[coordination] backend_url should be secret

The backend_url option can sometimes contain secrets. For example when redis coordination backend is used and authentication is enabled in redis, the plain redis password is put as an URL element. [coordination] backend_url=redis://:password@127.0.0.1:6379 Closes-Bug: #2012246 Change-Id: Idb7cba32fa81da698d408c27a854550b03e5abd4
2023-03-20 21:06:23 +09:00
parent 30576254ad
commit a996337333
2 changed files with 7 additions and 7 deletions
--- a/manifests/coordination.pp
+++ b/manifests/coordination.pp
@@ -75,7 +75,7 @@ define oslo::coordination (

  if $manage_config {
    $coordination_options = {
-      'coordination/backend_url' => { value => $backend_url },
+      'coordination/backend_url' => { value => $backend_url, secret => true },
    }
    create_resources($name, $coordination_options)
  }
--- a/spec/defines/oslo_coordination_spec.rb
+++ b/spec/defines/oslo_coordination_spec.rb
@@ -8,7 +8,7 @@ describe 'oslo::coordination' do

    context 'with default parameters' do
      it 'configures oslo_cache default params' do
-        is_expected.to contain_keystone_config('coordination/backend_url').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_keystone_config('coordination/backend_url').with_value('<SERVICE DEFAULT>').with_secret(true)
      end
    end

@@ -18,7 +18,7 @@ describe 'oslo::coordination' do
      end

      it 'configures redis backend' do
-        is_expected.to contain_keystone_config('coordination/backend_url').with_value('redis://localhost:6379')
+        is_expected.to contain_keystone_config('coordination/backend_url').with_value('redis://localhost:6379').with_secret(true)

        is_expected.to contain_package('python-redis').with(
          :name   => platform_params[:python_redis_package_name],
@@ -46,7 +46,7 @@ describe 'oslo::coordination' do
      end

      it 'configures etcd3gw backend' do
-        is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3://localhost:2379')
+        is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3://localhost:2379').with_secret(true)

        if platform_params[:python_etcd3_package_name]
          is_expected.to contain_package('python-etcd3').with(
@@ -78,7 +78,7 @@ describe 'oslo::coordination' do
      end

      it 'configures etcd3gw backend' do
-        is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+http://localhost:2379')
+        is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+http://localhost:2379').with_secret(true)
        is_expected.to contain_package('python-etcd3gw')
      end

@@ -101,7 +101,7 @@ describe 'oslo::coordination' do
      end

      it 'configures etcd3gw backend' do
-        is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+https://localhost:2379')
+        is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+https://localhost:2379').with_secret(true)
        is_expected.to contain_package('python-etcd3gw')
      end

@@ -124,7 +124,7 @@ describe 'oslo::coordination' do
      end

      it 'configures memcache backend' do
-        is_expected.to contain_keystone_config('coordination/backend_url').with_value('memcached://localhost:11211')
+        is_expected.to contain_keystone_config('coordination/backend_url').with_value('memcached://localhost:11211').with_secret(true)

        is_expected.to contain_package('python-pymemcache').with(
          :name   => platform_params[:python_pymemcache_package_name],