Skip to content

Commit

Permalink
properly escape quotes in passwords by calling to_ruby
Browse files Browse the repository at this point in the history 
database passwords can contain special characters, especially " and '
so we can't just print the value of the field enclosed by double quotes
as that would break whenever the user uses a literal " in their password

using to_ruby here and not to_yaml, as the former gives us correct escaping
without the whole `---` and `\n` enclosing that to_yaml forces.
using to_yaml would require to pass *the whole* config hash to it
  • Loading branch information
@evgeni
evgeni committed Oct 16, 2024
1 parent b1a2286 commit 5b53748
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
11 changes: 11 additions & 0 deletions spec/classes/foreman_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -484,6 +484,17 @@

it { should contain_user('foreman').with('groups' => []) }
end

describe 'with sensitive passwords' do
let(:params) do
super().merge(db_password: sensitive('secret'))
end

it 'should configure the database' do

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on almalinux-8-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on almalinux-9-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on centos-8-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on centos-9-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on debian-11-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on debian-12-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on redhat-8-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on redhat-9-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on ubuntu-20.04-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 8 (Ruby 3.2) 

foreman on ubuntu-22.04-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1780-864.agtqprkliaoehfcdqtdennvexe.cx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on almalinux-8-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on ubuntu-22.04-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on centos-9-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on debian-11-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on ubuntu-20.04-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on redhat-9-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on redhat-8-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on debian-12-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on centos-8-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net

Check failure on line 493 in spec/classes/foreman_spec.rb

View workflow job for this annotation

GitHub Actions / Puppet / 7 (Ruby 2.7) 

foreman on almalinux-9-x86_64 with sensitive passwords should configure the database

Failure/Error:
  should contain_file('/etc/foreman/database.yml')
    .with_content(/password: "secret"/)

Puppet::PreformattedError:
  Evaluation Error: Error while evaluating a Resource Statement, Class[Foreman]: parameter 'db_password' expects a String value, got Sensitive[String] (line: 2, column: 1) on node fv-az1245-423.44uquw3knzoenloncamig1c14h.dx.internal.cloudapp.net
should contain_file('/etc/foreman/database.yml')
.with_content(/password: "secret"/)
end
end
end
end
end
2 changes: 1 addition & 1 deletion templates/database.yml.epp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@
username: <%= $username %>
<% } -%>
<% if $password { -%>
password: "<%= $password %>"
password: <%= stdlib::to_ruby($password) %>
<% } -%>
pool: <%= $db_pool %>

0 comments on commit 5b53748

Please sign in to comment.