Allow auth_encryption_key to be configured
Change-Id: Ia3b00d0e93df7297a1391d9954048de146d03306 Closes-Bug: #1465926
This commit is contained in:
parent
62f41a402f
commit
2a0e5aadb0
|
@ -198,6 +198,7 @@ Miscellaneous Options
|
||||||
Arrays whose elements will be copied exactly into the respective config files (contents e.g. ['option1=value1', 'option2=value2']).
|
Arrays whose elements will be copied exactly into the respective config files (contents e.g. ['option1=value1', 'option2=value2']).
|
||||||
|
|
||||||
* `openstack["orchestration"]["misc_heat"]` - Array of bare options for `heat.conf`.
|
* `openstack["orchestration"]["misc_heat"]` - Array of bare options for `heat.conf`.
|
||||||
|
* `orchestration_auth_encryption_key` - Key used to encrypt authentication info in the database. Length of this key must be 16, 24 or 32 characters. Comes from secrets databag.
|
||||||
|
|
||||||
Testing
|
Testing
|
||||||
=====
|
=====
|
||||||
|
|
|
@ -63,6 +63,7 @@ heat_api_cloudwatch_bind = internal_endpoint 'orchestration-api-cloudwatch-bind'
|
||||||
heat_api_cloudwatch_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
|
heat_api_cloudwatch_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
|
||||||
|
|
||||||
service_pass = get_password 'service', 'openstack-orchestration'
|
service_pass = get_password 'service', 'openstack-orchestration'
|
||||||
|
auth_encryption_key = get_password 'token', 'orchestration_auth_encryption_key'
|
||||||
|
|
||||||
stack_domain_admin_password = nil
|
stack_domain_admin_password = nil
|
||||||
if node['openstack']['orchestration']['stack_domain_admin']
|
if node['openstack']['orchestration']['stack_domain_admin']
|
||||||
|
@ -116,6 +117,7 @@ template '/etc/heat/heat.conf' do
|
||||||
auth_uri: auth_uri,
|
auth_uri: auth_uri,
|
||||||
identity_uri: identity_uri,
|
identity_uri: identity_uri,
|
||||||
service_pass: service_pass,
|
service_pass: service_pass,
|
||||||
|
auth_encryption_key: auth_encryption_key,
|
||||||
sql_connection: sql_connection,
|
sql_connection: sql_connection,
|
||||||
heat_api_bind: heat_api_bind,
|
heat_api_bind: heat_api_bind,
|
||||||
heat_api_endpoint: heat_api_endpoint,
|
heat_api_endpoint: heat_api_endpoint,
|
||||||
|
|
|
@ -55,6 +55,9 @@ shared_context 'orchestration_stubs' do
|
||||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||||
.with('user', 'admin')
|
.with('user', 'admin')
|
||||||
.and_return 'admin_pass'
|
.and_return 'admin_pass'
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||||
|
.with('token', 'orchestration_auth_encryption_key')
|
||||||
|
.and_return 'auth_encryption_key_secret'
|
||||||
allow(Chef::Application).to receive(:fatal!)
|
allow(Chef::Application).to receive(:fatal!)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -195,6 +198,10 @@ shared_examples 'expects to create heat conf' do
|
||||||
expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
|
expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'sets auth_encryption_key' do
|
||||||
|
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key=auth_encryption_key_secret$/)
|
||||||
|
end
|
||||||
|
|
||||||
describe 'default values for certificates files' do
|
describe 'default values for certificates files' do
|
||||||
it 'has no such values' do
|
it 'has no such values' do
|
||||||
[
|
[
|
||||||
|
|
|
@ -211,7 +211,7 @@ num_engine_workers=<%= node['openstack']['orchestration']['num_engine_workers']
|
||||||
|
|
||||||
# Encryption key used for authentication info in database.
|
# Encryption key used for authentication info in database.
|
||||||
# (string value)
|
# (string value)
|
||||||
#auth_encryption_key=notgood but just long enough i think
|
auth_encryption_key=<%= @auth_encryption_key %>
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue