summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJay Mundrawala <jdmundrawala@gmail.com>2015-11-24 10:14:18 -0800
committerJay Mundrawala <jdmundrawala@gmail.com>2015-11-24 10:14:18 -0800
commitd6d79849e766669dff300cd39591ef2bffc2f225 (patch)
tree886651d0e78d233ebf9abe9fb95bc7ac9c9a7a1e
parent244f7a5e6312dabc5b4d071beb476783a6d4e99d (diff)
parent675634fa5c314ed00859ddf78bfc31428dde002d (diff)
downloadchef-d6d79849e766669dff300cd39591ef2bffc2f225.tar.gz
Merge pull request #4200 from chef/jdm/dont-print-pscred
Prevent inspect on PsCredential from printing out plain text password
-rw-r--r--lib/chef/resource/dsc_resource.rb22
-rw-r--r--lib/chef/util/powershell/ps_credential.rb5
-rw-r--r--spec/unit/util/powershell/ps_credential_spec.rb9
3 files changed, 30 insertions, 6 deletions
diff --git a/lib/chef/resource/dsc_resource.rb b/lib/chef/resource/dsc_resource.rb
index b6167e76d0..1dcde8de96 100644
--- a/lib/chef/resource/dsc_resource.rb
+++ b/lib/chef/resource/dsc_resource.rb
@@ -20,16 +20,34 @@ require 'chef/dsl/powershell'
class Chef
class Resource
class DscResource < Chef::Resource
-
provides :dsc_resource, os: "windows"
+ # This class will check if the object responds to
+ # to_text. If it does, it will call that as opposed
+ # to inspect. This is useful for properties that hold
+ # objects such as PsCredential, where we do not want
+ # to dump the actual ivars
+ class ToTextHash < Hash
+ def to_text
+ descriptions = self.map do |(property, obj)|
+ obj_text = if obj.respond_to?(:to_text)
+ obj.to_text
+ else
+ obj.inspect
+ end
+ "#{property}=>#{obj_text}"
+ end
+ "{#{descriptions.join(', ')}}"
+ end
+ end
+
include Chef::DSL::Powershell
default_action :run
def initialize(name, run_context)
super
- @properties = {}
+ @properties = ToTextHash.new
@resource = nil
@reboot_action = :nothing
end
diff --git a/lib/chef/util/powershell/ps_credential.rb b/lib/chef/util/powershell/ps_credential.rb
index 3f4558a77c..2fc0650e5f 100644
--- a/lib/chef/util/powershell/ps_credential.rb
+++ b/lib/chef/util/powershell/ps_credential.rb
@@ -29,9 +29,8 @@ class Chef::Util::Powershell
"New-Object System.Management.Automation.PSCredential('#{@username}',('#{encrypt(@password)}' | ConvertTo-SecureString))"
end
- def to_s
- to_psobject
- end
+ alias to_s to_psobject
+ alias to_text to_psobject
private
diff --git a/spec/unit/util/powershell/ps_credential_spec.rb b/spec/unit/util/powershell/ps_credential_spec.rb
index bac58b02e5..668ec525c6 100644
--- a/spec/unit/util/powershell/ps_credential_spec.rb
+++ b/spec/unit/util/powershell/ps_credential_spec.rb
@@ -21,7 +21,7 @@ require 'chef/util/powershell/ps_credential'
describe Chef::Util::Powershell::PSCredential do
let (:username) { 'foo' }
- let (:password) { 'password' }
+ let (:password) { 'ThIsIsThEpAsSwOrD' }
context 'when username and password are provided' do
let(:ps_credential) { Chef::Util::Powershell::PSCredential.new(username, password)}
@@ -33,5 +33,12 @@ describe Chef::Util::Powershell::PSCredential do
"'#{username}',('encrypted' | ConvertTo-SecureString))")
end
end
+
+ context 'when to_text is called' do
+ it 'should not contain the password' do
+ allow(ps_credential).to receive(:encrypt).with(password).and_return('encrypted')
+ expect(ps_credential.to_text).not_to match(/#{password}/)
+ end
+ end
end
end