Add Vagrantfile configuration option to register sensitive values
This commit is contained in:
parent
6b1646eb51
commit
f2f8bc2db5
|
@ -4,14 +4,32 @@ module VagrantPlugins
|
|||
module Kernel_V2
|
||||
class VagrantConfig < Vagrant.plugin("2", :config)
|
||||
attr_accessor :host
|
||||
attr_accessor :sensitive
|
||||
|
||||
def initialize
|
||||
@host = UNSET_VALUE
|
||||
@sensitive = UNSET_VALUE
|
||||
end
|
||||
|
||||
def finalize!
|
||||
@host = :detect if @host == UNSET_VALUE
|
||||
@host = @host.to_sym if @host
|
||||
@sensitive = nil if @sensitive == UNSET_VALUE
|
||||
|
||||
if @sensitive.is_a?(Array) || @sensitive.is_a?(String)
|
||||
Array(@sensitive).each do |value|
|
||||
Vagrant::Util::CredentialScrubber.sensitive(value.to_s)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def validate(machine)
|
||||
errors = _detected_errors
|
||||
|
||||
if @sensitive && (!@sensitive.is_a?(Array) && !@sensitive.is_a?(String))
|
||||
errors << I18n.t("vagrant.config.root.sensitive_bad_type")
|
||||
end
|
||||
{"vagrant" => errors}
|
||||
end
|
||||
|
||||
def to_s
|
||||
|
|
|
@ -1629,6 +1629,9 @@ en:
|
|||
Unknown configuration section '%{key}'. If this section was part of
|
||||
a Vagrant 1.0.x plugin, note that 1.0.x plugins are incompatible with 1.1+.
|
||||
root:
|
||||
sensitive_bad_type: |-
|
||||
Invalid type provided for `sensitive`. The sensitive option expects a string
|
||||
or an array of strings.
|
||||
bad_key: |-
|
||||
Unknown configuration section '%{key}'.
|
||||
ssh:
|
||||
|
|
|
@ -5,6 +5,8 @@ require Vagrant.source_root.join("plugins/kernel_v2/config/vagrant")
|
|||
describe VagrantPlugins::Kernel_V2::VagrantConfig do
|
||||
subject { described_class.new }
|
||||
|
||||
let(:machine){ double("machine") }
|
||||
|
||||
describe "#host" do
|
||||
it "defaults to :detect" do
|
||||
subject.finalize!
|
||||
|
@ -17,4 +19,41 @@ describe VagrantPlugins::Kernel_V2::VagrantConfig do
|
|||
expect(subject.host).to eq(:foo)
|
||||
end
|
||||
end
|
||||
|
||||
describe "#sensitive" do
|
||||
after{ Vagrant::Util::CredentialScrubber.reset! }
|
||||
|
||||
it "accepts string value" do
|
||||
subject.sensitive = "test"
|
||||
subject.finalize!
|
||||
expect(subject.sensitive).to eq("test")
|
||||
end
|
||||
|
||||
it "accepts array of values" do
|
||||
subject.sensitive = ["test1", "test2"]
|
||||
subject.finalize!
|
||||
expect(subject.sensitive).to eq(["test1", "test2"])
|
||||
end
|
||||
|
||||
it "does not accept non-string values" do
|
||||
subject.sensitive = 1
|
||||
subject.finalize!
|
||||
result = subject.validate(machine)
|
||||
expect(result).to be_a(Hash)
|
||||
expect(result.values).not_to be_empty
|
||||
end
|
||||
|
||||
it "registers single sensitive value to be scrubbed" do
|
||||
subject.sensitive = "test"
|
||||
expect(Vagrant::Util::CredentialScrubber).to receive(:sensitive).with("test")
|
||||
subject.finalize!
|
||||
end
|
||||
|
||||
it "registers multiple sensitive values to be scrubbed" do
|
||||
subject.sensitive = ["test1", "test2"]
|
||||
expect(Vagrant::Util::CredentialScrubber).to receive(:sensitive).with("test1")
|
||||
expect(Vagrant::Util::CredentialScrubber).to receive(:sensitive).with("test2")
|
||||
subject.finalize!
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -21,3 +21,7 @@ Vagrant. By default this is `:detect`, which causes Vagrant to auto-detect
|
|||
the host. Vagrant needs to know this information in order to perform some
|
||||
host-specific things, such as preparing NFS folders if they're enabled.
|
||||
You should only manually set this if auto-detection fails.
|
||||
|
||||
`config.vagrant.sensitive` - (string, array) - Value or list of values that
|
||||
should not be displayed in Vagrant's output. Value(s) will be removed from
|
||||
Vagrant's normal UI output as well as logger output.
|
||||
|
|
Loading…
Reference in New Issue