Allow to hide config values from Puppet logs
Hide configuration value from Puppet logs if the secret parameter is set to true. Fixes: bug #1173322 Change-Id: I0815c3a1b84201fc7c39d221ff7f07fbd22fbcd4
This commit is contained in:
parent
a7c0720bfa
commit
1c7fa0d695
|
@ -18,6 +18,30 @@ Puppet::Type.newtype(:nova_config) do
|
|||
value
|
||||
end
|
||||
newvalues(/^[\S ]*$/)
|
||||
|
||||
def is_to_s( currentvalue )
|
||||
if resource.secret?
|
||||
return '[old secret redacted]'
|
||||
else
|
||||
return currentvalue
|
||||
end
|
||||
end
|
||||
|
||||
def should_to_s( newvalue )
|
||||
if resource.secret?
|
||||
return '[new secret redacted]'
|
||||
else
|
||||
return newvalue
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:secret, :boolean => true) do
|
||||
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
|
||||
|
||||
newvalues(:true, :false)
|
||||
|
||||
defaultto false
|
||||
end
|
||||
|
||||
validate do
|
||||
|
|
|
@ -14,6 +14,30 @@ Puppet::Type.newtype(:nova_paste_api_ini) do
|
|||
value.capitalize! if value =~ /^(true|false)$/i
|
||||
value
|
||||
end
|
||||
|
||||
def is_to_s( currentvalue )
|
||||
if resource.secret?
|
||||
return '[old secret redacted]'
|
||||
else
|
||||
return currentvalue
|
||||
end
|
||||
end
|
||||
|
||||
def should_to_s( newvalue )
|
||||
if resource.secret?
|
||||
return '[new secret redacted]'
|
||||
else
|
||||
return newvalue
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:secret, :boolean => true) do
|
||||
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
|
||||
|
||||
newvalues(:true, :false)
|
||||
|
||||
defaultto false
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -88,7 +88,7 @@ class nova::api(
|
|||
'filter:authtoken/auth_protocol': value => $auth_protocol;
|
||||
'filter:authtoken/admin_tenant_name': value => $admin_tenant_name;
|
||||
'filter:authtoken/admin_user': value => $admin_user;
|
||||
'filter:authtoken/admin_password': value => $admin_password;
|
||||
'filter:authtoken/admin_password': value => $admin_password, secret => true;
|
||||
}
|
||||
|
||||
if $auth_admin_prefix {
|
||||
|
|
|
@ -152,7 +152,9 @@ class nova(
|
|||
} else {
|
||||
fail("Invalid db connection ${sql_connection}")
|
||||
}
|
||||
nova_config { 'DEFAULT/sql_connection': value => $sql_connection }
|
||||
nova_config {
|
||||
'DEFAULT/sql_connection': value => $sql_connection, secret => true,
|
||||
}
|
||||
}
|
||||
|
||||
nova_config { 'DEFAULT/image_service': value => $image_service }
|
||||
|
@ -168,7 +170,7 @@ class nova(
|
|||
if $rpc_backend == 'nova.openstack.common.rpc.impl_kombu' {
|
||||
# I may want to support exporting and collecting these
|
||||
nova_config {
|
||||
'DEFAULT/rabbit_password': value => $rabbit_password;
|
||||
'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
|
||||
'DEFAULT/rabbit_userid': value => $rabbit_userid;
|
||||
'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
|
||||
}
|
||||
|
@ -193,7 +195,7 @@ class nova(
|
|||
'DEFAULT/qpid_hostname': value => $qpid_hostname;
|
||||
'DEFAULT/qpid_port': value => $qpid_port;
|
||||
'DEFAULT/qpid_username': value => $qpid_username;
|
||||
'DEFAULT/qpid_password': value => $qpid_password;
|
||||
'DEFAULT/qpid_password': value => $qpid_password, secret => true;
|
||||
'DEFAULT/qpid_reconnect': value => $qpid_reconnect;
|
||||
'DEFAULT/qpid_reconnect_timeout': value => $qpid_reconnect_timeout;
|
||||
'DEFAULT/qpid_reconnect_limit': value => $qpid_reconnect_limit;
|
||||
|
|
|
@ -64,7 +64,7 @@ class nova::network::quantum (
|
|||
'DEFAULT/quantum_admin_tenant_name': value => $quantum_admin_tenant_name;
|
||||
'DEFAULT/quantum_region_name': value => $quantum_region_name;
|
||||
'DEFAULT/quantum_admin_username': value => $quantum_admin_username;
|
||||
'DEFAULT/quantum_admin_password': value => $quantum_admin_password;
|
||||
'DEFAULT/quantum_admin_password': value => $quantum_admin_password, secret => true;
|
||||
'DEFAULT/quantum_admin_auth_url': value => $quantum_admin_auth_url;
|
||||
'DEFAULT/security_group_api': value => $security_group_api;
|
||||
'DEFAULT/firewall_driver': value => $firewall_driver;
|
||||
|
|
|
@ -24,7 +24,7 @@ class nova::volume::san (
|
|||
} else {
|
||||
nova_config {
|
||||
'DEFAULT/san_login': value => $san_login;
|
||||
'DEFAULT/san_password': value => $san_password;
|
||||
'DEFAULT/san_password': value => $san_password, secret => true;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ describe 'nova::api' do
|
|||
should contain_nova_paste_api_ini(
|
||||
'filter:authtoken/admin_user').with_value('nova')
|
||||
should contain_nova_paste_api_ini(
|
||||
'filter:authtoken/admin_password').with_value('passw0rd')
|
||||
'filter:authtoken/admin_password').with_value('passw0rd').with_secret(true)
|
||||
end
|
||||
it { should contain_nova_config('DEFAULT/ec2_listen').with('value' => '0.0.0.0') }
|
||||
it { should contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '0.0.0.0') }
|
||||
|
@ -107,7 +107,7 @@ describe 'nova::api' do
|
|||
should contain_nova_paste_api_ini(
|
||||
'filter:authtoken/admin_user').with_value('nova2')
|
||||
should contain_nova_paste_api_ini(
