At OVHcloud we use a Vault like app to store secrets, so we do retrieve them with oslo.config backend drivers, which means the config file does only contain this:
We only have backend drivers define in the config, all the manila config and netapp backends are defined in the external secret and our ext_oslo_config_driver class implements the interface to get group and options from this as oslo.config drivers suggest.
What i don't like about the stanza check is that it is not compliant with the fact that backend drivers do not expose the group they have, they only respond to a get on groups/options and returns no value if it does not exist, so there is no mechanism to know if a group exists without requesting it, that's why list_all_sections is outdated.
Hi, sure,
At OVHcloud we use a Vault like app to store secrets, so we do retrieve them with oslo.config backend drivers, which means the config file does only contain this:
------ service_ config, external_ database_ config
[DEFAULT]
config_source = external_
[external_ service_ config] config_ driver
driver = ext_oslo_
secret_alias = config
[external_ database_ config] config_ driver
driver = ext_oslo_
secret_alias = database
------
We only have backend drivers define in the config, all the manila config and netapp backends are defined in the external secret and our ext_oslo_ config_ driver class implements the interface to get group and options from this as oslo.config drivers suggest.
The secret could look like something like this:
------ share_backends: "netappcluster1 ,netappcluster2 " backend_ name: "netappcluster1" server_ hostname: "xxx" server_ port: "443" handles_ share_servers: true backend_ name: "netappcluster2" server_ hostname: "yyy" server_ port: "443" handles_ share_servers: true
DEFAULT:
....debug: false
....share_manager: "xxx"
....enabled_
netappcluster1:
....share_
....share_driver: "xxx"
....netapp_
....netapp_
....netapp_login: "xxx"
....driver_
netappcluster2:
....share_
....share_driver: "xxx"
....netapp_
....netapp_
....netapp_login: "yyy"
....driver_
------
What i don't like about the stanza check is that it is not compliant with the fact that backend drivers do not expose the group they have, they only respond to a get on groups/options and returns no value if it does not exist, so there is no mechanism to know if a group exists without requesting it, that's why list_all_sections is outdated.