If a resource is sensitive, it’s redacted from logs.

author: Allen Goodman <allen@goodman.io> 2013-11-15 13:09:58 -0800
committer: Allen Goodman <allen@goodman.io> 2013-11-15 13:09:58 -0800
commit: 91362e43e636c214fe279b9cad3e5e086cb6d72a (patch)
tree: efd3544dd174b9ec760d5dcfd7d414507c544589
parent: ecbc917ac5496f3138b798332ea66f477c33f8ba (diff)
download: chef-91362e43e636c214fe279b9cad3e5e086cb6d72a.tar.gz
3 files changed, 28 insertions, 2 deletions
diff --git a/lib/chef/provider/file.rb b/lib/chef/provider/file.rb
index e727aa9ec1..07073cb72e 100644
--- a/lib/chef/provider/file.rb
+++ b/lib/chef/provider/file.rb
@@ -345,7 +345,13 @@ class Chef
           diff.diff(@current_resource.path, tempfile.path)
           @new_resource.diff( diff.for_reporting ) unless file_created?
           description = [ "update content in file #{@new_resource.path} from #{short_cksum(@current_resource.checksum)} to #{short_cksum(checksum(tempfile.path))}" ]
-          description << diff.for_output
+          
+          if @new_resource.sensitive
+            Chef::Log.info("redacted sensitive resource: #{@new_resource}")
+          else
+            description << diff.for_output            
+          end
+
           converge_by(description) do
             update_file_contents
           end
diff --git a/lib/chef/resource/file.rb b/lib/chef/resource/file.rb
index 676cbf200a..3db88dcda0 100644
--- a/lib/chef/resource/file.rb
+++ b/lib/chef/resource/file.rb
@@ -52,9 +52,9 @@ class Chef
         @force_unlink = false
         @manage_symlink_source = nil
         @diff = nil
+        @sensitive = false
       end
 
-
       def content(arg=nil)
         set_or_return(
           :content,
@@ -119,6 +119,13 @@ class Chef
         )
       end
 
+      def sensitive(arg=nil)
+        set_or_return(
+          :sensitive,
+          arg,
+          :kind_of => [ TrueClass, FalseClass ]
+        )
+      end
     end
   end
 end
diff --git a/spec/functional/resource/file_spec.rb b/spec/functional/resource/file_spec.rb
index f688bae434..2a1f2ea1de 100644
--- a/spec/functional/resource/file_spec.rb
+++ b/spec/functional/resource/file_spec.rb
@@ -116,4 +116,17 @@ describe Chef::Resource::File do
     end
   end
 
+  describe '.sensitive' do
+    context 'sensitive' do
+      before { current_resource.sensitive(true) }
+
+      it { expect(current_resource.sensitive).to(be_true) }
+    end
+
+    context 'insensitive' do
+      before { current_resource.sensitive(false) }
+
+      it { expect(current_resource.sensitive).to(be_false) }
+    end
+  end
 end
author	Allen Goodman <allen@goodman.io>	2013-11-15 13:09:58 -0800
committer	Allen Goodman <allen@goodman.io>	2013-11-15 13:09:58 -0800
commit	91362e43e636c214fe279b9cad3e5e086cb6d72a (patch)
tree	efd3544dd174b9ec760d5dcfd7d414507c544589
parent	ecbc917ac5496f3138b798332ea66f477c33f8ba (diff)
download	chef-91362e43e636c214fe279b9cad3e5e086cb6d72a.tar.gz