Add an Ubuntu FIPS testing token

OpenStack contributors have worked out a solution for enabling FIPS testing on Ubuntu nodes, which normally requires a paid subscription. The "token" field of the "openstack_ubuntu_fips" secret supplied here can be applied to a test node early during job setup by calling "pro attach {{ token }}" as root. The secret will be replaced periodically, in order to make any entitlement exfiltrated from job nodes unattractive for production use. Change-Id: I9fb9758f8deddc3c76fb22fc859291dea8cfcd43
2022-10-14 16:56:55 +00:00 · 2022-10-14 16:56:55 +00:00 · 97c7084cd7
parent f0ef2ee1d7
commit 97c7084cd7
1 changed files with 17 additions and 0 deletions
--- a/zuul.d/secrets.yaml
+++ b/zuul.d/secrets.yaml
@ -728,3 +728,20 @@
          HETs35aycMm/KTjhryPoQbsAAmVe/i/+PFcyxcMDPZHQmJcWRD+K7lJb3o18kNST410B/
          FtiR0LGtDxKM1bdi57Qc3f43P4jzY3Px07SSKVFKSkuI1zSLnsZSbmWg/wBHcjllsA73L
          l0HItpoMi3S3KDsFajJbk2UE6NhCBD7kmsSB69L6yb7VJdKZqMAHS2BSSXIRdA=
+
+# Periodically rotated throw-away entitlement for FIPS support on Ubuntu
+# (last issued 2022-10-14)
+- secret:
+    name: openstack_ubuntu_fips
+    data:
+      token: !encrypted/pkcs1-oaep
+        - kms69XcCp7KUCa+qlAKiGo2D3C65euTB5RlvbgZsMKWRI6XoGDdsCyIYsThpBwvYss/Gx
+          JODZpDJyP1XF66waNXttpBT7PNRWf2B2QzpOC6nTXjI6WJ3d3q+w3tv6D7lP676ZyagUd
+          VhrLFZVfh0T9jCkI6nt4izwdYBJML86ilxZ4hHka3ca06IL5caAO6Dzc7iDB/+BtNO6bA
+          MzkkdW1JLB+00vBxYrk/GNw8Fkd6Ms1ZaxvFwElwUzjOvmqJFPRsuYwzGlKoqXOlcTF87
+          luq/4sVzSNSeU9SR+d2TEJB/dH+8pq8gyHiKqce24wMXqPNAQGT7Oa/bmmcPhmInbBjjA
+          Pquw3SJpa754PnyVwvsJt78f3Jgd2513hbYQq90uUgjOwAbNxbaSXoyIAAW2J0GQdWfyj
+          F9ieouvDpZmkDCRBr/YA3XOIhdDmglUZxynjOt1aLeSVH3R2EPbE4AIp0n8A2TG2KfBfb
+          jPJg4FIyS0HXAaJqNy4L0nq86zzH3M7dZs60mrLiQdnjHRrkSSCrQfPBrpKI0KLSGT+l+
+          FcA753WnBbBX1e4WALrn9rPp4EfGK7UqcvBBk2WOJ173cmCGpW/twvE0sI4eXvSfcaKGR
+          psrzBw0oBoW1Fg6ctWsAgSnwLbeKv9GLhdLq2ml04V84jrJur8+sVHXV8w6xf0=