Skip to content

feat: Add OpenStack Barbican support as a Key Source #2030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
devx wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: Add OpenStack Barbican support as a Key Source #2030

devx wants to merge 6 commits into from

Conversation

@devx
Copy link

@devx devx commented Dec 30, 2025
edited
Loading

This PR integrates OpenStack Barbican as a supported backend for key management. It allows the keyservice to authenticate with and retrieve secrets directly from a Barbican instance, expanding our integration capabilities beyond the current stores.

Key Changes

  • Barbican Implementation: Added BarbicanKeySource with full authentication (Keystone) and client logic.
  • Integration: Wired Barbican support into the core keyservice and store interfaces.
  • Configuration: Updated the configuration system to accept Barbican endpoints, project IDs, and credentials.
  • Safety: Implemented fallback logic and error handling to ensure backward compatibility with existing key sources.

Testing I have added a comprehensive test suite to ensure reliability:

  • Unit Tests: Coverage for the new client and auth logic.
  • Integration Tests: Verified against a live/mocked Barbican endpoint.
  • Property-Based Tests: Added fuzzing/property tests to handle edge cases in key retrieval and parsing.

This also resolves issue #1651

dependabot bot and others added 4 commits December 30, 2025 16:10
@dependabot @devx
build(deps): Bump anchore/sbom-action in the ci group
cfc202e 
Bumps the ci group with 1 update: [anchore/sbom-action](https://github.com/anchore/sbom-action).


Updates `anchore/sbom-action` from 0.20.11 to 0.21.0
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@43a17d6...a930d0a)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @devx
build(deps): Bump the rust group in /functional-tests with 2 updates
ee8a597 
Bumps the rust group in /functional-tests with 2 updates: [tempfile](https://github.com/Stebalien/tempfile) and [serde_json](https://github.com/serde-rs/json).


Updates `tempfile` from 3.23.0 to 3.24.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](Stebalien/tempfile@v3.23.0...v3.24.0)

Updates `serde_json` from 1.0.145 to 1.0.148
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](serde-rs/json@v1.0.145...v1.0.148)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-version: 3.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: rust
- dependency-name: serde_json
  dependency-version: 1.0.148
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: rust
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @devx
build(deps): Bump the go group with 5 updates
917a4c8 
Bumps the go group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [filippo.io/age](https://github.com/FiloSottile/age) | `1.2.1` | `1.3.1` |
| [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.20.17` | `1.20.18` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.94.0` | `1.95.0` |
| [github.com/huaweicloud/huaweicloud-sdk-go-v3](https://github.com/huaweicloud/huaweicloud-sdk-go-v3) | `0.1.181` | `0.1.182` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.77.0` | `1.78.0` |

Updates `filippo.io/age` from 1.2.1 to 1.3.1
- [Release notes](https://github.com/FiloSottile/age/releases)
- [Commits](FiloSottile/age@v1.2.1...v1.3.1)

Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.20.17 to 1.20.18
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@service/emr/v1.20.17...service/emr/v1.20.18)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.94.0 to 1.95.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.94.0...service/s3/v1.95.0)

Updates `github.com/huaweicloud/huaweicloud-sdk-go-v3` from 0.1.181 to 0.1.182
- [Release notes](https://github.com/huaweicloud/huaweicloud-sdk-go-v3/releases)
- [Commits](huaweicloud/huaweicloud-sdk-go-v3@v0.1.181...v0.1.182)

Updates `google.golang.org/grpc` from 1.77.0 to 1.78.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.77.0...v1.78.0)

---
updated-dependencies:
- dependency-name: filippo.io/age
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager
  dependency-version: 1.20.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.95.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/huaweicloud/huaweicloud-sdk-go-v3
  dependency-version: 0.1.182
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-version: 1.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Victor Palma <palma.victor@gmail.com>
@felixfontein @devx
Adjust age tests.
8fdd867 
Signed-off-by: Felix Fontein <felix@fontein.de>
Signed-off-by: Victor Palma <palma.victor@gmail.com>
@devx
Add OpenStack Barbican key management support
19cc77f 
- Implement Barbican key source with authentication and client functionality
- Add comprehensive test suite including unit, integration, and property-based tests
- Update configuration system to support Barbican endpoints and authentication
- Integrate Barbican support into keyservice and stores
- Add documentation and usage examples for Barbican configuration
- Ensure backward compatibility and proper error handling

Signed-off-by: Victor Palma <palma.victor@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@devx @felixfontein