Use fernet for barbican crypto key
Sha password is not always valid for barbican cripto key. Use a fernet key so it always gets valid. Not need release note for upgrade, users with a working barbican not regenerate passwords, only new passwords will get new type. Change-Id: Ic8c4ca63219295d697062cff9cbf30fadbe49bf3
This commit is contained in:
Eduardo Gonzalez
parent
cd03876e7d
commit
b80a63f33f
@ -19,11 +19,11 @@ import random
|
||||
import string
|
||||
import sys
|
||||
|
||||
from cryptography import fernet
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from hashlib import md5
|
||||
from hashlib import sha256
|
||||
from oslo_utils import uuidutils
|
||||
import yaml
|
||||
|
||||
@ -85,8 +85,8 @@ def main():
|
||||
hmac_md5_keys = ['designate_rndc_key',
|
||||
'osprofiler_secret']
|
||||
|
||||
# HMAC-SHA256 keys
|
||||
hmac_sha256_keys = ['barbican_crypto_key']
|
||||
# Fernet keys
|
||||
fernet_keys = ['barbican_crypto_key']
|
||||
|
||||
# length of password
|
||||
length = 40
|
||||
@ -114,10 +114,8 @@ def main():
|
||||
passwords[k] = (hmac.new(
|
||||
uuidutils.generate_uuid().encode(), ''.encode(), md5)
|
||||
.hexdigest())
|
||||
elif k in hmac_sha256_keys:
|
||||
passwords[k] = (hmac.new(
|
||||
uuidutils.generate_uuid().encode(), ''.encode(), sha256)
|
||||
.hexdigest())
|
||||
elif k in fernet_keys:
|
||||
passwords[k] = fernet.Fernet.generate_key()
|
||||
else:
|
||||
passwords[k] = ''.join([
|
||||
random.SystemRandom().choice(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user