openstack/tripleo-heat-templates
Code Issues Proposed changes

Set NoEcho: true for parameters containing secrets

Browse Source 
This prevents secret values being returned for stack-show.

Change-Id: I82eff26fda31511b66c6371f6ded2a5fb559f3fb
Fixes-Bug: #1226730
This commit is contained in:
Steve Baker 2013-09-17 15:13:25 -07:00
parent c2051996bc
commit 73fbe1e121
7 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
base.yaml
View File

@ -7,6 +7,7 @@ Parameters:
KeystoneAdminToken: KeystoneAdminToken:
Description: Admin Token needed for keystone Description: Admin Token needed for keystone
Type: String Type: String
NoEcho: true
Resources: Resources:
RabbitMQ: RabbitMQ:
Type: AWS::CloudFormation::Stack Type: AWS::CloudFormation::Stack

4
nagios3.yaml
View File

@ -9,6 +9,7 @@ Parameters:
Description: Password for nagiosadmin web admin user. Description: Password for nagiosadmin web admin user.
Type: String Type: String
Default: nagiosadmin Default: nagiosadmin
NoEcho: true
NovaHostIp: NovaHostIp:
Description: nova ip. Description: nova ip.
Type: String Type: String
@ -17,6 +18,7 @@ Parameters:
Description: nova OS_PASSWORD. Description: nova OS_PASSWORD.
Type: String Type: String
Default: unset Default: unset
NoEcho: true
NovaOsUsername: NovaOsUsername:
Description: nova OS_USERNAME. Description: nova OS_USERNAME.
Type: String Type: String
@ -40,11 +42,13 @@ Parameters:
Apache2SnakeoilPem: Apache2SnakeoilPem:
Description: Snakeoil PEM file. Description: Snakeoil PEM file.
Type: String Type: String
NoEcho: true
Default: | Default: |
----- BEGIN PlaceHolder... ----- BEGIN PlaceHolder...
Apache2SnakeoilKey: Apache2SnakeoilKey:
Description: Snakeoil Key file. Description: Snakeoil Key file.
Type: String Type: String
NoEcho: true
Default: | Default: |
----- BEGIN PlaceHolder... ----- BEGIN PlaceHolder...
PostfixMailHostname: PostfixMailHostname:

11
notcompute.yaml
View File

@ -8,6 +8,7 @@ Parameters:
Default: '' Default: ''
Description: Password to use for mysqldump from Bootstrap Host Description: Password to use for mysqldump from Bootstrap Host
Type: String Type: String
NoEcho: true
BootstrapHost: BootstrapHost:
Default: '' Default: ''
Description: Load mysqldump from this Host Description: Load mysqldump from this Host
@ -16,10 +17,12 @@ Parameters:
Default: '' Default: ''
Description: Root password for localhost access after bootstrap Description: Root password for localhost access after bootstrap
Type: String Type: String
NoEcho: true
BootstrapSlavePassword: BootstrapSlavePassword:
Default: '' Default: ''
Description: Password to use with BootstrapSlaveUser Description: Password to use with BootstrapSlaveUser
Type: String Type: String
NoEcho: true
BootstrapSlaveUser: BootstrapSlaveUser:
Default: '' Default: ''
Description: User to use for replication from bootstrap host Description: User to use for replication from bootstrap host
@ -27,9 +30,11 @@ Parameters:
GlanceDBPassword: GlanceDBPassword:
Description: Password for connecting to glance database Description: Password for connecting to glance database
Type: String Type: String
NoEcho: true
HeatDBPassword: HeatDBPassword:
Description: Password for accessing Heat database. Description: Password for accessing Heat database.
Type: String Type: String
NoEcho: true
InstanceType: InstanceType:
Default: baremetal Default: baremetal
Description: Use this flavor Description: Use this flavor
@ -41,26 +46,32 @@ Parameters:
KeystoneDBPassword: KeystoneDBPassword:
Description: Password for connecting to keystone Description: Password for connecting to keystone
Type: String Type: String
NoEcho: true
NovaDBPassword: NovaDBPassword:
Description: Password for connecting to nova database Description: Password for connecting to nova database
Type: String Type: String
NoEcho: true
NovaInterfaces: NovaInterfaces:
Default: eth0 Default: eth0
Type: String Type: String
NeutronDBPassword: NeutronDBPassword:
Description: Password for connecting to neutron database Description: Password for connecting to neutron database
Type: String Type: String
NoEcho: true
NeutronInterfaces: NeutronInterfaces:
Default: eth0 Default: eth0
Type: String Type: String
RabbitMQPassword: RabbitMQPassword:
Description: Password for RabbitMQ Description: Password for RabbitMQ
Type: String Type: String
NoEcho: true
RabbitPassword: RabbitPassword:
Type: String Type: String
NoEcho: true
ServicePassword: ServicePassword:
Description: admin_password for setting up auth in nova. Description: admin_password for setting up auth in nova.
Type: String Type: String
NoEcho: true
notcomputeImage: notcomputeImage:
Type: String Type: String
Resources: Resources:

