From 50c1efb7b1891956cf78ae9abc6997040aba0cc0 Mon Sep 17 00:00:00 2001 From: ZhongShengping Date: Tue, 28 Mar 2017 16:49:45 +0800 Subject: [PATCH] Password should be secured Change-Id: I9589fff470ee06bbf5ba03afa4933321ad0f650c Closes-Bug: #1676708 --- manifests/backend/emc_vnx.pp | 2 +- manifests/backend/gpfs.pp | 2 +- manifests/backup/tsm.pp | 2 +- spec/classes/cinder_backup_tsm_spec.rb | 4 ++-- spec/defines/cinder_backend_emc_vnx_spec.rb | 2 +- spec/defines/cinder_backend_vmdk_spec.rb | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/backend/emc_vnx.pp b/manifests/backend/emc_vnx.pp index 7d764fcf..319a291d 100644 --- a/manifests/backend/emc_vnx.pp +++ b/manifests/backend/emc_vnx.pp @@ -113,7 +113,7 @@ define cinder::backend::emc_vnx ( "${name}/naviseccli_path": value => $naviseccli_path; "${name}/san_ip": value => $san_ip; "${name}/san_login": value => $san_login; - "${name}/san_password": value => $san_password; + "${name}/san_password": value => $san_password, secret => true; "${name}/storage_vnx_pool_name": value => $storage_vnx_pool_name; "${name}/volume_backend_name": value => $volume_backend_name; "${name}/volume_driver": value => $volume_driver; diff --git a/manifests/backend/gpfs.pp b/manifests/backend/gpfs.pp index e8d09cdb..7d7fc2d1 100644 --- a/manifests/backend/gpfs.pp +++ b/manifests/backend/gpfs.pp @@ -120,7 +120,7 @@ define cinder::backend::gpfs ( "${name}/gpfs_images_dir": value => $gpfs_images_dir; "${name}/nas_host": value => $nas_host; "${name}/nas_login": value => $nas_login; - "${name}/nas_password": value => $nas_password; + "${name}/nas_password": value => $nas_password, secret => true; "${name}/nas_private_key": value => $nas_private_key; "${name}/nas_ssh_port": value => $nas_ssh_port; } diff --git a/manifests/backup/tsm.pp b/manifests/backup/tsm.pp index 96730cbc..26db8a10 100644 --- a/manifests/backup/tsm.pp +++ b/manifests/backup/tsm.pp @@ -53,7 +53,7 @@ class cinder::backup::tsm ( cinder_config { 'DEFAULT/backup_driver': value => $backup_driver; 'DEFAULT/backup_tsm_volume_prefix': value => $backup_tsm_volume_prefix; - 'DEFAULT/backup_tsm_password': value => $backup_tsm_password; + 'DEFAULT/backup_tsm_password': value => $backup_tsm_password, secret => true; 'DEFAULT/backup_tsm_compression': value => $backup_tsm_compression; } diff --git a/spec/classes/cinder_backup_tsm_spec.rb b/spec/classes/cinder_backup_tsm_spec.rb index e2c9d6d1..9a627128 100644 --- a/spec/classes/cinder_backup_tsm_spec.rb +++ b/spec/classes/cinder_backup_tsm_spec.rb @@ -40,7 +40,7 @@ describe 'cinder::backup::tsm' do it 'configures cinder.conf' do is_expected.to contain_cinder_config('DEFAULT/backup_driver').with_value('cinder.backup.drivers.tsm') is_expected.to contain_cinder_config('DEFAULT/backup_tsm_volume_prefix').with_value(p[:backup_tsm_volume_prefix]) - is_expected.to contain_cinder_config('DEFAULT/backup_tsm_password').with_value(p[:backup_tsm_password]) + is_expected.to contain_cinder_config('DEFAULT/backup_tsm_password').with_value(p[:backup_tsm_password]).with_secret(true) is_expected.to contain_cinder_config('DEFAULT/backup_tsm_compression').with_value(p[:backup_tsm_compression]) end @@ -52,7 +52,7 @@ describe 'cinder::backup::tsm' do end it 'should replace default parameters with new values' do is_expected.to contain_cinder_config('DEFAULT/backup_tsm_volume_prefix').with_value(p[:backup_tsm_volume_prefix]) - is_expected.to contain_cinder_config('DEFAULT/backup_tsm_password').with_value(p[:backup_tsm_password]) + is_expected.to contain_cinder_config('DEFAULT/backup_tsm_password').with_value(p[:backup_tsm_password]).with_secret(true) is_expected.to contain_cinder_config('DEFAULT/backup_tsm_compression').with_value(p[:backup_tsm_compression]) end end diff --git a/spec/defines/cinder_backend_emc_vnx_spec.rb b/spec/defines/cinder_backend_emc_vnx_spec.rb index b331199c..c09aa544 100644 --- a/spec/defines/cinder_backend_emc_vnx_spec.rb +++ b/spec/defines/cinder_backend_emc_vnx_spec.rb @@ -26,7 +26,7 @@ describe 'cinder::backend::emc_vnx' do is_expected.to contain_cinder_config('emc/storage_protocol').with_value('iscsi') is_expected.to contain_cinder_config('emc/san_ip').with_value('127.0.0.2') is_expected.to contain_cinder_config('emc/san_login').with_value('emc') - is_expected.to contain_cinder_config('emc/san_password').with_value('password') + is_expected.to contain_cinder_config('emc/san_password').with_value('password').with_secret(true) is_expected.to contain_cinder_config('emc/storage_vnx_pool_name').with_value('emc-storage-pool') is_expected.to contain_cinder_config('emc/initiator_auto_registration').with_value('') is_expected.to contain_cinder_config('emc/storage_vnx_authentication_type').with_value('') diff --git a/spec/defines/cinder_backend_vmdk_spec.rb b/spec/defines/cinder_backend_vmdk_spec.rb index 4f3d2b61..3bf75b54 100644 --- a/spec/defines/cinder_backend_vmdk_spec.rb +++ b/spec/defines/cinder_backend_vmdk_spec.rb @@ -35,7 +35,7 @@ describe 'cinder::backend::vmdk' do is_expected.to contain_cinder_config('hippo/volume_driver').with_value('cinder.volume.drivers.vmware.vmdk.VMwareVcVmdkDriver') is_expected.to contain_cinder_config('hippo/vmware_host_ip').with_value(params[:host_ip]) is_expected.to contain_cinder_config('hippo/vmware_host_username').with_value(params[:host_username]) - is_expected.to contain_cinder_config('hippo/vmware_host_password').with_value(params[:host_password]) + is_expected.to contain_cinder_config('hippo/vmware_host_password').with_value(params[:host_password]).with_secret(true) is_expected.to contain_cinder_config('hippo/vmware_volume_folder').with_value('cinder-volumes') is_expected.to contain_cinder_config('hippo/vmware_api_retry_count').with_value(params[:api_retry_count]) is_expected.to contain_cinder_config('hippo/vmware_max_object_retrieval').with_value(params[:max_object_retrieval])