Skip to content

Commit

Permalink
Allow to hide config values from Puppet logs
Browse files Browse the repository at this point in the history 
Hide configuration value from Puppet logs if the secret parameter
is set to true.

Fixes: bug #1173322
Change-Id: I380a86b834c2f6cb6f347cade6137ee2e757f091
  • Loading branch information
@mgagne
mgagne committed May 28, 2013
1 parent e721563 commit 9686bb8
Show file tree
Hide file tree
Showing 8 changed files with 63 additions and 10 deletions.
23 changes: 23 additions & 0 deletions lib/puppet/type/cinder_api_paste_ini.rb
View file
Expand Up @@ -14,6 +14,29 @@
value.capitalize! if value =~ /^(true|false)$/i
value
end

def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end

def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end

newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'

newvalues(:true, :false)

defaultto false
end
end
23 changes: 23 additions & 0 deletions lib/puppet/type/cinder_config.rb
View file
Expand Up @@ -14,6 +14,29 @@
value.capitalize! if value =~ /^(true|false)$/i
value
end

def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end

def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end

newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'

newvalues(:true, :false)

defaultto false
end
end
2 changes: 1 addition & 1 deletion manifests/api.pp
View file
Expand Up @@ -60,7 +60,7 @@
'filter:authtoken/auth_port': value => $keystone_auth_port;
'filter:authtoken/admin_tenant_name': value => $keystone_tenant;
'filter:authtoken/admin_user': value => $keystone_user;
'filter:authtoken/admin_password': value => $keystone_password;
'filter:authtoken/admin_password': value => $keystone_password, secret => true;
}
}

Expand Down
6 changes: 3 additions & 3 deletions manifests/init.pp
View file
Expand Up @@ -69,7 +69,7 @@
}

cinder_config {
'DEFAULT/rabbit_password': value => $rabbit_password;
'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
'DEFAULT/rabbit_userid': value => $rabbit_userid;
'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
}
Expand Down Expand Up @@ -99,7 +99,7 @@
'DEFAULT/qpid_hostname': value => $qpid_hostname;
'DEFAULT/qpid_port': value => $qpid_port;
'DEFAULT/qpid_username': value => $qpid_username;
'DEFAULT/qpid_password': value => $qpid_password;
'DEFAULT/qpid_password': value => $qpid_password, secret => true;
'DEFAULT/qpid_reconnect': value => $qpid_reconnect;
'DEFAULT/qpid_reconnect_timeout': value => $qpid_reconnect_timeout;
'DEFAULT/qpid_reconnect_limit': value => $qpid_reconnect_limit;
Expand All @@ -113,7 +113,7 @@
}

cinder_config {
'DEFAULT/sql_connection': value => $sql_connection;
'DEFAULT/sql_connection': value => $sql_connection, secret => true;
'DEFAULT/verbose': value => $verbose;
'DEFAULT/debug': value => $debug;
'DEFAULT/api_paste_config': value => $api_paste_config;
Expand Down
2 changes: 1 addition & 1 deletion manifests/volume/netapp.pp
View file
Expand Up @@ -14,7 +14,7 @@
'DEFAULT/volume_driver': value => 'cinder.volume.netapp.NetAppISCSIDriver';
'DEFAULT/netapp_wsdl_url': value => $netapp_wsdl_url;
'DEFAULT/netapp_login': value => $netapp_login;
'DEFAULT/netapp_password': value => $netapp_password;
'DEFAULT/netapp_password': value => $netapp_password, secret => true;
'DEFAULT/netapp_server_hostname': value => $netapp_server_hostname;
'DEFAULT/netapp_storage_service': value => $netapp_storage_service;
'DEFAULT/netapp_server_port': value => $netapp_server_port;
Expand Down
3 changes: 2 additions & 1 deletion spec/classes/cinder_api_spec.rb
View file
Expand Up @@ -50,7 +50,8 @@
:value => 'cinder'
)
should contain_cinder_api_paste_ini('filter:authtoken/admin_password').with(
:value => 'foo'
:value => 'foo',
:secret => true
)
end
end
Expand Down
10 changes: 6 additions & 4 deletions spec/classes/cinder_spec.rb
View file
Expand Up @@ -20,7 +20,8 @@
:value => 'cinder.openstack.common.rpc.impl_kombu'
)
should contain_cinder_config('DEFAULT/rabbit_password').with(
:value => 'guest'
:value => 'guest',
:secret => true
)
should contain_cinder_config('DEFAULT/rabbit_host').with(
:value => '127.0.0.1'
Expand All @@ -41,7 +42,8 @@
:value => 'guest'
)
should contain_cinder_config('DEFAULT/sql_connection').with(
:value => 'mysql://user:password@host/database'
:value => 'mysql://user:password@host/database',
:secret => true
)
should contain_cinder_config('DEFAULT/verbose').with(
:value => false
Expand Down Expand Up @@ -81,7 +83,7 @@
:value => 'rabbit1:5672,rabbit2:5672'
)
should contain_cinder_config('DEFAULT/rabbit_ha_queues').with(
:value => true
:value => true
)
end
end
Expand All @@ -101,7 +103,7 @@
it { should contain_cinder_config('DEFAULT/qpid_hostname').with_value('localhost') }
it { should contain_cinder_config('DEFAULT/qpid_port').with_value('5672') }
it { should contain_cinder_config('DEFAULT/qpid_username').with_value('guest') }
it { should contain_cinder_config('DEFAULT/qpid_password').with_value('guest') }
it { should contain_cinder_config('DEFAULT/qpid_password').with_value('guest').with_secret(true) }
it { should contain_cinder_config('DEFAULT/qpid_reconnect').with_value(true) }
it { should contain_cinder_config('DEFAULT/qpid_reconnect_timeout').with_value('0') }
it { should contain_cinder_config('DEFAULT/qpid_reconnect_limit').with_value('0') }
Expand Down
4 changes: 4 additions & 0 deletions spec/classes/cinder_volume_netapp_spec.rb
View file
Expand Up @@ -30,6 +30,10 @@
should contain_cinder_config("DEFAULT/#{config}").with_value( value )
end
end

it 'marks netapp_password as secret' do
should contain_cinder_config('DEFAULT/netapp_password').with_secret( true )
end
end


Expand Down

0 comments on commit 9686bb8

Please sign in to comment.