Set show_diff to false when configuring Federation
When we configure federation changes in configuration files that contain sensitive informatio ncan be leaked into the output. Change-Id: I797fc8101837fe344c056a032ba98e5fbc8a2bec
This commit is contained in:
parent
f233ad9240
commit
de567154f6
@ -82,4 +82,8 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
|
|||||||
content => template('keystone/mellon.conf.erb'),
|
content => template('keystone/mellon.conf.erb'),
|
||||||
order => $template_order,
|
order => $template_order,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
|
||||||
|
show_diff => false,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -248,4 +248,8 @@ class keystone::federation::openidc (
|
|||||||
content => template('keystone/openidc.conf.erb'),
|
content => template('keystone/openidc.conf.erb'),
|
||||||
order => $template_order,
|
order => $template_order,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
|
||||||
|
show_diff => false,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -86,6 +86,10 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
|||||||
content => template('keystone/shibboleth.conf.erb'),
|
content => template('keystone/shibboleth.conf.erb'),
|
||||||
order => $template_order,
|
order => $template_order,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
|
||||||
|
show_diff => false,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
'RedHat': {
|
'RedHat': {
|
||||||
if defined(Yumrepo[$yum_repo_name]) or defined(Package['shibboleth']) {
|
if defined(Yumrepo[$yum_repo_name]) or defined(Package['shibboleth']) {
|
||||||
@ -101,6 +105,10 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
|||||||
content => template('keystone/shibboleth.conf.erb'),
|
content => template('keystone/shibboleth.conf.erb'),
|
||||||
order => $template_order,
|
order => $template_order,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Concat<| title == "${keystone::wsgi::apache::priority}-keystone_wsgi.conf" |> {
|
||||||
|
show_diff => false,
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
if !$suppress_warning {
|
if !$suppress_warning {
|
||||||
warning( 'Can not configure Shibboleth in Apache on RedHat OS. Read the Note on this federation/shibboleth.pp' )
|
warning( 'Can not configure Shibboleth in Apache on RedHat OS. Read the Note on this federation/shibboleth.pp' )
|
||||||
|
@ -57,6 +57,8 @@ describe 'keystone::federation::mellon' do
|
|||||||
:priority => 10,
|
:priority => 10,
|
||||||
:order => params[:template_order],
|
:order => params[:template_order],
|
||||||
})}
|
})}
|
||||||
|
|
||||||
|
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with websso enabled' do
|
context 'with websso enabled' do
|
||||||
@ -80,6 +82,8 @@ describe 'keystone::federation::mellon' do
|
|||||||
:priority => 10,
|
:priority => 10,
|
||||||
:order => params[:template_order],
|
:order => params[:template_order],
|
||||||
})}
|
})}
|
||||||
|
|
||||||
|
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -72,6 +72,8 @@ describe 'keystone::federation::openidc' do
|
|||||||
:order => params[:template_order],
|
:order => params[:template_order],
|
||||||
})}
|
})}
|
||||||
|
|
||||||
|
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
|
||||||
|
|
||||||
it 'should contain expected config' do
|
it 'should contain expected config' do
|
||||||
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
|
content = get_param('concat::fragment', 'keystone_wsgi-configure_openidc_keystone', 'content')
|
||||||
expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"')
|
expect(content).to match('OIDCProviderMetadataURL "https://accounts.google.com/.well-known/openid-configuration"')
|
||||||
|
@ -88,6 +88,7 @@ describe 'keystone::federation::shibboleth' do
|
|||||||
:priority => 10,
|
:priority => 10,
|
||||||
:order => params[:template_order],
|
:order => params[:template_order],
|
||||||
})}
|
})}
|
||||||
|
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -113,6 +114,7 @@ describe 'keystone::federation::shibboleth' do
|
|||||||
:priority => 10,
|
:priority => 10,
|
||||||
:order => params[:template_order],
|
:order => params[:template_order],
|
||||||
})}
|
})}
|
||||||
|
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -131,12 +133,15 @@ describe 'keystone::federation::shibboleth' do
|
|||||||
let (:params) { default_params }
|
let (:params) { default_params }
|
||||||
|
|
||||||
it { is_expected.to contain_apache__mod('shib2') }
|
it { is_expected.to contain_apache__mod('shib2') }
|
||||||
|
|
||||||
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
|
it { is_expected.to contain_apache__vhost__fragment('configure_shibboleth_keystone').with({
|
||||||
:vhost => 'keystone_wsgi',
|
:vhost => 'keystone_wsgi',
|
||||||
# This need to change if priority is changed in keystone::wsgi::apache
|
# This need to change if priority is changed in keystone::wsgi::apache
|
||||||
:priority => 10,
|
:priority => 10,
|
||||||
:order => params[:template_order],
|
:order => params[:template_order],
|
||||||
})}
|
})}
|
||||||
|
|
||||||
|
it { is_expected.to contain_concat('10-keystone_wsgi.conf').with_show_diff(false) }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user