-
Mark Goddard authored
When using the simple_crypto plugin, barbican expects the [simple_crypto_plugin] kek config value to be a base64-encoded 32 byte value. However, kolla-ansible is providing a standard autogenerated password. There are two relevant variables in kolla-ansible - barbican_crypto_password (a standard password) and barbican_crypto_key (a HMAC-SHA256 key). There is no use of barbican_crypto_key other than when it is generated. barbican_crypto_password is used to set the [simple_crypto_plugin] kek config value but causes an error when the simple_crypto plugin is used as the value is not in the expected format. Using barbican_crypto_key instead resolves the error. Clearly there is a naming issue here and we should be using barbican_crypto_key instead of barbican_crypto_password. This change removes the barbican_crypto_password variable and uses barbican_crypto_key instead. Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda Closes-Bug: #1699014 Related-Bug: #1683216 Co-Authored-By:Stig Telfer <stig@stackhpc.com>
Mark Goddard authoredWhen using the simple_crypto plugin, barbican expects the [simple_crypto_plugin] kek config value to be a base64-encoded 32 byte value. However, kolla-ansible is providing a standard autogenerated password. There are two relevant variables in kolla-ansible - barbican_crypto_password (a standard password) and barbican_crypto_key (a HMAC-SHA256 key). There is no use of barbican_crypto_key other than when it is generated. barbican_crypto_password is used to set the [simple_crypto_plugin] kek config value but causes an error when the simple_crypto plugin is used as the value is not in the expected format. Using barbican_crypto_key instead resolves the error. Clearly there is a naming issue here and we should be using barbican_crypto_key instead of barbican_crypto_password. This change removes the barbican_crypto_password variable and uses barbican_crypto_key instead. Change-Id: I63e2b381c260265e5901ee88ca0a649d96952bda Closes-Bug: #1699014 Related-Bug: #1683216 Co-Authored-By:
