a77667339d
Fernet checks[1] for 32 characters long key, so Octavia should validate
the value provided for server_certs_key_passphrase, to reject an invalid
passphrase as early as possible.
This[2] Red Hat Bug showed a case in which an invalid passphrase got
configured, and as a result, Octavia was unable to create any
load balancers.
Related-bug: #1833942
[1] 784676de33/src/cryptography/fernet.py (L36)
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1723051
Change-Id: I334364d4654491bc0d289472ca9ab5fe462d5139
7 lines
247 B
YAML
7 lines
247 B
YAML
---
|
|
fixes:
|
|
- The passphrase for config option 'server_certs_key_passphrase' is used as
|
|
a Fernet key in Octavia and thus must be 32, base64(url) compatible,
|
|
characters long. Octavia will now validate the passphrase length and
|
|
format.
|