Nuage: [RESTPROXY] serverauth should be secret

This parameter includes the password string, thus should be hidden. Change-Id: If3f9c7b01aedeacea1e773438b812bc53918c5d8
2022-04-10 19:28:49 +09:00 · 2022-04-10 19:28:49 +09:00 · e5f3f77a7d
parent 03d2bc2d2b
commit e5f3f77a7d
3 changed files with 26 additions and 1 deletions
--- a/lib/puppet/type/neutron_plugin_nuage.rb
+++ b/lib/puppet/type/neutron_plugin_nuage.rb
@ -14,6 +14,28 @@ Puppet::Type.newtype(:neutron_plugin_nuage) do
      value.capitalize! if value =~ /^(true|false)$/i
      value
    end
+
+    def is_to_s( currentvalue )
+      if resource.secret?
+        return '[old secret redacted]'
+      else
+        return currentvalue
+      end
+    end
+
+    def should_to_s( newvalue )
+      if resource.secret?
+        return '[new secret redacted]'
+      else
+        return newvalue
+      end
+    end
+  end
+
+  newparam(:secret, :boolean => true) do
+    desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+    newvalues(:true, :false)
+    defaultto false
  end

  newparam(:ensure_absent_val) do
--- a/manifests/plugins/ml2/nuage.pp
+++ b/manifests/plugins/ml2/nuage.pp
@ -98,7 +98,7 @@ class neutron::plugins::ml2::nuage (
  neutron_plugin_nuage {
    'RESTPROXY/default_net_partition_name': value => $nuage_net_partition_name;
    'RESTPROXY/server':                     value => $nuage_vsd_ip;
-    'RESTPROXY/serverauth':                 value => "${nuage_vsd_username}:${nuage_vsd_password}";
+    'RESTPROXY/serverauth':                 value => "${nuage_vsd_username}:${nuage_vsd_password}", secret => true;
    'RESTPROXY/organization':               value => $nuage_vsd_organization;
    'RESTPROXY/auth_resource':              value => $nuage_auth_resource;
    'RESTPROXY/serverssl':                  value => $nuage_server_ssl;
--- a/spec/classes/neutron_plugins_ml2_nuage_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_nuage_spec.rb
@ -51,6 +51,9 @@ describe 'neutron::plugins::ml2::nuage' do
    it 'should configure plugin.ini' do
      should contain_neutron_plugin_nuage('RESTPROXY/default_net_partition_name').with_value(params[:nuage_net_partition_name])
      should contain_neutron_plugin_nuage('RESTPROXY/server').with_value(params[:nuage_vsd_ip])
+      should contain_neutron_plugin_nuage('RESTPROXY/serverauth')\
+        .with_value("#{params[:nuage_vsd_username]}:#{params[:nuage_vsd_password]}")\
+        .with_secret(true)
      should contain_neutron_plugin_nuage('RESTPROXY/organization').with_value(params[:nuage_vsd_organization])
      should contain_neutron_plugin_nuage('RESTPROXY/cms_id').with_value(params[:nuage_cms_id])
      should contain_neutron_plugin_nuage('PLUGIN/default_allow_non_ip').with_value(params[:nuage_default_allow_non_ip])