From 73fbe1e1215615a1470b55b625b399cf17beae8b Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Tue, 17 Sep 2013 15:13:25 -0700 Subject: [PATCH] Set NoEcho: true for parameters containing secrets This prevents secret values being returned for stack-show. Change-Id: I82eff26fda31511b66c6371f6ded2a5fb559f3fb Fixes-Bug: #1226730 --- base.yaml | 1 + nagios3.yaml | 4 ++++ notcompute.yaml | 11 +++++++++++ nova-compute-group.yaml | 2 ++ nova-compute-instance.yaml | 3 +++ overcloud-source.yaml | 6 ++++++ undercloud-vm.yaml | 5 +++++ 7 files changed, 32 insertions(+) diff --git a/base.yaml b/base.yaml index 640796d26b..f1e8967d38 100644 --- a/base.yaml +++ b/base.yaml @@ -7,6 +7,7 @@ Parameters: KeystoneAdminToken: Description: Admin Token needed for keystone Type: String + NoEcho: true Resources: RabbitMQ: Type: AWS::CloudFormation::Stack diff --git a/nagios3.yaml b/nagios3.yaml index 5c36329e73..e60eb55927 100644 --- a/nagios3.yaml +++ b/nagios3.yaml @@ -9,6 +9,7 @@ Parameters: Description: Password for nagiosadmin web admin user. Type: String Default: nagiosadmin + NoEcho: true NovaHostIp: Description: nova ip. Type: String @@ -17,6 +18,7 @@ Parameters: Description: nova OS_PASSWORD. Type: String Default: unset + NoEcho: true NovaOsUsername: Description: nova OS_USERNAME. Type: String @@ -40,11 +42,13 @@ Parameters: Apache2SnakeoilPem: Description: Snakeoil PEM file. Type: String + NoEcho: true Default: | ----- BEGIN PlaceHolder... Apache2SnakeoilKey: Description: Snakeoil Key file. Type: String + NoEcho: true Default: | ----- BEGIN PlaceHolder... PostfixMailHostname: diff --git a/notcompute.yaml b/notcompute.yaml index 6eb86f8758..ef339361ba 100644 --- a/notcompute.yaml +++ b/notcompute.yaml @@ -8,6 +8,7 @@ Parameters: Default: '' Description: Password to use for mysqldump from Bootstrap Host Type: String + NoEcho: true BootstrapHost: Default: '' Description: Load mysqldump from this Host @@ -16,10 +17,12 @@ Parameters: Default: '' Description: Root password for localhost access after bootstrap Type: String + NoEcho: true BootstrapSlavePassword: Default: '' Description: Password to use with BootstrapSlaveUser Type: String + NoEcho: true BootstrapSlaveUser: Default: '' Description: User to use for replication from bootstrap host @@ -27,9 +30,11 @@ Parameters: GlanceDBPassword: Description: Password for connecting to glance database Type: String + NoEcho: true HeatDBPassword: Description: Password for accessing Heat database. Type: String + NoEcho: true InstanceType: Default: baremetal Description: Use this flavor @@ -41,26 +46,32 @@ Parameters: KeystoneDBPassword: Description: Password for connecting to keystone Type: String + NoEcho: true NovaDBPassword: Description: Password for connecting to nova database Type: String + NoEcho: true NovaInterfaces: Default: eth0 Type: String NeutronDBPassword: Description: Password for connecting to neutron database Type: String + NoEcho: true NeutronInterfaces: Default: eth0 Type: String RabbitMQPassword: Description: Password for RabbitMQ Type: String + NoEcho: true RabbitPassword: Type: String + NoEcho: true ServicePassword: Description: admin_password for setting up auth in nova. Type: String + NoEcho: true notcomputeImage: Type: String Resources: diff --git a/nova-compute-group.yaml b/nova-compute-group.yaml index 03fd476e02..99420280d8 100644 --- a/nova-compute-group.yaml +++ b/nova-compute-group.yaml @@ -17,12 +17,14 @@ Parameters: ServicePassword: Description: admin_password for setting up auth in nova. Type: String + NoEcho: true NeutronHost: Type: String RabbitHost: Type: String RabbitPassword: Type: String + NoEcho: true NovaInterfaces: Type: String Default: eth0 diff --git a/nova-compute-instance.yaml b/nova-compute-instance.yaml index 62f3b29c1b..f027f3b500 100644 --- a/nova-compute-instance.yaml +++ b/nova-compute-instance.yaml @@ -5,6 +5,7 @@ Parameters: Default: unset Description: The password for the keystone admin account, used for monitoring, querying neutron etc. Type: String + NoEcho: true KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: String @@ -24,6 +25,7 @@ Parameters: Type: String RabbitPassword: Type: String + NoEcho: true NovaInterfaces: Type: String Default: eth0 @@ -39,6 +41,7 @@ Parameters: Default: unset Description: The password for the nova service account, used by nova-api. Type: String + NoEcho: true GlanceHost: Type: String NovaDSN: diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 3298e69f49..442a21eeac 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -6,6 +6,7 @@ Parameters: Default: unset Description: The password for the keystone admin account, used for monitoring, querying neutron etc. Type: String + NoEcho: true AdminToken: Default: unset Description: The keystone auth secret. @@ -14,6 +15,7 @@ Parameters: Default: unset Description: The password for the cinder service account, used by cinder-api. Type: String + NoEcho: true Flavor: Default: baremetal Description: Flavor to request when deploying. @@ -22,10 +24,12 @@ Parameters: Default: unset Description: The password for the glance service account, used by the glance services. Type: String + NoEcho: true HeatPassword: Default: unset Description: The password for the Heat service account, used by the Heat services. Type: String + NoEcho: true KeyName: Default: default Description: Name of an existing EC2 KeyPair to enable SSH access to the instances @@ -34,6 +38,7 @@ Parameters: Default: unset Description: The password for the neutron service account, used by neutron agents. Type: String + NoEcho: true NovaComputeDriver: Default: libvirt.LibvirtDriver Type: String @@ -50,6 +55,7 @@ Parameters: Default: unset Description: The password for the nova service account, used by nova-api. Type: String + NoEcho: true PowerUserName: Default: stack Description: What username to ssh to the virtual power host with. diff --git a/undercloud-vm.yaml b/undercloud-vm.yaml index 8fda08fb13..58c9dbe1cb 100644 --- a/undercloud-vm.yaml +++ b/undercloud-vm.yaml @@ -5,6 +5,7 @@ Parameters: Default: unset Description: The password for the keystone admin account, used for monitoring, querying neutron etc. Type: String + NoEcho: true AdminToken: Default: unset Description: The keystone auth secret. @@ -21,6 +22,7 @@ Parameters: Default: unset Description: The password for the glance service account, used by the glance services. Type: String + NoEcho: true KeyName: Default: default Description: Name of an existing EC2 KeyPair to enable SSH access to the instances @@ -29,6 +31,7 @@ Parameters: Default: unset Description: The password for the Heat service account, used by the Heat services. Type: String + NoEcho: true Image: Default: undercloud Type: String @@ -36,10 +39,12 @@ Parameters: Default: unset Description: The password for the neutron service account, used by neutron agents. Type: String + NoEcho: true NovaPassword: Default: unset Description: The password for the nova service account, used by nova-api. Type: String + NoEcho: true PowerUserName: Default: stack Description: What username to ssh to the virtual power host with.