b/qa/suites/rgw/crypt/3-rgw/.qa new file mode 120000 index 000000000..a602a0353 --- /dev/null +++ b/qa/suites/rgw/crypt/3-rgw/.qa @@ -0,0 +1 @@ +../.qa/ \ No newline at end of file diff --git a/qa/suites/rgw/crypt/3-rgw/rgw.yaml b/qa/suites/rgw/crypt/3-rgw/rgw.yaml new file mode 100644 index 000000000..ee8d62af0 --- /dev/null +++ b/qa/suites/rgw/crypt/3-rgw/rgw.yaml @@ -0,0 +1,12 @@ +overrides: + ceph: + conf: + client: + setuser: ceph + setgroup: ceph + rgw crypt require ssl: false + debug rgw: 20 + +tasks: +- rgw: + client.0: diff --git a/qa/suites/rgw/crypt/4-tests/+ b/qa/suites/rgw/crypt/4-tests/+ new file mode 100644 index 000000000..e69de29bb diff --git a/qa/suites/rgw/crypt/4-tests/.qa b/qa/suites/rgw/crypt/4-tests/.qa new file mode 120000 index 000000000..a602a0353 --- /dev/null +++ b/qa/suites/rgw/crypt/4-tests/.qa @@ -0,0 +1 @@ +../.qa/ \ No newline at end of file diff --git a/qa/suites/rgw/crypt/4-tests/s3tests.yaml b/qa/suites/rgw/crypt/4-tests/s3tests.yaml new file mode 100644 index 000000000..c92bf3edd --- /dev/null +++ b/qa/suites/rgw/crypt/4-tests/s3tests.yaml @@ -0,0 +1,16 @@ +tasks: +- s3tests: + client.0: + force-branch: ceph-pacific + barbican: + kms_key: my-key-1 + kms_key2: my-key-2 + vault_kv: + key_path: my-key-1 + key_path2: my-key-2 + vault_old: + key_path: my-key-1/1 + key_path2: my-key-2/1 + vault_transit: + key_path: my-key-1 + key_path2: my-key-2 diff --git a/qa/suites/rgw/crypt/ignore-pg-availability.yaml b/qa/suites/rgw/crypt/ignore-pg-availability.yaml new file mode 120000 index 000000000..32340b1fa --- /dev/null +++ b/qa/suites/rgw/crypt/ignore-pg-availability.yaml @@ -0,0 +1 @@ +.qa/rgw/ignore-pg-availability.yaml \ No newline at end of file -- cgit v1.2.3