diff options
| author | Tom Duffield <tom@chef.io> | 2017-02-10 15:25:50 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-10 15:25:50 -0600 |
| commit | 0ae7acabf284c0378f476c540e02161e09524989 (patch) | |
| tree | 63d5dd291b9835da0a22b547c3e4bdf0e99977e1 | |
| parent | 963acf8094a67a26373311039c139daac0f0a8b4 (diff) | |
| parent | 9a22ebad6a82c703a012721c19f7a5e9ffffc344 (diff) | |
| download | chef-0ae7acabf284c0378f476c540e02161e09524989.tar.gz | |
Merge pull request #5803 from chef/tduffield/suppress-sensitive-properties
Suppress sensitive properties from resource log and reporting output
| -rw-r--r-- | lib/chef/resource.rb | 21 | ||||
| -rw-r--r-- | spec/unit/resource_spec.rb | 18 |
2 files changed, 35 insertions, 4 deletions
diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb index 36538b6e7a..0335b6f903 100644 --- a/lib/chef/resource.rb +++ b/lib/chef/resource.rb @@ -667,21 +667,34 @@ class Chef def to_text return "suppressed sensitive resource output" if sensitive - ivars = instance_variables.map { |ivar| ivar.to_sym } - HIDDEN_IVARS text = "# Declared in #{@source_line}\n\n" text << "#{resource_name}(\"#{name}\") do\n" + + all_props = {} + self.class.state_properties.map do |p| + all_props[p.name.to_s] = p.sensitive? ? '"*sensitive value suppressed*"' : value_to_text(p.get(self)) + end + + ivars = instance_variables.map { |ivar| ivar.to_sym } - HIDDEN_IVARS ivars.each do |ivar| - if (value = instance_variable_get(ivar)) && !(value.respond_to?(:empty?) && value.empty?) - value_string = value.respond_to?(:to_text) ? value.to_text : value.inspect - text << " #{ivar.to_s.sub(/^@/, '')} #{value_string}\n" + iv = ivar.to_s.sub(/^@/, "") + if all_props.keys.include?(iv) + text << " #{iv} #{all_props[iv]}\n" + elsif (value = instance_variable_get(ivar)) && !(value.respond_to?(:empty?) && value.empty?) + text << " #{iv} #{value_to_text(value)}\n" end end + [@not_if, @only_if].flatten.each do |conditional| text << " #{conditional.to_text}\n" end text << "end\n" end + def value_to_text(value) + value.respond_to?(:to_text) ? value.to_text : value.inspect + end + def inspect ivars = instance_variables.map { |ivar| ivar.to_sym } - FORBIDDEN_IVARS ivars.inject("<#{self}") do |str, ivar| diff --git a/spec/unit/resource_spec.rb b/spec/unit/resource_spec.rb index fbe4544c19..2f75ba0241 100644 --- a/spec/unit/resource_spec.rb +++ b/spec/unit/resource_spec.rb @@ -354,6 +354,24 @@ describe Chef::Resource do end end + describe "to_text" do + it "prints nice message" do + resource_class = Class.new(Chef::Resource) { property :foo, String } + resource = resource_class.new("sensitive_property_tests") + resource.foo = "some value" + expect(resource.to_text).to match(/foo "some value"/) + end + + context "when property is sensitive" do + it "supresses that properties value" do + resource_class = Class.new(Chef::Resource) { property :foo, String, sensitive: true } + resource = resource_class.new("sensitive_property_tests") + resource.foo = "some value" + expect(resource.to_text).to match(/foo "\*sensitive value suppressed\*"/) + end + end + end + describe "self.resource_name" do context "When resource_name is not set" do it "and there are no provides lines, resource_name is nil" do |