Ensure service user passwords are secret
Change-Id: Ia4aabf358e4e0ef0e7913940b70ba79b1eaa1acf
This commit is contained in:
parent
2314c53abf
commit
8d2662c2ba
@ -14,6 +14,30 @@ Puppet::Type.newtype(:ironic_neutron_agent_config) do
|
|||||||
value.capitalize! if value =~ /^(true|false)$/i
|
value.capitalize! if value =~ /^(true|false)$/i
|
||||||
value
|
value
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def is_to_s( currentvalue )
|
||||||
|
if resource.secret?
|
||||||
|
return '[old secret redacted]'
|
||||||
|
else
|
||||||
|
return currentvalue
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def should_to_s( newvalue )
|
||||||
|
if resource.secret?
|
||||||
|
return '[new secret redacted]'
|
||||||
|
else
|
||||||
|
return newvalue
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
newparam(:secret, :boolean => true) do
|
||||||
|
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
|
||||||
|
|
||||||
|
newvalues(:true, :false)
|
||||||
|
|
||||||
|
defaultto false
|
||||||
end
|
end
|
||||||
|
|
||||||
newparam(:ensure_absent_val) do
|
newparam(:ensure_absent_val) do
|
||||||
|
@ -148,7 +148,7 @@ class neutron::agents::ml2::networking_baremetal (
|
|||||||
'ironic/auth_type': value => $auth_type;
|
'ironic/auth_type': value => $auth_type;
|
||||||
'ironic/auth_url': value => $auth_url;
|
'ironic/auth_url': value => $auth_url;
|
||||||
'ironic/username': value => $username;
|
'ironic/username': value => $username;
|
||||||
'ironic/password': value => $password;
|
'ironic/password': value => $password, secret => true;
|
||||||
'ironic/project_domain_name': value => $project_domain_name;
|
'ironic/project_domain_name': value => $project_domain_name;
|
||||||
'ironic/project_name': value => $project_name;
|
'ironic/project_name': value => $project_name;
|
||||||
'ironic/user_domain_name': value => $user_domain_name;
|
'ironic/user_domain_name': value => $user_domain_name;
|
||||||
|
@ -73,7 +73,7 @@ class neutron::designate (
|
|||||||
|
|
||||||
neutron_config {
|
neutron_config {
|
||||||
'DEFAULT/external_dns_driver': value => 'designate';
|
'DEFAULT/external_dns_driver': value => 'designate';
|
||||||
'designate/password': value => $password;
|
'designate/password': value => $password, secret => true;
|
||||||
'designate/url': value => $url;
|
'designate/url': value => $url;
|
||||||
'designate/auth_type': value => $auth_type;
|
'designate/auth_type': value => $auth_type;
|
||||||
'designate/username': value => $username;
|
'designate/username': value => $username;
|
||||||
|
@ -44,7 +44,7 @@ describe 'neutron::agents::ml2::networking_baremetal' do
|
|||||||
should contain_ironic_neutron_agent_config('ironic/auth_type').with_value(p[:auth_type])
|
should contain_ironic_neutron_agent_config('ironic/auth_type').with_value(p[:auth_type])
|
||||||
should contain_ironic_neutron_agent_config('ironic/auth_url').with_value(p[:auth_url])
|
should contain_ironic_neutron_agent_config('ironic/auth_url').with_value(p[:auth_url])
|
||||||
should contain_ironic_neutron_agent_config('ironic/username').with_value(p[:username])
|
should contain_ironic_neutron_agent_config('ironic/username').with_value(p[:username])
|
||||||
should contain_ironic_neutron_agent_config('ironic/password').with_value(p[:password])
|
should contain_ironic_neutron_agent_config('ironic/password').with_value(p[:password]).with_secret(true)
|
||||||
should contain_ironic_neutron_agent_config('ironic/project_domain_name').with_value(p[:project_domain_name])
|
should contain_ironic_neutron_agent_config('ironic/project_domain_name').with_value(p[:project_domain_name])
|
||||||
should contain_ironic_neutron_agent_config('ironic/project_name').with_value(p[:project_name])
|
should contain_ironic_neutron_agent_config('ironic/project_name').with_value(p[:project_name])
|
||||||
should contain_ironic_neutron_agent_config('ironic/user_domain_name').with_value(p[:user_domain_name])
|
should contain_ironic_neutron_agent_config('ironic/user_domain_name').with_value(p[:user_domain_name])
|
||||||
|
@ -15,7 +15,7 @@ describe 'neutron::designate' do
|
|||||||
it 'configures designate in neutron.conf' do
|
it 'configures designate in neutron.conf' do
|
||||||
should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
|
should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
|
||||||
should contain_neutron_config('designate/url').with_value('http://ip/designate')
|
should contain_neutron_config('designate/url').with_value('http://ip/designate')
|
||||||
should contain_neutron_config('designate/password').with_value('secret')
|
should contain_neutron_config('designate/password').with_value('secret').with_secret(true)
|
||||||
should contain_neutron_config('designate/username').with_value('neutron')
|
should contain_neutron_config('designate/username').with_value('neutron')
|
||||||
should contain_neutron_config('designate/auth_type').with_value('password')
|
should contain_neutron_config('designate/auth_type').with_value('password')
|
||||||
should contain_neutron_config('designate/project_name').with_value('services')
|
should contain_neutron_config('designate/project_name').with_value('services')
|
||||||
@ -42,7 +42,7 @@ describe 'neutron::designate' do
|
|||||||
it 'configures designate in neutron.conf' do
|
it 'configures designate in neutron.conf' do
|
||||||
should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
|
should contain_neutron_config('DEFAULT/external_dns_driver').with_value('designate')
|
||||||
should contain_neutron_config('designate/url').with_value('http://ip/designate')
|
should contain_neutron_config('designate/url').with_value('http://ip/designate')
|
||||||
should contain_neutron_config('designate/password').with_value('secret')
|
should contain_neutron_config('designate/password').with_value('secret').with_secret(true)
|
||||||
should contain_neutron_config('designate/username').with_value('user')
|
should contain_neutron_config('designate/username').with_value('user')
|
||||||
should contain_neutron_config('designate/auth_type').with_value('token')
|
should contain_neutron_config('designate/auth_type').with_value('token')
|
||||||
should contain_neutron_config('designate/project_id').with_value('id1')
|
should contain_neutron_config('designate/project_id').with_value('id1')
|
||||||
|
Loading…
Reference in New Issue
Block a user