Closed lb4368 closed 3 years ago
Alexey is working on the feature providing the encryption for external passwords. After this feature is merged I can apply it to the LDAP password.
https://review.opendev.org/c/airship/treasuremap/+/790512 has been merged.
the needed replacement was introduced there: https://review.opendev.org/c/airship/treasuremap/+/790512/33/manifests/function/dex-aio/replacements/update-dex.yaml
I think this part can be closed.
Encrypted the password provided for LDAP test itservices in https://review.opendev.org/c/airship/treasuremap/+/791835/. I agree with Alexey that this issue can be closed.
@sshiba , spoke to @lb4368 , and we believe this issue remains open until https://review.opendev.org/c/airship/treasuremap/+/791835/ is merged.
https://review.opendev.org/c/airship/treasuremap/+/791835 is ready for review. Just waiting for zuul to pass first.
PS https://review.opendev.org/c/airship/treasuremap/+/791835 has been merged completing this issue.
Problem description (if applicable) When configuring and LDAP back-end for the Dex OIDC provider (#19), the LDAP credentials must be included in the configuration that is applied to the target server. These provided credentials must be stored/encrypted such that there no access to the clear text password during site deployment.
Proposed change Provide a mechanism to securely provide external LDAP credentials to a site build in such a way that can be used to provide the values to the Dex configuration when applied to a cluster during airshipctl phase.