openstack/puppet-keystone
Code Issues Proposed changes

Set show_diff to false when configuring Federation

Browse Source 
When we configure federation changes in configuration
files that contain sensitive informatio ncan be leaked
into the output.

Change-Id: I797fc8101837fe344c056a032ba98e5fbc8a2bec
This commit is contained in:
Tobias Urdin 2024-03-24 20:22:01 +01:00
parent f233ad9240
commit de567154f6
6 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/federation/mellon.pp
View File

@ -82,4 +82,8 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
content => template('keystone/mellon.conf.erb'),
order => $template_order,
}
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
}

4
manifests/federation/openidc.pp
View File

@ -248,4 +248,8 @@ class keystone::federation::openidc (
content => template('keystone/openidc.conf.erb'),
order => $template_order,
}
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
}

8
manifests/federation/shibboleth.pp
View File

@ -86,6 +86,10 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
}
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
}
'RedHat': {
if defined(Yumrepo[$yum_repo_name]) or defined(Package['shibboleth']) {
@ -101,6 +105,10 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
content => template('keystone/shibboleth.conf.erb'),
order => $template_order,
}
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
} else {
if !$suppress_warning {
warning( 'Can not configure Shibboleth in Apache on RedHat OS. Read the Note on this federation/shibboleth.pp' )

4
spec/classes/keystone_federation_mellon_spec.rb
View File

@ -57,6 +57,8 @@ describe 'keystone::federation::mellon' do
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
context 'with websso enabled' do
@ -80,6 +82,8 @@ describe 'keystone::federation::mellon' do
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end

2
spec/classes/keystone_federation_openidc_spec.rb
View File

@ -72,6 +72,8 @@ describe 'keystone::federation::openidc' do
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
it 'should contain expected config' do
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"')

5
spec/classes/keystone_federation_shibboleth_spec.rb
View File

@ -88,6 +88,7 @@ describe 'keystone::federation::shibboleth' do
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end
@ -113,6 +114,7 @@ describe 'keystone::federation::shibboleth' do
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end
@ -131,12 +133,15 @@ describe 'keystone::federation::shibboleth' do
let (:params) { default_params }
it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache
:priority => 10,
:order => params[:template_order],
})}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end
end