From 572f60e47fcca241c2829eaeacd799abf873317b Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 20 Oct 2021 13:59:46 +0900 Subject: [PATCH] Swift backend: the key parameter should be secret The key parameter of swift backend is used to define a credentail to access Swift so should be hidden in logs. In Glance the user parameter(swift_store_user) is also defined as a secret parameter. However it defines user name or id and user name or id is not currently treated as secret in puppet, so this change doesn't cover the user parameter. Change-Id: Iac580df4de14ffdb19436417b2830a834efd087d (cherry picked from commit 4a481929887d88f019467d11fb7c19d8d9311e3e) (cherry picked from commit 048e9b458ba0283865fd8dd0dab05a4919a8c371) --- manifests/backend/multistore/swift.pp | 2 +- spec/defines/glance_backend_multistore_swift_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/backend/multistore/swift.pp b/manifests/backend/multistore/swift.pp index fc47debe..be817a92 100644 --- a/manifests/backend/multistore/swift.pp +++ b/manifests/backend/multistore/swift.pp @@ -133,7 +133,7 @@ define glance::backend::multistore::swift( glance_swift_config { "${default_swift_reference}/user": value => $swift_store_user; - "${default_swift_reference}/key": value => $swift_store_key; + "${default_swift_reference}/key": value => $swift_store_key, secret => true; "${default_swift_reference}/auth_address": value => $swift_store_auth_address; "${default_swift_reference}/auth_version": value => $swift_store_auth_version; "${default_swift_reference}/user_domain_id": value => $swift_store_auth_user_domain_id; diff --git a/spec/defines/glance_backend_multistore_swift_spec.rb b/spec/defines/glance_backend_multistore_swift_spec.rb index ba4a2367..4fa941ba 100644 --- a/spec/defines/glance_backend_multistore_swift_spec.rb +++ b/spec/defines/glance_backend_multistore_swift_spec.rb @@ -50,7 +50,7 @@ describe 'glance::backend::multistore::swift' do is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('ref1') is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value('') is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('') - is_expected.to contain_glance_swift_config('ref1/key').with_value('key') + is_expected.to contain_glance_swift_config('ref1/key').with_value('key').with_secret(true) is_expected.to contain_glance_swift_config('ref1/user').with_value('user') is_expected.to contain_glance_swift_config('ref1/auth_version').with_value('2') is_expected.to contain_glance_swift_config('ref1/auth_address').with_value('http://127.0.0.1:5000/v3/') @@ -94,7 +94,7 @@ describe 'glance::backend::multistore::swift' do is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('swift_creds') is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value(true) is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('/var/glance/swift') - is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2') + is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2').with_secret(true) is_expected.to contain_glance_swift_config('swift_creds/user').with_value('user2') is_expected.to contain_glance_swift_config('swift_creds/auth_version').with_value('1') is_expected.to contain_glance_swift_config('swift_creds/auth_address').with_value('127.0.0.2:8080/v1.0/')