Support rotation for maas region secret

More details on this bug - https://bugs.launchpad.net/maas/+bug/1850180

Change-Id: I52312ccec74a1973fdb7aebe3bfc6c0088004ad5

images/maas-region-controller/2.3_region_secret_rotate.patch

@@ -0,0 +1,20 @@
+diff --git a/src/maasserver/security.py b/src/maasserver/security.py
+index e931b89..44fad1a 100644
+--- a/src/maasserver/security.py
++++ b/src/maasserver/security.py
+@@ -105,10 +105,11 @@ def get_shared_secret_txn():
+     elif secret_in_db == secret_on_fs:
+         secret = secret_in_db  # or secret_on_fs.
+     else:
+-        raise AssertionError(
+-            "The secret stored in the database does not match the secret "
+-            "stored on the filesystem at %s. Please investigate." %
+-            get_shared_secret_filesystem_path())
++        # (nk613n): When we rotate secrets we only update the filesystem
++        #           so if the secrets don't match we will default to the FS
++        #           secret and set it in the database (set_config function)
++        secret = secret_on_fs
++        Config.objects.set_config("rpc_shared_secret", to_hex(secret))
+
+     return secret
+

images/maas-region-controller/Dockerfile

@@ -75,17 +75,20 @@ COPY 2.3_proxy_acl.patch /tmp/2.3_proxy_acl.patch
 # Patch to add retrying to MaaS BMC user setup, and improve exception handling
 copy 2.3_configure_ipmi_user.patch /tmp/2.3_configure_ipmi_user.patch
 COPY 2.3_secure_headers.patch /tmp/2.3_secure_headers.patch
+COPY 2.3_region_secret_rotate.patch /tmp/2.3_region_secret_rotate.patch
 
 RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.3_route.patch
 RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed.py < /tmp/2.3_kernel_package.patch
 RUN cd /usr/lib/python3/dist-packages/maasserver/models && patch partition.py < /tmp/2.3_bios_grub_partition.patch
 RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_storage.py < /tmp/2.3_bios_grub_preseed.patch
+RUN cd /usr/lib/python3/dist-packages/maasserver && patch security.py < /tmp/2.3_region_secret_rotate.patch
 RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets && patch maas_enlist.sh < /tmp/2.3_maas_enlist.patch
 RUN cd /usr/lib/python3/dist-packages/metadataserver/user_data/templates/snippets && patch maas_ipmi_autodetect.py < /tmp/2.3_configure_ipmi_user.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch ipaddr.py < /tmp/2.3_mac_address.patch
 RUN cd /usr/lib/python3/dist-packages/provisioningserver/templates/proxy && patch maas-proxy.conf.template < /tmp/2.3_proxy_acl.patch
 RUN cd /usr/lib/python3/dist-packages/twisted/web && patch server.py < /tmp/2.3_secure_headers.patch
 
+
 COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
 RUN mkdir -p /etc/systemd/system/basic.target.wants ;\
     ln -s /etc/systemd/system/journalctl-to-tty.service /etc/systemd/system/basic.target.wants/journalctl-to-tty.service