From a56b33a9d2608a9fe5e2bc37bd456e8d0ae6b30e Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Wed, 27 Apr 2022 15:01:59 +0900
Subject: [PATCH] Do not show passphrase even if it is invalid

... even when validation fails. Showing the invalid passphrase might
allow people to guess the correct one.

Change-Id: Ida326ccb72759d843cff95ffc72f7ffb9c4cf71a
(cherry picked from commit 314bfff89c38a8b669aa07947501a6054105c8ff)
(cherry picked from commit c24f796402a7e3af59b6dcf109040d17f3c31122)
(cherry picked from commit 0a7317adce509b697281d233fe63b16d0f129a3f)
(cherry picked from commit 86f040735a3a68eadaa615422228544fbf493d72)
(cherry picked from commit 0a29502274ac4559a9e9e2703fc6a033fa466279)
(cherry picked from commit 52771825e27bd2d90de66b5e714a488e71d4327e)
---
 manifests/certificates.pp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/manifests/certificates.pp b/manifests/certificates.pp
index 813e41f1..be6f61f7 100644
--- a/manifests/certificates.pp
+++ b/manifests/certificates.pp
@@ -109,13 +109,15 @@ class octavia::certificates (
     'haproxy_amphora/client_cert'              : value => $client_cert;
     'haproxy_amphora/server_ca'                : value => $ca_certificate;
   }
+
   if !$server_certs_key_passphrase  {
     fail('server_certs_key_passphrase is required for Octavia. Please provide a 32 characters passphrase.')
   }
+
   if length($server_certs_key_passphrase)!=32 {
-      fail("The passphrase '${server_certs_key_passphrase}' is invalid for server_certs_key_passphrase. Please provide a 32 characters
-      passphrase.")
+    fail('server_certs_key_passphrase must be 32 characters long.')
   }
+
   # The file creation will create the parent directory for each file if necessary, but
   # only to one level.
   if $ca_certificate_data {