From 70d66f8f554873934d15ed0941f0d1e1a44a9be7 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Mon, 20 Mar 2023 21:11:32 +0900
Subject: [PATCH] [orchestrator] coordination_url should be hidden

The coordination_url option can sometimes contain secrets.

For example when redis coordination backend is used and authentication
is enabled in redis, the plain redis password is put as an URL element.

[orchestrator]
coordination_url=redis://:password@127.0.0.1:6379

Closes-Bug: #2012246
Change-Id: Iba1e7715b290ee4c104f11221e250b23936b12dc
---
 manifests/orchestrator.pp                    | 2 +-
 spec/classes/cloudkitty_orchestrator_spec.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/manifests/orchestrator.pp b/manifests/orchestrator.pp
index 0d65907..1ec438f 100644
--- a/manifests/orchestrator.pp
+++ b/manifests/orchestrator.pp
@@ -32,7 +32,7 @@ class cloudkitty::orchestrator (
   }
 
   cloudkitty_config {
-    'orchestrator/coordination_url': value => $coordination_url;
+    'orchestrator/coordination_url': value => $coordination_url, secret => true;
     'orchestrator/max_workers':      value => $max_workers_real;
     'orchestrator/max_threads':      value => $max_threads;
   }
diff --git a/spec/classes/cloudkitty_orchestrator_spec.rb b/spec/classes/cloudkitty_orchestrator_spec.rb
index 6be1397..94337d1 100644
--- a/spec/classes/cloudkitty_orchestrator_spec.rb
+++ b/spec/classes/cloudkitty_orchestrator_spec.rb
@@ -9,7 +9,7 @@ describe 'cloudkitty::orchestrator' do
 
       it 'configures orchestrator' do
         is_expected.to contain_cloudkitty_config('orchestrator/coordination_url')\
-          .with_value('<SERVICE DEFAULT>')
+          .with_value('<SERVICE DEFAULT>').with_secret(true)
         is_expected.to contain_oslo__coordination('cloudkitty_config').with(
           :backend_url   => '<SERVICE DEFAULT>',
           :manage_config => false,
@@ -30,7 +30,7 @@ describe 'cloudkitty::orchestrator' do
 
       it 'configures orchestrator' do
         is_expected.to contain_cloudkitty_config('orchestrator/coordination_url')\
-          .with_value('etcd3+http://127.0.0.1:2379')
+          .with_value('etcd3+http://127.0.0.1:2379').with_secret(true)
         is_expected.to contain_oslo__coordination('cloudkitty_config').with(
           :backend_url   => 'etcd3+http://127.0.0.1:2379',
           :manage_config => false,