diff options
| author | Tim Smith <tsmith@chef.io> | 2018-10-30 11:23:26 -0700 |
|---|---|---|
| committer | Tim Smith <tsmith@chef.io> | 2018-10-30 11:33:51 -0700 |
| commit | da68dbfea3c984403e847db7ab7c7012c71b932b (patch) | |
| tree | c13573335caafcf15b164697266c17bf7f32818f | |
| parent | bef217971129d6da7db701868fda4a9cd47441ba (diff) | |
| download | chef-da68dbfea3c984403e847db7ab7c7012c71b932b.tar.gz | |
Auto mark windows_certificate as sensitive if a password is set
We're doing this same thing in the execute resource.
Signed-off-by: Tim Smith <tsmith@chef.io>
| -rw-r--r-- | lib/chef/resource/windows_certificate.rb | 6 | ||||
| -rw-r--r-- | lib/chef/resource/windows_share.rb | 6 | ||||
| -rw-r--r-- | spec/unit/resource/windows_certificate.rb | 5 |
3 files changed, 14 insertions, 3 deletions
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb index f97093cb47..9b0451e5d5 100644 --- a/lib/chef/resource/windows_certificate.rb +++ b/lib/chef/resource/windows_certificate.rb @@ -51,6 +51,11 @@ class Chef property :cert_path, String, description: "" + # lazy used to set default value of sensitive to true if password is set + property :sensitive, [ TrueClass, FalseClass ], + description: "Ensure that sensitive resource data is not logged by the chef-client.", + default: lazy { |r| r.pfx_password ? true : false }, skip_docs: true + action :create do description "Creates or updates a certificate." @@ -79,6 +84,7 @@ class Chef convert_boolean_return true code code_script only_if guard_script + sensitive if new_resource.sensitive end end diff --git a/lib/chef/resource/windows_share.rb b/lib/chef/resource/windows_share.rb index fd04b218b1..d1637b6410 100644 --- a/lib/chef/resource/windows_share.rb +++ b/lib/chef/resource/windows_share.rb @@ -47,17 +47,17 @@ class Chef # Specifies which accounts are granted full permission to access the share. Use a comma-separated list to specify multiple accounts. An account may not be specified more than once in the FullAccess, ChangeAccess, or ReadAccess parameter lists, but may be specified once in the FullAccess, ChangeAccess, or ReadAccess parameter list and once in the NoAccess parameter list. property :full_users, Array, - description: "The users that should have 'Full control' permissions on the share in domain\username format.", + description: "The users that should have 'Full control' permissions on the share in domain\\username format.", default: [], coerce: proc { |u| u.sort } # Specifies which users are granted modify permission to access the share property :change_users, Array, - description: "The users that should have 'modify' permission on the share in domain\username format".", + description: "The users that should have 'modify' permission on the share in domain\\username format.", default: [], coerce: proc { |u| u.sort } # Specifies which users are granted read permission to access the share. Multiple users can be specified by supplying a comma-separated list. property :read_users, Array, - description: "The users that should have 'read' permission on the share in domain\username format".", + description: "The users that should have 'read' permission on the share in domain\\username format.", default: [], coerce: proc { |u| u.sort } # Specifies the lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer. By default, new SMB shares are persistent, and non-temporary. diff --git a/spec/unit/resource/windows_certificate.rb b/spec/unit/resource/windows_certificate.rb index 704a33f4a4..4a60be6e87 100644 --- a/spec/unit/resource/windows_certificate.rb +++ b/spec/unit/resource/windows_certificate.rb @@ -38,4 +38,9 @@ describe Chef::Resource::WindowsCertificate do expect { resource.action :delete }.not_to raise_error expect { resource.action :verify }.not_to raise_error end + + it "sets sensitive to true if the pfx_password property is set" do + resource.pfx_password "foo" + expect(resource.sensitive).to be_truthy + end end |