From 5960920eac82010f0ab0a450b28394a2b3e6cb52 Mon Sep 17 00:00:00 2001
From: gustavo panizzo <gfa@zumbi.com.ar>
Date: Tue, 22 Dec 2020 17:19:02 +0100
Subject: [PATCH 1/2] Hide passwords from logs and output

---
 manifests/server/database.pp      | 5 +++--
 manifests/server/read_database.pp | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/manifests/server/database.pp b/manifests/server/database.pp
index 087f07b7..a12e234b 100644
--- a/manifests/server/database.pp
+++ b/manifests/server/database.pp
@@ -99,8 +99,9 @@
 
   if $database_password != undef and $manage_db_password {
     ini_setting { 'puppetdb_psdatabase_password':
-      setting => 'password',
-      value   => $database_password,
+      setting   => 'password',
+      value     => $database_password,
+      show_diff => false,
     }
   }
 
diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp
index b6155162..3fa5014d 100644
--- a/manifests/server/read_database.pp
+++ b/manifests/server/read_database.pp
@@ -93,8 +93,9 @@
 
     if $read_database_password != undef and $manage_db_password {
       ini_setting { 'puppetdb_read_database_password':
-        setting => 'password',
-        value   => $read_database_password,
+        setting   => 'password',
+        value     => $read_database_password,
+        show_diff => false,
       }
     }
 

From 959278824c380ef8e9edf8ae165ad4b5f92aa8dd Mon Sep 17 00:00:00 2001
From: Jeffrey Clark <jeffrey.clark@perforce.com>
Date: Sun, 5 May 2024 11:10:29 -0500
Subject: [PATCH 2/2] add new parameter to tests

---
 spec/unit/classes/server/database_ini_spec.rb      | 11 ++++++-----
 spec/unit/classes/server/read_database_ini_spec.rb | 11 ++++++-----
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb
index 4d6a5810..94d1b86f 100644
--- a/spec/unit/classes/server/database_ini_spec.rb
+++ b/spec/unit/classes/server/database_ini_spec.rb
@@ -38,11 +38,12 @@
       it {
         is_expected.to contain_ini_setting('puppetdb_psdatabase_password')
           .with(
-            'ensure'  => 'present',
-            'path'    => "#{pdbconfdir}/database.ini",
-            'section' => 'database',
-            'setting' => 'password',
-            'value'   => 'puppetdb',
+            'ensure'    => 'present',
+            'path'      => "#{pdbconfdir}/database.ini",
+            'section'   => 'database',
+            'setting'   => 'password',
+            'value'     => 'puppetdb',
+            'show_diff' => false,
           )
       }
       it {
diff --git a/spec/unit/classes/server/read_database_ini_spec.rb b/spec/unit/classes/server/read_database_ini_spec.rb
index a5f189f0..db48096c 100644
--- a/spec/unit/classes/server/read_database_ini_spec.rb
+++ b/spec/unit/classes/server/read_database_ini_spec.rb
@@ -38,11 +38,12 @@
     it {
       is_expected.to contain_ini_setting('puppetdb_read_database_password')
         .with(
-          'ensure'  => 'present',
-          'path'    => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini',
-          'section' => 'read-database',
-          'setting' => 'password',
-          'value'   => 'puppetdb-read',
+          'ensure'    => 'present',
+          'path'      => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini',
+          'section'   => 'read-database',
+          'setting'   => 'password',
+          'value'     => 'puppetdb-read',
+          'show_diff' => false,
         )
     }
     it {