Set show_diff to false for Nova SSH private key

The private key is currently being leaked into the diff output. Change-Id: I94170f76257c77d1eabeeb3d373c05c50413c53d (cherry picked from commit 75fbe61987)
2024-04-08 11:42:58 +02:00 · 2024-04-08 11:42:58 +02:00 · 90af39c480
parent 3d7de53fc4
commit 90af39c480
2 changed files with 12 additions and 10 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -553,11 +553,12 @@ but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa, ssh-ed25519.")
      }

      file { $nova_private_key_file:
-        content => $nova_private_key[key],
-        mode    => '0600',
-        owner   => $::nova::params::user,
-        group   => $::nova::params::group,
-        require => File['/var/lib/nova/.ssh'],
+        content   => $nova_private_key[key],
+        mode      => '0600',
+        owner     => $::nova::params::user,
+        group     => $::nova::params::group,
+        show_diff => false,
+        require   => File['/var/lib/nova/.ssh'],
      }
    }
  }
--- a/spec/classes/nova_init_spec.rb
+++ b/spec/classes/nova_init_spec.rb
@ -355,10 +355,11 @@ describe 'nova' do

        it 'should install ssh private key' do
          is_expected.to contain_file("/var/lib/nova/.ssh/#{keyname}").with(
-            :content => 'keydata',
-            :mode    => '0600',
-            :owner   => 'nova',
-            :group   => 'nova',
+            :content   => 'keydata',
+            :mode      => '0600',
+            :owner     => 'nova',
+            :group     => 'nova',
+            :show_diff => false,
          )
        end
      end
@ -374,7 +375,7 @@ describe 'nova' do
      it 'should raise an error' do
        expect {
          is_expected.to contain_file('/var/lib/nova/.ssh/id_rsa').with(
-            :content => 'keydata'
+            :content => 'keydata',
          )
        }.to raise_error Puppet::Error, /You must provide both a key type and key data./
      end