From e5f3f77a7df4833656047c3a67a66e7fc27f6eff Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Sun, 10 Apr 2022 19:28:49 +0900
Subject: [PATCH] Nuage: [RESTPROXY] serverauth should be secret

This parameter includes the password string, thus should be hidden.

Change-Id: If3f9c7b01aedeacea1e773438b812bc53918c5d8
---
 lib/puppet/type/neutron_plugin_nuage.rb       | 22 +++++++++++++++++++
 manifests/plugins/ml2/nuage.pp                |  2 +-
 .../classes/neutron_plugins_ml2_nuage_spec.rb |  3 +++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/lib/puppet/type/neutron_plugin_nuage.rb b/lib/puppet/type/neutron_plugin_nuage.rb
index bd61d3be9..0e9637593 100644
--- a/lib/puppet/type/neutron_plugin_nuage.rb
+++ b/lib/puppet/type/neutron_plugin_nuage.rb
@@ -14,6 +14,28 @@ Puppet::Type.newtype(:neutron_plugin_nuage) do
       value.capitalize! if value =~ /^(true|false)$/i
       value
     end
+
+    def is_to_s( currentvalue )
+      if resource.secret?
+        return '[old secret redacted]'
+      else
+        return currentvalue
+      end
+    end
+
+    def should_to_s( newvalue )
+      if resource.secret?
+        return '[new secret redacted]'
+      else
+        return newvalue
+      end
+    end
+  end
+
+  newparam(:secret, :boolean => true) do
+    desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+    newvalues(:true, :false)
+    defaultto false
   end
 
   newparam(:ensure_absent_val) do
diff --git a/manifests/plugins/ml2/nuage.pp b/manifests/plugins/ml2/nuage.pp
index 5fb967426..239835caf 100644
--- a/manifests/plugins/ml2/nuage.pp
+++ b/manifests/plugins/ml2/nuage.pp
@@ -98,7 +98,7 @@ class neutron::plugins::ml2::nuage (
   neutron_plugin_nuage {
     'RESTPROXY/default_net_partition_name': value => $nuage_net_partition_name;
     'RESTPROXY/server':                     value => $nuage_vsd_ip;
-    'RESTPROXY/serverauth':                 value => "${nuage_vsd_username}:${nuage_vsd_password}";
+    'RESTPROXY/serverauth':                 value => "${nuage_vsd_username}:${nuage_vsd_password}", secret => true;
     'RESTPROXY/organization':               value => $nuage_vsd_organization;
     'RESTPROXY/auth_resource':              value => $nuage_auth_resource;
     'RESTPROXY/serverssl':                  value => $nuage_server_ssl;
diff --git a/spec/classes/neutron_plugins_ml2_nuage_spec.rb b/spec/classes/neutron_plugins_ml2_nuage_spec.rb
index 68afa36a8..b6627e4f5 100644
--- a/spec/classes/neutron_plugins_ml2_nuage_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_nuage_spec.rb
@@ -51,6 +51,9 @@ describe 'neutron::plugins::ml2::nuage' do
     it 'should configure plugin.ini' do
       should contain_neutron_plugin_nuage('RESTPROXY/default_net_partition_name').with_value(params[:nuage_net_partition_name])
       should contain_neutron_plugin_nuage('RESTPROXY/server').with_value(params[:nuage_vsd_ip])
+      should contain_neutron_plugin_nuage('RESTPROXY/serverauth')\
+        .with_value("#{params[:nuage_vsd_username]}:#{params[:nuage_vsd_password]}")\
+        .with_secret(true)
       should contain_neutron_plugin_nuage('RESTPROXY/organization').with_value(params[:nuage_vsd_organization])
       should contain_neutron_plugin_nuage('RESTPROXY/cms_id').with_value(params[:nuage_cms_id])
       should contain_neutron_plugin_nuage('PLUGIN/default_allow_non_ip').with_value(params[:nuage_default_allow_non_ip])