Allow flagging a resource property as sensitiveadamleff/sensitive-properties

Some properties in custom resources may include sensitive data, such as a password for a database server. When the Resource's state is built for use by Data Collector or similar auditing tool, `Chef::Resource#state_for_resource_reporter` builds a hash of all state properties for that resource and their values. This leads to sensitive data being transmitted and potentially stored in the clear. This change enhances properties with the ability to set an individual property as sensitive and then have the value of that property suppressed when exporting the Resource's state.
author: Adam Leff <adam@leff.co> 2016-08-09 23:56:06 -0400
committer: Adam Leff <adam@leff.co> 2016-08-25 10:28:16 -0400
commit: 3baa2c1abc07a21acf9dd1430d4b97700c2835a1 (patch)
tree: 0cdd3b2c6bd35e5a2135bf6aaedb2adb2e820f20 /lib/chef/resource.rb
parent: dd3ba2a80cbc5dd991800f1529240c7d9e6cc94c (diff)
download: chef-3baa2c1abc07a21acf9dd1430d4b97700c2835a1.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb
index 0de5c89475..d11fa1c80c 100644
--- a/lib/chef/resource.rb
+++ b/lib/chef/resource.rb
@@ -497,7 +497,7 @@ class Chef
       state_properties = self.class.state_properties
       state_properties.each do |property|
         if property.identity? || property.is_set?(self)
-          state[property.name] = send(property.name)
+          state[property.name] = property.sensitive? ? "*sensitive value suppressed*" : send(property.name)
         end
       end
       state
author	Adam Leff <adam@leff.co>	2016-08-09 23:56:06 -0400
committer	Adam Leff <adam@leff.co>	2016-08-25 10:28:16 -0400
commit	3baa2c1abc07a21acf9dd1430d4b97700c2835a1 (patch)
tree	0cdd3b2c6bd35e5a2135bf6aaedb2adb2e820f20 /lib/chef/resource.rb
parent	dd3ba2a80cbc5dd991800f1529240c7d9e6cc94c (diff)
download	chef-3baa2c1abc07a21acf9dd1430d4b97700c2835a1.tar.gz