Merge pull request #939 from d34dh0r53/main

Add Keystone Federation secrets

Author: d34dh0r53

Makefile

@@ -31,6 +31,8 @@ endif
 # Barbican encryption key should be a random 32-byte string that is base64
 # encoded.  e.g. head --bytes=32 /dev/urandom | base64
 BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY ?= sEFmdFjDUqRM2VemYslV5yGNWjokioJXsg8Nrlc3drU=
+KEYSTONE_FEDERATION_CLIENT_SECRET ?= COX8bmlKAWn56XCGMrKQJj7dgHNAOl6f
+KEYSTONE_CRYPTO_PASSPHRASE ?= openstack
 
 # Allows overriding the cleanup command used in *_cleanup targets.
 # Useful in CI, to allow injectin kustomization in each operator CR directory
@@ -536,6 +538,8 @@ ${1}: export PASSWORD=${PASSWORD}
 ${1}: export METADATA_SHARED_SECRET=${METADATA_SHARED_SECRET}
 ${1}: export HEAT_AUTH_ENCRYPTION_KEY=${HEAT_AUTH_ENCRYPTION_KEY}
 ${1}: export BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY=${BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY}
+${1}: export KEYSTONE_FEDERATION_CLIENT_SECRET=${KEYSTONE_FEDERATION_CLIENT_SECRET}
+${1}: export KEYSTONE_CRYPTO_PASSPHRASE=${KEYSTONE_CRYPTO_PASSPHRASE}
 ${1}: export LIBVIRT_SECRET=${LIBVIRT_SECRET}
 ${1}: export STORAGE_CLASS=${STORAGE_CLASS}
 ${1}: export OUT=${OUT}

scripts/gen-input-kustomize.sh

@@ -40,6 +40,14 @@ if [ -z "$BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY" ]; then
     echo "Please set BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY"; exit 1
 fi
 
+if [ -z "$KEYSTONE_FEDERATION_CLIENT_SECRET" ]; then
+    echo "Please set KEYSTONE_FEDERATION_CLIENT_SECRET"; exit 1
+fi
+
+if [ -z "$KEYSTONE_CRYPTO_PASSPHRASE" ]; then
+    echo "Please set KEYSTONE_CRYPTO_PASSPHRASE"; exit 1
+fi
+
 if [ -z "$LIBVIRT_SECRET" ]; then
     echo "Please set LIBVIRT_SECRET"; exit 1
 fi
@@ -76,6 +84,8 @@ secretGenerator:
   - CinderPassword=${PASSWORD}
   - IronicPassword=${PASSWORD}
   - IronicInspectorPassword=${PASSWORD}
+  - KeystoneClientSecret=${KEYSTONE_FEDERATION_CLIENT_SECRET}
+  - KeystoneCryptoPassphrase=${KEYSTONE_CRYPTO_PASSPHRASE}
   - OctaviaPassword=${PASSWORD}
   - OctaviaHeartbeatKey=${PASSWORD}
   - NovaPassword=${PASSWORD}