Set show_diff to false when configuring Federation

When we configure federation changes in configuration
files that contain sensitive informatio ncan be leaked
into the output.

Change-Id: I797fc8101837fe344c056a032ba98e5fbc8a2bec
This commit is contained in:
Tobias Urdin 2024-03-24 20:22:01 +01:00
parent f233ad9240
commit de567154f6
6 changed files with 27 additions and 0 deletions

View File

@ -82,4 +82,8 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
content => template('keystone/mellon.conf.erb'), content => template('keystone/mellon.conf.erb'),
order => $template_order, order => $template_order,
} }
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
} }

View File

@ -248,4 +248,8 @@ class keystone::federation::openidc (
content => template('keystone/openidc.conf.erb'), content => template('keystone/openidc.conf.erb'),
order => $template_order, order => $template_order,
} }
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
} }

View File

@ -86,6 +86,10 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
content => template('keystone/shibboleth.conf.erb'), content => template('keystone/shibboleth.conf.erb'),
order => $template_order, order => $template_order,
} }
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
} }
'RedHat': { 'RedHat': {
if defined(Yumrepo[$yum_repo_name]) or defined(Package['shibboleth']) { if defined(Yumrepo[$yum_repo_name]) or defined(Package['shibboleth']) {
@ -101,6 +105,10 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
content => template('keystone/shibboleth.conf.erb'), content => template('keystone/shibboleth.conf.erb'),
order => $template_order, order => $template_order,
} }
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
show_diff => false,
}
} else { } else {
if !$suppress_warning { if !$suppress_warning {
warning( 'Can not configure Shibboleth in Apache on RedHat OS. Read the Note on this federation/shibboleth.pp' ) warning( 'Can not configure Shibboleth in Apache on RedHat OS. Read the Note on this federation/shibboleth.pp' )

View File

@ -57,6 +57,8 @@ describe 'keystone::federation::mellon' do
:priority => 10, :priority => 10,
:order => params[:template_order], :order => params[:template_order],
})} })}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end end
context 'with websso enabled' do context 'with websso enabled' do
@ -80,6 +82,8 @@ describe 'keystone::federation::mellon' do
:priority => 10, :priority => 10,
:order => params[:template_order], :order => params[:template_order],
})} })}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end end
end end

View File

@ -72,6 +72,8 @@ describe 'keystone::federation::openidc' do
:order => params[:template_order], :order => params[:template_order],
})} })}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
it 'should contain expected config' do it 'should contain expected config' do
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content') content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"') expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"')

View File

@ -88,6 +88,7 @@ describe 'keystone::federation::shibboleth' do
:priority => 10, :priority => 10,
:order => params[:template_order], :order => params[:template_order],
})} })}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end end
end end
@ -113,6 +114,7 @@ describe 'keystone::federation::shibboleth' do
:priority => 10, :priority => 10,
:order => params[:template_order], :order => params[:template_order],
})} })}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end end
end end
@ -131,12 +133,15 @@ describe 'keystone::federation::shibboleth' do
let (:params) { default_params } let (:params) { default_params }
it { is_expected.to contain_apache__mod('shib2') } it { is_expected.to contain_apache__mod('shib2') }
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({ it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
:vhost => 'keystone_wsgi', :vhost => 'keystone_wsgi',
# This need to change if priority is changed in keystone::wsgi::apache # This need to change if priority is changed in keystone::wsgi::apache
:priority => 10, :priority => 10,
:order => params[:template_order], :order => params[:template_order],
})} })}
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
end end
end end