diff options
author | Allen Goodman <allen@goodman.io> | 2013-11-15 13:09:58 -0800 |
---|---|---|
committer | Allen Goodman <allen@goodman.io> | 2013-11-15 13:09:58 -0800 |
commit | 91362e43e636c214fe279b9cad3e5e086cb6d72a (patch) | |
tree | efd3544dd174b9ec760d5dcfd7d414507c544589 | |
parent | ecbc917ac5496f3138b798332ea66f477c33f8ba (diff) | |
download | chef-91362e43e636c214fe279b9cad3e5e086cb6d72a.tar.gz |
If a resource is sensitive, it’s redacted from logs.
-rw-r--r-- | lib/chef/provider/file.rb | 8 | ||||
-rw-r--r-- | lib/chef/resource/file.rb | 9 | ||||
-rw-r--r-- | spec/functional/resource/file_spec.rb | 13 |
3 files changed, 28 insertions, 2 deletions
diff --git a/lib/chef/provider/file.rb b/lib/chef/provider/file.rb index e727aa9ec1..07073cb72e 100644 --- a/lib/chef/provider/file.rb +++ b/lib/chef/provider/file.rb @@ -345,7 +345,13 @@ class Chef diff.diff(@current_resource.path, tempfile.path) @new_resource.diff( diff.for_reporting ) unless file_created? description = [ "update content in file #{@new_resource.path} from #{short_cksum(@current_resource.checksum)} to #{short_cksum(checksum(tempfile.path))}" ] - description << diff.for_output + + if @new_resource.sensitive + Chef::Log.info("redacted sensitive resource: #{@new_resource}") + else + description << diff.for_output + end + converge_by(description) do update_file_contents end diff --git a/lib/chef/resource/file.rb b/lib/chef/resource/file.rb index 676cbf200a..3db88dcda0 100644 --- a/lib/chef/resource/file.rb +++ b/lib/chef/resource/file.rb @@ -52,9 +52,9 @@ class Chef @force_unlink = false @manage_symlink_source = nil @diff = nil + @sensitive = false end - def content(arg=nil) set_or_return( :content, @@ -119,6 +119,13 @@ class Chef ) end + def sensitive(arg=nil) + set_or_return( + :sensitive, + arg, + :kind_of => [ TrueClass, FalseClass ] + ) + end end end end diff --git a/spec/functional/resource/file_spec.rb b/spec/functional/resource/file_spec.rb index f688bae434..2a1f2ea1de 100644 --- a/spec/functional/resource/file_spec.rb +++ b/spec/functional/resource/file_spec.rb @@ -116,4 +116,17 @@ describe Chef::Resource::File do end end + describe '.sensitive' do + context 'sensitive' do + before { current_resource.sensitive(true) } + + it { expect(current_resource.sensitive).to(be_true) } + end + + context 'insensitive' do + before { current_resource.sensitive(false) } + + it { expect(current_resource.sensitive).to(be_false) } + end + end end |