• Rob Browning's avatar
    (PDB-3322) Redact sensitive parameters in terminus · fdd4ceff
    Rob Browning authored
    A resource parameter marked Sensitive()
    
      notify {'hi':  message => Sensitive('there')}
    
    will show up in the terminus
    like this:
    
            input = {...
                     'environment'=>'production',
                     'resources'=>
                     [...
                      {'type'=>'Notify',
                       'title'=>'hi',
                       'tags'=>Puppet::Util::TagSet.new(['notify', 'hi', 'class']),
                       'file'=> 'site.pp',
                       'line'=>1,
                       'exported'=>false,
                       'parameters'=>{:message=>'there'},
                       'sensitive_parameters'=>[:message]}],
                     'edges'=>
                     [{'source'=>'Stage[main]', 'target'=>'Class[Settings]'},
                      {'source'=>'Stage[main]', 'target'=>'Class[main]'},
                      {'source'=>'Class[main]', 'target'=>'Notify[hi]'}],
                     'classes'=>['settings']}
    
    Remove any sensitive values from 'parameters', and remove
    'sensitive_parameters' before sending data to PuppetDB.
    
    Aside from the fact that we don't want senstitive parameters to be
    stored in (or even make it to) PuppetDB, the 'sensitive_parameters'
    element can cause command processing to fail, e.g. when an existing
    parameter becomes sensitive.  Add an integration test for that.
    fdd4ceff
Name
Last commit
Last update
acceptance Loading commit data...
config/image_templates Loading commit data...
contrib Loading commit data...
dev-resources Loading commit data...
documentation Loading commit data...
ext Loading commit data...
locales Loading commit data...
puppet Loading commit data...
resources Loading commit data...
src/puppetlabs/puppetdb Loading commit data...
test/puppetlabs/puppetdb Loading commit data...
test-resources Loading commit data...
.gitignore Loading commit data...
.travis.yml Loading commit data...
Gemfile Loading commit data...
LICENSE.txt Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
NOTICE.txt Loading commit data...
README.md Loading commit data...
Rakefile Loading commit data...
config.sample.ini Loading commit data...
project.clj Loading commit data...