Add default simple key to secrets

Currently we deploy barbican with weird crypto key. We should generate
unique one with secrets. Also we define `barbican_ceilometer_enabled`
variable to avoid notifications queue overflow caused by absent listener.

Needed-By: https://review.opendev.org/759084
Change-Id: I1732916102dd8cc387d65566f3d3f96038e30e40
This commit is contained in:
Dmitriy Rabotyagov 2020-10-21 18:44:33 +03:00 committed by Jonathan Rosser
parent 886e586f10
commit 83eaf03d99
4 changed files with 10 additions and 3 deletions

View File

@ -235,6 +235,7 @@ barbican_oslomsg_rpc_password:
# your user variables. # your user variables.
#barbican_oslomsg_notify_password: #barbican_oslomsg_notify_password:
barbican_service_password: barbican_service_password:
barbican_simple_crypto_key:
## Blazar Options ## Blazar Options
blazar_oslomsg_rpc_password: blazar_oslomsg_rpc_password:

View File

@ -16,3 +16,4 @@
barbican_service_region: "{{ service_region }}" barbican_service_region: "{{ service_region }}"
barbican_service_in_ldap: "{{ service_ldap_backend_enabled }}" barbican_service_in_ldap: "{{ service_ldap_backend_enabled }}"
barbican_keystone_auth: yes barbican_keystone_auth: yes
barbican_ceilometer_enabled: "{{ (groups['ceilometer_all'] is defined) and (groups['ceilometer_all'] | length > 0) }}"

View File

@ -0,0 +1,5 @@
---
other:
- |
pw-token-gen.py script will generate always 32 char string instead of
random choice between 24 or 32 length.

View File

@ -42,7 +42,7 @@ class CredentialGenerator(object):
password: 16 - 64 character string password: 16 - 64 character string
secret: 16 - 64 character string secret: 16 - 64 character string
token: 64 - 72 character string token: 64 - 72 character string
key: 24, or 32 character string (Needs to be AES compatible) key: 32 character string (Needs to be AES compatible)
Usage: Usage:
>>> generator = CredentialGenerator() >>> generator = CredentialGenerator()
@ -96,14 +96,14 @@ class CredentialGenerator(object):
return encoded_bytes[:random.randrange(64, 72)] return encoded_bytes[:random.randrange(64, 72)]
def _key_gen(self, encoded_bytes): def _key_gen(self, encoded_bytes):
"""Returns ``str`` with a length of 24 or 32. """Returns ``str`` with a length of 32.
Length restriction are required for key type secrets because of Length restriction are required for key type secrets because of
requirements in AES. requirements in AES.
:param encoded_bytes: ``str`` must be at least 32 charters long :param encoded_bytes: ``str`` must be at least 32 charters long
""" """
return encoded_bytes[:random.choice([24, 32])] return encoded_bytes[:32]
def args(): def args():