Hide secrets from puppet logs

Currently secrets like rabbit_password or admin_password are laked in puppet logs when changed. This commit added secret parameter to password and databases params. Change-Id: I205b54d24be202095a2eae7356d63107523e0c92 Closes-Bug: #1328448
2014-07-12 02:27:54 +02:00 · 2014-07-12 02:27:54 +02:00 · 8012b9538f
parent 8b99c2c1d8
commit 8012b9538f
2 changed files with 4 additions and 3 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -218,7 +218,7 @@ class ironic (
    'DEFAULT/auth_strategy':           value => $auth_strategy;
    'DEFAULT/control_exchange':        value => $control_exchange;
    'DEFAULT/rpc_backend':             value => $rpc_backend;
-    'database/connection':             value => $database_connection;
+    'database/connection':             value => $database_connection, secret => true;
    'database/idle_timeout':           value => $database_idle_timeout;
    'database/retry_interval':         value => $database_retry_interval;
    'database/max_retries':            value => $database_max_retries;
@ -242,7 +242,7 @@ class ironic (

    ironic_config {
      'DEFAULT/rabbit_userid':       value => $rabbit_user;
-      'DEFAULT/rabbit_password':     value => $rabbit_password;
+      'DEFAULT/rabbit_password':     value => $rabbit_password, secret => true;
      'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
    }
  }
@ -252,7 +252,7 @@ class ironic (
      'DEFAULT/qpid_hostname':               value => $qpid_hostname;
      'DEFAULT/qpid_port':                   value => $qpid_port;
      'DEFAULT/qpid_username':               value => $qpid_username;
-      'DEFAULT/qpid_password':               value => $qpid_password;
+      'DEFAULT/qpid_password':               value => $qpid_password, secret => true;
      'DEFAULT/qpid_heartbeat':              value => $qpid_heartbeat;
      'DEFAULT/qpid_protocol':               value => $qpid_protocol;
      'DEFAULT/qpid_tcp_nodelay':            value => $qpid_tcp_nodelay;
--- a/spec/classes/ironic_init_spec.rb
+++ b/spec/classes/ironic_init_spec.rb
@ -127,6 +127,7 @@ describe 'ironic' do
      should contain_ironic_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_user] )
      should contain_ironic_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
      should contain_ironic_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
+      should contain_ironic_config('DEFAULT/rabbit_password').with_secret( true )
    end

    it 'should perform default database configuration' do