Genesis Bundle Encryption Key source
Previously the site PEGLEG_PASSPHRASE variable was used to encrypt the genesis bundle. This is not always desired. This patch: 1. Separates the Pegleg and Promenade encryption credentials 2. Simplifies the bundle code to avoid circular setting of environment variables unnecessarily. Change-Id: I2195cf8df81d3775402299d9a2b0aad4ba483b2c
This commit is contained in:
parent
a925c0ddd8
commit
820df6d625
|
@ -545,7 +545,7 @@ def wrap_secret_cli(*, site_name, author, file_name, output_path, schema,
|
||||||
def genesis_bundle(*, build_dir, validators, site_name):
|
def genesis_bundle(*, build_dir, validators, site_name):
|
||||||
passphrase = os.environ.get("PEGLEG_PASSPHRASE")
|
passphrase = os.environ.get("PEGLEG_PASSPHRASE")
|
||||||
salt = os.environ.get("PEGLEG_SALT")
|
salt = os.environ.get("PEGLEG_SALT")
|
||||||
encryption_key = passphrase
|
encryption_key = os.environ.get("PROMENADE_ENCRYPTION_KEY")
|
||||||
if passphrase:
|
if passphrase:
|
||||||
passphrase = passphrase.encode()
|
passphrase = passphrase.encode()
|
||||||
if salt:
|
if salt:
|
||||||
|
@ -558,7 +558,8 @@ def genesis_bundle(*, build_dir, validators, site_name):
|
||||||
encryption_key,
|
encryption_key,
|
||||||
validators,
|
validators,
|
||||||
logging.DEBUG == LOG.getEffectiveLevel(),
|
logging.DEBUG == LOG.getEffectiveLevel(),
|
||||||
site_name)
|
site_name
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@secrets.command(
|
@secrets.command(
|
||||||
|
|
|
@ -78,8 +78,6 @@ def build_genesis(build_path, encryption_key, validators, debug, site_name):
|
||||||
allow_missing_substitutions=False,
|
allow_missing_substitutions=False,
|
||||||
leave_kubectl=False)
|
leave_kubectl=False)
|
||||||
if c.get_path('EncryptionPolicy:scripts.genesis') and encryption_key:
|
if c.get_path('EncryptionPolicy:scripts.genesis') and encryption_key:
|
||||||
os.environ['PROMENADE_ENCRYPTION_KEY'] = encryption_key
|
|
||||||
os.environ['PEGLEG_PASSPHRASE'] = encryption_key
|
|
||||||
Builder(c, validators=validators).build_all(output_dir=build_path)
|
Builder(c, validators=validators).build_all(output_dir=build_path)
|
||||||
else:
|
else:
|
||||||
raise GenesisBundleEncryptionException()
|
raise GenesisBundleEncryptionException()
|
||||||
|
|
Loading…
Reference in New Issue