5078eb9dbe
This feature allows users to pass sensitive credentials as Vault references via subordinate storage charms (e.g. cinder-ceph, cinder-netapp, etc.) so that they aren't printed in plaintext in cinder.conf. When the CinderSubordinateConfigContext is built, detect if any configuration values are Vault references. If references are found, the relevant configuration is added to cinder.conf, castellan.conf, and secret_map.conf so that Cinder can resolve these options at runtime using Castellan. To use the Vault backend, a new secrets-storage relation was added using the vault-kv interface which will generate the vault credentials and KV mountpoint for each cinder unit using VaultKVContext. The approle_id and secret_id are passed via a systemd override file. Depends-On: https://review.opendev.org/c/openstack/castellan/+/962726 Change-Id: Ib6d2ae305158430e3be6833ce1cd0aa5c6605f46 Signed-off-by: abilash-p <abi.perinparasa@canonical.com>
Symbolic link
1 line
15 B
Plaintext
Symbolic link
1 line
15 B
Plaintext
cinder_hooks.py |