Skip to content

[MODULES-4255] Obfuscate passwords in sqlserver_instance #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 24, 2017
Merged

[MODULES-4255] Obfuscate passwords in sqlserver_instance #195

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions lib/puppet/provider/sqlserver.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,16 @@ class Puppet::Provider::Sqlserver < Puppet::Provider
'powershell.exe'
end

def try_execute(command, msg = nil)
def try_execute(command, msg = nil, obfuscate_strings = nil)
begin
execute(command.compact)
rescue Puppet::ExecutionFailure => error
msg = "Failure occured when trying to install SQL Server #{@resource[:name]}" if msg.nil?
raise Puppet::Error, "#{msg} \n #{error}"
msg += " \n #{error}"

obfuscate_strings.each {|str| msg.gsub!(str, '**HIDDEN VALUE**') } unless obfuscate_strings.nil?

raise Puppet::Error, msg
end
end

Expand Down
11 changes: 8 additions & 3 deletions lib/puppet/provider/sqlserver_instance/mssql.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,12 @@ def add_features(features)
def modify_features(features, action)
if not_nil_and_not_empty? features
debug "#{action.capitalize}ing features '#{features.join(',')}'"
cmd_args = build_cmd_args(features, action)
cmd_args, obfuscated_strings = build_cmd_args(features, action)

begin
config_file = create_temp_for_install_switch unless action == 'uninstall'
cmd_args << "/ConfigurationFile=\"#{config_file.path}\"" unless config_file.nil?
try_execute(cmd_args, "Error trying to #{action} features (#{features.join(', ')}")
try_execute(cmd_args, "Error trying to #{action} features (#{features.join(', ')}", obfuscated_strings)
ensure
if config_file
config_file.close
Expand Down Expand Up @@ -118,17 +119,21 @@ def basic_cmd_args(features, action)

def build_cmd_args(features, action="install")
cmd_args = basic_cmd_args(features, action)
obfuscated_strings = []
if action == 'install'
%w(pid sa_pwd sql_svc_account sql_svc_password agt_svc_account agt_svc_password as_svc_account as_svc_password rs_svc_account rs_svc_password security_mode).map(&:to_sym).sort.collect do |key|
if not_nil_and_not_empty? @resource[key]
cmd_args << "/#{key.to_s.gsub(/_/, '').upcase}=\"#{@resource[key]}\""
if key.to_s =~ /(_pwd|_password)$/i
obfuscated_strings.push(@resource[key])
end
end
end

format_cmd_args_array('/SQLSYSADMINACCOUNTS', @resource[:sql_sysadmin_accounts], cmd_args, true)
format_cmd_args_array('/ASSYSADMINACCOUNTS', @resource[:as_sysadmin_accounts], cmd_args)
end
cmd_args
return cmd_args, obfuscated_strings
Copy link
Contributor

@ferventcoder ferventcoder Jan 17, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't this still return the password in plaintext?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Never mind. Nice

end

def format_cmd_args_array(switch, arr, cmd_args, use_discrete = false)
Expand Down