Swift backend: the key parameter should be secret
The key parameter of swift backend is used to define a credentail to access Swift so should be hidden in logs. In Glance the user parameter(swift_store_user) is also defined as a secret parameter. However it defines user name or id and user name or id is not currently treated as secret in puppet, so this change doesn't cover the user parameter. Change-Id: Iac580df4de14ffdb19436417b2830a834efd087d
This commit is contained in:
parent
53b75099d0
commit
4a48192988
|
@ -141,7 +141,7 @@ define glance::backend::multistore::swift(
|
|||
|
||||
glance_swift_config {
|
||||
"${default_swift_reference}/user": value => $swift_store_user;
|
||||
"${default_swift_reference}/key": value => $swift_store_key;
|
||||
"${default_swift_reference}/key": value => $swift_store_key, secret => true;
|
||||
"${default_swift_reference}/auth_address": value => $swift_store_auth_address;
|
||||
"${default_swift_reference}/auth_version": value => $swift_store_auth_version;
|
||||
"${default_swift_reference}/user_domain_id": value => $swift_store_auth_user_domain_id;
|
||||
|
|
|
@ -51,7 +51,7 @@ describe 'glance::backend::multistore::swift' do
|
|||
is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('ref1')
|
||||
is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('<SERVICE DEFAULT>')
|
||||
is_expected.to contain_glance_swift_config('ref1/key').with_value('key')
|
||||
is_expected.to contain_glance_swift_config('ref1/key').with_value('key').with_secret(true)
|
||||
is_expected.to contain_glance_swift_config('ref1/user').with_value('user')
|
||||
is_expected.to contain_glance_swift_config('ref1/auth_version').with_value('2')
|
||||
is_expected.to contain_glance_swift_config('ref1/auth_address').with_value('http://127.0.0.1:5000/v3/')
|
||||
|
@ -97,7 +97,7 @@ describe 'glance::backend::multistore::swift' do
|
|||
is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('swift_creds')
|
||||
is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value(true)
|
||||
is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('/var/glance/swift')
|
||||
is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2')
|
||||
is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2').with_secret(true)
|
||||
is_expected.to contain_glance_swift_config('swift_creds/user').with_value('user2')
|
||||
is_expected.to contain_glance_swift_config('swift_creds/auth_version').with_value('1')
|
||||
is_expected.to contain_glance_swift_config('swift_creds/auth_address').with_value('127.0.0.2:8080/v1.0/')
|
||||
|
|
Loading…
Reference in New Issue