Merge "Ensure that OctaviaServerCertsKeyPassphrase is 32-byte long" into stable/queens

This commit is contained in:
Zuul 2019-08-01 18:01:26 +00:00 committed by Gerrit Code Review
commit 341b3cbb48
3 changed files with 9 additions and 0 deletions

View File

@ -0,0 +1,5 @@
---
fixes:
- The passphrase for config option 'server_certs_key_passphrase', is used as
a Fernet key in Octavia and thus must be 32 bytes long. TripleO will now
auto-generate 32 bytes long passphrase for OctaviaServerCertsKeyPassphrase.

View File

@ -73,6 +73,7 @@ class TestPasswords(base.TestCase):
self.assertNotEqual(value['KeystoneCredential0'], self.assertNotEqual(value['KeystoneCredential0'],
value['KeystoneCredential1']) value['KeystoneCredential1'])
self.assertEqual(len(value['OctaviaServerCertsKeyPassphrase']), 32)
def test_create_ssh_keypair(self): def test_create_ssh_keypair(self):

View File

@ -90,6 +90,9 @@ def generate_passwords(mistralclient=None, stack_env=None):
elif name.startswith("HeatAuthEncryptionKey"): elif name.startswith("HeatAuthEncryptionKey"):
passwords[name] = passutils.generate_password( passwords[name] = passutils.generate_password(
size=32) size=32)
elif name.startswith("OctaviaServerCertsKeyPassphrase"):
passwords[name] = passutils.generate_password(
size=32)
else: else:
passwords[name] = passutils.generate_password( passwords[name] = passutils.generate_password(
size=_MIN_PASSWORD_SIZE) size=_MIN_PASSWORD_SIZE)