diff --git a/REFERENCE.md b/REFERENCE.md index 3ba0f1fa..c2b5a708 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -810,7 +810,7 @@ Default value: `60` ##### `requirepass` -Data type: `Optional[Variant[String, Deferred]]` +Data type: `Optional[Variant[String, Sensitive[String[1]], Deferred]]` Require clients to issue AUTH before processing any other commands. @@ -2487,7 +2487,7 @@ Default value: `$redis::repl_timeout` ##### `requirepass` -Data type: `Optional[Variant[String, Deferred]]` +Data type: `Optional[Variant[String, Sensitive[String[1]], Deferred]]` Require clients to issue AUTH before processing any other commands. diff --git a/manifests/init.pp b/manifests/init.pp index 076d2577..e48ed67c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -425,7 +425,7 @@ Boolean $repl_disable_tcp_nodelay = false, Integer[1] $repl_ping_slave_period = 10, Integer[1] $repl_timeout = 60, - Optional[Variant[String, Deferred]] $requirepass = undef, + Optional[Variant[String, Sensitive[String[1]], Deferred]] $requirepass = undef, Boolean $save_db_to_disk = true, Hash $save_db_to_disk_interval = { '900' => '1', '300' => '10', '60' => '10000' }, Boolean $service_enable = true, diff --git a/manifests/instance.pp b/manifests/instance.pp index 87bde750..70e260dd 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -347,7 +347,7 @@ Boolean $repl_disable_tcp_nodelay = $redis::repl_disable_tcp_nodelay, Integer[1] $repl_ping_slave_period = $redis::repl_ping_slave_period, Integer[1] $repl_timeout = $redis::repl_timeout, - Optional[Variant[String, Deferred]] $requirepass = $redis::requirepass, + Optional[Variant[String, Sensitive[String[1]], Deferred]] $requirepass = $redis::requirepass, Boolean $save_db_to_disk = $redis::save_db_to_disk, Hash $save_db_to_disk_interval = $redis::save_db_to_disk_interval, String[1] $service_user = $redis::service_user, diff --git a/spec/classes/redis_spec.rb b/spec/classes/redis_spec.rb index 05ab11d7..35e6839a 100644 --- a/spec/classes/redis_spec.rb +++ b/spec/classes/redis_spec.rb @@ -910,6 +910,20 @@ class { 'redis': } end + describe 'with parameter requirepass marked as sensitive' do + let(:params) do + { + requirepass: sensitive('_VALUE_') + } + end + + it { + is_expected.to contain_file(config_file_orig).with( + 'content' => sensitive(%r{requirepass.*_VALUE_}) + ) + } + end + describe 'with parameter save_db_to_disk' do context 'true' do let(:params) do diff --git a/templates/redis.conf.epp b/templates/redis.conf.epp index 8d97c443..a14f7060 100644 --- a/templates/redis.conf.epp +++ b/templates/redis.conf.epp @@ -35,7 +35,7 @@ Integer[0] $slave_priority, Integer[0] $min_slaves_to_write, Integer[0] $min_slaves_max_lag, - Optional[String[1]] $requirepass, + Optional[Variant[String[1],Sensitive[String[1]]]] $requirepass, Hash[String,String] $rename_commands, Integer[1] $maxclients, Optional[Variant[Integer, String]] $maxmemory,