Set NoEcho: true for parameters containing secrets

This prevents secret values being returned for stack-show. Change-Id: I82eff26fda31511b66c6371f6ded2a5fb559f3fb Fixes-Bug: #1226730
2013-09-17 15:13:25 -07:00 · 2013-09-17 15:13:25 -07:00 · 73fbe1e121
commit 73fbe1e121
parent c2051996bc
7 changed files with 32 additions and 0 deletions
--- a/base.yaml
+++ b/base.yaml
@ -7,6 +7,7 @@ Parameters:
  KeystoneAdminToken:
    Description: Admin Token needed for keystone
    Type: String
+    NoEcho: true
 Resources:
  RabbitMQ:
    Type: AWS::CloudFormation::Stack
--- a/nagios3.yaml
+++ b/nagios3.yaml
@ -9,6 +9,7 @@ Parameters:
    Description: Password for nagiosadmin web admin user.
    Type: String
    Default: nagiosadmin
+    NoEcho: true
  NovaHostIp:
    Description: nova ip.
    Type: String
@ -17,6 +18,7 @@ Parameters:
    Description: nova OS_PASSWORD.
    Type: String
    Default: unset
+    NoEcho: true
  NovaOsUsername:
    Description: nova OS_USERNAME.
    Type: String
@ -40,11 +42,13 @@ Parameters:
  Apache2SnakeoilPem:
    Description: Snakeoil PEM file.
    Type: String
+    NoEcho: true
    Default: |
      -----  BEGIN PlaceHolder...
  Apache2SnakeoilKey:
    Description: Snakeoil Key file.
    Type: String
+    NoEcho: true
    Default: |
      -----  BEGIN PlaceHolder...
  PostfixMailHostname:
--- a/notcompute.yaml
+++ b/notcompute.yaml
@ -8,6 +8,7 @@ Parameters:
    Default: ''
    Description: Password to use for mysqldump from Bootstrap Host
    Type: String
+    NoEcho: true
  BootstrapHost:
    Default: ''
    Description: Load mysqldump from this Host
@ -16,10 +17,12 @@ Parameters:
    Default: ''
    Description: Root password for localhost access after bootstrap
    Type: String
+    NoEcho: true
  BootstrapSlavePassword:
    Default: ''
    Description: Password to use with BootstrapSlaveUser
    Type: String
+    NoEcho: true
  BootstrapSlaveUser:
    Default: ''
    Description: User to use for replication from bootstrap host
@ -27,9 +30,11 @@ Parameters:
  GlanceDBPassword:
    Description: Password for connecting to glance database
    Type: String
+    NoEcho: true
  HeatDBPassword:
    Description: Password for accessing Heat database.
    Type: String
+    NoEcho: true
  InstanceType:
    Default: baremetal
    Description: Use this flavor
@ -41,26 +46,32 @@ Parameters:
  KeystoneDBPassword:
    Description: Password for connecting to keystone
    Type: String
+    NoEcho: true
  NovaDBPassword:
    Description: Password for connecting to nova database
    Type: String
+    NoEcho: true
  NovaInterfaces:
    Default: eth0
    Type: String
  NeutronDBPassword:
    Description: Password for connecting to neutron database
    Type: String
+    NoEcho: true
  NeutronInterfaces:
    Default: eth0
    Type: String
  RabbitMQPassword:
    Description: Password for RabbitMQ
    Type: String
+    NoEcho: true
  RabbitPassword:
    Type: String
+    NoEcho: true
  ServicePassword:
    Description: admin_password for setting up auth in nova.
    Type: String
+    NoEcho: true
  notcomputeImage:
    Type: String
 Resources:
--- a/nova-compute-group.yaml
+++ b/nova-compute-group.yaml
@ -17,12 +17,14 @@ Parameters:
  ServicePassword:
    Description: admin_password for setting up auth in nova.
    Type: String
+    NoEcho: true
  NeutronHost:
    Type: String
  RabbitHost:
    Type: String
  RabbitPassword:
    Type: String
+    NoEcho: true
  NovaInterfaces:
    Type: String
    Default: eth0
--- a/nova-compute-instance.yaml
+++ b/nova-compute-instance.yaml
@ -5,6 +5,7 @@ Parameters:
    Default: unset
    Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
    Type: String
+    NoEcho: true
  KeyName: 
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
    Type: String
@ -24,6 +25,7 @@ Parameters:
    Type: String
  RabbitPassword:
    Type: String
+    NoEcho: true
  NovaInterfaces:
    Type: String
    Default: eth0
@ -39,6 +41,7 @@ Parameters:
    Default: unset
    Description: The password for the nova service account, used by nova-api.
    Type: String
+    NoEcho: true
  GlanceHost:
    Type: String
  NovaDSN:
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@ -6,6 +6,7 @@ Parameters:
    Default: unset
    Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
    Type: String
+    NoEcho: true
  AdminToken:
    Default: unset
    Description: The keystone auth secret.
@ -14,6 +15,7 @@ Parameters:
    Default: unset
    Description: The password for the cinder service account, used by cinder-api.
    Type: String
+    NoEcho: true
  Flavor:
    Default: baremetal
    Description: Flavor to request when deploying.
@ -22,10 +24,12 @@ Parameters:
    Default: unset
    Description: The password for the glance service account, used by the glance services.
    Type: String
+    NoEcho: true
  HeatPassword:
    Default: unset
    Description: The password for the Heat service account, used by the Heat services.
    Type: String
+    NoEcho: true
  KeyName:
    Default: default
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@ -34,6 +38,7 @@ Parameters:
    Default: unset
    Description: The password for the neutron service account, used by neutron agents.
    Type: String
+    NoEcho: true
  NovaComputeDriver:
    Default: libvirt.LibvirtDriver
    Type: String
@ -50,6 +55,7 @@ Parameters:
    Default: unset
    Description: The password for the nova service account, used by nova-api.
    Type: String
+    NoEcho: true
  PowerUserName:
    Default: stack
    Description: What username to ssh to the virtual power host with.
--- a/undercloud-vm.yaml
+++ b/undercloud-vm.yaml
@ -5,6 +5,7 @@ Parameters:
    Default: unset
    Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
    Type: String
+    NoEcho: true
  AdminToken:
    Default: unset
    Description: The keystone auth secret.
@ -21,6 +22,7 @@ Parameters:
    Default: unset
    Description: The password for the glance service account, used by the glance services.
    Type: String
+    NoEcho: true
  KeyName:
    Default: default
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@ -29,6 +31,7 @@ Parameters:
    Default: unset
    Description: The password for the Heat service account, used by the Heat services.
    Type: String
+    NoEcho: true
  Image:
    Default: undercloud
    Type: String
@ -36,10 +39,12 @@ Parameters:
    Default: unset
    Description: The password for the neutron service account, used by neutron agents.
    Type: String
+    NoEcho: true
  NovaPassword:
    Default: unset
    Description: The password for the nova service account, used by nova-api.
    Type: String
+    NoEcho: true
  PowerUserName:
    Default: stack
    Description: What username to ssh to the virtual power host with.