Suppress key data value if sensitive (fixes #5695)

Signed-off-by: Stephen Hoekstra <shoekstra@schubergphilis.com>
author: Stephen Hoekstra <shoekstra@schubergphilis.com> 2018-02-14 21:31:16 +0100
committer: Stephen Hoekstra <shoekstra@schubergphilis.com> 2018-02-15 10:33:27 +0100
commit: fc70228d6950e023f938ec41cf6de69e8bddd08e (patch)
tree: d9e81485406d5f6d77bb0bd64eec8584d6c8dc05
parent: f9b72cfc75a2f90b6b7e71b6d78a82b1b09fd09b (diff)
download: chef-fc70228d6950e023f938ec41cf6de69e8bddd08e.tar.gz
1 files changed, 16 insertions, 4 deletions
diff --git a/lib/chef/provider/registry_key.rb b/lib/chef/provider/registry_key.rb
index f196154986..a4a0465e11 100644
--- a/lib/chef/provider/registry_key.rb
+++ b/lib/chef/provider/registry_key.rb
@@ -126,12 +126,18 @@ class Chef
               value[:data] = value[:data].to_i
             end
             unless current_value[:type] == value[:type] && current_value[:data] == value[:data]
-              converge_by("set value #{value}") do
+              converge_by_value = value
+              converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive
+
+              converge_by("set value #{converge_by_value}") do
                 registry.set_value(new_resource.key, value)
               end
             end
           else
-            converge_by("set value #{value}") do
+            converge_by_value = value
+            converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive
+
+            converge_by("set value #{converge_by_value}") do
               registry.set_value(new_resource.key, value)
             end
           end
@@ -146,7 +152,10 @@ class Chef
         end
         new_resource.unscrubbed_values.each do |value|
           unless @name_hash.has_key?(value[:name].downcase)
-            converge_by("create value #{value}") do
+            converge_by_value = value
+            converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive
+
+            converge_by("create value #{converge_by_value}") do
               registry.set_value(new_resource.key, value)
             end
           end
@@ -157,7 +166,10 @@ class Chef
         if registry.key_exists?(new_resource.key)
           new_resource.unscrubbed_values.each do |value|
             if @name_hash.has_key?(value[:name].downcase)
-              converge_by("delete value #{value}") do
+              converge_by_value = value
+              converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive
+
+              converge_by("delete value #{converge_by_value}") do
                 registry.delete_value(new_resource.key, value)
               end
             end
author	Stephen Hoekstra <shoekstra@schubergphilis.com>	2018-02-14 21:31:16 +0100
committer	Stephen Hoekstra <shoekstra@schubergphilis.com>	2018-02-15 10:33:27 +0100
commit	fc70228d6950e023f938ec41cf6de69e8bddd08e (patch)
tree	d9e81485406d5f6d77bb0bd64eec8584d6c8dc05
parent	f9b72cfc75a2f90b6b7e71b6d78a82b1b09fd09b (diff)
download	chef-fc70228d6950e023f938ec41cf6de69e8bddd08e.tar.gz