From 8f728b395328ae1231ef026a8f6c1c06a0b880a9 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Wed, 15 Mar 2017 17:56:30 -0400
Subject: etcd: secure EtcdInitialClusterToken parameter

Secure EtcdInitialClusterToken parameter by:

* removing the default value.
* make it hidden.

Change-Id: I938af697f9faaadb9c9aeb950e9410db24b1b961
Depends-On: I6e30cce469736e84a3c483fafa29d542b8347ba9
Closes-Bug: #1673266
(cherry picked from commit 55d17ca118d27f16b57424774265f5b3db7b7b52)
---
 puppet/services/etcd.yaml                          | 2 +-
 releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml

diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml
index ec87a75a..d2a0e302 100644
--- a/puppet/services/etcd.yaml
+++ b/puppet/services/etcd.yaml
@@ -19,9 +19,9 @@ parameters:
                  via parameter_defaults in the resource registry.
     type: json
   EtcdInitialClusterToken:
-    default: 'etcd-tripleo'
     description: Initial cluster token for the etcd cluster during bootstrap.
     type: string
+    hidden: true
   MonitoringSubscriptionEtcd:
     default: 'overcloud-etcd'
     type: string
diff --git a/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml b/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml
new file mode 100644
index 00000000..da995949
--- /dev/null
+++ b/releasenotes/notes/etcdtoken-4c46bdfac940acda.yaml
@@ -0,0 +1,6 @@
+---
+security:
+  - |
+    Secure EtcdInitialClusterToken by removing the default value
+    and make the parameter hidden.
+    Fixes `bug 1673266 <https://bugs.launchpad.net/tripleo/+bug/1673266>`__.
-- 
cgit 1.2.3-korg