From 32d7bb44ab61cb0fcca1a78dfa822511d1d640d4 Mon Sep 17 00:00:00 2001
From: Nir Magnezi <nmagnezi@redhat.com>
Date: Sun, 23 Jun 2019 00:54:19 +0300
Subject: [PATCH] Ensure that OctaviaServerCertsKeyPassphrase is 32-byte long

Conflicts:
      tripleo_common/utils/passwords.py

Related-Bug: #1833942

Change-Id: Ibcdbe2605a7cabe3a5ef8245b4460c8f70220989
(cherry picked from commit de2ab55824cf96a96ac0ba9ec2a1eaccbb0f6fa2)
(cherry picked from commit 94620dd5e67fa3a0775b2df1ae312533e392a7f9)
(cherry picked from commit 35913d62664424075392dcaca6324164fb19380a)
---
 ...nerated-server_certs_key_passphrase-60cba4653109992c.yaml | 5 +++++
 tripleo_common/tests/utils/test_passwords.py                 | 1 +
 tripleo_common/utils/passwords.py                            | 3 +++
 3 files changed, 9 insertions(+)
 create mode 100644 releasenotes/notes/fix-generated-server_certs_key_passphrase-60cba4653109992c.yaml

diff --git a/releasenotes/notes/fix-generated-server_certs_key_passphrase-60cba4653109992c.yaml b/releasenotes/notes/fix-generated-server_certs_key_passphrase-60cba4653109992c.yaml
new file mode 100644
index 000000000..f22b91305
--- /dev/null
+++ b/releasenotes/notes/fix-generated-server_certs_key_passphrase-60cba4653109992c.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - The passphrase for config option 'server_certs_key_passphrase', is used as
+    a Fernet key in Octavia and thus must be 32 bytes long. TripleO will now
+    auto-generate 32 bytes long passphrase for OctaviaServerCertsKeyPassphrase.
\ No newline at end of file
diff --git a/tripleo_common/tests/utils/test_passwords.py b/tripleo_common/tests/utils/test_passwords.py
index 5efaf977b..a04586bbc 100644
--- a/tripleo_common/tests/utils/test_passwords.py
+++ b/tripleo_common/tests/utils/test_passwords.py
@@ -73,6 +73,7 @@ class TestPasswords(base.TestCase):
 
         self.assertNotEqual(value['KeystoneCredential0'],
                             value['KeystoneCredential1'])
+        self.assertEqual(len(value['OctaviaServerCertsKeyPassphrase']), 32)
 
     def test_create_ssh_keypair(self):
 
diff --git a/tripleo_common/utils/passwords.py b/tripleo_common/utils/passwords.py
index 415312902..ef22de4a7 100644
--- a/tripleo_common/utils/passwords.py
+++ b/tripleo_common/utils/passwords.py
@@ -90,6 +90,9 @@ def generate_passwords(mistralclient=None, stack_env=None):
         elif name.startswith("HeatAuthEncryptionKey"):
             passwords[name] = passutils.generate_password(
                 size=32)
+        elif name.startswith("OctaviaServerCertsKeyPassphrase"):
+            passwords[name] = passutils.generate_password(
+                size=32)
         else:
             passwords[name] = passutils.generate_password(
                 size=_MIN_PASSWORD_SIZE)