2
nova-compute-group.yaml
View File

@ -17,12 +17,14 @@ Parameters:
ServicePassword: ServicePassword:
Description: admin_password for setting up auth in nova. Description: admin_password for setting up auth in nova.
Type: String Type: String
NoEcho: true
NeutronHost: NeutronHost:
Type: String Type: String
RabbitHost: RabbitHost:
Type: String Type: String
RabbitPassword: RabbitPassword:
Type: String Type: String
NoEcho: true
NovaInterfaces: NovaInterfaces:
Type: String Type: String
Default: eth0 Default: eth0

3
nova-compute-instance.yaml
View File

@ -5,6 +5,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the keystone admin account, used for monitoring, querying neutron etc. Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
Type: String Type: String
NoEcho: true
KeyName: KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
Type: String Type: String
@ -24,6 +25,7 @@ Parameters:
Type: String Type: String
RabbitPassword: RabbitPassword:
Type: String Type: String
NoEcho: true
NovaInterfaces: NovaInterfaces:
Type: String Type: String
Default: eth0 Default: eth0
@ -39,6 +41,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the nova service account, used by nova-api. Description: The password for the nova service account, used by nova-api.
Type: String Type: String
NoEcho: true
GlanceHost: GlanceHost:
Type: String Type: String
NovaDSN: NovaDSN:

6
overcloud-source.yaml
View File

@ -6,6 +6,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the keystone admin account, used for monitoring, querying neutron etc. Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
Type: String Type: String
NoEcho: true
AdminToken: AdminToken:
Default: unset Default: unset
Description: The keystone auth secret. Description: The keystone auth secret.
@ -14,6 +15,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the cinder service account, used by cinder-api. Description: The password for the cinder service account, used by cinder-api.
Type: String Type: String
NoEcho: true
Flavor: Flavor:
Default: baremetal Default: baremetal
Description: Flavor to request when deploying. Description: Flavor to request when deploying.
@ -22,10 +24,12 @@ Parameters:
Default: unset Default: unset
Description: The password for the glance service account, used by the glance services. Description: The password for the glance service account, used by the glance services.
Type: String Type: String
NoEcho: true
HeatPassword: HeatPassword:
Default: unset Default: unset
Description: The password for the Heat service account, used by the Heat services. Description: The password for the Heat service account, used by the Heat services.
Type: String Type: String
NoEcho: true
KeyName: KeyName:
Default: default Default: default
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@ -34,6 +38,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the neutron service account, used by neutron agents. Description: The password for the neutron service account, used by neutron agents.
Type: String Type: String
NoEcho: true
NovaComputeDriver: NovaComputeDriver:
Default: libvirt.LibvirtDriver Default: libvirt.LibvirtDriver
Type: String Type: String
@ -50,6 +55,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the nova service account, used by nova-api. Description: The password for the nova service account, used by nova-api.
Type: String Type: String
NoEcho: true
PowerUserName: PowerUserName:
Default: stack Default: stack
Description: What username to ssh to the virtual power host with. Description: What username to ssh to the virtual power host with.

5
undercloud-vm.yaml
View File

@ -5,6 +5,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the keystone admin account, used for monitoring, querying neutron etc. Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
Type: String Type: String
NoEcho: true
AdminToken: AdminToken:
Default: unset Default: unset
Description: The keystone auth secret. Description: The keystone auth secret.
@ -21,6 +22,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the glance service account, used by the glance services. Description: The password for the glance service account, used by the glance services.
Type: String Type: String
NoEcho: true
KeyName: KeyName:
Default: default Default: default
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@ -29,6 +31,7 @@ Parameters:
Default: unset Default: unset
Description: The password for the Heat service account, used by the Heat services. Description: The password for the Heat service account, used by the Heat services.
Type: String Type: String
NoEcho: true
Image: Image:
Default: undercloud Default: undercloud
Type: String Type: String
@ -36,10 +39,12 @@ Parameters:
Default: unset Default: unset
Description: The password for the neutron service account, used by neutron agents. Description: The password for the neutron service account, used by neutron agents.
Type: String Type: String
NoEcho: true
NovaPassword: NovaPassword:
Default: unset Default: unset
Description: The password for the nova service account, used by nova-api. Description: The password for the nova service account, used by nova-api.
Type: String Type: String
NoEcho: true
PowerUserName: PowerUserName:
Default: stack Default: stack
Description: What username to ssh to the virtual power host with. Description: What username to ssh to the virtual power host with.