tempauth: Do not log account information

... to avoid leaking passwords.

Change-Id: Ie16a2950f0d7d6727354bd5d7313b83adcd547ff
This commit is contained in:
Takashi Kajinami
2023-04-07 11:51:43 +09:00
parent ed15de5bf3
commit f819119a69
3 changed files with 8 additions and 8 deletions

View File

@@ -19,7 +19,7 @@ define swift::proxy::tempauth_account() {
$account_data = strip(split($title,','))
if $account_data[0] != '' {
swift_proxy_config {
"filter:tempauth/${account_data[0]}": value => $account_data[1];
"filter:tempauth/${account_data[0]}": value => $account_data[1], secret => true;
}
}
}

View File

@@ -7,7 +7,7 @@ describe 'swift::proxy::tempauth' do
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'key' => 'adminpass',
'groups' => [ 'admin', 'reseller_admin' ],
},
]
@@ -17,7 +17,7 @@ describe 'swift::proxy::tempauth' do
let :params do default_params end
it { is_expected.to contain_swift_proxy_config('filter:tempauth/use').with_value('egg:swift#tempauth') }
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('') }
it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/token_life').with_value('') }
@@ -30,7 +30,7 @@ describe 'swift::proxy::tempauth' do
{
'user' => 'admin',
'account' => 'admin',
'key' => 'admin',
'key' => 'adminpass',
'groups' => [ 'admin', 'reseller_admin' ],
},
{
@@ -42,8 +42,8 @@ describe 'swift::proxy::tempauth' do
]
} end
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin') }
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin').with_secret(true) }
end
context 'when group is empty' do

View File

@@ -3,11 +3,11 @@ require 'spec_helper'
describe 'swift::proxy::tempauth_account' do
shared_examples 'swift::proxy::tempauth_account' do
let :title do
' user_admin_admin, admin .admin .reseller_admin'
' user_admin_admin, adminpass .admin .reseller_admin'
end
describe 'when passing in a string containing "user_<account>_<user>, <key> .<group1> .<groupx>"' do
it { should contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
it { should contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
end
end