openstack/puppet-swift
Code Issues Proposed changes

tempauth: Do not log account information

Browse Source 
... to avoid leaking passwords.

Change-Id: Ie16a2950f0d7d6727354bd5d7313b83adcd547ff
This commit is contained in:
Takashi Kajinami
2023-04-07 11:51:43 +09:00
parent ed15de5bf3
commit f819119a69
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/proxy/tempauth_account.pp
View File

@@ -19,7 +19,7 @@ define swift::proxy::tempauth_account() {
$account_data = strip(split($title,',')) $account_data = strip(split($title,','))
if $account_data[0] != '' { if $account_data[0] != '' {
swift_proxy_config { swift_proxy_config {
"filter:tempauth/${account_data[0]}": value => $account_data[1]; "filter:tempauth/${account_data[0]}": value => $account_data[1], secret => true;
} }
} }
} }

10
spec/classes/swift_proxy_tempauth_spec.rb
View File

@@ -7,7 +7,7 @@ describe 'swift::proxy::tempauth' do
{ {
'user' => 'admin', 'user' => 'admin',
'account' => 'admin', 'account' => 'admin',
'key' => 'admin', 'key' => 'adminpass',
'groups' => [ 'admin', 'reseller_admin' ], 'groups' => [ 'admin', 'reseller_admin' ],
}, },
] ]
@@ -17,7 +17,7 @@ describe 'swift::proxy::tempauth' do
let :params do default_params end let :params do default_params end
it { is_expected.to contain_swift_proxy_config('filter:tempauth/use').with_value('egg:swift#tempauth') } it { is_expected.to contain_swift_proxy_config('filter:tempauth/use').with_value('egg:swift#tempauth') }
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') } it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('') } it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('') }
it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/token_life').with_value('') } it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/token_life').with_value('') }
@@ -30,7 +30,7 @@ describe 'swift::proxy::tempauth' do
{ {
'user' => 'admin', 'user' => 'admin',
'account' => 'admin', 'account' => 'admin',
'key' => 'admin', 'key' => 'adminpass',
'groups' => [ 'admin', 'reseller_admin' ], 'groups' => [ 'admin', 'reseller_admin' ],
}, },
{ {
@@ -42,8 +42,8 @@ describe 'swift::proxy::tempauth' do
] ]
} end } end
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') } it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin') } it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin').with_secret(true) }
end end
context 'when group is empty' do context 'when group is empty' do

4
spec/defines/swift_proxy_tempauth_account_spec.rb
View File

@@ -3,11 +3,11 @@ require 'spec_helper'
describe 'swift::proxy::tempauth_account' do describe 'swift::proxy::tempauth_account' do
shared_examples 'swift::proxy::tempauth_account' do shared_examples 'swift::proxy::tempauth_account' do
let :title do let :title do
' user_admin_admin, admin .admin .reseller_admin' ' user_admin_admin, adminpass .admin .reseller_admin'
end end
describe 'when passing in a string containing "user_<account>_<user>, <key> .<group1> .<groupx>"' do describe 'when passing in a string containing "user_<account>_<user>, <key> .<group1> .<groupx>"' do
it { should contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') } it { should contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
end end
end end