Merge "Implement aodh memcache security strategy"
diff --git a/README.rst b/README.rst
index c0816e5..78c5538 100644
--- a/README.rst
+++ b/README.rst
@@ -122,6 +122,26 @@
You can read more about it here:
https://docs.openstack.org/security-guide/databases/database-access-control.html
+Aodh server with memcached caching and security strategy:
+
+.. code-block:: yaml
+
+ aodh:
+ server:
+ enabled: true
+ ...
+ cache:
+ engine: memcached
+ members:
+ - host: 127.0.0.1
+ port: 11211
+ - host: 127.0.0.1
+ port: 11211
+ security:
+ enabled: true
+ strategy: ENCRYPT
+ secret_key: secret
+
Development and testing
=======================
diff --git a/aodh/files/pike/aodh.conf.Debian b/aodh/files/pike/aodh.conf.Debian
index e4c9dfb..fcbeafc 100644
--- a/aodh/files/pike/aodh.conf.Debian
+++ b/aodh/files/pike/aodh.conf.Debian
@@ -681,6 +681,14 @@
{%- if server.cache is defined %}
memcached_servers = {%- for member in server.cache.members %}{{ member.host }}:{{ member.get('port', '11211') }}{% if not loop.last %},{% endif %}{%- endfor %}
+ {%- if server.cache.get('security', {}).get('enabled', False) %}
+memcache_security_strategy = {{ server.cache.security.get('strategy', 'ENCRYPT') }}
+ {%- if server.cache.security.secret_key is not defined or not server.cache.security.secret_key %}
+ {%- do salt.test.exception('server.cache.security.secret_key is not defined: Please add secret_key') %}
+ {%- else %}
+memcache_secret_key = {{ server.cache.security.secret_key }}
+ {%- endif %}
+ {%- endif %}
{%- else %}
token_cache_time = -1
{%- endif %}
diff --git a/tests/pillar/server_cluster.sls b/tests/pillar/server_cluster.sls
index d49cfd7..549f916 100644
--- a/tests/pillar/server_cluster.sls
+++ b/tests/pillar/server_cluster.sls
@@ -44,6 +44,17 @@
password: test
notifications:
store_events: default
+ cache:
+ engine: memcached
+ members:
+ - host: 127.0.0.1
+ port: 11211
+ - host: 127.0.0.1
+ port: 11211
+ security:
+ enabled: true
+ strategy: ENCRYPT
+ secret_key: secret
apache:
server:
enabled: true