sshiba
commented
3 years ago Alexey is working on the feature providing the encryption for external passwords. After this feature is merged I can apply it to the LDAP password.
Closed lb4368 closed 3 years ago
sshiba
commented
3 years ago Alexey is working on the feature providing the encryption for external passwords. After this feature is merged I can apply it to the LDAP password.
aodinokov
commented
3 years ago https://review.opendev.org/c/airship/treasuremap/+/790512 has been merged.
the needed replacement was introduced there: https://review.opendev.org/c/airship/treasuremap/+/790512/33/manifests/function/dex-aio/replacements/update-dex.yaml
I think this part can be closed.
sshiba
commented
3 years ago Encrypted the password provided for LDAP test itservices in https://review.opendev.org/c/airship/treasuremap/+/791835/. I agree with Alexey that this issue can be closed.
michaelfix
commented
3 years ago @sshiba , spoke to @lb4368 , and we believe this issue remains open until https://review.opendev.org/c/airship/treasuremap/+/791835/ is merged.
sshiba
commented
3 years ago https://review.opendev.org/c/airship/treasuremap/+/791835 is ready for review. Just waiting for zuul to pass first.
sshiba
commented
3 years ago PS https://review.opendev.org/c/airship/treasuremap/+/791835 has been merged completing this issue.
Problem description (if applicable) When configuring and LDAP back-end for the Dex OIDC provider (#19), the LDAP credentials must be included in the configuration that is applied to the target server. These provided credentials must be stored/encrypted such that there no access to the clear text password during site deployment.
Proposed change Provide a mechanism to securely provide external LDAP credentials to a site build in such a way that can be used to provide the values to the Dex configuration when applied to a cluster during airshipctl phase.