4ccb4368ce
Under some circumstances, the payloads retrieved from Barbican do not match what was stored. This primarily affects surrounding whitespace[0], but the implications for passphrases are significant, and even for PEM encoded data, a difference in whitespace in a configmap is enough to trigger a chart upgrade. In general, the effort to align Deckhand document types with Barbican secret types adds complexity without tangible benefit. Barbican does no enforcement of the contents of the data, and if it did, that could lead to further incompatibilities. This change uses the 'opaque' secret type for all secret document types. Before storage (or caching), the payload is serialized using `repr`, and base64 encoded. Upon retrieval, the payload is base64 decoded and parsed back into an object with `ast.literal_eval`. [0]: https://storyboard.openstack.org/#!/story/2007017 Change-Id: I9c2f3427f52a87aad718f95160cf688db35e1b83 |
||
---|---|---|
.. | ||
barbican | ||
common | ||
control | ||
db | ||
engine | ||
resources | ||
views | ||
__init__.py | ||
base.py | ||
fake_policy.py | ||
fixtures.py | ||
test_policy.py |