Age | Commit message (Collapse) | Author | Files | Lines |
|
%s should be used instead of %d to printf strings.
Even though with %d everything works perfectly fine (as we just need
any string) let's fix this.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I338c47b0f2a82c698c44579737f698b1f19ade38
|
|
Helm3 change release name during linting to test-release
Change-Id: Iabc6fc8cd0c9bb6d707d1432d4b9cadaabbbc97e
Signed-off-by: Jakub Latusek <j.latusek@samsung.com>
Issue-ID: OOM-2562
|
|
With the introduction of common secret template many of ONAP passwords
started being automatically generated.
The algorithm that we use for this purpose allows to choose the
complexity of generated password. By default we use "long" which
contains special characters. Unfortunately this turns out to often
cause some issue. To make our deployment more stable and user friendly
lets allow the deployer to choose the desired password complexity.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
|
|
When you type make in kubernetes directory all charts are linted.
If one of them try to generate password whole linting process
ends with an error because masterPassword has not been provided
and there is no default value for it.
To avoid this issue but still don't provide any default value
whcih would be obviously insecure in this context, let's just
test current release name. If it matches "testRelease" we treat whis
as a special case and use predefined master key.
Security implication:
You should never, ever name your productional deployment "testRelease"
nor use it as a master password.
Issue-ID: OOM-2052
Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Currently there is a number of hardcoded passwords in OOM helm charts
that are reused for almost all ONAP deployments in different labs.
One possible solution for this issue could be to generate a random
password for every deployment but this may cause number of issues
while doing helm upgrade.
That's why instead of generating a random password we generate a
password for particular use case, based on chart name, master
password provided by the deployer and additional UID. This is done
using derivePassword function so check its documentation for more
details how this password is derived.
From a user perspective, the most important fact is that he or she can
achieve reproductible deployment. Every time when ONAP is deployed
with the same masterPassword all derived passwords are going
to be also the same.
Issue-ID: OOM-2052
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I666d597e6daab8b79e630917ad75f17cc70f897b
|