Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6442

Redact the message field of transaction events

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 4.6.0
    • Component/s: None
    • Labels:
    • Template:
    • Story Points:
      3
    • Sprint:
      Client 2016-07-13 (HA, 1.5.3)
    • Release Notes:
      Not Needed
    • Release Notes Summary:
      See PUP-6440. We'll release note the whole feature not the individual tix.

      Description

      Events generated during resource application accept among other values an arbitrary message. The message is logged to indicate when resource properties change, and they include the previous value and the newly set value. This is problematic if the property is sensitive; even if the event itself knows that it is sensitive there's no good way of redacting the previous and desired values in that message.

      We need to either change the interface of Puppet::Transaction::Event to be able to redact messages containing sensitive information, or change how those messages are set to ensure that callers provide the redaction themselves. For the former case we can change events to take a format string, the previous value, desired value, and associated property and have the event itself take care of the redaction. For the latter case, we might have to do something evil like override Puppet::Property#is_to_s and Puppet::Property#should_to_s to provide the redaction themselves; this will have to be done in a way that handles subclasses that already override those methods.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              adrien Adrien Thebo
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support