Set show_diff to false on certificates

Certificate should be considered secrets
and we should not output the diffs.

Also fixes up the testing to test all the
parameters set on the file resources.

Closes-Bug: 1804884
Change-Id: I0db84f4b9d97bf22d06478ded126a1f209c9b69a

manifests/certificates.pp

@@ -117,13 +117,14 @@ class octavia::certificates (
       tag    => 'octavia-certificate',
     })
     file { $ca_certificate:
-      ensure  => file,
+      ensure    => file,
-      content => $ca_certificate_data,
+      content   => $ca_certificate_data,
-      group   => $file_permission_owner,
+      group     => $file_permission_owner,
-      owner   => $file_permission_group,
+      owner     => $file_permission_group,
-      mode    => '0755',
+      mode      => '0755',
-      replace => true,
+      replace   => true,
-      tag     => 'octavia-certificate',
+      show_diff => false,
+      tag       => 'octavia-certificate',
     }
   }
   if $ca_private_key_data {
@@ -138,13 +139,14 @@ class octavia::certificates (
       tag    => 'octavia-certificate',
     })
     file { $ca_private_key:
-      ensure  => file,
+      ensure    => file,
-      content => $ca_private_key_data,
+      content   => $ca_private_key_data,
-      group   => $file_permission_owner,
+      group     => $file_permission_owner,
-      owner   => $file_permission_group,
+      owner     => $file_permission_group,
-      mode    => '0755',
+      mode      => '0755',
-      replace => true,
+      replace   => true,
-      tag     => 'octavia-certificate',
+      show_diff => false,
+      tag       => 'octavia-certificate',
     }
   }
   if $client_ca and $client_ca_data {
@@ -156,13 +158,14 @@ class octavia::certificates (
       tag    => 'octavia-certificate',
     })
     file { $client_ca:
-      ensure  => file,
+      ensure    => file,
-      content => $client_ca_data,
+      content   => $client_ca_data,
-      group   => $file_permission_owner,
+      group     => $file_permission_owner,
-      owner   => $file_permission_group,
+      owner     => $file_permission_group,
-      mode    => '0755',
+      mode      => '0755',
-      replace => true,
+      replace   => true,
-      tag     => 'octavia-certificate',
+      show_diff => false,
+      tag       => 'octavia-certificate',
     }
   }
   if $client_cert_data {
@@ -177,13 +180,14 @@ class octavia::certificates (
       tag    => 'octavia-certificate',
     })
     file { $client_cert:
-      ensure  => file,
+      ensure    => file,
-      content => $client_cert_data,
+      content   => $client_cert_data,
-      group   => $file_permission_owner,
+      group     => $file_permission_owner,
-      owner   => $file_permission_group,
+      owner     => $file_permission_group,
-      mode    => '0755',
+      mode      => '0755',
-      replace => true,
+      replace   => true,
-      tag     => 'octavia-certificate',
+      show_diff => false,
+      tag       => 'octavia-certificate',
     }
   }
 }

releasenotes/notes/certificate-no-diff-4e4d156963752b6d.yaml

@@ -0,0 +1,8 @@
+---
+security:
+  - |
+    Certificate changes no longer shows diffs in output.
+fixes:
+  - |
+    Fixed a bug where certificate changes would show the diffs.
+    Certificate are now considered secrets and not displayed.

spec/classes/octavia_certificates_spec.rb

@@ -77,37 +77,34 @@ describe 'octavia::certificates' do
 
       it 'populates certificate files' do
         is_expected.to contain_file('/etc/octavia/ca.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'on_my_authority_this_is_a_certificate',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
-          'tag'    => 'octavia-certificate',
+          'mode'      => '0755',
-        })
+          'replace'   => true,
-        is_expected.to contain_file('/etc/octavia/ca.pem').with({
+          'show_diff' => false,
-          'content' => 'on_my_authority_this_is_a_certificate',
+          'tag'       => 'octavia-certificate',
-          'tag'     => 'octavia-certificate',
         })
         is_expected.to contain_file('/etc/octavia/key.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'this_is_my_private_key_woot_woot',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
-          'tag'    => 'octavia-certificate',
+          'mode'      => '0755',
-        })
+          'replace'   => true,
-        is_expected.to contain_file('/etc/octavia/key.pem').with({
+          'show_diff' => false,
-          'content' => 'this_is_my_private_key_woot_woot',
+          'tag'       => 'octavia-certificate',
-          'tag'     => 'octavia-certificate',
         })
         is_expected.to contain_file('/etc/octavia/client.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'certainly_for_the_client',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
-          'tag'    => 'octavia-certificate',
+          'mode'      => '0755',
-        })
+          'replace'   => true,
-        is_expected.to contain_file('/etc/octavia/client.pem').with({
+          'show_diff' => false,
-          'content' => 'certainly_for_the_client',
+          'tag'       => 'octavia-certificate',
-          'tag'     => 'octavia-certificate',
         })
         is_expected.to contain_file('/etc/octavia').with({
           'ensure' => 'directory',
@@ -145,26 +142,35 @@ describe 'octavia::certificates' do
 
       it 'populates certificate files' do
         is_expected.to contain_file('/etc/octavia/ca.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'on_my_authority_this_is_a_certificate',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
+          'mode'      => '0755',
+          'replace'   => true,
+          'show_diff' => false,
+          'tag'       => 'octavia-certificate',
         })
-        is_expected.to contain_file('/etc/octavia/ca.pem').with_content('on_my_authority_this_is_a_certificate')
         is_expected.to contain_file('/etc/octavia1/key.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'this_is_my_private_key_woot_woot',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
+          'mode'      => '0755',
+          'replace'   => true,
+          'show_diff' => false,
+          'tag'       => 'octavia-certificate',
         })
-        is_expected.to contain_file('/etc/octavia1/key.pem').with_content('this_is_my_private_key_woot_woot')
         is_expected.to contain_file('/etc/octavia2/client.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'certainly_for_the_client',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
+          'mode'      => '0755',
+          'replace'   => true,
+          'show_diff' => false,
+          'tag'       => 'octavia-certificate',
         })
-        is_expected.to contain_file('/etc/octavia2/client.pem').with_content('certainly_for_the_client')
         is_expected.to contain_file('/etc/octavia').with({
           'ensure' => 'directory',
           'owner'  => 'octavia',
@@ -255,19 +261,25 @@ describe 'octavia::certificates' do
 
       it 'populates certificate files' do
         is_expected.to contain_file('/etc/octavia/ca.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'my_ca_certificate',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
+          'mode'      => '0755',
+          'replace'   => true,
+          'show_diff' => false,
+          'tag'       => 'octavia-certificate',
         })
-        is_expected.to contain_file('/etc/octavia/ca.pem').with_content('my_ca_certificate')
         is_expected.to contain_file('/etc/octavia/client_ca.pem').with({
-          'ensure' => 'file',
+          'ensure'    => 'file',
-          'owner'  => 'octavia',
+          'content'   => 'my_client_ca',
-          'group'  => 'octavia',
+          'owner'     => 'octavia',
-          'mode'   => '0755',
+          'group'     => 'octavia',
+          'mode'      => '0755',
+          'replace'   => true,
+          'show_diff' => false,
+          'tag'       => 'octavia-certificate',
         })
-        is_expected.to contain_file('/etc/octavia/client_ca.pem').with_content('my_client_ca')
         is_expected.to contain_file('/etc/octavia').with({
           'ensure' => 'directory',
           'owner'  => 'octavia',