Merge pull request #195 from wilson208/obfuscate-password

ferventcoder · web-flow · commit bb38c4c3bb54 · 2017-01-24T11:57:26.000-06:00
[MODULES-4255] Obfuscate passwords in sqlserver_instance
diff --git a/lib/puppet/provider/sqlserver.rb b/lib/puppet/provider/sqlserver.rb
@@ -17,12 +17,16 @@ class Puppet::Provider::Sqlserver < Puppet::Provider
                  'powershell.exe'
                end
 
-  def try_execute(command, msg = nil)
+  def try_execute(command, msg = nil, obfuscate_strings = nil)
     begin
       execute(command.compact)
     rescue Puppet::ExecutionFailure => error
       msg = "Failure occured when trying to install SQL Server #{@resource[:name]}" if msg.nil?
-      raise Puppet::Error, "#{msg} \n #{error}"
+      msg += " \n #{error}"
+
+      obfuscate_strings.each {|str| msg.gsub!(str, '**HIDDEN VALUE**') } unless obfuscate_strings.nil?
+
+      raise Puppet::Error, msg
     end
   end
 
diff --git a/lib/puppet/provider/sqlserver_instance/mssql.rb b/lib/puppet/provider/sqlserver_instance/mssql.rb
@@ -43,11 +43,12 @@ def add_features(features)
   def modify_features(features, action)
     if not_nil_and_not_empty? features
       debug "#{action.capitalize}ing features '#{features.join(',')}'"
-      cmd_args = build_cmd_args(features, action)
+      cmd_args, obfuscated_strings = build_cmd_args(features, action)
+
       begin
         config_file = create_temp_for_install_switch unless action == 'uninstall'
         cmd_args << "/ConfigurationFile=\"#{config_file.path}\"" unless config_file.nil?
-        try_execute(cmd_args, "Error trying to #{action} features (#{features.join(', ')}")
+        try_execute(cmd_args, "Error trying to #{action} features (#{features.join(', ')}", obfuscated_strings)
       ensure
         if config_file
           config_file.close
@@ -118,17 +119,21 @@ def basic_cmd_args(features, action)
 
   def build_cmd_args(features, action="install")
     cmd_args = basic_cmd_args(features, action)
+    obfuscated_strings = []
     if action == 'install'
       %w(pid sa_pwd sql_svc_account sql_svc_password agt_svc_account agt_svc_password as_svc_account as_svc_password rs_svc_account rs_svc_password security_mode).map(&:to_sym).sort.collect do |key|
         if not_nil_and_not_empty? @resource[key]
           cmd_args << "/#{key.to_s.gsub(/_/, '').upcase}=\"#{@resource[key]}\""
+          if key.to_s =~ /(_pwd|_password)$/i
+            obfuscated_strings.push(@resource[key])
+          end
         end
       end
 
       format_cmd_args_array('/SQLSYSADMINACCOUNTS', @resource[:sql_sysadmin_accounts], cmd_args, true)
       format_cmd_args_array('/ASSYSADMINACCOUNTS', @resource[:as_sysadmin_accounts], cmd_args)
     end
-    cmd_args
+    return cmd_args, obfuscated_strings
   end
 
   def format_cmd_args_array(switch, arr, cmd_args, use_discrete = false)
