Allow auth_encryption_key to be configured
Change-Id: Ia3b00d0e93df7297a1391d9954048de146d03306 Closes-Bug: #1465926
This commit is contained in:
parent
62f41a402f
commit
2a0e5aadb0
|
@ -198,6 +198,7 @@ Miscellaneous Options
|
|||
Arrays whose elements will be copied exactly into the respective config files (contents e.g. ['option1=value1', 'option2=value2']).
|
||||
|
||||
* `openstack["orchestration"]["misc_heat"]` - Array of bare options for `heat.conf`.
|
||||
* `orchestration_auth_encryption_key` - Key used to encrypt authentication info in the database. Length of this key must be 16, 24 or 32 characters. Comes from secrets databag.
|
||||
|
||||
Testing
|
||||
=====
|
||||
|
|
|
@ -63,6 +63,7 @@ heat_api_cloudwatch_bind = internal_endpoint 'orchestration-api-cloudwatch-bind'
|
|||
heat_api_cloudwatch_endpoint = internal_endpoint 'orchestration-api-cloudwatch'
|
||||
|
||||
service_pass = get_password 'service', 'openstack-orchestration'
|
||||
auth_encryption_key = get_password 'token', 'orchestration_auth_encryption_key'
|
||||
|
||||
stack_domain_admin_password = nil
|
||||
if node['openstack']['orchestration']['stack_domain_admin']
|
||||
|
@ -116,6 +117,7 @@ template '/etc/heat/heat.conf' do
|
|||
auth_uri: auth_uri,
|
||||
identity_uri: identity_uri,
|
||||
service_pass: service_pass,
|
||||
auth_encryption_key: auth_encryption_key,
|
||||
sql_connection: sql_connection,
|
||||
heat_api_bind: heat_api_bind,
|
||||
heat_api_endpoint: heat_api_endpoint,
|
||||
|
|
|
@ -55,6 +55,9 @@ shared_context 'orchestration_stubs' do
|
|||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'admin')
|
||||
.and_return 'admin_pass'
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('token', 'orchestration_auth_encryption_key')
|
||||
.and_return 'auth_encryption_key_secret'
|
||||
allow(Chef::Application).to receive(:fatal!)
|
||||
end
|
||||
end
|
||||
|
@ -195,6 +198,10 @@ shared_examples 'expects to create heat conf' do
|
|||
expect(chef_run).to render_file(file.name).with_content(/^insecure=false$/)
|
||||
end
|
||||
|
||||
it 'sets auth_encryption_key' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key=auth_encryption_key_secret$/)
|
||||
end
|
||||
|
||||
describe 'default values for certificates files' do
|
||||
it 'has no such values' do
|
||||
[
|
||||
|
|
|
@ -211,7 +211,7 @@ num_engine_workers=<%= node['openstack']['orchestration']['num_engine_workers']
|
|||
|
||||
# Encryption key used for authentication info in database.
|
||||
# (string value)
|
||||
#auth_encryption_key=notgood but just long enough i think
|
||||
auth_encryption_key=<%= @auth_encryption_key %>
|
||||
|
||||
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue