From e827a211d7b5faf6e92ff4493f46639de5bdfe46 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Tue, 10 Jan 2023 15:39:54 -0600 Subject: [PATCH] Fixes #35944 - Hide content of `autosign` script. The content may contain sensitive information about your signing policies. This script might not qualify as `sensitive` but it probably is something to protect. --- manifests/server/config.pp | 13 +++++++------ spec/classes/puppet_server_spec.rb | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 320ea4f6..f8886094 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -203,12 +203,13 @@ $autosign_content = undef } file { $puppet::server::autosign: - ensure => file, - owner => $puppet::server::user, - group => $puppet::server::group, - mode => $puppet::server::autosign_mode, - content => $autosign_content, - source => $puppet::server::autosign_source, + ensure => file, + owner => $puppet::server::user, + group => $puppet::server::group, + mode => $puppet::server::autosign_mode, + content => $autosign_content, + source => $puppet::server::autosign_source, + show_diff => false, } } diff --git a/spec/classes/puppet_server_spec.rb b/spec/classes/puppet_server_spec.rb index d56c3988..ccb59ec5 100644 --- a/spec/classes/puppet_server_spec.rb +++ b/spec/classes/puppet_server_spec.rb @@ -147,7 +147,7 @@ it { should_not contain_puppet__config__agent('http_read_timeout') } it { should_not contain_file("#{confdir}/custom_trusted_oid_mapping.yaml") } - it { should contain_file("#{confdir}/autosign.conf") } + it { should contain_file("#{confdir}/autosign.conf").with_show_diff(false) } it { should_not contain_file("#{confdir}/autosign.conf").with_content(/# Managed by Puppet/) } it { should_not contain_file("#{confdir}/autosign.conf").with_content(/foo.bar/) }