openstack/puppet-keystone
Code Issues Proposed changes

Set show_diff to false when configuring Federation

Browse Source 
When we configure federation changes in configuration
files that contain sensitive informatio ncan be leaked
into the output.

Change-Id: I797fc8101837fe344c056a032ba98e5fbc8a2bec
(cherry picked from commit de567154f6)
(cherry picked from commit 9779df62bf)
(cherry picked from commit 64fa2e3204)
This commit is contained in:
Tobias Urdin
2024-03-24 20:22:01 +01:00
parent 6902c70c98
commit 1f270eacca
6 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
manifests/federation/mellon.pp
View File

@@ -87,4 +87,7 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
order => $template_order,
}
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
}

4
manifests/federation/openidc.pp
View File

@@ -239,4 +239,8 @@ class keystone::federation::openidc (
content => template('keystone/openidc.conf.erb'),
order => $template_order,
}
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
}

4
manifests/federation/shibboleth.pp
View File

@@ -90,6 +90,10 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
}
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
} elsif $::osfamily == 'Redhat' {
if !$suppress_warning {
warning( 'Can not configure Shibboleth in Apache on RedHat OS.Read the Note on this federation/shibboleth.pp' )

4
spec/classes/keystone_federation_mellon_spec.rb
View File

@@ -52,6 +52,8 @@ describe 'keystone::federation::mellon' do
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
context 'with websso enabled' do
@@ -74,6 +76,8 @@ describe 'keystone::federation::mellon' do
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end

2
spec/classes/keystone_federation_openidc_spec.rb
View File

@@ -86,6 +86,8 @@ describe 'keystone::federation::openidc' do
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
it 'should contain expected config' do
content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"')

3
spec/classes/keystone_federation_shibboleth_spec.rb
View File

@@ -88,6 +88,7 @@ describe 'keystone::federation::shibboleth' do
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end
@@ -112,6 +113,7 @@ describe 'keystone::federation::shibboleth' do
:target => "10-keystone_wsgi.conf",
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end
@@ -136,6 +138,7 @@ describe 'keystone::federation::shibboleth' do
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end