From cee94f52d52806885fbd63d63addc3708b25f409 Mon Sep 17 00:00:00 2001
From: Sergey Sergeev <zhirafovod@gmail.com>
Date: Thu, 10 Apr 2014 00:34:12 -0700
Subject: CHEF-5098 fix sensitive data output on failure

provide a way to supprese sensitive attribute for a resource
* add sensitive attribute to the resource class
* fix output in resource_failure_inspector if sensitive attribute set
* add spec tests for resource

fix implementation based on PR reivew
* suppres to_text ouptut if sensitive attribute set in resource
* remove rescue of unset sentitive attribute in resource_failure_inspecto
---
 lib/chef/resource.rb | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'lib/chef/resource.rb')

diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb
index 9370f34d56..6c8e0434a0 100644
--- a/lib/chef/resource.rb
+++ b/lib/chef/resource.rb
@@ -253,6 +253,7 @@ F
       @source_line = nil
       @guard_interpreter = :default
       @elapsed_time = 0
+      @sensitive = false
 
       @node = run_context ? deprecated_ivar(run_context.node, :node, :warn) : nil
     end
@@ -400,6 +401,14 @@ F
       )
     end
 
+    def sensitive(arg=nil)
+      set_or_return(
+        :sensitive,
+        arg,
+        :kind_of => [ TrueClass, FalseClass ]
+      )
+    end
+
     def epic_fail(arg=nil)
       ignore_failure(arg)
     end
@@ -494,6 +503,7 @@ F
     end
 
     def to_text
+      return "suppressed sensitive resource output" if sensitive
       ivars = instance_variables.map { |ivar| ivar.to_sym } - HIDDEN_IVARS
       text = "# Declared in #{@source_line}\n\n"
       text << self.class.dsl_name + "(\"#{name}\") do\n"
-- 
cgit v1.2.1