Ensure key contents are hidden
By default, the file resource shows differences when the file changes.
This change disables that for the key files so that key contents are
not displayed in output.
Closes-Bug: #1979672
Change-Id: Ic0398cfbb14782ce16710a838e5428be50f2a0b3
(cherry picked from commit c76bfbe41f
)
This commit is contained in:
parent
36335f0933
commit
6a0ca3f0f5
|
@ -675,6 +675,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'replace' => $fernet_replace_keys,
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
'tag' => 'keystone-fernet-key',
|
||||
}
|
||||
|
@ -711,6 +712,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'owner' => $keystone_user,
|
||||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
}
|
||||
)
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
Content of fernet keys and credential keys are now hidden from output, when
|
||||
these files are updated.
|
|
@ -380,11 +380,13 @@ describe 'keystone' do
|
|||
it { is_expected.to contain_file('/etc/keystone/credential-keys/0').with(
|
||||
'content' => 't-WdduhORSqoyAykuqWAQSYjg2rSRuJYySgI2xh48CI=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
it { is_expected.to contain_file('/etc/keystone/credential-keys/1').with(
|
||||
'content' => 'GLlnyygEVJP4-H2OMwClXn3sdSQUZsM5F194139Unv8=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue