From b7e8f8f9d364319548f6f06a874d12f11530bf63 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Mon, 27 Apr 2020 08:08:38 -0500 Subject: [PATCH] Add toggle for sensitive data within octavia This change will allow deployers to expose sensitive data as needed. Change-Id: I717b34920ab0129a2bac287015a6cd1053c7e1c9 Signed-off-by: Kevin Carter --- .../defaults/main.yml | 19 +++++++++++++++++++ .../tasks/certificate.yml | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 tripleo_ansible/roles/octavia_controller_config/defaults/main.yml diff --git a/tripleo_ansible/roles/octavia_controller_config/defaults/main.yml b/tripleo_ansible/roles/octavia_controller_config/defaults/main.yml new file mode 100644 index 000000000..1d0029aba --- /dev/null +++ b/tripleo_ansible/roles/octavia_controller_config/defaults/main.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should be placed in this file. +octavia_controller_config_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" diff --git a/tripleo_ansible/roles/octavia_controller_config/tasks/certificate.yml b/tripleo_ansible/roles/octavia_controller_config/tasks/certificate.yml index 18a2fd0c8..72b338059 100644 --- a/tripleo_ansible/roles/octavia_controller_config/tasks/certificate.yml +++ b/tripleo_ansible/roles/octavia_controller_config/tasks/certificate.yml @@ -15,7 +15,7 @@ dest: "{{ octavia_confd_prefix }}/{{ item.path }}" selevel: s0 setype: svirt_sandbox_file_t - no_log: true + no_log: "{{ octavia_controller_config_hide_sensitive_logs | bool }}" loop: - content: "{{ private_key_content }}" path: "{{ ca_private_key_path }}"