diff options
-rw-r--r-- | Gemfile.lock | 10 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | acceptance/.shared/kitchen_acceptance/.kitchen.ec2.yml | 1 | ||||
-rw-r--r-- | chef-config/lib/chef-config/version.rb | 2 | ||||
-rw-r--r-- | lib/chef/mixin/properties.rb | 3 | ||||
-rw-r--r-- | lib/chef/property.rb | 13 | ||||
-rw-r--r-- | lib/chef/resource.rb | 2 | ||||
-rw-r--r-- | lib/chef/version.rb | 2 | ||||
-rw-r--r-- | spec/unit/resource_spec.rb | 20 |
9 files changed, 44 insertions, 11 deletions
diff --git a/Gemfile.lock b/Gemfile.lock index 8a8f4e0c51..857f0b356b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -27,10 +27,10 @@ GIT PATH remote: . specs: - chef (12.14.32) + chef (12.14.34) addressable bundler (>= 1.10) - chef-config (= 12.14.32) + chef-config (= 12.14.34) chef-zero (>= 4.8) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) @@ -56,10 +56,10 @@ PATH specinfra (~> 2.10) syslog-logger (~> 1.6) uuidtools (~> 2.1.5) - chef (12.14.32-universal-mingw32) + chef (12.14.34-universal-mingw32) addressable bundler (>= 1.10) - chef-config (= 12.14.32) + chef-config (= 12.14.34) chef-zero (>= 4.8) diff-lcs (~> 1.2, >= 1.2.4) erubis (~> 2.7) @@ -100,7 +100,7 @@ PATH PATH remote: chef-config specs: - chef-config (12.14.32) + chef-config (12.14.34) addressable fuzzyurl mixlib-config (~> 2.0) @@ -1 +1 @@ -12.14.32
\ No newline at end of file +12.14.34
\ No newline at end of file diff --git a/acceptance/.shared/kitchen_acceptance/.kitchen.ec2.yml b/acceptance/.shared/kitchen_acceptance/.kitchen.ec2.yml index dfe3d888a0..209b7fa979 100644 --- a/acceptance/.shared/kitchen_acceptance/.kitchen.ec2.yml +++ b/acceptance/.shared/kitchen_acceptance/.kitchen.ec2.yml @@ -14,7 +14,6 @@ driver: aws_ssh_key_id: <%= ENV['AWS_SSH_KEY_ID'] || ENV['USER'] || ENV['USERNAME'] %> # test-specific stuff region: us-west-2 - availability_zone: a subnet_id: subnet-19ac017c security_group_ids: ["sg-e401eb83", "sg-96274af3"] instance_type: m3.large diff --git a/chef-config/lib/chef-config/version.rb b/chef-config/lib/chef-config/version.rb index 4106a18ed5..1faeee4832 100644 --- a/chef-config/lib/chef-config/version.rb +++ b/chef-config/lib/chef-config/version.rb @@ -21,7 +21,7 @@ module ChefConfig CHEFCONFIG_ROOT = File.expand_path("../..", __FILE__) - VERSION = "12.14.32" + VERSION = "12.14.34" end # diff --git a/lib/chef/mixin/properties.rb b/lib/chef/mixin/properties.rb index ae2406f1ae..8ff2cc4501 100644 --- a/lib/chef/mixin/properties.rb +++ b/lib/chef/mixin/properties.rb @@ -79,6 +79,9 @@ class Chef # part of desired state. Defaults to `true`. # @option options [Boolean] :identity `true` if this property # is part of object identity. Defaults to `false`. + # @option options [Boolean] :sensitive `true` if this property could + # contain sensitive information and whose value should be redacted + # in any resource reporting / auditing output. Defaults to `false`. # # @example Bare property # property :x diff --git a/lib/chef/property.rb b/lib/chef/property.rb index 3cb235b612..a357ba9ee3 100644 --- a/lib/chef/property.rb +++ b/lib/chef/property.rb @@ -230,13 +230,24 @@ class Chef end # + # Whether this property is sensitive or not. + # + # Defaults to false. + # + # @return [Boolean] + # + def sensitive? + options.fetch(:sensitive, false) + end + + # # Validation options. (See Chef::Mixin::ParamsValidate#validate.) # # @return [Hash<Symbol,Object>] # def validation_options @validation_options ||= options.reject do |k, v| - [:declared_in, :name, :instance_variable_name, :desired_state, :identity, :default, :name_property, :coerce, :required, :nillable].include?(k) + [:declared_in, :name, :instance_variable_name, :desired_state, :identity, :default, :name_property, :coerce, :required, :nillable, :sensitive].include?(k) end end diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb index 0de5c89475..d11fa1c80c 100644 --- a/lib/chef/resource.rb +++ b/lib/chef/resource.rb @@ -497,7 +497,7 @@ class Chef state_properties = self.class.state_properties state_properties.each do |property| if property.identity? || property.is_set?(self) - state[property.name] = send(property.name) + state[property.name] = property.sensitive? ? "*sensitive value suppressed*" : send(property.name) end end state diff --git a/lib/chef/version.rb b/lib/chef/version.rb index f100864335..b7c9239213 100644 --- a/lib/chef/version.rb +++ b/lib/chef/version.rb @@ -21,7 +21,7 @@ class Chef CHEF_ROOT = File.expand_path("../..", __FILE__) - VERSION = "12.14.32" + VERSION = "12.14.34" end # diff --git a/spec/unit/resource_spec.rb b/spec/unit/resource_spec.rb index e35203c78a..68fc675b37 100644 --- a/spec/unit/resource_spec.rb +++ b/spec/unit/resource_spec.rb @@ -169,6 +169,26 @@ describe Chef::Resource do end end + describe "#state_for_resource_reporter" do + context "when a property is marked as sensitive" do + it "suppresses the sensitive property's value" do + resource_class = Class.new(Chef::Resource) { property :foo, String, sensitive: true } + resource = resource_class.new("sensitive_property_tests") + resource.foo = "some value" + expect(resource.state_for_resource_reporter[:foo]).to eq("*sensitive value suppressed*") + end + end + + context "when a property is not marked as sensitive" do + it "does not suppress the property's value" do + resource_class = Class.new(Chef::Resource) { property :foo, String } + resource = resource_class.new("sensitive_property_tests") + resource.foo = "some value" + expect(resource.state_for_resource_reporter[:foo]).to eq("some value") + end + end + end + describe "load_from" do let(:prior_resource) do prior_resource = Chef::Resource.new("funk") |