73531436e9
Current implementation of Keystone prints a warning message if the directory containing the fernet keys is world readable (o+r). As OSH uses a volumeMount to handle fernet keys and is by default readonly, there is no meaningful way to make the directory (not the keys) world unreadable. Consequently, keystone just keep logging that warning, adding no particular value besides flooding the log. Rather than disabling the log message in keystone (as that warning is meaningful from a security standpoint), this patch set changes the way we deal with the secret volume so the directory is no longer world readable, so keystone will stop issuing that warning message. Signed-off-by: Tin Lam <t@lam.wtf> Change-Id: Id29abe667f5ef0b61da3d3825b5bf795f2d98865
25 lines
965 B
YAML
25 lines
965 B
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
apiVersion: v1
|
|
appVersion: v1.0.0
|
|
description: OpenStack-Helm Keystone
|
|
name: keystone
|
|
version: 0.2.15
|
|
home: https://docs.openstack.org/keystone/latest/
|
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
|
sources:
|
|
- https://opendev.org/openstack/keystone
|
|
- https://opendev.org/openstack/openstack-helm
|
|
maintainers:
|
|
- name: OpenStack-Helm Authors
|