Skip to content

Commit e827a21

Browse files
jcpunkjcpunk
committed
Fixes #35944 - Hide content of autosign script.
The content may contain sensitive information about your signing policies. This script might not qualify as `sensitive` but it probably is something to protect.
1 parent d1e6b34 commit e827a21

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

manifests/server/config.pp

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -203,12 +203,13 @@
203203
$autosign_content = undef
204204
}
205205
file { $puppet::server::autosign:
206-
ensure => file,
207-
owner => $puppet::server::user,
208-
group => $puppet::server::group,
209-
mode => $puppet::server::autosign_mode,
210-
content => $autosign_content,
211-
source => $puppet::server::autosign_source,
206+
ensure => file,
207+
owner => $puppet::server::user,
208+
group => $puppet::server::group,
209+
mode => $puppet::server::autosign_mode,
210+
content => $autosign_content,
211+
source => $puppet::server::autosign_source,
212+
show_diff => false,
212213
}
213214
}
214215

spec/classes/puppet_server_spec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@
147147
it { should_not contain_puppet__config__agent('http_read_timeout') }
148148
it { should_not contain_file("#{confdir}/custom_trusted_oid_mapping.yaml") }
149149

150-
it { should contain_file("#{confdir}/autosign.conf") }
150+
it { should contain_file("#{confdir}/autosign.conf").with_show_diff(false) }
151151
it { should_not contain_file("#{confdir}/autosign.conf").with_content(/# Managed by Puppet/) }
152152
it { should_not contain_file("#{confdir}/autosign.conf").with_content(/foo.bar/) }
153153

0 commit comments

Comments
 (0)