|
||||
'filter:authtoken/admin_password').with_value('passw0rd2')
|
||||
'filter:authtoken/admin_password').with_value('passw0rd2').with_secret(true)
|
||||
end
|
||||
it { should contain_nova_config('DEFAULT/ec2_listen').with('value' => '192.168.56.210') }
|
||||
it { should contain_nova_config('DEFAULT/osapi_compute_listen').with('value' => '192.168.56.210') }
|
||||
|
|
|
@ -62,9 +62,9 @@ describe 'nova' do
|
|||
it { should contain_nova_config('DEFAULT/auth_strategy').with_value('keystone') }
|
||||
it { should_not contain_nova_config('DEFAULT/use_deprecated_auth').with_value('false') }
|
||||
|
||||
it { should contain_nova_config('DEFAULT/rpc_backend').with_value('nova.openstack.common.rpc.impl_kombu') }
|
||||
it { should contain_nova_config('DEFAULT/rpc_backend').with_value('nova.openstack.common.rpc.impl_kombu') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_host').with_value('localhost') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_password').with_value('guest') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_password').with_value('guest').with_secret(true) }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_port').with_value('5672') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_hosts').with_value('localhost:5672') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value('false') }
|
||||
|
@ -103,7 +103,7 @@ describe 'nova' do
|
|||
|
||||
it { should contain_package('nova-common').with('ensure' => '2012.1.1-15.el6') }
|
||||
it { should contain_package('python-nova').with('ensure' => '2012.1.1-15.el6') }
|
||||
it { should contain_nova_config('DEFAULT/sql_connection').with_value('mysql://user:pass@db/db') }
|
||||
it { should contain_nova_config('DEFAULT/sql_connection').with_value('mysql://user:pass@db/db').with_secret(true) }
|
||||
|
||||
it { should contain_nova_config('DEFAULT/image_service').with_value('nova.image.local.LocalImageService') }
|
||||
it { should_not contain_nova_config('DEFAULT/glance_api_servers') }
|
||||
|
@ -112,7 +112,7 @@ describe 'nova' do
|
|||
it { should_not contain_nova_config('DEFAULT/use_deprecated_auth').with_value(true) }
|
||||
it { should contain_nova_config('DEFAULT/rpc_backend').with_value('nova.openstack.common.rpc.impl_kombu') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_host').with_value('rabbit') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_password').with_value('password') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_password').with_value('password').with_secret(true) }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_port').with_value('5673') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_userid').with_value('rabbit_user') }
|
||||
it { should contain_nova_config('DEFAULT/rabbit_virtual_host').with_value('/') }
|
||||
|
@ -175,7 +175,7 @@ describe 'nova' do
|
|||
it { should contain_nova_config('DEFAULT/qpid_hostname').with_value('localhost') }
|
||||
it { should contain_nova_config('DEFAULT/qpid_port').with_value('5672') }
|
||||
it { should contain_nova_config('DEFAULT/qpid_username').with_value('guest') }
|
||||
it { should contain_nova_config('DEFAULT/qpid_password').with_value('guest') }
|
||||
it { should contain_nova_config('DEFAULT/qpid_password').with_value('guest').with_secret(true) }
|
||||
it { should contain_nova_config('DEFAULT/qpid_reconnect').with_value('true') }
|
||||
it { should contain_nova_config('DEFAULT/qpid_reconnect_timeout').with_value('0') }
|
||||
it { should contain_nova_config('DEFAULT/qpid_reconnect_limit').with_value('0') }
|
||||
|
|
|
@ -20,7 +20,7 @@ describe 'nova::network::quantum' do
|
|||
|
||||
context 'with required parameters' do
|
||||
it 'configures quantum endpoint in nova.conf' do
|
||||
should contain_nova_config('DEFAULT/quantum_admin_password').with_value(params[:quantum_admin_password])
|
||||
should contain_nova_config('DEFAULT/quantum_admin_password').with_value(params[:quantum_admin_password]).with_secret(true)
|
||||
should contain_nova_config('DEFAULT/network_api_class').with_value('nova.network.quantumv2.api.API')
|
||||
should contain_nova_config('DEFAULT/quantum_auth_strategy').with_value(default_params[:quantum_auth_strategy])
|
||||
should contain_nova_config('DEFAULT/quantum_url').with_value(default_params[:quantum_url])
|
||||
|
@ -50,7 +50,7 @@ describe 'nova::network::quantum' do
|
|||
|
||||
it 'configures quantum endpoint in nova.conf' do
|
||||
should contain_nova_config('DEFAULT/quantum_auth_strategy').with_value(default_params[:quantum_auth_strategy])
|
||||
should contain_nova_config('DEFAULT/quantum_admin_password').with_value(params[:quantum_admin_password])
|
||||
should contain_nova_config('DEFAULT/quantum_admin_password').with_value(params[:quantum_admin_password]).with_secret(true)
|
||||
should contain_nova_config('DEFAULT/network_api_class').with_value('nova.network.quantumv2.api.API')
|
||||
should contain_nova_config('DEFAULT/quantum_url').with_value(params[:quantum_url])
|
||||
should contain_nova_config('DEFAULT/quantum_admin_tenant_name').with_value(params[:quantum_admin_tenant_name])
|
||||
|
|
Loading…
Reference in New Issue