Swift backend: the key parameter should be secret

The key parameter of swift backend is used to define a credentail to
access Swift so should be hidden in logs.

In Glance the user parameter(swift_store_user) is also defined as
a secret parameter. However it defines user name or id and user name
or id is not currently treated as secret in puppet, so this change
doesn't cover the user parameter.

Change-Id: Iac580df4de14ffdb19436417b2830a834efd087d
(cherry picked from commit 4a48192988)
(cherry picked from commit 048e9b458b)
(cherry picked from commit 572f60e47f)
(cherry picked from commit f6b75d9c2a)
(cherry picked from commit 2c1d7cbc99)
This commit is contained in:
Takashi Kajinami 2021-10-20 13:59:46 +09:00
parent 5f1ef40ab1
commit f7ce22dd77
2 changed files with 3 additions and 3 deletions

View File

@ -123,7 +123,7 @@ define glance::backend::multistore::swift(
glance_swift_config {
"${default_swift_reference}/user": value => $swift_store_user;
"${default_swift_reference}/key": value => $swift_store_key;
"${default_swift_reference}/key": value => $swift_store_key, secret => true;
"${default_swift_reference}/auth_address": value => $swift_store_auth_address;
"${default_swift_reference}/auth_version": value => $swift_store_auth_version;
"${default_swift_reference}/user_domain_id": value => $swift_store_auth_user_domain_id;

View File

@ -50,7 +50,7 @@ describe 'glance::backend::multistore::swift' do
is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('ref1')
is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('<SERVICE DEFAULT>')
is_expected.to contain_glance_swift_config('ref1/key').with_value('key')
is_expected.to contain_glance_swift_config('ref1/key').with_value('key').with_secret(true)
is_expected.to contain_glance_swift_config('ref1/user').with_value('user')
is_expected.to contain_glance_swift_config('ref1/auth_version').with_value('2')
is_expected.to contain_glance_swift_config('ref1/auth_address').with_value('http://127.0.0.1:5000/v3/')
@ -94,7 +94,7 @@ describe 'glance::backend::multistore::swift' do
is_expected.to contain_glance_api_config('swift/default_swift_reference').with_value('swift_creds')
is_expected.to contain_glance_api_config('swift/swift_buffer_on_upload').with_value(true)
is_expected.to contain_glance_api_config('swift/swift_upload_buffer_dir').with_value('/var/glance/swift')
is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2')
is_expected.to contain_glance_swift_config('swift_creds/key').with_value('key2').with_secret(true)
is_expected.to contain_glance_swift_config('swift_creds/user').with_value('user2')
is_expected.to contain_glance_swift_config('swift_creds/auth_version').with_value('1')
is_expected.to contain_glance_swift_config('swift_creds/auth_address').with_value('127.0.0.2:8080/v1.0/')