Merge pull request #103 from opscode-cookbooks/nls/sensitive-sasl

make password file resource sensitive
2015-05-04 11:43:48 -05:00 · 2015-05-04 11:43:48 -05:00 · d13ea38c2f
commit d13ea38c2f
parent aa1f845864 689345ac5c
2 changed files with 18 additions and 0 deletions
--- a/recipes/sasl_auth.rb
+++ b/recipes/sasl_auth.rb
@ -49,6 +49,7 @@ execute 'postmap-sasl_passwd' do
 end

 template node['postfix']['sasl_password_file'] do
+  sensitive true
  source 'sasl_passwd.erb'
  owner 'root'
  group node['root_group']
--- a/spec/sasl_auth_spec.rb
+++ b/spec/sasl_auth_spec.rb
@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe 'postfix::sasl_auth' do
+  let(:password_file) { '/etc/postfix/sasl_passwd' }
+
+  let(:chef_run) do
+    ChefSpec::Runner.new do |node|
+      node.default['postfix']['sasl_password_file'] = password_file
+    end.converge(described_recipe)
+  end
+
+  describe 'password file template' do
+    it 'does not display sensitive information' do
+      expect(chef_run).to create_template(password_file).with(sensitive: true)
+    end
+  end
+end