• Rob Browning's avatar
    (PDB-3322) Redact sensitive parameters in terminus · fdd4ceff
    Rob Browning authored
    A resource parameter marked Sensitive()
      notify {'hi':  message => Sensitive('there')}
    will show up in the terminus
    like this:
            input = {...
                       'tags'=>Puppet::Util::TagSet.new(['notify', 'hi', 'class']),
                       'file'=> 'site.pp',
                     [{'source'=>'Stage[main]', 'target'=>'Class[Settings]'},
                      {'source'=>'Stage[main]', 'target'=>'Class[main]'},
                      {'source'=>'Class[main]', 'target'=>'Notify[hi]'}],
    Remove any sensitive values from 'parameters', and remove
    'sensitive_parameters' before sending data to PuppetDB.
    Aside from the fact that we don't want senstitive parameters to be
    stored in (or even make it to) PuppetDB, the 'sensitive_parameters'
    element can cause command processing to fail, e.g. when an existing
    parameter becomes sensitive.  Add an integration test for that.
puppetdb_spec.rb 28.1 KB