git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Marcus Watts <mwatts@redhat.com>
	Thu, 12 Nov 2020 03:38:18 +0000 (22:38 -0500)
committer	Marcus Watts <mwatts@redhat.com>
	Thu, 4 Mar 2021 00:14:10 +0000 (19:14 -0500)
commit	096cdfaee3caa126260e0c30f2578e4a5ced331d
tree	394880b61e029d4caed2866a978f60323316117c	tree \| snapshot
parent	7105fa6cfe1853edd84fc53acfacf48c40c040ca	commit \| diff

rgw/kms/kmip - rgw / kmip test integration.

s3tests needs to know key names in order to run kms tests.
It seems desirable to have s3tests default to discovering
the names that were created by the pykmip task, and that
if there is more than one rgw connected to more than one
pykmip, that names belonging to the appropriate pykmip
instance should be used.

This logic does the following:
rgw task: save pykmip role name.
s3tests task: set kms_key (and kms_keyid2) to
these in order of priority
1 s3tests client task property ['kms_key'] (or ['kms_key2'])
2 first (second) secret created in the matching pykmip instance.
3 testkey-1 (testkey-2)

For case 2, names from the secrets have an initial "token-" stripped from them.
The assumption here is that rgw is being run with a setting such as
rgw crypt kmip kms key template: pykmip-$keyid
therefore "pykmip-" will be prefixed back onto the key before use.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

qa/tasks/rgw.py		diff \| blob \| history
qa/tasks/s3tests.py		diff \| blob \| history