Skip to content

Commit c96176e

Browse files
committed
Pass secrets as sensitive data types to katello/candlepin
katello/candlepin 12.2.0 introduced support for Sensitive and this utilizes it. This allows Puppet to better avoid logging passwords.
1 parent 547a645 commit c96176e

File tree

3 files changed

+9
-9
lines changed

3 files changed

+9
-9
lines changed

manifests/candlepin.pp

+3-3
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
Optional[Stdlib::Port] $db_port = undef,
3030
String $db_name = 'candlepin',
3131
String $db_user = 'candlepin',
32-
Optional[String] $db_password = undef,
32+
Variant[Undef, Sensitive[String], String] $db_password = undef,
3333
Boolean $db_ssl = false,
3434
Boolean $db_ssl_verify = true,
3535
Optional[Stdlib::Absolutepath] $db_ssl_ca = undef,
@@ -54,9 +54,9 @@
5454
ca_key => $certs::candlepin::ca_key,
5555
ca_cert => $certs::candlepin::ca_cert,
5656
keystore_file => $certs::candlepin::keystore,
57-
keystore_password => $certs::candlepin::keystore_password,
57+
keystore_password => Sensitive($certs::candlepin::keystore_password),
5858
truststore_file => $certs::candlepin::truststore,
59-
truststore_password => $certs::candlepin::truststore_password,
59+
truststore_password => Sensitive($certs::candlepin::truststore_password),
6060
artemis_client_dn => $artemis_client_dn,
6161
java_home => '/usr/lib/jvm/jre-17',
6262
java_package => 'java-17-openjdk',

manifests/init.pp

+4-4
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@
4545
Optional[Stdlib::Port] $candlepin_db_port = undef,
4646
String $candlepin_db_name = 'candlepin',
4747
String $candlepin_db_user = 'candlepin',
48-
Optional[String] $candlepin_db_password = undef,
48+
Variant[Undef, Sensitive[String[1]], String] $candlepin_db_password = undef,
4949
Boolean $candlepin_db_ssl = false,
5050
Boolean $candlepin_db_ssl_verify = true,
5151
Optional[Stdlib::Absolutepath] $candlepin_db_ssl_ca = undef,
@@ -55,8 +55,8 @@
5555
Integer[0] $hosts_queue_workers = 1,
5656
) {
5757
class { 'katello::params':
58-
candlepin_oauth_key => $candlepin_oauth_key,
59-
candlepin_oauth_secret => $candlepin_oauth_secret,
58+
candlepin_oauth_key => Sensitive($candlepin_oauth_key),
59+
candlepin_oauth_secret => Sensitive($candlepin_oauth_secret),
6060
}
6161

6262
if $katello::params::meta_package != '' {
@@ -75,7 +75,7 @@
7575
db_port => $candlepin_db_port,
7676
db_name => $candlepin_db_name,
7777
db_user => $candlepin_db_user,
78-
db_password => $candlepin_db_password,
78+
db_password => if $candlepin_db_password { Sensitive($candlepin_db_password) } else { $candlepin_db_password },
7979
db_ssl => $candlepin_db_ssl,
8080
db_ssl_verify => $candlepin_db_ssl_verify,
8181
db_ssl_ca => $candlepin_db_ssl_ca,

manifests/params.pp

+2-2
Original file line numberDiff line numberDiff line change
@@ -19,8 +19,8 @@
1919
# @param postgresql_evr_package
2020
# The contextual package name for the PostgreSQL EVR extension
2121
class katello::params (
22-
String[1] $candlepin_oauth_key = $katello::globals::candlepin_oauth_key,
23-
String[1] $candlepin_oauth_secret = $katello::globals::candlepin_oauth_secret,
22+
Variant[Sensitive[String[1], String[1]]] $candlepin_oauth_key = $katello::globals::candlepin_oauth_key,
23+
Variant[Sensitive[String[1], String[1]]] $candlepin_oauth_secret = $katello::globals::candlepin_oauth_secret,
2424
Stdlib::Host $candlepin_host = 'localhost',
2525
Stdlib::Port $candlepin_port = 23443,
2626
Stdlib::HTTPSUrl $candlepin_url = "https://${candlepin_host}:${candlepin_port}/candlepin",

0 commit comments

Comments
 (0)