Merge "Ensure key contents are hidden"
This commit is contained in:
commit
f28e3c199b
|
@ -654,6 +654,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'replace' => $fernet_replace_keys,
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
'tag' => 'keystone-fernet-key',
|
||||
}
|
||||
|
@ -690,6 +691,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'owner' => $keystone_user,
|
||||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
}
|
||||
)
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
Content of fernet keys and credential keys are now hidden from output, when
|
||||
these files are updated.
|
|
@ -371,11 +371,13 @@ describe 'keystone' do
|
|||
it { is_expected.to contain_file('/etc/keystone/credential-keys/0').with(
|
||||
'content' => 't-WdduhORSqoyAykuqWAQSYjg2rSRuJYySgI2xh48CI=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
it { is_expected.to contain_file('/etc/keystone/credential-keys/1').with(
|
||||
'content' => 'GLlnyygEVJP4-H2OMwClXn3sdSQUZsM5F194139Unv8=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue