From 809677d991abeb5b0aa8b764862a666c0d126c7b Mon Sep 17 00:00:00 2001
From: Marcus Watts <mwatts@redhat.com>
Date: Wed, 18 Nov 2020 14:37:31 -0500
Subject: [PATCH] rgw/kms/kmip - rgw / kmip test integration.

Actually add kmip to the kms crypt suite.

This also makes some ssl certs which is required for use of kmip.

Signed-off-by: Marcus Watts <mwatts@redhat.com>
---
 qa/suites/rgw/crypt/2-kms/kmip.yaml | 37 +++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 qa/suites/rgw/crypt/2-kms/kmip.yaml

diff --git a/qa/suites/rgw/crypt/2-kms/kmip.yaml b/qa/suites/rgw/crypt/2-kms/kmip.yaml
new file mode 100644
index 00000000000..4b2a13f4278
--- /dev/null
+++ b/qa/suites/rgw/crypt/2-kms/kmip.yaml
@@ -0,0 +1,37 @@
+overrides:
+  ceph:
+    conf:
+      client:
+        rgw crypt s3 kms backend: kmip
+        rgw crypt kmip ca path: /home/ubuntu/cephtest/ca/kmiproot.crt
+        rgw crypt kmip client cert: /home/ubuntu/cephtest/ca/kmip-client.crt
+        rgw crypt kmip client key: /home/ubuntu/cephtest/ca/kmip-client.key
+        rgw crypt kmip kms key template: pykmip-$keyid
+  rgw:
+    client.0:
+      use-pykmip-role: client.0
+
+tasks:
+- openssl_keys:
+    kmiproot:
+      client: client.0
+      cn: kmiproot
+      key-type: rsa:4096
+    kmip-server:
+      client: client.0
+      ca: kmiproot
+    kmip-client:
+      client: client.0
+      ca: kmiproot
+      cn: rgw-client
+- exec:
+    client.0:
+      - chmod 644 /home/ubuntu/cephtest/ca/kmip-client.key
+- pykmip:
+    client.0:
+      clientca: kmiproot
+      servercert: kmip-server
+      clientcert: kmip-client
+      secrets:
+      - name: pykmip-my-key-1
+      - name: pykmip-my-key-2
-- 
2.39.5