Ensure key contents are hidden
By default, the file resource shows differences when the file changes. This change disables that for the key files so that key contents are not displayed in output. Closes-Bug: #1979672 Change-Id: Ic0398cfbb14782ce16710a838e5428be50f2a0b3 (cherry picked from commitc76bfbe41f) (cherry picked from commit6a0ca3f0f5) (cherry picked from commitf5d1daf0b7) (cherry picked from commitbbdbd7aef3) (cherry picked from commit922083e5ba) (cherry picked from commitd7d6adfd5b)
This commit is contained in:
Takashi Kajinami
parent
337022a86c
commit
dadf3b7bfd
|
|
@ -1050,6 +1050,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'replace' => $fernet_replace_keys,
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
}
|
||||
)
|
||||
|
|
@ -1085,6 +1086,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'owner' => $keystone_user,
|
||||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
}
|
||||
)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
Content of fernet keys and credential keys are now hidden from output, when
|
||||
these files are updated.
|
||||
|
|
@ -797,11 +797,13 @@ describe 'keystone' do
|
|||
it { is_expected.to contain_file('/etc/keystone/credential-keys/0').with(
|
||||
'content' => 't-WdduhORSqoyAykuqWAQSYjg2rSRuJYySgI2xh48CI=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
it { is_expected.to contain_file('/etc/keystone/credential-keys/1').with(
|
||||
'content' => 'GLlnyygEVJP4-H2OMwClXn3sdSQUZsM5F194139Unv8=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue