Allow auth_encryption_key to be configured

Change-Id: Ia3b00d0e93df7297a1391d9954048de146d03306
Closes-Bug: #1465926
This commit is contained in:
Mark Vanderwiel 2015-06-17 09:09:01 -05:00
parent 62f41a402f
commit 2a0e5aadb0
4 changed files with 11 additions and 1 deletions

View File

@ -198,6 +198,7 @@ Miscellaneous Options
Arrays whose elements will be copied exactly into the respective config files (contents e.g. ['option1=value1', 'option2=value2']).
* `openstack["orchestration"]["misc_heat"]` - Array of bare options for `heat.conf`.
* `orchestration_auth_encryption_key` - Key used to encrypt authentication info in the database. Length of this key must be 16, 24 or 32 characters. Comes from secrets databag.
Testing
=====

View File

@ -63,6 +63,7 @@ heat_api_cloudwatch_bind = internal_endpoint 'orchestration-api-cloudwatch-bind'
heat_api_cloudwatch_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
service_pass = get_password 'service', 'openstack-orchestration'
auth_encryption_key = get_password 'token', 'orchestration_auth_encryption_key'
stack_domain_admin_password = nil
if node['openstack']['orchestration']['stack_domain_admin']
@ -116,6 +117,7 @@ template '/etc/heat/heat.conf' do
auth_uri: auth_uri,
identity_uri: identity_uri,
service_pass: service_pass,
auth_encryption_key: auth_encryption_key,
sql_connection: sql_connection,
heat_api_bind: heat_api_bind,
heat_api_endpoint: heat_api_endpoint,

View File

@ -55,6 +55,9 @@ shared_context 'orchestration_stubs' do
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('user', 'admin')
.and_return 'admin_pass'
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('token', 'orchestration_auth_encryption_key')
.and_return 'auth_encryption_key_secret'
allow(Chef::Application).to receive(:fatal!)
end
end
@ -195,6 +198,10 @@ shared_examples 'expects to create heat conf' do
expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
end
it 'sets auth_encryption_key' do
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key=auth_encryption_key_secret$/)
end
describe 'default values for certificates files' do
it 'has no such values' do
[

View File

@ -211,7 +211,7 @@ num_engine_workers=<%= node['openstack']['orchestration']['num_engine_workers']
# Encryption key used for authentication info in database.
# (string value)
#auth_encryption_key=notgood but just long enough i think
auth_encryption_key=<%= @auth_encryption_key %>
#