diff options
author | Stephen Hoekstra <shoekstra@schubergphilis.com> | 2018-02-14 21:31:16 +0100 |
---|---|---|
committer | Stephen Hoekstra <shoekstra@schubergphilis.com> | 2018-02-15 10:33:27 +0100 |
commit | fc70228d6950e023f938ec41cf6de69e8bddd08e (patch) | |
tree | d9e81485406d5f6d77bb0bd64eec8584d6c8dc05 | |
parent | f9b72cfc75a2f90b6b7e71b6d78a82b1b09fd09b (diff) | |
download | chef-fc70228d6950e023f938ec41cf6de69e8bddd08e.tar.gz |
Suppress key data value if sensitive (fixes #5695)
Signed-off-by: Stephen Hoekstra <shoekstra@schubergphilis.com>
-rw-r--r-- | lib/chef/provider/registry_key.rb | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/lib/chef/provider/registry_key.rb b/lib/chef/provider/registry_key.rb index f196154986..a4a0465e11 100644 --- a/lib/chef/provider/registry_key.rb +++ b/lib/chef/provider/registry_key.rb @@ -126,12 +126,18 @@ class Chef value[:data] = value[:data].to_i end unless current_value[:type] == value[:type] && current_value[:data] == value[:data] - converge_by("set value #{value}") do + converge_by_value = value + converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive + + converge_by("set value #{converge_by_value}") do registry.set_value(new_resource.key, value) end end else - converge_by("set value #{value}") do + converge_by_value = value + converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive + + converge_by("set value #{converge_by_value}") do registry.set_value(new_resource.key, value) end end @@ -146,7 +152,10 @@ class Chef end new_resource.unscrubbed_values.each do |value| unless @name_hash.has_key?(value[:name].downcase) - converge_by("create value #{value}") do + converge_by_value = value + converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive + + converge_by("create value #{converge_by_value}") do registry.set_value(new_resource.key, value) end end @@ -157,7 +166,10 @@ class Chef if registry.key_exists?(new_resource.key) new_resource.unscrubbed_values.each do |value| if @name_hash.has_key?(value[:name].downcase) - converge_by("delete value #{value}") do + converge_by_value = value + converge_by_value[:data] = "*sensitive value suppressed*" if new_resource.sensitive + + converge_by("delete value #{converge_by_value}") do registry.delete_value(new_resource.key, value) end end |