Skip to content

Commit

Permalink
Pass secrets as sensitive data types to katello/candlepin
Browse files Browse the repository at this point in the history
katello/candlepin 12.2.0 introduced support for Sensitive and this
utilizes it. This allows Puppet to better avoid logging passwords.
  • Loading branch information
ekohl committed May 14, 2024
1 parent 547a645 commit c96176e
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
6 changes: 3 additions & 3 deletions manifests/candlepin.pp
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
Optional[Stdlib::Port] $db_port = undef,
String $db_name = 'candlepin',
String $db_user = 'candlepin',
Optional[String] $db_password = undef,
Variant[Undef, Sensitive[String], String] $db_password = undef,
Boolean $db_ssl = false,
Boolean $db_ssl_verify = true,
Optional[Stdlib::Absolutepath] $db_ssl_ca = undef,
Expand All @@ -54,9 +54,9 @@
ca_key => $certs::candlepin::ca_key,
ca_cert => $certs::candlepin::ca_cert,
keystore_file => $certs::candlepin::keystore,
keystore_password => $certs::candlepin::keystore_password,
keystore_password => Sensitive($certs::candlepin::keystore_password),
truststore_file => $certs::candlepin::truststore,
truststore_password => $certs::candlepin::truststore_password,
truststore_password => Sensitive($certs::candlepin::truststore_password),
artemis_client_dn => $artemis_client_dn,
java_home => '/usr/lib/jvm/jre-17',
java_package => 'java-17-openjdk',
Expand Down
8 changes: 4 additions & 4 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
Optional[Stdlib::Port] $candlepin_db_port = undef,
String $candlepin_db_name = 'candlepin',
String $candlepin_db_user = 'candlepin',
Optional[String] $candlepin_db_password = undef,
Variant[Undef, Sensitive[String[1]], String] $candlepin_db_password = undef,
Boolean $candlepin_db_ssl = false,
Boolean $candlepin_db_ssl_verify = true,
Optional[Stdlib::Absolutepath] $candlepin_db_ssl_ca = undef,
Expand All @@ -55,8 +55,8 @@
Integer[0] $hosts_queue_workers = 1,
) {
class { 'katello::params':
candlepin_oauth_key => $candlepin_oauth_key,
candlepin_oauth_secret => $candlepin_oauth_secret,
candlepin_oauth_key => Sensitive($candlepin_oauth_key),
candlepin_oauth_secret => Sensitive($candlepin_oauth_secret),
}

if $katello::params::meta_package != '' {
Expand All @@ -75,7 +75,7 @@
db_port => $candlepin_db_port,
db_name => $candlepin_db_name,
db_user => $candlepin_db_user,
db_password => $candlepin_db_password,
db_password => if $candlepin_db_password { Sensitive($candlepin_db_password) } else { $candlepin_db_password },
db_ssl => $candlepin_db_ssl,
db_ssl_verify => $candlepin_db_ssl_verify,
db_ssl_ca => $candlepin_db_ssl_ca,
Expand Down
4 changes: 2 additions & 2 deletions manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@
# @param postgresql_evr_package
# The contextual package name for the PostgreSQL EVR extension
class katello::params (
String[1] $candlepin_oauth_key = $katello::globals::candlepin_oauth_key,
String[1] $candlepin_oauth_secret = $katello::globals::candlepin_oauth_secret,
Variant[Sensitive[String[1], String[1]]] $candlepin_oauth_key = $katello::globals::candlepin_oauth_key,
Variant[Sensitive[String[1], String[1]]] $candlepin_oauth_secret = $katello::globals::candlepin_oauth_secret,
Stdlib::Host $candlepin_host = 'localhost',
Stdlib::Port $candlepin_port = 23443,
Stdlib::HTTPSUrl $candlepin_url = "https://${candlepin_host}:${candlepin_port}/candlepin",
Expand Down

0 comments on commit c96176e

Please # to comment.