Fixes #35944 - Hide content of autosign script.

The content may contain sensitive information about your signing policies. This script might not qualify as `sensitive` but it probably is something to protect.
theforeman · Jan 13, 2023 · e827a21 · e827a21
1 parent d1e6b34
commit e827a21
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -203,12 +203,13 @@
       $autosign_content = undef
     }
     file { $puppet::server::autosign:
-      ensure  => file,
-      owner   => $puppet::server::user,
-      group   => $puppet::server::group,
-      mode    => $puppet::server::autosign_mode,
-      content => $autosign_content,
-      source  => $puppet::server::autosign_source,
+      ensure    => file,
+      owner     => $puppet::server::user,
+      group     => $puppet::server::group,
+      mode      => $puppet::server::autosign_mode,
+      content   => $autosign_content,
+      source    => $puppet::server::autosign_source,
+      show_diff => false,
     }
   }
 

diff --git a/spec/classes/puppet_server_spec.rb b/spec/classes/puppet_server_spec.rb
@@ -147,7 +147,7 @@
         it { should_not contain_puppet__config__agent('http_read_timeout') }
         it { should_not contain_file("#{confdir}/custom_trusted_oid_mapping.yaml") }
 
-        it { should contain_file("#{confdir}/autosign.conf") }
+        it { should contain_file("#{confdir}/autosign.conf").with_show_diff(false) }
         it { should_not contain_file("#{confdir}/autosign.conf").with_content(/# Managed by Puppet/) }
         it { should_not contain_file("#{confdir}/autosign.conf").with_content(/foo.bar/) }