This feature allows users to pass sensitive credentials as
Vault references via subordinate storage charms (e.g. cinder-ceph,
cinder-netapp, etc.) so that they aren't printed in plaintext in
cinder.conf.
When the CinderSubordinateConfigContext is built, detect if any
configuration values are Vault references. If references
are found, the relevant configuration is added to cinder.conf,
castellan.conf, and secret_map.conf so that Cinder can resolve these
options at runtime using Castellan.
To use the Vault backend, a new secrets-storage
relation was added using the vault-kv interface which will generate
the vault credentials and KV mountpoint for each cinder unit using
VaultKVContext. The approle_id and secret_id are passed via a
systemd override file.
Depends-On: https://review.opendev.org/c/openstack/castellan/+/962726
Change-Id: Ib6d2ae305158430e3be6833ce1cd0aa5c6605f46
Signed-off-by: abilash-p <abi.perinparasa@canonical.com>
5078eb9dbe