diff --git a/lib/puppet/type/ceph_config.rb b/lib/puppet/type/ceph_config.rb index 6b36d3a8..dcfaeede 100644 --- a/lib/puppet/type/ceph_config.rb +++ b/lib/puppet/type/ceph_config.rb @@ -45,5 +45,29 @@ Puppet::Type.newtype(:ceph_config) do value.downcase! if value =~ /^(true|false)$/i value end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false end end diff --git a/manifests/rgw/keystone.pp b/manifests/rgw/keystone.pp index 02735a2c..4b88926d 100644 --- a/manifests/rgw/keystone.pp +++ b/manifests/rgw/keystone.pp @@ -95,6 +95,6 @@ define ceph::rgw::keystone ( "client.${name}/rgw_keystone_admin_domain": value => $rgw_keystone_admin_domain; "client.${name}/rgw_keystone_admin_project": value => $rgw_keystone_admin_project; "client.${name}/rgw_keystone_admin_user": value => $rgw_keystone_admin_user; - "client.${name}/rgw_keystone_admin_password": value => $rgw_keystone_admin_password; + "client.${name}/rgw_keystone_admin_password": value => $rgw_keystone_admin_password, secret => true; } } diff --git a/releasenotes/notes/ceph_config-secret-211b7aa50e393b47.yaml b/releasenotes/notes/ceph_config-secret-211b7aa50e393b47.yaml new file mode 100644 index 00000000..9669d3d1 --- /dev/null +++ b/releasenotes/notes/ceph_config-secret-211b7aa50e393b47.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Now the ``ceph_config`` resource type supports the new ``secret`` property. + When this property is set to ``true``, value of the parameter is hidden + from puppet logs. diff --git a/spec/defines/ceph_rgw_keystone_spec.rb b/spec/defines/ceph_rgw_keystone_spec.rb index b411c1e1..210532ca 100644 --- a/spec/defines/ceph_rgw_keystone_spec.rb +++ b/spec/defines/ceph_rgw_keystone_spec.rb @@ -46,7 +46,7 @@ describe 'ceph::rgw::keystone' do it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_domain').with_value('default') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_project').with_value('openstack') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_user').with_value('rgwuser') } - it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456') } + it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_admin_password').with_value('123456').with_secret(true) } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_url').with_value('http://127.0.0.1:5000') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_accepted_roles').with_value('member') } it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_token_cache_size').with_value(500) } @@ -84,7 +84,7 @@ describe 'ceph::rgw::keystone' do it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_domain').with_value('default') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_project').with_value('openstack') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_user').with_value('rgwuser') } - it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456') } + it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_admin_password').with_value('123456').with_secret(true) } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_url').with_value('http://keystone.custom:5000') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_accepted_roles').with_value('_role1_,role2') } it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_token_cache_size').with_value(100) }