diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-11-24 10:14:18 -0800 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-11-24 10:14:18 -0800 |
commit | d6d79849e766669dff300cd39591ef2bffc2f225 (patch) | |
tree | 886651d0e78d233ebf9abe9fb95bc7ac9c9a7a1e | |
parent | 244f7a5e6312dabc5b4d071beb476783a6d4e99d (diff) | |
parent | 675634fa5c314ed00859ddf78bfc31428dde002d (diff) | |
download | chef-d6d79849e766669dff300cd39591ef2bffc2f225.tar.gz |
Merge pull request #4200 from chef/jdm/dont-print-pscred
Prevent inspect on PsCredential from printing out plain text password
-rw-r--r-- | lib/chef/resource/dsc_resource.rb | 22 | ||||
-rw-r--r-- | lib/chef/util/powershell/ps_credential.rb | 5 | ||||
-rw-r--r-- | spec/unit/util/powershell/ps_credential_spec.rb | 9 |
3 files changed, 30 insertions, 6 deletions
diff --git a/lib/chef/resource/dsc_resource.rb b/lib/chef/resource/dsc_resource.rb index b6167e76d0..1dcde8de96 100644 --- a/lib/chef/resource/dsc_resource.rb +++ b/lib/chef/resource/dsc_resource.rb @@ -20,16 +20,34 @@ require 'chef/dsl/powershell' class Chef
class Resource
class DscResource < Chef::Resource
-
provides :dsc_resource, os: "windows"
+ # This class will check if the object responds to
+ # to_text. If it does, it will call that as opposed
+ # to inspect. This is useful for properties that hold
+ # objects such as PsCredential, where we do not want
+ # to dump the actual ivars
+ class ToTextHash < Hash
+ def to_text
+ descriptions = self.map do |(property, obj)|
+ obj_text = if obj.respond_to?(:to_text)
+ obj.to_text
+ else
+ obj.inspect
+ end
+ "#{property}=>#{obj_text}"
+ end
+ "{#{descriptions.join(', ')}}"
+ end
+ end
+
include Chef::DSL::Powershell
default_action :run
def initialize(name, run_context)
super
- @properties = {}
+ @properties = ToTextHash.new
@resource = nil
@reboot_action = :nothing
end
diff --git a/lib/chef/util/powershell/ps_credential.rb b/lib/chef/util/powershell/ps_credential.rb index 3f4558a77c..2fc0650e5f 100644 --- a/lib/chef/util/powershell/ps_credential.rb +++ b/lib/chef/util/powershell/ps_credential.rb @@ -29,9 +29,8 @@ class Chef::Util::Powershell "New-Object System.Management.Automation.PSCredential('#{@username}',('#{encrypt(@password)}' | ConvertTo-SecureString))" end - def to_s - to_psobject - end + alias to_s to_psobject + alias to_text to_psobject private diff --git a/spec/unit/util/powershell/ps_credential_spec.rb b/spec/unit/util/powershell/ps_credential_spec.rb index bac58b02e5..668ec525c6 100644 --- a/spec/unit/util/powershell/ps_credential_spec.rb +++ b/spec/unit/util/powershell/ps_credential_spec.rb @@ -21,7 +21,7 @@ require 'chef/util/powershell/ps_credential' describe Chef::Util::Powershell::PSCredential do let (:username) { 'foo' } - let (:password) { 'password' } + let (:password) { 'ThIsIsThEpAsSwOrD' } context 'when username and password are provided' do let(:ps_credential) { Chef::Util::Powershell::PSCredential.new(username, password)} @@ -33,5 +33,12 @@ describe Chef::Util::Powershell::PSCredential do "'#{username}',('encrypted' | ConvertTo-SecureString))") end end + + context 'when to_text is called' do + it 'should not contain the password' do + allow(ps_credential).to receive(:encrypt).with(password).and_return('encrypted') + expect(ps_credential.to_text).not_to match(/#{password}/) + end + end end end |