Merge "The ha_vrrp_auth_password password should be secret"

lib/puppet/type/neutron_l3_agent_config.rb

@@ -14,6 +14,28 @@ Puppet::Type.newtype(:neutron_l3_agent_config) do
       value.capitalize! if value =~ /^(true|false)$/i
       value
     end
+
+    def is_to_s( currentvalue )
+      if resource.secret?
+        return '[old secret redacted]'
+      else
+        return currentvalue
+      end
+    end
+
+    def should_to_s( newvalue )
+      if resource.secret?
+        return '[new secret redacted]'
+      else
+        return newvalue
+      end
+    end
+  end
+
+  newparam(:secret, :boolean => true) do
+    desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+    newvalues(:true, :false)
+    defaultto false
   end
 
   newparam(:ensure_absent_val) do

manifests/agents/l3.pp

@@ -171,7 +171,7 @@ class neutron::agents::l3 (
   if $ha_enabled {
     neutron_l3_agent_config {
       'DEFAULT/ha_vrrp_auth_type':     value => $ha_vrrp_auth_type;
-      'DEFAULT/ha_vrrp_auth_password': value => $ha_vrrp_auth_password;
+      'DEFAULT/ha_vrrp_auth_password': value => $ha_vrrp_auth_password, secret => true;
       'DEFAULT/ha_vrrp_advert_int':    value => $ha_vrrp_advert_int;
     }
   }

spec/classes/neutron_agents_l3_spec.rb

@@ -110,7 +110,7 @@ describe 'neutron::agents::l3' do
       end
       it 'should configure VRRP' do
         should contain_neutron_l3_agent_config('DEFAULT/ha_vrrp_auth_type').with_value(p[:ha_vrrp_auth_type])
-        should contain_neutron_l3_agent_config('DEFAULT/ha_vrrp_auth_password').with_value(p[:ha_vrrp_auth_password])
+        should contain_neutron_l3_agent_config('DEFAULT/ha_vrrp_auth_password').with_value(p[:ha_vrrp_auth_password]).with_secret(true)
         should contain_neutron_l3_agent_config('DEFAULT/ha_vrrp_advert_int').with_value(p[:ha_vrrp_advert_int])
       end
     end