-
-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to disable output of config diff #403
Conversation
93571a2
to
d5ddc36
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I wonder if these new parameters are required after all, and if we really want this to be optional if it should rather default to false
.
I sure can default the |
Would you like me to add the |
@smortex I’ve stumble over this today, is there anything else I could do to make the change to get merged? |
@teluq-pbrideau Please rebase with out master branch and it can be merged afterwards |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As requested by @root-expert, can you please rebase your changes on top of the main branch?
From your working directory:
git fetch origin # Download the latest code we have here
git rebase origin/master # Move your commits on top of the main branch
git push -f # Send the changes (-f is required because we re-wrote history)
@@ -114,6 +115,7 @@ | |||
Optional[Hash] $ci_unicorn = undef, | |||
Boolean $config_manage = true, | |||
Stdlib::Absolutepath $config_file = '/etc/gitlab/gitlab.rb', | |||
Boolean $config_show_diff = false, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I can tell, the previous code did show the diff so if we want to be backward compatible, this should default to true?
Also, when we switch to epp templates, this setting would be useless if I recall correctly because in this case the diff is not shown when it contains sensitive data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I can tell, the previous code did show the diff so if we want to be backward compatible, this should default to true?
That is also what I thought previously, and was then asked to put a secure default value. But any value is OK for me, i’ll set the one you want!
Also, when we switch to epp templates, this setting would be useless if I recall correctly because in this case the diff is not shown when it contains sensitive data.
As said in the PR description, I first tried to convert to an epp
template without success. As it was more than 3 month ago, I do not remember why exactly… But you are right, once the template is converted to epp
, the strings marked as Sensitive()
will be obfuscated.
fix: static validation
test: fix spec linter
e7a1b26
to
966efd5
Compare
Closing as it seems this is not wanted |
Pull Request (PR) description
I configure my authentication through
azure_activedirectory_v2
, and I don’t want myclient_secret
to be displayed in clear in the puppet logs.Converting the
gitlab.rb.erb
to.epp
so it supports thesensitive
type would probably be cleaner, but I did not have success with it. So this PR add option to disable output of the diff for sensitive informationI’ve included the option to also affect the file containing
$pgbouncer_password
, as it is sensitive information. Is it is already aepp
template, it could supportsensitive
type, but as I did not convert to thesensitive
type elsewhere, it seemed simpler this way.Feel free to comment if I missed anything.
This Pull Request (PR) fixes the following issues
Fixes #363