diff options
| author | blabade <107531905+blabade@users.noreply.github.com> | 2022-07-07 19:44:07 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-07 19:44:07 +0530 |
| commit | 416704635ddddb61618184cfb5860b5859357711 (patch) | |
| tree | 2618dd1eb19400146eb317bdbf3b1ab00115d9f8 | |
| parent | 8ec9f0cbd5a092c2ca8a9630e9d577042c74285b (diff) | |
| parent | 8c139ab355803a3487f91cd89121a57731a5f3e6 (diff) | |
| download | chef-416704635ddddb61618184cfb5860b5859357711.tar.gz | |
Merge pull request #13014 from chef/fix_desired_state_issue
Fixed sensitive properties unsuppressed content issue
| -rw-r--r-- | lib/chef/mixin/properties.rb | 6 | ||||
| -rw-r--r-- | lib/chef/resource.rb | 2 | ||||
| -rw-r--r-- | spec/unit/resource_spec.rb | 22 |
3 files changed, 28 insertions, 2 deletions
diff --git a/lib/chef/mixin/properties.rb b/lib/chef/mixin/properties.rb index c42e3889b0..4e00a09002 100644 --- a/lib/chef/mixin/properties.rb +++ b/lib/chef/mixin/properties.rb @@ -274,6 +274,12 @@ class Chef result end + # This method returns list of sensitive properties + # @return [Array<Property>] All sensitive properties. + def sensitive_properties + properties.values.empty? ? [] : properties.values.select(&:sensitive?) + end + # Returns the name of the name property. Returns nil if there is no name property. # # @return [Symbol] the name property for this resource diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb index d6c5fe7cdf..c9776fe346 100644 --- a/lib/chef/resource.rb +++ b/lib/chef/resource.rb @@ -660,8 +660,8 @@ class Chef text << "#{resource_name}(\"#{name}\") do\n" all_props = {} - self.class.state_properties.map do |p| + self.class.sensitive_properties.map do |p| all_props[p.name.to_s] = p.sensitive? ? '"*sensitive value suppressed*"' : value_to_text(p.get(self)) rescue Chef::Exceptions::ValidationFailed # This space left intentionally blank, the property was probably required or had an invalid default. diff --git a/spec/unit/resource_spec.rb b/spec/unit/resource_spec.rb index f0a624d5db..db355d44fa 100644 --- a/spec/unit/resource_spec.rb +++ b/spec/unit/resource_spec.rb @@ -371,6 +371,9 @@ describe Chef::Resource do end describe "to_text" do + + let(:sensitive_property_masked_value) { "sensitive value suppressed" } + it "prints nice message" do resource_class = Class.new(Chef::Resource) { property :foo, String } resource = resource_class.new("sensitive_property_tests") @@ -383,7 +386,24 @@ describe Chef::Resource do resource_class = Class.new(Chef::Resource) { property :foo, String, sensitive: true } resource = resource_class.new("sensitive_property_tests") resource.foo = "some value" - expect(resource.to_text).to match(/foo "\*sensitive value suppressed\*"/) + expect(resource.to_text).to match(/foo "\*#{sensitive_property_masked_value}\*"/) + end + it "suppresses that properties value irrespective of desired state (false) " do + resource_class = Class.new(Chef::Resource) { + property :suppressed_content, String, sensitive: true, desired_state: false + } + resource = resource_class.new("desired_state_property_tests") + resource.suppressed_content = "some value" + expect(resource.to_text).to match(/suppressed_content "\*#{sensitive_property_masked_value}\*"/) + end + + it "suppresses that properties value irrespective of desired state (true) " do + resource_class = Class.new(Chef::Resource) { + property :desired_state_content, String, sensitive: true, desired_state: true + } + resource = resource_class.new("desired_state_property_tests") + resource.desired_state_content = "some value" + expect(resource.to_text).to match(/desired_state_content "\*#{sensitive_property_masked_value}\*"/) end end |