diff options
| author | Adam Leff <adam@leff.co> | 2016-08-09 23:56:06 -0400 |
|---|---|---|
| committer | Adam Leff <adam@leff.co> | 2016-08-25 10:28:16 -0400 |
| commit | 3baa2c1abc07a21acf9dd1430d4b97700c2835a1 (patch) | |
| tree | 0cdd3b2c6bd35e5a2135bf6aaedb2adb2e820f20 /lib/chef/mixin | |
| parent | dd3ba2a80cbc5dd991800f1529240c7d9e6cc94c (diff) | |
| download | chef-3baa2c1abc07a21acf9dd1430d4b97700c2835a1.tar.gz | |
Allow flagging a resource property as sensitiveadamleff/sensitive-properties
Some properties in custom resources may include sensitive data, such as a
password for a database server. When the Resource's state is built for use by
Data Collector or similar auditing tool, `Chef::Resource#state_for_resource_reporter`
builds a hash of all state properties for that resource and their values. This
leads to sensitive data being transmitted and potentially stored in the clear.
This change enhances properties with the ability to set an individual property
as sensitive and then have the value of that property suppressed when exporting
the Resource's state.
Diffstat (limited to 'lib/chef/mixin')
| -rw-r--r-- | lib/chef/mixin/properties.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/chef/mixin/properties.rb b/lib/chef/mixin/properties.rb index ae2406f1ae..8ff2cc4501 100644 --- a/lib/chef/mixin/properties.rb +++ b/lib/chef/mixin/properties.rb @@ -79,6 +79,9 @@ class Chef # part of desired state. Defaults to `true`. # @option options [Boolean] :identity `true` if this property # is part of object identity. Defaults to `false`. + # @option options [Boolean] :sensitive `true` if this property could + # contain sensitive information and whose value should be redacted + # in any resource reporting / auditing output. Defaults to `false`. # # @example Bare property # property :x |