From 0a7317adce509b697281d233fe63b16d0f129a3f Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Wed, 27 Apr 2022 15:01:59 +0900
Subject: [PATCH] Do not show passphrase even if it is invalid

... even when validation fails. Showing the invalid passphrase might
allow people to guess the correct one.

Change-Id: Ida326ccb72759d843cff95ffc72f7ffb9c4cf71a
(cherry picked from commit 314bfff89c38a8b669aa07947501a6054105c8ff)
(cherry picked from commit c24f796402a7e3af59b6dcf109040d17f3c31122)
---
 manifests/certificates.pp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/manifests/certificates.pp b/manifests/certificates.pp
index 1c7281dd..bd92d83e 100644
--- a/manifests/certificates.pp
+++ b/manifests/certificates.pp
@@ -109,13 +109,15 @@ class octavia::certificates (
     'haproxy_amphora/client_cert'              : value => $client_cert;
     'haproxy_amphora/server_ca'                : value => $ca_certificate;
   }
+
   if !$server_certs_key_passphrase  {
     fail('server_certs_key_passphrase is required for Octavia. Please provide a 32 characters passphrase.')
   }
+
   if length($server_certs_key_passphrase)!=32 {
-      fail("The passphrase '${server_certs_key_passphrase}' is invalid for server_certs_key_passphrase. Please provide a 32 characters
-      passphrase.")
+    fail('server_certs_key_passphrase must be 32 characters long.')
   }
+
   # The file creation will create the parent directory for each file if necessary, but
   # only to one level.
   if $ca_certificate_data {