-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to force reencryption of keys during refresh #287
Conversation
@kamaradclimber thanks for the path
Should be updated as well, to include new parameter |
Usage of The proposed solution of I'm all for the speedup provided by not re-encrypting all clients unnecessarily but The difficulty here is that requires a change in https://github.com/chef/chef and this workflow is broken until these both are updated. |
During a refresh operation, speed optimization lead to avoid re-encrypting symetrical key for each existing clients. This lead to issues when clients change their chef key. This patch adds an option --force-reencryption to workaround that for users having such behavior. Fix #286 Change-Id: I0ffa71934d29198fa71aa6e1a9630ad302e21f6a Signed-off-by: Grégoire Seux <g.seux@criteo.com>
updated the patch to transform the option to --skip-reencryption (false by default) to restore the old behavior while enabling users to improve their performance |
The cucumber tests are pretty unhappy, but other than that I think this is 👍 |
Signed-off-by: Thom May <thom@chef.io>
@kamaradclimber i think this is good to go, but please check that my change makes sense. |
Ok for me |
During a refresh operation, speed optimization lead to avoid
re-encrypting symetrical key for each existing clients.
This lead to issues when clients change their chef key.
This patch adds an option --skip-reencryption to workaround that for
users having such behavior.
Fix #286
Change-Id: I0ffa71934d29198fa71aa6e1a9630ad302e21f6a
Signed-off-by: Grégoire Seux g.seux@criteo.com