Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9585

Do not output password for user type if it is marked Sensitive

    Details

    • Template:
    • Acceptance Criteria:
      Hide

      Passwords for the user type are output in Debug logging, even if the value is marked Sensitive.  Instead, this should be written as "[redacted]" in the log.

      Show
      Passwords for the user type are output in Debug logging, even if the value is marked Sensitive.  Instead, this should be written as " [redacted] " in the log.
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      User providers will not output exec command lines with passwords during debugging level logging.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Reproduction steps:

      $ cat foo.pp
      class foo {
        user {'foo':
          ensure => present,
          password => Sensitive("foo")
        }
      }
       
      include foo
      
      

       

      puppet apply foo.pp --debug

       

      Info: Applying configuration version '8ef5cbfc620ff86bc1c8c02a56c5dc16d3630db4'
      Debug: Executing: '/sbin/useradd -p foo -M foo'

       

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  kris.bosland Kris Bosland
                  Reporter:
                  kris.bosland Kris Bosland
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support