From 4261ded64801a87c0e28dc4cee75c42184b0c6db Mon Sep 17 00:00:00 2001
From: Paul Bourke <paul.bourke@oracle.com>
Date: Mon, 26 Jun 2017 17:00:22 +0100
Subject: [PATCH] Add sanity checks for Barbican

Change-Id: I5744784afc13f2ee884c8dca2b32c982ebebc542
Partially-implements: blueprint sanity-check-container
---
 ansible/group_vars/all.yml             |  1 +
 ansible/roles/barbican/tasks/check.yml | 32 ++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index ff9fae3df5..1417d08975 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -38,6 +38,7 @@ kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_external_vip_address == ko
 
 kolla_enable_sanity_checks: "no"
 
+kolla_enable_sanity_barbican: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_keystone: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}"
diff --git a/ansible/roles/barbican/tasks/check.yml b/ansible/roles/barbican/tasks/check.yml
index ed97d539c0..ede5e1be0c 100644
--- a/ansible/roles/barbican/tasks/check.yml
+++ b/ansible/roles/barbican/tasks/check.yml
@@ -1 +1,33 @@
 ---
+- name: Barbican sanity - storing a secret
+  shell: docker exec -t barbican_api openstack \
+      --os-auth-url={{ openstack_auth.auth_url }} \
+      --os-password={{ openstack_auth.password }} \
+      --os-username={{ openstack_auth.username }} \
+      --os-project-name={{ openstack_auth.project_name }} \
+      secret store -f value -p kolla | head -1
+  register: barbican_store_secret
+  run_once: True
+  when: kolla_enable_sanity_barbican | bool
+
+- name: Barbican sanity - fetch secret
+  shell: docker exec -t barbican_api openstack \
+      --os-auth-url={{ openstack_auth.auth_url }} \
+      --os-password={{ openstack_auth.password }} \
+      --os-username={{ openstack_auth.username }} \
+      --os-project-name={{ openstack_auth.project_name }} \
+      secret get -f value -p {{ barbican_store_secret.stdout }}
+  register: barbican_get_secret
+  failed_when: "{{ barbican_get_secret.stdout != 'kolla' }}"
+  run_once: True
+  when: kolla_enable_sanity_barbican | bool
+
+- name: Barbican sanity - cleaning up
+  shell: docker exec -t barbican_api openstack \
+      --os-auth-url={{ openstack_auth.auth_url }} \
+      --os-password={{ openstack_auth.password }} \
+      --os-username={{ openstack_auth.username }} \
+      --os-project-name={{ openstack_auth.project_name }} \
+      secret delete {{ barbican_store_secret.stdout }}
+  run_once: True
+  when: kolla_enable_sanity_barbican | bool