openstack/ironic
Code Issues Proposed changes

Require hashed passwords for rescue by default

Browse Source 
We added this option, and advertised it's default would change several
years ago. This completes the migration.

Change-Id: I64f80fa2f971a223156cc5bf4231b59da0189885
This commit is contained in:
Jay Faulkner 2024-07-03 15:54:04 -07:00 committed by Julia Kreger
parent a594e63c7f
commit d146558ac3
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ironic/conf/conductor.py
View File

@ -256,8 +256,7 @@ opts = [
help=_('Password hash algorithm to be used for the rescue ' help=_('Password hash algorithm to be used for the rescue '
'password.')), 'password.')),
cfg.BoolOpt('require_rescue_password_hashed', cfg.BoolOpt('require_rescue_password_hashed',
# TODO(TheJulia): Change this to True in Victoria. default=True,
default=False,
mutable=True, mutable=True,
help=_('Option to cause the conductor to not fallback to ' help=_('Option to cause the conductor to not fallback to '
'an un-hashed version of the rescue password, ' 'an un-hashed version of the rescue password, '

5
releasenotes/notes/require-hashed-rescue-password-6f7c0424e12c1aeb.yaml Normal file
View File

@ -0,0 +1,5 @@
upgrade:
- |
Ironic now requires rescue passwords to be hashed. Operators who would like
to continue using unhashed passwords must set
`[conductor]/require_rescue_password_hashed` to ``false``.