weizhouapache commented on PR #6812:
URL: https://github.com/apache/cloudstack/pull/6812#issuecomment-1691841839
> LGTM, tested the PR manually, here are the steps and results:
>
> 1. Created an account and domain in my test environment, and set the
following configurations:
> **Account**: `allow.duplicate.networkname` -> false,
`allow.public.user.templates` -> false, `account.allow.expose.host.hostname` ->
true;
> **Domain**: `allow.user.view.all.domain.accounts` -> true,
`ldap.bind.password` -> 123, `ldap.bind.principal` -> 2023
> 2. Check the values in the database.
>
> #### Results without the patch:
> All values are encrypted:
>
> ```
> MariaDB [cloud]> select * from domain_details ;
>
+----+-----------+-------------------------------------+----------------------------------------------+
> | id | domain_id | name | value
|
>
+----+-----------+-------------------------------------+----------------------------------------------+
> | 1 | 2 | allow.user.view.all.domain.accounts |
RzlxAFEzhBkWL4vnrFY33RHVTAv4KtYqZFHeMHvCvZg= |
> | 2 | 2 | ldap.bind.password |
mn9/GD6y+OoT2a47FOR3KacqXRFVMO9em1O5w178lFtw |
> | 4 | 2 | ldap.bind.principal |
WyJ+j5C3l66RYtGlwU9rBxh4OzEBSgCEYQpP9ZZ2FM8= |
>
+----+-----------+-------------------------------------+----------------------------------------------+
> 3 rows in set (0.001 sec)
>
> MariaDB [cloud]> select * from account_details ;
>
+----+------------+------------------------------------+----------------------------------------------+
> | id | account_id | name | value
|
>
+----+------------+------------------------------------+----------------------------------------------+
> | 1 | 4 | allow.duplicate.networkname |
VE+8/lkl19t0CDg8g1nxy/7B55UmeVWwiOMyWCWRRVRL |
> | 2 | 4 | allow.public.user.templates |
rninQyLFP0xnz0pcn4queDqgT4nmUDzlJHQ1TkeYARiP |
> | 3 | 4 | account.allow.expose.host.hostname |
LjZE+XKIs/b98M16CstjlGCvD8BRMmASUNo8kdFEb3Q= |
>
+----+------------+------------------------------------+----------------------------------------------+
> 3 rows in set (0.001 sec)
> ```
>
> #### Results with the patch:
> Secure values are encrypted:
>
> ```
> MariaDB [cloud]> select * from domain_details ;
>
+----+-----------+-------------------------------------+----------------------------------------------+
> | id | domain_id | name | value
|
>
+----+-----------+-------------------------------------+----------------------------------------------+
> | 1 | 1 | allow.user.view.all.domain.accounts | true
|
> | 2 | 1 | ldap.bind.password |
3LuBM0yptJImv8cWrh9UeiwbKX/WFespFofaRClZwg== |
> | 3 | 1 | ldap.bind.principal | 2023
|
>
+----+-----------+-------------------------------------+----------------------------------------------+
> 3 rows in set (0.001 sec)
>
> MariaDB [cloud]> select * from domain_details ;
>
+----+-----------+-------------------------------------+----------------------------------------------+
> | id | domain_id | name | value
|
>
+----+-----------+-------------------------------------+----------------------------------------------+
> | 1 | 1 | allow.user.view.all.domain.accounts | true
|
> | 2 | 1 | ldap.bind.password |
3LuBM0yptJImv8cWrh9UeiwbKX/WFespFofaRClZwg== |
> | 3 | 1 | ldap.bind.principal | 2023
|
>
+----+-----------+-------------------------------------+----------------------------------------------+
> 3 rows in set (0.001 sec)
> ```
cool, thanks @soreana
can you test the database migration as well ?
please refer to
https://cwiki.apache.org/confluence/display/CLOUDSTACK/New+database+encryption+cipher+-+AeadBase64Encryptor#NewdatabaseencryptioncipherAeadBase64Encryptor-5.cloudstack-migrate-databaseschanges
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
