diff --git a/manifests/candlepin.pp b/manifests/candlepin.pp index 4db6e9a..589bb6c 100644 --- a/manifests/candlepin.pp +++ b/manifests/candlepin.pp @@ -29,7 +29,7 @@ Optional[Stdlib::Port] $db_port = undef, String $db_name = 'candlepin', String $db_user = 'candlepin', - Optional[String] $db_password = undef, + Variant[Undef, Sensitive[String], String] $db_password = undef, Boolean $db_ssl = false, Boolean $db_ssl_verify = true, Optional[Stdlib::Absolutepath] $db_ssl_ca = undef, @@ -54,9 +54,9 @@ ca_key => $certs::candlepin::ca_key, ca_cert => $certs::candlepin::ca_cert, keystore_file => $certs::candlepin::keystore, - keystore_password => $certs::candlepin::keystore_password, + keystore_password => Sensitive($certs::candlepin::keystore_password), truststore_file => $certs::candlepin::truststore, - truststore_password => $certs::candlepin::truststore_password, + truststore_password => Sensitive($certs::candlepin::truststore_password), artemis_client_dn => $artemis_client_dn, java_home => '/usr/lib/jvm/jre-17', java_package => 'java-17-openjdk', diff --git a/manifests/init.pp b/manifests/init.pp index 822da21..825bf8b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -45,7 +45,7 @@ Optional[Stdlib::Port] $candlepin_db_port = undef, String $candlepin_db_name = 'candlepin', String $candlepin_db_user = 'candlepin', - Optional[String] $candlepin_db_password = undef, + Variant[Undef, Sensitive[String[1]], String] $candlepin_db_password = undef, Boolean $candlepin_db_ssl = false, Boolean $candlepin_db_ssl_verify = true, Optional[Stdlib::Absolutepath] $candlepin_db_ssl_ca = undef, @@ -55,8 +55,8 @@ Integer[0] $hosts_queue_workers = 1, ) { class { 'katello::params': - candlepin_oauth_key => $candlepin_oauth_key, - candlepin_oauth_secret => $candlepin_oauth_secret, + candlepin_oauth_key => Sensitive($candlepin_oauth_key), + candlepin_oauth_secret => Sensitive($candlepin_oauth_secret), } if $katello::params::meta_package != '' { @@ -75,7 +75,7 @@ db_port => $candlepin_db_port, db_name => $candlepin_db_name, db_user => $candlepin_db_user, - db_password => $candlepin_db_password, + db_password => if $candlepin_db_password { Sensitive($candlepin_db_password) } else { $candlepin_db_password }, db_ssl => $candlepin_db_ssl, db_ssl_verify => $candlepin_db_ssl_verify, db_ssl_ca => $candlepin_db_ssl_ca, diff --git a/manifests/params.pp b/manifests/params.pp index fca5666..a7d754e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -19,8 +19,8 @@ # @param postgresql_evr_package # The contextual package name for the PostgreSQL EVR extension class katello::params ( - String[1] $candlepin_oauth_key = $katello::globals::candlepin_oauth_key, - String[1] $candlepin_oauth_secret = $katello::globals::candlepin_oauth_secret, + Variant[Sensitive[String[1], String[1]]] $candlepin_oauth_key = $katello::globals::candlepin_oauth_key, + Variant[Sensitive[String[1], String[1]]] $candlepin_oauth_secret = $katello::globals::candlepin_oauth_secret, Stdlib::Host $candlepin_host = 'localhost', Stdlib::Port $candlepin_port = 23443, Stdlib::HTTPSUrl $candlepin_url = "https://${candlepin_host}:${candlepin_port}/candlepin",