Do not show passphrase even if it is invalid

... even when validation fails. Showing the invalid passphrase might allow people to guess the correct one. Change-Id: Ida326ccb72759d843cff95ffc72f7ffb9c4cf71a (cherry picked from commit 314bfff89c) (cherry picked from commit c24f796402) (cherry picked from commit 0a7317adce)
2022-04-27 15:01:59 +09:00 · 2022-04-27 15:01:59 +09:00 · 86f040735a
parent 36e13e563e
commit 86f040735a
1 changed files with 4 additions and 2 deletions
--- a/manifests/certificates.pp
+++ b/manifests/certificates.pp
@ -109,13 +109,15 @@ class octavia::certificates (
    'haproxy_amphora/client_cert'              : value => $client_cert;
    'haproxy_amphora/server_ca'                : value => $ca_certificate;
  }
+
  if !$server_certs_key_passphrase  {
    fail('server_certs_key_passphrase is required for Octavia. Please provide a 32 characters passphrase.')
  }
+
  if length($server_certs_key_passphrase)!=32 {
-      fail("The passphrase '${server_certs_key_passphrase}' is invalid for server_certs_key_passphrase. Please provide a 32 characters
-      passphrase.")
+    fail('server_certs_key_passphrase must be 32 characters long.')
  }
+
  # The file creation will create the parent directory for each file if necessary, but
  # only to one level.
  if $ca_certificate_data {