16ce2f30de
There is cases when a command times out or when it fails that we and Puppet [1] will output the raw command that was executed. For a user create command that output contains the --password argument passed down to openstack CLI which causes sensitive passwords to be leaked into log files of the system executing Puppet, these can then be shipped of from the system into a remote syslog and still be in plain text. This tries to use Ruby gsub with a regular expression matching the two cases and instead output [redacted secret] the same way we do with config provider. [1] https://github.com/puppetlabs/puppet/blob/main/lib/puppet/util/execution.rb#L286 Change-Id: I4cad8f88fc7b67bb7aa4330832fc47bac41ae9df |
||
---|---|---|
.. | ||
openstack | ||
openstack_config | ||
policy_rcd | ||
openstack_spec.rb |