From 4a481929887d88f019467d11fb7c19d8d9311e3e Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 20 Oct 2021 13:59:46 +0900 Subject: [PATCH] Swift backend: the key parameter should be secret The key parameter of swift backend is used to define a credentail to access Swift so should be hidden in logs. In Glance the user parameter(swift_store_user) is also defined as a secret parameter. However it defines user name or id and user name or id is not currently treated as secret in puppet, so this change doesn't cover the user parameter. Change-Id: Iac580df4de14ffdb19436417b2830a834efd087d --- manifests/backend/multistore/swift.pp | 2 +- spec/defines/glance_backend_multistore_swift_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/backend/multistore/swift.pp b/manifests/backend/multistore/swift.pp index 34fc95ce..920e4f4d 100644 --- a/manifests/backend/multistore/swift.pp +++ b/manifests/backend/multistore/swift.pp @@ -141,7 +141,7 @@ define glance::backend::multistore::swift( glance_swift_config { "${default_swift_reference}/user": value => $swift_store_user; - "${default_swift_reference}/key": value => $swift_store_key; + "${default_swift_reference}/key": value => $swift_store_key, secret => true; "${default_swift_reference}/auth_address": value => $swift_store_auth_address; "${default_swift_reference}/auth_version": value => $swift_store_auth_version; "${default_swift_reference}/user_domain_id": value => $swift_store_auth_user_domain_id; diff --git a/spec/defines/glance_backend_multistore_swift_spec.rb b/spec/defines/glance_backend_multistore_swift_spec.rb index 7ec63598..ce05ab2c 100644 --- a/spec/defines/glance_backend_multistore_swift_spec.rb +++ b/spec/defines/glance_backend_multistore_swift_spec.rb @@ -51,7 +51,7 @@ describe 'glance::backend::multistore::swift' do is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('ref1') is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value('') is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('') - is_expected.to contain_glance_swift_config('ref1/key').with_value('key') + is_expected.to contain_glance_swift_config('ref1/key').with_value('key').with_secret(true) is_expected.to contain_glance_swift_config('ref1/user').with_value('user') is_expected.to contain_glance_swift_config('ref1/auth_version').with_value('2') is_expected.to contain_glance_swift_config('ref1/auth_address').with_value('http://127.0.0.1:5000/v3/') @@ -97,7 +97,7 @@ describe 'glance::backend::multistore::swift' do is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('swift_creds') is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value(true) is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('/var/glance/swift') - is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2') + is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2').with_secret(true) is_expected.to contain_glance_swift_config('swift_creds/user').with_value('user2') is_expected.to contain_glance_swift_config('swift_creds/auth_version').with_value('1') is_expected.to contain_glance_swift_config('swift_creds/auth_address').with_value('127.0.0.2:8080/v1.0/')