b9daa100d0
This patch fixes the Castellan secret store use of SecretDTO objects, which require that the "secret" member be base64 encoded. [1] Prior to this fix all secrets that were generated were stored in plaintext, but secrets coming in through the API were base64 encoded before being stored in the backend. On secret retreival the Castellan plugin wrongly assumed everything in the backend was encoded, so attempts to retrieve generated keys failed. This patch fixes this inconsistency by always storing data un-encoded in the backend. A helper method was added to sort out the inconsistent data stored prior to this fix. A "version" property was added to the Castellan plugin metadata that is stored in barbican to help differentiate secrets stored prior to this fix vs secrets stored after this fix. Story: 2008335 Task: 41236 [1] https://opendev.org/openstack/barbican/src/tag/12.0.0/barbican/plugin/interface/secret_store.py#L356 Change-Id: I46fe77a471bf7927a24ca4d64dfccb385cd6402e
29 KiB
29 KiB