Merge "certificates: Passphrase parameters should be secret" into stable/2023.2
This commit is contained in:
commit
addb4da3bf
|
@ -131,8 +131,8 @@ class octavia::certificates (
|
||||||
'certificates/endpoint_type' : value => $endpoint_type;
|
'certificates/endpoint_type' : value => $endpoint_type;
|
||||||
'certificates/ca_certificate' : value => $ca_certificate;
|
'certificates/ca_certificate' : value => $ca_certificate;
|
||||||
'certificates/ca_private_key' : value => $ca_private_key;
|
'certificates/ca_private_key' : value => $ca_private_key;
|
||||||
'certificates/server_certs_key_passphrase' : value => $server_certs_key_passphrase;
|
'certificates/server_certs_key_passphrase' : value => $server_certs_key_passphrase, secret => true;
|
||||||
'certificates/ca_private_key_passphrase' : value => $ca_private_key_passphrase;
|
'certificates/ca_private_key_passphrase' : value => $ca_private_key_passphrase, secret => true;
|
||||||
'certificates/signing_digest' : value => $signing_digest;
|
'certificates/signing_digest' : value => $signing_digest;
|
||||||
'certificates/cert_validity_time' : value => $cert_validity_time;
|
'certificates/cert_validity_time' : value => $cert_validity_time;
|
||||||
'controller_worker/client_ca' : value => $client_ca_real;
|
'controller_worker/client_ca' : value => $client_ca_real;
|
||||||
|
|
|
@ -14,7 +14,8 @@ describe 'octavia::certificates' do
|
||||||
is_expected.to contain_octavia_config('certificates/endpoint_type').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_octavia_config('certificates/endpoint_type').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('insecure-key-do-not-use-this-key').with_secret(true)
|
||||||
|
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('<SERVICE DEFAULT>').with_secret(true)
|
||||||
is_expected.to contain_octavia_config('certificates/signing_digest').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_octavia_config('certificates/signing_digest').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_octavia_config('certificates/cert_validity_time').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_octavia_config('certificates/cert_validity_time').with_value('<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
|
@ -55,8 +56,8 @@ describe 'octavia::certificates' do
|
||||||
is_expected.to contain_octavia_config('certificates/endpoint_type').with_value('internalURL')
|
is_expected.to contain_octavia_config('certificates/endpoint_type').with_value('internalURL')
|
||||||
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('/etc/octavia/ca.pem')
|
is_expected.to contain_octavia_config('certificates/ca_certificate').with_value('/etc/octavia/ca.pem')
|
||||||
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('/etc/octavia/key.pem')
|
is_expected.to contain_octavia_config('certificates/ca_private_key').with_value('/etc/octavia/key.pem')
|
||||||
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('insecure-key-do-not-use-this-key')
|
is_expected.to contain_octavia_config('certificates/server_certs_key_passphrase').with_value('insecure-key-do-not-use-this-key').with_secret(true)
|
||||||
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('secure123')
|
is_expected.to contain_octavia_config('certificates/ca_private_key_passphrase').with_value('secure123').with_secret(true)
|
||||||
is_expected.to contain_octavia_config('certificates/signing_digest').with_value('sha256')
|
is_expected.to contain_octavia_config('certificates/signing_digest').with_value('sha256')
|
||||||
is_expected.to contain_octavia_config('certificates/cert_validity_time').with_value(2592000)
|
is_expected.to contain_octavia_config('certificates/cert_validity_time').with_value(2592000)
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue