Browse Source

Merge "Ensure service user passwords are secret" into stable/victoria

stable/victoria
Zuul 4 weeks ago
committed by Gerrit Code Review
parent
commit
4443278c52
5 changed files with 29 additions and 5 deletions
  1. +24
    -0
      lib/puppet/type/ironic_neutron_agent_config.rb
  2. +1
    -1
      manifests/agents/ml2/networking_baremetal.pp
  3. +1
    -1
      manifests/designate.pp
  4. +1
    -1
      spec/classes/neutron_agents_ml2_networking_baremetal_spec.rb
  5. +2
    -2
      spec/classes/neutron_designate_spec.rb

+ 24
- 0
lib/puppet/type/ironic_neutron_agent_config.rb View File

@ -14,6 +14,30 @@ Puppet::Type.newtype(:ironic_neutron_agent_config) do
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
newparam(:ensure_absent_val) do


+ 1
- 1
manifests/agents/ml2/networking_baremetal.pp View File

@ -148,7 +148,7 @@ class neutron::agents::ml2::networking_baremetal (
'ironic/auth_type': value => $auth_type;
'ironic/auth_url': value => $auth_url;
'ironic/username': value => $username;
'ironic/password': value => $password;
'ironic/password': value => $password, secret => true;
'ironic/project_domain_name': value => $project_domain_name;
'ironic/project_name': value => $project_name;
'ironic/user_domain_name': value => $user_domain_name;


+ 1
- 1
manifests/designate.pp View File

@ -73,7 +73,7 @@ class neutron::designate (
neutron_config {
'DEFAULT/external_dns_driver': value => 'designate';
'designate/password': value => $password;
'designate/password': value => $password, secret => true;
'designate/url': value => $url;
'designate/auth_type': value => $auth_type;
'designate/username': value => $username;


+ 1
- 1
spec/classes/neutron_agents_ml2_networking_baremetal_spec.rb View File

@ -44,7 +44,7 @@ describe 'neutron::agents::ml2::networking_baremetal' do
should contain_ironic_neutron_agent_config('ironic/auth_type').with_value(p[:auth_type])
should contain_ironic_neutron_agent_config('ironic/auth_url').with_value(p[:auth_url])
should contain_ironic_neutron_agent_config('ironic/username').with_value(p[:username])
should contain_ironic_neutron_agent_config('ironic/password').with_value(p[:password])
should contain_ironic_neutron_agent_config('ironic/password').with_value(p[:password]).with_secret(true)
should contain_ironic_neutron_agent_config('ironic/project_domain_name').with_value(p[:project_domain_name])
should contain_ironic_neutron_agent_config('ironic/project_name').with_value(p[:project_name])
should contain_ironic_neutron_agent_config('ironic/user_domain_name').with_value(p[:user_domain_name])


+ 2
- 2
spec/classes/neutron_designate_spec.rb View File

@ -15,7 +15,7 @@ describe 'neutron::designate' do
it 'configures designate in neutron.conf' do
should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
should contain_neutron_config('designate/url').with_value('http://ip/designate')
should contain_neutron_config('designate/password').with_value('secret')
should contain_neutron_config('designate/password').with_value('secret').with_secret(true)
should contain_neutron_config('designate/username').with_value('neutron')
should contain_neutron_config('designate/auth_type').with_value('password')
should contain_neutron_config('designate/project_name').with_value('services')
@ -42,7 +42,7 @@ describe 'neutron::designate' do
it 'configures designate in neutron.conf' do
should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
should contain_neutron_config('designate/url').with_value('http://ip/designate')
should contain_neutron_config('designate/password').with_value('secret')
should contain_neutron_config('designate/password').with_value('secret').with_secret(true)
should contain_neutron_config('designate/username').with_value('user')
should contain_neutron_config('designate/auth_type').with_value('token')
should contain_neutron_config('designate/project_id').with_value('id1')


Loading…
Cancel
Save