Ensure key contents are hidden
By default, the file resource shows differences when the file changes. This change disables that for the key files so that key contents are not displayed in output. Closes-Bug: #1979672 Change-Id: Ic0398cfbb14782ce16710a838e5428be50f2a0b3 (cherry picked from commitc76bfbe41f
) (cherry picked from commit6a0ca3f0f5
)
This commit is contained in:
parent
114272ff57
commit
f5d1daf0b7
|
@ -716,6 +716,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'replace' => $fernet_replace_keys,
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
'tag' => 'keystone-fernet-key',
|
||||
}
|
||||
|
@ -752,6 +753,7 @@ running as a standalone service, or httpd for being run by a httpd server")
|
|||
'owner' => $keystone_user,
|
||||
'group' => $keystone_group,
|
||||
'mode' => '0600',
|
||||
'show_diff' => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
}
|
||||
)
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
Content of fernet keys and credential keys are now hidden from output, when
|
||||
these files are updated.
|
|
@ -373,11 +373,13 @@ describe 'keystone' do
|
|||
it { is_expected.to contain_file('/etc/keystone/credential-keys/0').with(
|
||||
'content' => 't-WdduhORSqoyAykuqWAQSYjg2rSRuJYySgI2xh48CI=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
it { is_expected.to contain_file('/etc/keystone/credential-keys/1').with(
|
||||
'content' => 'GLlnyygEVJP4-H2OMwClXn3sdSQUZsM5F194139Unv8=',
|
||||
'owner' => 'keystone',
|
||||
:show_diff => false,
|
||||
'subscribe' => 'Anchor[keystone::install::end]',
|
||||
)}
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue