From a9963373338fe725e89ce8bed3f9e001f2abeeb4 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 20 Mar 2023 21:06:23 +0900 Subject: [PATCH] [coordination] backend_url should be secret The backend_url option can sometimes contain secrets. For example when redis coordination backend is used and authentication is enabled in redis, the plain redis password is put as an URL element. [coordination] backend_url=redis://:password@127.0.0.1:6379 Closes-Bug: #2012246 Change-Id: Idb7cba32fa81da698d408c27a854550b03e5abd4 --- manifests/coordination.pp | 2 +- spec/defines/oslo_coordination_spec.rb | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/coordination.pp b/manifests/coordination.pp index 52502a5..4e38791 100644 --- a/manifests/coordination.pp +++ b/manifests/coordination.pp @@ -75,7 +75,7 @@ define oslo::coordination ( if $manage_config { $coordination_options = { - 'coordination/backend_url' => { value => $backend_url }, + 'coordination/backend_url' => { value => $backend_url, secret => true }, } create_resources($name, $coordination_options) } diff --git a/spec/defines/oslo_coordination_spec.rb b/spec/defines/oslo_coordination_spec.rb index 769195f..e397fd7 100644 --- a/spec/defines/oslo_coordination_spec.rb +++ b/spec/defines/oslo_coordination_spec.rb @@ -8,7 +8,7 @@ describe 'oslo::coordination' do context 'with default parameters' do it 'configures oslo_cache default params' do - is_expected.to contain_keystone_config('coordination/backend_url').with_value('') + is_expected.to contain_keystone_config('coordination/backend_url').with_value('').with_secret(true) end end @@ -18,7 +18,7 @@ describe 'oslo::coordination' do end it 'configures redis backend' do - is_expected.to contain_keystone_config('coordination/backend_url').with_value('redis://localhost:6379') + is_expected.to contain_keystone_config('coordination/backend_url').with_value('redis://localhost:6379').with_secret(true) is_expected.to contain_package('python-redis').with( :name => platform_params[:python_redis_package_name], @@ -46,7 +46,7 @@ describe 'oslo::coordination' do end it 'configures etcd3gw backend' do - is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3://localhost:2379') + is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3://localhost:2379').with_secret(true) if platform_params[:python_etcd3_package_name] is_expected.to contain_package('python-etcd3').with( @@ -78,7 +78,7 @@ describe 'oslo::coordination' do end it 'configures etcd3gw backend' do - is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+http://localhost:2379') + is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+http://localhost:2379').with_secret(true) is_expected.to contain_package('python-etcd3gw') end @@ -101,7 +101,7 @@ describe 'oslo::coordination' do end it 'configures etcd3gw backend' do - is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+https://localhost:2379') + is_expected.to contain_keystone_config('coordination/backend_url').with_value('etcd3+https://localhost:2379').with_secret(true) is_expected.to contain_package('python-etcd3gw') end @@ -124,7 +124,7 @@ describe 'oslo::coordination' do end it 'configures memcache backend' do - is_expected.to contain_keystone_config('coordination/backend_url').with_value('memcached://localhost:11211') + is_expected.to contain_keystone_config('coordination/backend_url').with_value('memcached://localhost:11211').with_secret(true) is_expected.to contain_package('python-pymemcache').with( :name => platform_params[:python_pymemcache_package_name],