Adds constraint: OctaviaServerCertsKeyPassphrase must be 32 chars long
Closes-bug: #1833942 Depends-On: I5c2629d9e7700fe1dd6f915bc257b1f058e40617 Depends-On: Ibcdbe2605a7cabe3a5ef8245b4460c8f70220989 Change-Id: I886f2b8ac7092d9b3da38852e92a615d5666eea7
This commit is contained in:
parent
e3edf7b84c
commit
a6fef3aad6
|
@ -84,8 +84,10 @@ parameters:
|
|||
with the path provided in OctaviaCaKeyFile with the key
|
||||
data.
|
||||
OctaviaServerCertsKeyPassphrase:
|
||||
constraints:
|
||||
- length: { min: 32, max: 32}
|
||||
description: Passphrase for encrypting Amphora Certificates and
|
||||
Private Keys.
|
||||
Private Keys. Must be exactly 32 characters.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaCaKeyPassphrase:
|
||||
|
|
|
@ -125,8 +125,10 @@ parameters:
|
|||
default: '/etc/octavia/certs/private/cakey.pem'
|
||||
description: Octavia CA private key file path.
|
||||
OctaviaServerCertsKeyPassphrase:
|
||||
constraints:
|
||||
- length: { min: 32, max: 32}
|
||||
description: Passphrase for encrypting Amphora Certificates and
|
||||
Private Keys.
|
||||
Private Keys. Must be exactly 32 characters.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaCaKeyPassphrase:
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fixes:
|
||||
- The passphrase for config option 'server_certs_key_passphrase', is used as
|
||||
a Fernet key in Octavia and thus must be 32 bytes long. In the case of an
|
||||
operator-provided passphrase, TripleO will validate that.
|
Loading…
Reference in New Issue