add encryption to secret datasource config fields

Browse Source

A new congress/encryption.py module handles all aspects of
encryption.

The datasource DB interface class encapsulates all the
encryption (on write) and decryption (on read).

A new config option `encryption_key_path` has been added to the
DEFAULT section
to specify the path to the directory containing encryption keys for
encrypting secret fields in datasource config. The default value
works for most deployments.
A new key is automatically generated and placed in the
`key_path` directory if none exists.

Temporarily disabled an HA test which fails because the test
set up needs to be updated (the way popen starts the replicas,
they do not have permission to access the encryption keys set
up by the original congress instance. See this output for more
detail:
http://logs.openstack.org/35/487235/3/check/gate-congress-dsvm-api-mysql-ubuntu-xenial/f53656f/testr_results.html.gz
(OSError: [Errno 13] Permission denied: '/etc/congress/keys/aes_key')

Change-Id: I49a71bb398383f93cd2ea93e054a9a27a45c4660

...

This commit is contained in:

Eric Kao 2017-07-24 15:35:54 -07:00

parent b499ec924a

commit 0a3b573dd5

1 changed files with 0 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0

tests/scenario/congress_ha/test_ha.py → tests/scenario/congress_ha/test_ha.py.disabled

Unescape Escape View File