Merge pull request #9367 from chrisroberts/e-sensitive-prov

Allow hiding environment variable values in shell provisioner
This commit is contained in:
Chris Roberts 2018-01-16 20:03:00 -08:00 committed by GitHub
commit a51c6c8479
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 0 deletions

View File

@ -14,6 +14,7 @@ module VagrantPlugins
attr_accessor :binary attr_accessor :binary
attr_accessor :keep_color attr_accessor :keep_color
attr_accessor :name attr_accessor :name
attr_accessor :sensitive
attr_accessor :powershell_args attr_accessor :powershell_args
attr_accessor :powershell_elevated_interactive attr_accessor :powershell_elevated_interactive
@ -29,6 +30,7 @@ module VagrantPlugins
@binary = UNSET_VALUE @binary = UNSET_VALUE
@keep_color = UNSET_VALUE @keep_color = UNSET_VALUE
@name = UNSET_VALUE @name = UNSET_VALUE
@sensitive = UNSET_VALUE
@powershell_args = UNSET_VALUE @powershell_args = UNSET_VALUE
@powershell_elevated_interactive = UNSET_VALUE @powershell_elevated_interactive = UNSET_VALUE
end end
@ -45,12 +47,19 @@ module VagrantPlugins
@binary = false if @binary == UNSET_VALUE @binary = false if @binary == UNSET_VALUE
@keep_color = false if @keep_color == UNSET_VALUE @keep_color = false if @keep_color == UNSET_VALUE
@name = nil if @name == UNSET_VALUE @name = nil if @name == UNSET_VALUE
@sensitive = false if @sensitive == UNSET_VALUE
@powershell_args = "-ExecutionPolicy Bypass" if @powershell_args == UNSET_VALUE @powershell_args = "-ExecutionPolicy Bypass" if @powershell_args == UNSET_VALUE
@powershell_elevated_interactive = false if @powershell_elevated_interactive == UNSET_VALUE @powershell_elevated_interactive = false if @powershell_elevated_interactive == UNSET_VALUE
if @args && args_valid? if @args && args_valid?
@args = @args.is_a?(Array) ? @args.map { |a| a.to_s } : @args.to_s @args = @args.is_a?(Array) ? @args.map { |a| a.to_s } : @args.to_s
end end
if @sensitive
@env.each do |_, v|
Vagrant::Util::CredentialScrubber.sensitive(v)
end
end
end end
def validate(machine) def validate(machine)

View File

@ -127,5 +127,26 @@ describe "VagrantPlugins::Shell::Config" do
expect(subject.args).to eq ["string", '1', '2'] expect(subject.args).to eq ["string", '1', '2']
end end
context "with sensitive option enabled" do
it 'marks environment variable values sensitive' do
subject.env = {"KEY1" => "VAL1", "KEY2" => "VAL2"}
subject.sensitive = true
expect(Vagrant::Util::CredentialScrubber).to receive(:sensitive).with("VAL1")
expect(Vagrant::Util::CredentialScrubber).to receive(:sensitive).with("VAL2")
subject.finalize!
end
end
context "with sensitive option disabled" do
it 'does not mark environment variable values sensitive' do
subject.env = {"KEY1" => "VAL1", "KEY2" => "VAL2"}
subject.sensitive = false
expect(Vagrant::Util::CredentialScrubber).not_to receive(:sensitive)
subject.finalize!
end
end
end end
end end

View File

@ -83,6 +83,9 @@ The remainder of the available options are optional:
* `sha1` (string) - SHA1 checksum used to validate remotely downloaded shell files. * `sha1` (string) - SHA1 checksum used to validate remotely downloaded shell files.
* `sensitive` (boolean) - Marks the Hash values used in the `env` option as sensitive
and hides them from output. By default this is "false".
<a name="inline-scripts"></a> <a name="inline-scripts"></a>
## Inline Scripts ## Inline Scripts