Skip to content

Commit

Permalink
Refs #37325 - use lest to hide default DB password
Browse files Browse the repository at this point in the history
  • Loading branch information
ianballou authored and ekohl committed May 17, 2024
1 parent df5fd95 commit d9a21db
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 9 deletions.
6 changes: 4 additions & 2 deletions manifests/plugin/container_gateway.pp
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
Optional[Stdlib::Port] $postgresql_port = undef,
String $postgresql_database = 'container_gateway',
String $postgresql_user = pick($foreman_proxy::globals::user, 'foreman-proxy'),
String $postgresql_password = extlib::cache_data('container_gateway_cache_data', 'db_password', extlib::random_password(32))
Optional[String] $postgresql_password = undef
) {
foreman_proxy::plugin::module { 'container_gateway':
version => $version,
Expand All @@ -60,7 +60,9 @@
user => $foreman_proxy::plugin::container_gateway::postgresql_user,
password => postgresql::postgresql_password(
$foreman_proxy::plugin::container_gateway::postgresql_user,
$foreman_proxy::plugin::container_gateway::postgresql_password
$foreman_proxy::plugin::container_gateway::postgresql_password.lest || {
extlib::cache_data('container_gateway_cache_data', 'db_password', extlib::random_password(32))
}
),
encoding => 'utf8',
locale => 'C.utf8',
Expand Down
39 changes: 32 additions & 7 deletions spec/classes/foreman_proxy__plugin__container_gateway_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,41 @@
describe 'with default settings' do
it { should contain_foreman_proxy__plugin__module('container_gateway') }
it 'container_gateway.yml should contain the correct configuration' do
expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include("---")
expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include(":enabled: https")
expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include(":pulp_endpoint: https://#{facts[:fqdn]}")
expect(get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml')).to include(":sqlite_db_path: /var/lib/foreman-proxy/smart_proxy_container_gateway.db")
connection_string = get_content(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml').find { |str| str.include?("db_connection_string") }
expect(connection_string.split(/[:@\/]/)[6]).to be_a(String).and have_attributes(length: 32)
verify_exact_contents(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml', [
'---',
':enabled: https',
":pulp_endpoint: https://#{facts[:fqdn]}",
':sqlite_db_path: /var/lib/foreman-proxy/smart_proxy_container_gateway.db',
':db_connection_string: postgres://foreman-proxy:@:/container_gateway'
])
end
end

describe 'with overwritten postgres parameters' do
let :params do {
:pulp_endpoint => 'https://test.example.com',
:sqlite_db_path => '/dev/null.db',
:database_backend => 'postgres',
:postgresql_host => 'test.example.com',
:postgresql_port => 5432,
:postgresql_database => 'container_gateway',
:postgresql_user => 'foreman-proxy',
:postgresql_password => 'changeme'
} end

it 'container_gateway.yml should contain the correct configuration' do
verify_exact_contents(catalogue, '/etc/foreman-proxy/settings.d/container_gateway.yml', [
'---',
':enabled: https',
':pulp_endpoint: https://test.example.com',
':sqlite_db_path: /dev/null.db',
':sqlite_timeout: 12345',
':db_connection_string: postgres://foreman-proxy:changeme@test.example.com:5432/container_gateway'
])
end
end

describe 'with overwritten parameters' do
describe 'with overwritten sqlite parameters' do
let :params do {
:pulp_endpoint => 'https://test.example.com',
:sqlite_db_path => '/dev/null.db',
Expand Down

0 comments on commit d9a21db

Please sign in to comment.