diff options
-rw-r--r-- | lib/chef/mixin/properties.rb | 6 | ||||
-rw-r--r-- | lib/chef/resource.rb | 2 | ||||
-rw-r--r-- | spec/unit/resource_spec.rb | 22 |
3 files changed, 28 insertions, 2 deletions
diff --git a/lib/chef/mixin/properties.rb b/lib/chef/mixin/properties.rb index c42e3889b0..4e00a09002 100644 --- a/lib/chef/mixin/properties.rb +++ b/lib/chef/mixin/properties.rb @@ -274,6 +274,12 @@ class Chef result end + # This method returns list of sensitive properties + # @return [Array<Property>] All sensitive properties. + def sensitive_properties + properties.values.empty? ? [] : properties.values.select(&:sensitive?) + end + # Returns the name of the name property. Returns nil if there is no name property. # # @return [Symbol] the name property for this resource diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb index d6c5fe7cdf..c9776fe346 100644 --- a/lib/chef/resource.rb +++ b/lib/chef/resource.rb @@ -660,8 +660,8 @@ class Chef text << "#{resource_name}(\"#{name}\") do\n" all_props = {} - self.class.state_properties.map do |p| + self.class.sensitive_properties.map do |p| all_props[p.name.to_s] = p.sensitive? ? '"*sensitive value suppressed*"' : value_to_text(p.get(self)) rescue Chef::Exceptions::ValidationFailed # This space left intentionally blank, the property was probably required or had an invalid default. diff --git a/spec/unit/resource_spec.rb b/spec/unit/resource_spec.rb index f0a624d5db..db355d44fa 100644 --- a/spec/unit/resource_spec.rb +++ b/spec/unit/resource_spec.rb @@ -371,6 +371,9 @@ describe Chef::Resource do end describe "to_text" do + + let(:sensitive_property_masked_value) { "sensitive value suppressed" } + it "prints nice message" do resource_class = Class.new(Chef::Resource) { property :foo, String } resource = resource_class.new("sensitive_property_tests") @@ -383,7 +386,24 @@ describe Chef::Resource do resource_class = Class.new(Chef::Resource) { property :foo, String, sensitive: true } resource = resource_class.new("sensitive_property_tests") resource.foo = "some value" - expect(resource.to_text).to match(/foo "\*sensitive value suppressed\*"/) + expect(resource.to_text).to match(/foo "\*#{sensitive_property_masked_value}\*"/) + end + it "suppresses that properties value irrespective of desired state (false) " do + resource_class = Class.new(Chef::Resource) { + property :suppressed_content, String, sensitive: true, desired_state: false + } + resource = resource_class.new("desired_state_property_tests") + resource.suppressed_content = "some value" + expect(resource.to_text).to match(/suppressed_content "\*#{sensitive_property_masked_value}\*"/) + end + + it "suppresses that properties value irrespective of desired state (true) " do + resource_class = Class.new(Chef::Resource) { + property :desired_state_content, String, sensitive: true, desired_state: true + } + resource = resource_class.new("desired_state_property_tests") + resource.desired_state_content = "some value" + expect(resource.to_text).to match(/desired_state_content "\*#{sensitive_property_masked_value}\*"/) end end |