Add an Ubuntu FIPS testing token

OpenStack contributors have worked out a solution for enabling FIPS
testing on Ubuntu nodes, which normally requires a paid
subscription. The "token" field of the "openstack_ubuntu_fips"
secret supplied here can be applied to a test node early during job
setup by calling "pro attach {{ token }}" as root.

The secret will be replaced periodically, in order to make any
entitlement exfiltrated from job nodes unattractive for production
use.

Change-Id: I9fb9758f8deddc3c76fb22fc859291dea8cfcd43
This commit is contained in:
Jeremy Stanley 2022-10-14 16:56:55 +00:00
parent f0ef2ee1d7
commit 97c7084cd7

View File

@ -728,3 +728,20 @@
HETs35aycMm/KTjhryPoQbsAAmVe/i/+PFcyxcMDPZHQmJcWRD+K7lJb3o18kNST410B/
FtiR0LGtDxKM1bdi57Qc3f43P4jzY3Px07SSKVFKSkuI1zSLnsZSbmWg/wBHcjllsA73L
l0HItpoMi3S3KDsFajJbk2UE6NhCBD7kmsSB69L6yb7VJdKZqMAHS2BSSXIRdA=
# Periodically rotated throw-away entitlement for FIPS support on Ubuntu
# (last issued 2022-10-14)
- secret:
name: openstack_ubuntu_fips
data:
token: !encrypted/pkcs1-oaep
- kms69XcCp7KUCa+qlAKiGo2D3C65euTB5RlvbgZsMKWRI6XoGDdsCyIYsThpBwvYss/Gx
JODZpDJyP1XF66waNXttpBT7PNRWf2B2QzpOC6nTXjI6WJ3d3q+w3tv6D7lP676ZyagUd
VhrLFZVfh0T9jCkI6nt4izwdYBJML86ilxZ4hHka3ca06IL5caAO6Dzc7iDB/+BtNO6bA
MzkkdW1JLB+00vBxYrk/GNw8Fkd6Ms1ZaxvFwElwUzjOvmqJFPRsuYwzGlKoqXOlcTF87
luq/4sVzSNSeU9SR+d2TEJB/dH+8pq8gyHiKqce24wMXqPNAQGT7Oa/bmmcPhmInbBjjA
Pquw3SJpa754PnyVwvsJt78f3Jgd2513hbYQq90uUgjOwAbNxbaSXoyIAAW2J0GQdWfyj
F9ieouvDpZmkDCRBr/YA3XOIhdDmglUZxynjOt1aLeSVH3R2EPbE4AIp0n8A2TG2KfBfb
jPJg4FIyS0HXAaJqNy4L0nq86zzH3M7dZs60mrLiQdnjHRrkSSCrQfPBrpKI0KLSGT+l+
FcA753WnBbBX1e4WALrn9rPp4EfGK7UqcvBBk2WOJ173cmCGpW/twvE0sI4eXvSfcaKGR
psrzBw0oBoW1Fg6ctWsAgSnwLbeKv9GLhdLq2ml04V84jrJur8+sVHXV8w6xf0=