[JEX-687] Update sensitive property #200
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wrightp
suggested changes
Sep 25, 2017
There was a problem hiding this comment.
@jaymalasinha, let's pair on this. A lot of these should not be masked by sensitive properties and there are several occurrences of noops.
libraries/omnitruck_handler.rb
Outdated
| @@ -57,6 +57,7 @@ def configure_version(installer) | |||
| end | |||
| else | |||
| execute install_command_resource do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/automate.rb
Outdated
| @@ -109,6 +114,7 @@ | |||
| end | |||
|
|
|||
| file '/var/opt/delivery/nginx/etc/addon.d/99-installer_internal.conf' do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/automate.rb
Outdated
| @@ -122,6 +128,7 @@ | |||
|
|
|||
| Array(new_resource.enterprise).each do |ent| | |||
| execute "create enterprise #{ent}" do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/backend.rb
Outdated
| @@ -72,6 +75,7 @@ | |||
|
|
|||
| peers.each do |peer| | |||
| begin | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/backend.rb
Outdated
| @@ -82,11 +86,13 @@ | |||
| Chef::Config['http_retry_count'] = http_retry_count | |||
|
|
|||
| execute 'chef-backend-ctl create-cluster --accept-license --yes' do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| @@ -66,6 +67,7 @@ | |||
| new_resource.supermarket_fqdn, | |||
| ].each do |server| | |||
| execute "fetch ssl cert for #{server}" do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| owner 'root' | ||
| group 'dbuild' | ||
| mode '0640' | ||
| end | ||
|
|
||
| file new_resource.chef_config_path do | ||
| sensitive new_resource.sensitive if new_resource.sensitive |
resources/wf_builder.rb
Outdated
| mode '0644' | ||
| end | ||
|
|
||
| Dir.glob('/etc/chef/trusted_certs/*').each do |fn| | ||
| file fn do | ||
| sensitive new_resource.sensitive if new_resource.sensitive |
resources/wf_builder.rb
Outdated
| mode '0644' | ||
| end | ||
| end | ||
|
|
||
| case new_resource.job_dispatch_version | ||
| when 'v1' | ||
| execute 'tag node as legacy build-node' do | ||
| sensitive new_resource.sensitive if new_resource.sensitive |
resources/wf_builder.rb
Outdated
| @@ -217,6 +232,7 @@ | |||
| home_dir = '/home/job_runner' | |||
|
|
|||
| execute 'tag node as job-runner' do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
|
@wrightp updated as per review comments. |
wrightp
suggested changes
Sep 26, 2017
resources/client.rb
Outdated
| @@ -81,6 +81,7 @@ | |||
| end | |||
|
|
|||
| template 'client.rb' do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/client.rb
Outdated
| @@ -143,6 +147,7 @@ | |||
| # end | |||
|
|
|||
| file 'delete validation.pem' do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
There was a problem hiding this comment.
I don't think this is required here because of the delete action. Doesn't hurt I suppose, but I don't think the log will display the deleted file's content.
resources/wf_builder.rb
Outdated
| @@ -47,6 +47,7 @@ | |||
|
|
|||
| action :create do | |||
| chef_ingredient 'chefdk' do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| @@ -97,6 +99,7 @@ | |||
| group 'dbuild' | |||
|
|
|||
| user 'dbuild' do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| @@ -129,6 +134,7 @@ | |||
|
|
|||
| %w(etc/delivery.rb .chef/knife.rb).each do |dir| | |||
| file "#{workspace}/#{dir}" do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| @@ -204,6 +214,7 @@ | |||
| end | |||
|
|
|||
| remote_file init_file do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| @@ -238,6 +249,7 @@ | |||
| end | |||
|
|
|||
| file "#{home_dir}/.ssh/authorized_keys" do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| @@ -272,6 +284,7 @@ | |||
| end | |||
|
|
|||
| file ::File.join('/etc/sudoers.d', build_user) do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
resources/wf_builder.rb
Outdated
| @@ -287,12 +300,14 @@ | |||
| end | |||
|
|
|||
| file ::File.join(home_dir, '.ssh/authorized_keys') do | |||
resources/wf_builder.rb
Outdated
| @@ -287,12 +300,14 @@ | |||
| end | |||
|
|
|||
| file ::File.join(home_dir, '.ssh/authorized_keys') do | |||
| sensitive new_resource.sensitive if new_resource.sensitive | |||
| owner build_user | |||
| group build_user | |||
| mode '0600' | |||
| end | |||
|
|
|||
| file '/usr/local/bin/delivery-cmd' do | |||
Signed-off-by: Jaymala Sinha <[email protected]> [JEX-687] Address review comments on sensitive property Signed-off-by: Jaymala Sinha <[email protected]> Updated with review comments Signed-off-by: Jaymala Sinha <[email protected]> add tests Signed-off-by: Patrick Wright <[email protected]> remove sensitive props Signed-off-by: Patrick Wright <[email protected]> Fix travis errors Signed-off-by: Jaymala Sinha <[email protected]>
jaymalasinha
force-pushed
the
jsinha/JEX-687
branch
from
c15b862 to
e80aa81
Compare
wrightp
approved these changes
Oct 2, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Jaymala Sinha [email protected]
Description
sensitive property set at top level resources will be passed down to resources
Issues Resolved
#198
Check List