From 3eb3849a2387a6f35f32acdd595f8f30c8f9af69 Mon Sep 17 00:00:00 2001 From: cocker-cc Date: Tue, 29 Jun 2021 21:22:49 +0200 Subject: [PATCH] Use Datatype Sensitive for Secrets --- REFERENCE.md | 12 ++++++------ manifests/database/postgresql.pp | 4 ++-- manifests/database/read_only_user.pp | 2 +- manifests/init.pp | 4 ++-- manifests/server.pp | 4 ++-- manifests/server/database.pp | 2 +- manifests/server/read_database.pp | 2 +- manifests/server/validate_db.pp | 2 +- manifests/server/validate_read_db.pp | 2 +- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 342a1207..4b6e50a8 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -344,7 +344,7 @@ Default value: `$puppetdb::params::database_username` ##### `database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the database user. Defaults to `puppetdb`. @@ -615,7 +615,7 @@ Default value: `$puppetdb::params::read_database_username` ##### `read_database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the read database user. Defaults to `puppetdb-read`. This option is supported in PuppetDB >= 1.6. @@ -973,7 +973,7 @@ Default value: `$puppetdb::params::database_username` ##### `database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` Sets the password for the database user above. Defaults to `puppetdb`. @@ -1067,7 +1067,7 @@ Default value: `$puppetdb::params::read_database_username` ##### `read_database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the read database user. Defaults to `puppetdb-read`. This option is supported in PuppetDB >= 1.6. @@ -1583,7 +1583,7 @@ Default value: `$puppetdb::params::database_username` ##### `database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the database user. Defaults to `puppetdb`. @@ -1835,7 +1835,7 @@ Default value: `$puppetdb::params::read_database_username` ##### `read_database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the read database user. Defaults to `puppetdb-read`. This option is supported in PuppetDB >= 1.6. diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 281525f0..825b3fe7 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -75,7 +75,7 @@ $puppetdb_server = $puppetdb::params::puppetdb_server, $database_name = $puppetdb::params::database_name, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_port = $puppetdb::params::database_port, $manage_database = $puppetdb::params::manage_database, $manage_server = $puppetdb::params::manage_dbserver, @@ -86,7 +86,7 @@ $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_host = $puppetdb::params::read_database_host, Boolean $password_sensitive = false, Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index f056eb1a..9b73ea31 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -21,7 +21,7 @@ String $read_database_username, String $database_name, String $database_owner, - Variant[String, Boolean, Sensitive[String]] $password_hash = false, + Variant[String[1], Boolean, Sensitive[String[1]]] $password_hash = false, Optional[Stdlib::Port] $database_port = undef, Optional[Postgresql::Pg_password_encryption] $password_encryption = undef, ) { diff --git a/manifests/init.pp b/manifests/init.pp index 05010a97..af32b4ed 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -379,7 +379,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, @@ -402,7 +402,7 @@ $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, diff --git a/manifests/server.pp b/manifests/server.pp index 21ec6341..e6a708d3 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -336,7 +336,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, @@ -357,7 +357,7 @@ $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 1de6411f..2b8e19ef 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -5,7 +5,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 18b8f2c3..24a4cb8f 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -5,7 +5,7 @@ $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, $manage_db_password = $puppetdb::params::manage_read_db_password, $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index b198d6ad..62cda9dc 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -5,7 +5,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index 99f79898..ef319e90 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -5,7 +5,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params {