Skip to content

Commit bb38c4c

Browse files
authored
Merge pull request #195 from wilson208/obfuscate-password
[MODULES-4255] Obfuscate passwords in sqlserver_instance
2 parents a97d8ca + 8f16de9 commit bb38c4c

File tree

2 files changed

+14
-5
lines changed

2 files changed

+14
-5
lines changed

lib/puppet/provider/sqlserver.rb

+6-2
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,16 @@ class Puppet::Provider::Sqlserver < Puppet::Provider
1717
'powershell.exe'
1818
end
1919

20-
def try_execute(command, msg = nil)
20+
def try_execute(command, msg = nil, obfuscate_strings = nil)
2121
begin
2222
execute(command.compact)
2323
rescue Puppet::ExecutionFailure => error
2424
msg = "Failure occured when trying to install SQL Server #{@resource[:name]}" if msg.nil?
25-
raise Puppet::Error, "#{msg} \n #{error}"
25+
msg += " \n #{error}"
26+
27+
obfuscate_strings.each {|str| msg.gsub!(str, '**HIDDEN VALUE**') } unless obfuscate_strings.nil?
28+
29+
raise Puppet::Error, msg
2630
end
2731
end
2832

lib/puppet/provider/sqlserver_instance/mssql.rb

+8-3
Original file line numberDiff line numberDiff line change
@@ -43,11 +43,12 @@ def add_features(features)
4343
def modify_features(features, action)
4444
if not_nil_and_not_empty? features
4545
debug "#{action.capitalize}ing features '#{features.join(',')}'"
46-
cmd_args = build_cmd_args(features, action)
46+
cmd_args, obfuscated_strings = build_cmd_args(features, action)
47+
4748
begin
4849
config_file = create_temp_for_install_switch unless action == 'uninstall'
4950
cmd_args << "/ConfigurationFile=\"#{config_file.path}\"" unless config_file.nil?
50-
try_execute(cmd_args, "Error trying to #{action} features (#{features.join(', ')}")
51+
try_execute(cmd_args, "Error trying to #{action} features (#{features.join(', ')}", obfuscated_strings)
5152
ensure
5253
if config_file
5354
config_file.close
@@ -118,17 +119,21 @@ def basic_cmd_args(features, action)
118119

119120
def build_cmd_args(features, action="install")
120121
cmd_args = basic_cmd_args(features, action)
122+
obfuscated_strings = []
121123
if action == 'install'
122124
%w(pid sa_pwd sql_svc_account sql_svc_password agt_svc_account agt_svc_password as_svc_account as_svc_password rs_svc_account rs_svc_password security_mode).map(&:to_sym).sort.collect do |key|
123125
if not_nil_and_not_empty? @resource[key]
124126
cmd_args << "/#{key.to_s.gsub(/_/, '').upcase}=\"#{@resource[key]}\""
127+
if key.to_s =~ /(_pwd|_password)$/i
128+
obfuscated_strings.push(@resource[key])
129+
end
125130
end
126131
end
127132

128133
format_cmd_args_array('/SQLSYSADMINACCOUNTS', @resource[:sql_sysadmin_accounts], cmd_args, true)
129134
format_cmd_args_array('/ASSYSADMINACCOUNTS', @resource[:as_sysadmin_accounts], cmd_args)
130135
end
131-
cmd_args
136+
return cmd_args, obfuscated_strings
132137
end
133138

134139
def format_cmd_args_array(switch, arr, cmd_args, use_discrete = false)

0 commit comments

Comments
 (0)