From 73fbe1e1215615a1470b55b625b399cf17beae8b Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Tue, 17 Sep 2013 15:13:25 -0700
Subject: [PATCH] Set NoEcho: true for parameters containing secrets

This prevents secret values being returned for stack-show.

Change-Id: I82eff26fda31511b66c6371f6ded2a5fb559f3fb
Fixes-Bug: #1226730
---
 base.yaml                  |  1 +
 nagios3.yaml               |  4 ++++
 notcompute.yaml            | 11 +++++++++++
 nova-compute-group.yaml    |  2 ++
 nova-compute-instance.yaml |  3 +++
 overcloud-source.yaml      |  6 ++++++
 undercloud-vm.yaml         |  5 +++++
 7 files changed, 32 insertions(+)

diff --git a/base.yaml b/base.yaml
index 640796d26b..f1e8967d38 100644
--- a/base.yaml
+++ b/base.yaml
@@ -7,6 +7,7 @@ Parameters:
   KeystoneAdminToken:
     Description: Admin Token needed for keystone
     Type: String
+    NoEcho: true
 Resources:
   RabbitMQ:
     Type: AWS::CloudFormation::Stack
diff --git a/nagios3.yaml b/nagios3.yaml
index 5c36329e73..e60eb55927 100644
--- a/nagios3.yaml
+++ b/nagios3.yaml
@@ -9,6 +9,7 @@ Parameters:
     Description: Password for nagiosadmin web admin user.
     Type: String
     Default: nagiosadmin
+    NoEcho: true
   NovaHostIp:
     Description: nova ip.
     Type: String
@@ -17,6 +18,7 @@ Parameters:
     Description: nova OS_PASSWORD.
     Type: String
     Default: unset
+    NoEcho: true
   NovaOsUsername:
     Description: nova OS_USERNAME.
     Type: String
@@ -40,11 +42,13 @@ Parameters:
   Apache2SnakeoilPem:
     Description: Snakeoil PEM file.
     Type: String
+    NoEcho: true
     Default: |
       -----  BEGIN PlaceHolder...
   Apache2SnakeoilKey:
     Description: Snakeoil Key file.
     Type: String
+    NoEcho: true
     Default: |
       -----  BEGIN PlaceHolder...
   PostfixMailHostname:
diff --git a/notcompute.yaml b/notcompute.yaml
index 6eb86f8758..ef339361ba 100644
--- a/notcompute.yaml
+++ b/notcompute.yaml
@@ -8,6 +8,7 @@ Parameters:
     Default: ''
     Description: Password to use for mysqldump from Bootstrap Host
     Type: String
+    NoEcho: true
   BootstrapHost:
     Default: ''
     Description: Load mysqldump from this Host
@@ -16,10 +17,12 @@ Parameters:
     Default: ''
     Description: Root password for localhost access after bootstrap
     Type: String
+    NoEcho: true
   BootstrapSlavePassword:
     Default: ''
     Description: Password to use with BootstrapSlaveUser
     Type: String
+    NoEcho: true
   BootstrapSlaveUser:
     Default: ''
     Description: User to use for replication from bootstrap host
@@ -27,9 +30,11 @@ Parameters:
   GlanceDBPassword:
     Description: Password for connecting to glance database
     Type: String
+    NoEcho: true
   HeatDBPassword:
     Description: Password for accessing Heat database.
     Type: String
+    NoEcho: true
   InstanceType:
     Default: baremetal
     Description: Use this flavor
@@ -41,26 +46,32 @@ Parameters:
   KeystoneDBPassword:
     Description: Password for connecting to keystone
     Type: String
+    NoEcho: true
   NovaDBPassword:
     Description: Password for connecting to nova database
     Type: String
+    NoEcho: true
   NovaInterfaces:
     Default: eth0
     Type: String
   NeutronDBPassword:
     Description: Password for connecting to neutron database
     Type: String
+    NoEcho: true
   NeutronInterfaces:
     Default: eth0
     Type: String
   RabbitMQPassword:
     Description: Password for RabbitMQ
     Type: String
+    NoEcho: true
   RabbitPassword:
     Type: String
+    NoEcho: true
   ServicePassword:
     Description: admin_password for setting up auth in nova.
     Type: String
+    NoEcho: true
   notcomputeImage:
     Type: String
 Resources:
diff --git a/nova-compute-group.yaml b/nova-compute-group.yaml
index 03fd476e02..99420280d8 100644
--- a/nova-compute-group.yaml
+++ b/nova-compute-group.yaml
@@ -17,12 +17,14 @@ Parameters:
   ServicePassword:
