diff options
author | Adam Leff <adam@leff.co> | 2016-08-09 23:56:06 -0400 |
---|---|---|
committer | Adam Leff <adam@leff.co> | 2016-08-25 10:28:16 -0400 |
commit | 3baa2c1abc07a21acf9dd1430d4b97700c2835a1 (patch) | |
tree | 0cdd3b2c6bd35e5a2135bf6aaedb2adb2e820f20 /lib/chef/property.rb | |
parent | dd3ba2a80cbc5dd991800f1529240c7d9e6cc94c (diff) | |
download | chef-3baa2c1abc07a21acf9dd1430d4b97700c2835a1.tar.gz |
Allow flagging a resource property as sensitiveadamleff/sensitive-properties
Some properties in custom resources may include sensitive data, such as a
password for a database server. When the Resource's state is built for use by
Data Collector or similar auditing tool, `Chef::Resource#state_for_resource_reporter`
builds a hash of all state properties for that resource and their values. This
leads to sensitive data being transmitted and potentially stored in the clear.
This change enhances properties with the ability to set an individual property
as sensitive and then have the value of that property suppressed when exporting
the Resource's state.
Diffstat (limited to 'lib/chef/property.rb')
-rw-r--r-- | lib/chef/property.rb | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/chef/property.rb b/lib/chef/property.rb index 3cb235b612..a357ba9ee3 100644 --- a/lib/chef/property.rb +++ b/lib/chef/property.rb @@ -230,13 +230,24 @@ class Chef end # + # Whether this property is sensitive or not. + # + # Defaults to false. + # + # @return [Boolean] + # + def sensitive? + options.fetch(:sensitive, false) + end + + # # Validation options. (See Chef::Mixin::ParamsValidate#validate.) # # @return [Hash<Symbol,Object>] # def validation_options @validation_options ||= options.reject do |k, v| - [:declared_in, :name, :instance_variable_name, :desired_state, :identity, :default, :name_property, :coerce, :required, :nillable].include?(k) + [:declared_in, :name, :instance_variable_name, :desired_state, :identity, :default, :name_property, :coerce, :required, :nillable, :sensitive].include?(k) end end |