From a810ca2b4ef29eb166eb8f1041643a31262be49c Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Fri, 19 Aug 2022 11:27:04 +0900
Subject: [PATCH] Do not show diff of local_settings(.py)

... because the file contains a few sensitive values like SECRET_KEY.

Closes-Bug: #1987015
Change-Id: Ie96eb626148214270c5a3a041087fcc679c127ce
---
 manifests/init.pp                 | 11 ++++++-----
 spec/classes/horizon_init_spec.rb | 13 +++++++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 49b6376c..6bc95f0e 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -768,11 +768,12 @@ and usage of a quoted value is deprecated.')
   }
 
   concat { $::horizon::params::config_file:
-    mode    => '0640',
-    owner   => $::horizon::params::wsgi_user,
-    group   => $::horizon::params::wsgi_group,
-    require => Anchor['horizon::config::begin'],
-    tag     => ['django-config'],
+    mode      => '0640',
+    owner     => $::horizon::params::wsgi_user,
+    group     => $::horizon::params::wsgi_group,
+    show_diff => false,
+    require   => Anchor['horizon::config::begin'],
+    tag       => ['django-config'],
   }
 
   concat::fragment { 'local_settings.py':
diff --git a/spec/classes/horizon_init_spec.rb b/spec/classes/horizon_init_spec.rb
index e2614269..69795db3 100644
--- a/spec/classes/horizon_init_spec.rb
+++ b/spec/classes/horizon_init_spec.rb
@@ -39,6 +39,13 @@ describe 'horizon' do
           is_expected.to_not contain_concat(platforms_params[:config_file]).that_notifies('Exec[refresh_horizon_django_cache]')
           is_expected.to contain_concat(platforms_params[:config_file]).that_notifies('Exec[refresh_horizon_django_compress]')
         end
+
+        is_expected.to contain_concat(platforms_params[:config_file]).with(
+          :mode      => '0640',
+          :owner     => platforms_params[:wsgi_user],
+          :group     => platforms_params[:wsgi_group],
+          :show_diff => false
+        )
       }
 
       it 'configures apache' do
@@ -805,6 +812,8 @@ describe 'horizon' do
               :root_url         => '/horizon',
               :root_path        => '/var/lib/openstack-dashboard',
               :memcache_package => 'python3-memcache',
+              :wsgi_user        => 'horizon',
+              :wsgi_group       => 'horizon',
             }
           else
             { :config_file      => '/etc/openstack-dashboard/local_settings.py',
@@ -813,6 +822,8 @@ describe 'horizon' do
               :root_url         => '/horizon',
               :root_path        => '/var/lib/openstack-dashboard',
               :memcache_package => 'python3-memcache',
+              :wsgi_user        => 'horizon',
+              :wsgi_group       => 'horizon',
             }
           end
         when 'RedHat'
@@ -822,6 +833,8 @@ describe 'horizon' do
             :root_url         => '/dashboard',
             :root_path        => '/usr/share/openstack-dashboard',
             :memcache_package => 'python3-memcached',
+            :wsgi_user        => 'apache',
+            :wsgi_group       => 'apache',
           }
         end
       end