openstack
/
puppet-gnocchi
Code Issues Proposed changes

s3_access_key_id should be secret 

The [storage] s3_access_key_id parameter is defined with the secret
flag, and its value should not be exposed.

Change-Id: I87fe4a3854e1f8c96041e665af16c677f14807c6
This commit is contained in:
Takashi Kajinami 2022-03-23 00:24:06 +09:00
parent d4416af168
commit a84c8fa43f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/storage/s3.pp
View File

@ -58,7 +58,7 @@ class gnocchi::storage::s3(
'storage/driver': value => 's3';
'storage/s3_endpoint_url': value => $s3_endpoint_url;
'storage/s3_region_name': value => $s3_region_name;
'storage/s3_access_key_id': value => $s3_access_key_id;
'storage/s3_access_key_id': value => $s3_access_key_id, secret => true;
'storage/s3_secret_access_key': value => $s3_secret_access_key, secret => true;
'storage/s3_bucket_prefix': value => $s3_bucket_prefix;
}

2
spec/classes/gnocchi_storage_s3_spec.rb
View File

@ -21,7 +21,7 @@ describe 'gnocchi::storage::s3' do
is_expected.to contain_gnocchi_config('storage/driver').with_value('s3')
is_expected.to contain_gnocchi_config('storage/s3_endpoint_url').with_value('https://s3-eu-west-1.amazonaws.com')
is_expected.to contain_gnocchi_config('storage/s3_region_name').with_value('eu-west-1')
is_expected.to contain_gnocchi_config('storage/s3_access_key_id').with_value('xyz')
is_expected.to contain_gnocchi_config('storage/s3_access_key_id').with_value('xyz').with_secret(true)
is_expected.to contain_gnocchi_config('storage/s3_secret_access_key').with_value('secret-xyz').with_secret(true)
end