     Description: admin_password for setting up auth in nova.
     Type: String
+    NoEcho: true
   NeutronHost:
     Type: String
   RabbitHost:
     Type: String
   RabbitPassword:
     Type: String
+    NoEcho: true
   NovaInterfaces:
     Type: String
     Default: eth0
diff --git a/nova-compute-instance.yaml b/nova-compute-instance.yaml
index 62f3b29c1b..f027f3b500 100644
--- a/nova-compute-instance.yaml
+++ b/nova-compute-instance.yaml
@@ -5,6 +5,7 @@ Parameters:
     Default: unset
     Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     Type: String
+    NoEcho: true
   KeyName: 
     Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
     Type: String
@@ -24,6 +25,7 @@ Parameters:
     Type: String
   RabbitPassword:
     Type: String
+    NoEcho: true
   NovaInterfaces:
     Type: String
     Default: eth0
@@ -39,6 +41,7 @@ Parameters:
     Default: unset
     Description: The password for the nova service account, used by nova-api.
     Type: String
+    NoEcho: true
   GlanceHost:
     Type: String
   NovaDSN:
diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 3298e69f49..442a21eeac 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -6,6 +6,7 @@ Parameters:
     Default: unset
     Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     Type: String
+    NoEcho: true
   AdminToken:
     Default: unset
     Description: The keystone auth secret.
@@ -14,6 +15,7 @@ Parameters:
     Default: unset
     Description: The password for the cinder service account, used by cinder-api.
     Type: String
+    NoEcho: true
   Flavor:
     Default: baremetal
     Description: Flavor to request when deploying.
@@ -22,10 +24,12 @@ Parameters:
     Default: unset
     Description: The password for the glance service account, used by the glance services.
     Type: String
+    NoEcho: true
   HeatPassword:
     Default: unset
     Description: The password for the Heat service account, used by the Heat services.
     Type: String
+    NoEcho: true
   KeyName:
     Default: default
     Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@@ -34,6 +38,7 @@ Parameters:
     Default: unset
     Description: The password for the neutron service account, used by neutron agents.
     Type: String
+    NoEcho: true
   NovaComputeDriver:
     Default: libvirt.LibvirtDriver
     Type: String
@@ -50,6 +55,7 @@ Parameters:
     Default: unset
     Description: The password for the nova service account, used by nova-api.
     Type: String
+    NoEcho: true
   PowerUserName:
     Default: stack
     Description: What username to ssh to the virtual power host with.
diff --git a/undercloud-vm.yaml b/undercloud-vm.yaml
index 8fda08fb13..58c9dbe1cb 100644
--- a/undercloud-vm.yaml
+++ b/undercloud-vm.yaml
@@ -5,6 +5,7 @@ Parameters:
     Default: unset
     Description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     Type: String
+    NoEcho: true
   AdminToken:
     Default: unset
     Description: The keystone auth secret.
@@ -21,6 +22,7 @@ Parameters:
     Default: unset
     Description: The password for the glance service account, used by the glance services.
     Type: String
+    NoEcho: true
   KeyName:
     Default: default
     Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
@@ -29,6 +31,7 @@ Parameters:
     Default: unset
     Description: The password for the Heat service account, used by the Heat services.
     Type: String
+    NoEcho: true
   Image:
     Default: undercloud
     Type: String
@@ -36,10 +39,12 @@ Parameters:
     Default: unset
     Description: The password for the neutron service account, used by neutron agents.
     Type: String
+    NoEcho: true
   NovaPassword:
     Default: unset
     Description: The password for the nova service account, used by nova-api.
     Type: String
+    NoEcho: true
   PowerUserName:
     Default: stack
     Description: What username to ssh to the virtual power host with.