From 782e94e82e283cef8ba58aef47f99fd7be4c8893 Mon Sep 17 00:00:00 2001 From: Xingchao Yu Date: 2016年11月10日 22:27:47 +0800 Subject: [PATCH] Secure transport_url option in log As transport_url option contains rabbit_password, it should not keep plaintext in logs. Closes-Bug: #1640809 Change-Id: I958c51050ee48db1ee359ff75dc20ad13e14a672 --- manifests/messaging/default.pp | 2 +- manifests/messaging/notifications.pp | 2 +- releasenotes/notes/secure-transport-url-d67d307cf85a16b1.yaml | 3 +++ spec/defines/oslo_messaging_default_spec.rb | 2 +- spec/defines/oslo_messaging_notifications_spec.rb | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/secure-transport-url-d67d307cf85a16b1.yaml diff --git a/manifests/messaging/default.pp b/manifests/messaging/default.pp index ec71ef0..be099dc 100644 --- a/manifests/messaging/default.pp +++ b/manifests/messaging/default.pp @@ -34,7 +34,7 @@ define oslo::messaging::default( $default_options = { 'DEFAULT/rpc_response_timeout' => { value => $rpc_response_timeout }, - 'DEFAULT/transport_url' => { value => $transport_url }, + 'DEFAULT/transport_url' => { value => $transport_url, secret => true }, 'DEFAULT/control_exchange' => { value => $control_exchange }, } diff --git a/manifests/messaging/notifications.pp b/manifests/messaging/notifications.pp index b9e7e3a..45d0d34 100644 --- a/manifests/messaging/notifications.pp +++ b/manifests/messaging/notifications.pp @@ -46,7 +46,7 @@ define oslo::messaging::notifications( $notification_options = { 'oslo_messaging_notifications/driver' => { value => $driver_orig }, - 'oslo_messaging_notifications/transport_url' => { value => $transport_url }, + 'oslo_messaging_notifications/transport_url' => { value => $transport_url, secret => true }, 'oslo_messaging_notifications/topics' => { value => $topics_orig }, } diff --git a/releasenotes/notes/secure-transport-url-d67d307cf85a16b1.yaml b/releasenotes/notes/secure-transport-url-d67d307cf85a16b1.yaml new file mode 100644 index 0000000..c5dbb4c --- /dev/null +++ b/releasenotes/notes/secure-transport-url-d67d307cf85a16b1.yaml @@ -0,0 +1,3 @@ +--- +security: + - Secure transport_url option in logs diff --git a/spec/defines/oslo_messaging_default_spec.rb b/spec/defines/oslo_messaging_default_spec.rb index cc8799b..944aab8 100644 --- a/spec/defines/oslo_messaging_default_spec.rb +++ b/spec/defines/oslo_messaging_default_spec.rb @@ -26,7 +26,7 @@ describe 'oslo::messaging::default' do it 'configure DEFAULT with overriden values' do is_expected.to contain_keystone_config('DEFAULT/rpc_response_timeout').with_value('42') - is_expected.to contain_keystone_config('DEFAULT/transport_url').with_value('proto://url') + is_expected.to contain_keystone_config('DEFAULT/transport_url').with_value('proto://url').with_secret(true) is_expected.to contain_keystone_config('DEFAULT/control_exchange').with_value('openstack') end end diff --git a/spec/defines/oslo_messaging_notifications_spec.rb b/spec/defines/oslo_messaging_notifications_spec.rb index 2eda401..5dab8c1 100644 --- a/spec/defines/oslo_messaging_notifications_spec.rb +++ b/spec/defines/oslo_messaging_notifications_spec.rb @@ -25,7 +25,7 @@ describe 'oslo::messaging::notifications' do it 'configure oslo_messaging_notifications with overriden values' do is_expected.to contain_keystone_config('oslo_messaging_notifications/driver').with_value('messaging') - is_expected.to contain_keystone_config('oslo_messaging_notifications/transport_url').with_value('some_protocol://some_url') + is_expected.to contain_keystone_config('oslo_messaging_notifications/transport_url').with_value('some_protocol://some_url').with_secret(true) is_expected.to contain_keystone_config('oslo_messaging_notifications/topics').with_value('notifications') end end

AltStyle によって変換されたページ (->オリジナル) /