From d0841061311bdbafa877da45000102906732a8dd Mon Sep 17 00:00:00 2001
From: Spyros Trigazis <spyridon.trigazis@cern.ch>
Date: Thu, 30 Aug 2018 16:05:09 +0200
Subject: [PATCH] Make ironic password a secret

Change-Id: I06a82a8718cb36016485ee2160459a370cc33c60
---
 manifests/ironic/common.pp              | 2 +-
 spec/classes/nova_ironic_common_spec.rb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/manifests/ironic/common.pp b/manifests/ironic/common.pp
index 2fe5b5f80..a6e855e0b 100644
--- a/manifests/ironic/common.pp
+++ b/manifests/ironic/common.pp
@@ -56,7 +56,7 @@ class nova::ironic::common (
   nova_config {
     'ironic/auth_plugin':          value => $auth_plugin;
     'ironic/username':             value => $username;
-    'ironic/password':             value => $password;
+    'ironic/password':             value => $password, secret => true;
     'ironic/auth_url':             value => $auth_url;
     'ironic/project_name':         value => $project_name;
     'ironic/api_endpoint':         value => $api_endpoint;
diff --git a/spec/classes/nova_ironic_common_spec.rb b/spec/classes/nova_ironic_common_spec.rb
index 7c6447d3b..d3ad4db3d 100644
--- a/spec/classes/nova_ironic_common_spec.rb
+++ b/spec/classes/nova_ironic_common_spec.rb
@@ -8,7 +8,7 @@ describe 'nova::ironic::common' do
       it 'configures ironic in nova.conf' do
         is_expected.to contain_nova_config('ironic/auth_plugin').with_value('password')
         is_expected.to contain_nova_config('ironic/username').with_value('admin')
-        is_expected.to contain_nova_config('ironic/password').with_value('ironic')
+        is_expected.to contain_nova_config('ironic/password').with_value('ironic').with_secret(true)
         is_expected.to contain_nova_config('ironic/auth_url').with_value('http://127.0.0.1:5000/')
         is_expected.to contain_nova_config('ironic/project_name').with_value('services')
         is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://127.0.0.1:6385/v1')
@@ -38,7 +38,7 @@ describe 'nova::ironic::common' do
       it 'configures ironic in nova.conf' do
         is_expected.to contain_nova_config('ironic/auth_plugin').with_value('password')
         is_expected.to contain_nova_config('ironic/username').with_value('ironic')
-        is_expected.to contain_nova_config('ironic/password').with_value('s3cr3t')
+        is_expected.to contain_nova_config('ironic/password').with_value('s3cr3t').with_secret(true)
         is_expected.to contain_nova_config('ironic/auth_url').with_value('http://10.0.0.10:5000/')
         is_expected.to contain_nova_config('ironic/project_name').with_value('services2')
         is_expected.to contain_nova_config('ironic/api_endpoint').with_value('http://10.0.0.10:6385/v1')