Ensure that OctaviaServerCertsKeyPassphrase is 32-byte long

Conflicts: tripleo_common/utils/passwords.py Related-Bug: #1833942 Change-Id: Ibcdbe2605a7cabe3a5ef8245b4460c8f70220989 (cherry picked from commit de2ab55824) (cherry picked from commit 94620dd5e6) (cherry picked from commit 35913d6266)
2019-06-23 00:54:19 +03:00 · 2019-06-23 00:54:19 +03:00 · 32d7bb44ab
parent 805b292458
commit 32d7bb44ab
3 changed files with 9 additions and 0 deletions
--- a/releasenotes/notes/fix-generated-server_certs_key_passphrase-60cba4653109992c.yaml
+++ b/releasenotes/notes/fix-generated-server_certs_key_passphrase-60cba4653109992c.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - The passphrase for config option 'server_certs_key_passphrase', is used as
+    a Fernet key in Octavia and thus must be 32 bytes long. TripleO will now
+    auto-generate 32 bytes long passphrase for OctaviaServerCertsKeyPassphrase.
--- a/tripleo_common/tests/utils/test_passwords.py
+++ b/tripleo_common/tests/utils/test_passwords.py
@ -73,6 +73,7 @@ class TestPasswords(base.TestCase):

        self.assertNotEqual(value['KeystoneCredential0'],
                            value['KeystoneCredential1'])
+        self.assertEqual(len(value['OctaviaServerCertsKeyPassphrase']), 32)

    def test_create_ssh_keypair(self):

--- a/tripleo_common/utils/passwords.py
+++ b/tripleo_common/utils/passwords.py
@ -90,6 +90,9 @@ def generate_passwords(mistralclient=None, stack_env=None):
        elif name.startswith("HeatAuthEncryptionKey"):
            passwords[name] = passutils.generate_password(
                size=32)
+        elif name.startswith("OctaviaServerCertsKeyPassphrase"):
+            passwords[name] = passutils.generate_password(
+                size=32)
        else:
            passwords[name] = passutils.generate_password(
                size=_MIN_PASSWORD_SIZE)