73cdac6019
Barbican moved to support multiple keks instead of just one. OpenStack-helm is failing if run againist Barbican after commit [1]. This patch allows specify multiple and fix compatible issue. [1] cfba1c1ba8f3659e6de727c3f1c274052e9ccace Closes-Bug: 2103757 Change-Id: I438ee144b2a0a089dfffedf59961c155d9815889
28 lines
993 B
Smarty
28 lines
993 B
Smarty
#!/bin/bash
|
|
|
|
{{/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
set -ex
|
|
|
|
barbican-db-manage upgrade
|
|
|
|
{{- $kek := (index (index .Values.conf.barbican "simple_crypto_plugin" | default dict) "kek") | default "" }}
|
|
{{- $old_kek := index .Values.conf.simple_crypto_kek_rewrap "old_kek" | default ""}}
|
|
{{- if and (not (empty $old_kek)) (not (empty $kek)) }}
|
|
set +x
|
|
echo "Ensuring that project KEKs are wrapped with the target global KEK"
|
|
/tmp/simple_crypto_kek_rewrap.py --old-keks="$(cat /tmp/old_keks)"
|
|
{{- end }}
|