openstack
/
puppet-glance
Code Issues Proposed changes

Swift backend: the key parameter should be secret 

The key parameter of swift backend is used to define a credentail to
access Swift so should be hidden in logs.

In Glance the user parameter(swift_store_user) is also defined as
a secret parameter. However it defines user name or id and user name
or id is not currently treated as secret in puppet, so this change
doesn't cover the user parameter.

Change-Id: Iac580df4de14ffdb19436417b2830a834efd087d
This commit is contained in:
Takashi Kajinami 2021-10-20 13:59:46 +09:00
parent 53b75099d0
commit 4a48192988
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/backend/multistore/swift.pp
View File

@ -141,7 +141,7 @@ define glance::backend::multistore::swift(
glance_swift_config {
"${default_swift_reference}/user": value => $swift_store_user;
"${default_swift_reference}/key": value => $swift_store_key;
"${default_swift_reference}/key": value => $swift_store_key, secret => true;
"${default_swift_reference}/auth_address": value => $swift_store_auth_address;
"${default_swift_reference}/auth_version": value => $swift_store_auth_version;
"${default_swift_reference}/user_domain_id": value => $swift_store_auth_user_domain_id;

4
spec/defines/glance_backend_multistore_swift_spec.rb
View File

@ -51,7 +51,7 @@ describe 'glance::backend::multistore::swift' do
is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('ref1')
is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_swift_config('ref1/key').with_value('key')
is_expected.to contain_glance_swift_config('ref1/key').with_value('key').with_secret(true)
is_expected.to contain_glance_swift_config('ref1/user').with_value('user')
is_expected.to contain_glance_swift_config('ref1/auth_version').with_value('2')
is_expected.to contain_glance_swift_config('ref1/auth_address').with_value('http://127.0.0.1:5000/v3/')
@ -97,7 +97,7 @@ describe 'glance::backend::multistore::swift' do
is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('swift_creds')
is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value(true)
is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('/var/glance/swift')
is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2')
is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2').with_secret(true)
is_expected.to contain_glance_swift_config('swift_creds/user').with_value('user2')
is_expected.to contain_glance_swift_config('swift_creds/auth_version').with_value('1')
is_expected.to contain_glance_swift_config('swift_creds/auth_address').with_value('127.0.0.2:8080/v1.0/')