Allow requirepass to be set as a Sensitive string

voxpupuli · Apr 15, 2024 · c87e366 · c87e366 · cocker-cc · May 14, 2024
1 parent 2d7b5b9
commit c87e366
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 5 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -810,7 +810,7 @@ Default value: `60`
 
 ##### <a name="-redis--requirepass"></a>`requirepass`
 
-Data type: `Optional[Variant[String, Deferred]]`
+Data type: `Optional[Variant[String, Sensitive[String[1]], Deferred]]`
 
 Require clients to issue AUTH <PASSWORD> before processing any other commands.
 
@@ -2487,7 +2487,7 @@ Default value: `$redis::repl_timeout`
 
 ##### <a name="-redis--instance--requirepass"></a>`requirepass`
 
-Data type: `Optional[Variant[String, Deferred]]`
+Data type: `Optional[Variant[String, Sensitive[String[1]], Deferred]]`
 
 Require clients to issue AUTH <PASSWORD> before processing any other
 commands.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -425,7 +425,7 @@
   Boolean $repl_disable_tcp_nodelay                              = false,
   Integer[1] $repl_ping_slave_period                             = 10,
   Integer[1] $repl_timeout                                       = 60,
-  Optional[Variant[String, Deferred]] $requirepass               = undef,
+  Optional[Variant[String, Sensitive[String[1]], Deferred]] $requirepass = undef,
   Boolean $save_db_to_disk                                       = true,
   Hash $save_db_to_disk_interval                                 = { '900' => '1', '300' => '10', '60' => '10000' },
   Boolean $service_enable                                        = true,

diff --git a/manifests/instance.pp b/manifests/instance.pp
@@ -347,7 +347,7 @@
   Boolean $repl_disable_tcp_nodelay                              = $redis::repl_disable_tcp_nodelay,
   Integer[1] $repl_ping_slave_period                             = $redis::repl_ping_slave_period,
   Integer[1] $repl_timeout                                       = $redis::repl_timeout,
-  Optional[Variant[String, Deferred]] $requirepass               = $redis::requirepass,
+  Optional[Variant[String, Sensitive[String[1]], Deferred]] $requirepass = $redis::requirepass,
   Boolean $save_db_to_disk                                       = $redis::save_db_to_disk,
   Hash $save_db_to_disk_interval                                 = $redis::save_db_to_disk_interval,
   String[1] $service_user                                        = $redis::service_user,

diff --git a/spec/classes/redis_spec.rb b/spec/classes/redis_spec.rb
@@ -910,6 +910,20 @@ class { 'redis':
         }
       end
 
+      describe 'with parameter requirepass marked as sensitive' do
+        let(:params) do
+          {
+            requirepass: sensitive('_VALUE_')
+          }
+        end
+
+        it {
+          is_expected.to contain_file(config_file_orig).with(
+            'content' => sensitive(%r{requirepass.*_VALUE_})
+          )
+        }
+      end
+
       describe 'with parameter save_db_to_disk' do
         context 'true' do
           let(:params) do

diff --git a/templates/redis.conf.epp b/templates/redis.conf.epp
@@ -35,7 +35,7 @@
   Integer[0]                                         $slave_priority,
   Integer[0]                                         $min_slaves_to_write,
   Integer[0]                                         $min_slaves_max_lag,
-  Optional[String[1]]                                $requirepass,
+  Optional[Variant[String[1],Sensitive[String[1]]]]  $requirepass,
   Hash[String,String]                                $rename_commands,
   Integer[1]                                         $maxclients,
   Optional[Variant[Integer, String]]                 $maxmemory,