ef6be0e060
Store the generated fernet keys as juju secrets and update the id on relation app data. The fernet keys can be distributed on peer relation based on secret id saved in app data. Use juju secret rotation policy to invoke an event periodically to rotate the fernet keys. Update the secret with new rotated keys which triggeres secret-changed event on non-leader units to update fernet keys locally on the unit. This patch supports for both fernet keys and credential keys. Removed config options fernet-max-active-keys, token-expiration, allow-expired-window. Modified token expiration to 1 hour and allow- expired-window to 47 hours and fernet-max-active-keys to 4 so that fernet secret rotation can be applied daily. This need to be revisited since 47 hours for allow-exired-window may not be sufficient in some cases, see bug [1] For credential keys, rotate them on a monthly basis. [1] https://bugs.launchpad.net/charm-cinder/+bug/1986886 Depends-On: https://review.opendev.org/c/openstack/charm-ops-sunbeam/+/866646 Change-Id: Idf78642601d8233f7e60f34ae392754041938690 |
||
|---|---|---|
| .. | ||
| smoke.yaml | ||