Flag sensitive execute and file resources

[scarvalhojr]

Use sensitive attribute on execute and file resources that may expose
sensitive data. This avoids keys and secrets appearing on chef-client
logs.

[scarvalhojr]

Foodcritic isn't recognising the sensitive attribute. It seems that a fix is on the way though: Foodcritic/foodcritic#289

[guilhem]

I agree with this feature, but it seems to be only for chef12. Can you add a test (defined? maybe) to not fail on chef11?

[scarvalhojr]

I've added a check for old Chef servers.

[guilhem]

@scarvalhojr do you test it on chef11? I fear some problem like here: https://github.com/opscode-cookbooks/aws/pull/110/files#r25011292

[scarvalhojr]

I'm actually running this on a Chef server 11.1 and chef-client 11.12.8 without the need to check if sensitive is supported. If you prefer to be on the safe side and use instance_methods.include, I'm happy to do it.

[guilhem]

I really prefer your way ;)
If it works let's go for it. I will test it on TK.

@hufman I'm waiting your go

[scarvalhojr]

Let me know how your test goes and if you need any changes.

[scarvalhojr]

@guilhem, did you manage to test this change? I have another change for the client LWRP and I'm wondering if I should keep the sensitive attribute or not. Thanks

[scarvalhojr]

Can't seem to silence Foodcritic's false positive...

[hufman]

Try making the ~FC009 comment be attached to the first line of the file resource, and not to the actual attribute. This commit seems to do this, and the error message points to the first line of the resource.

Otherwise it looks great!

[hufman]

Can you rebase this to the current master? I merged a bunch of PRs and caused this one to conflict, I'm sorry!

[scarvalhojr]

Done

On Wed, Aug 5, 2015 at 7:24 PM, Walter Huf notifications@github.com wrote:

Can you rebase this to the current master? I merged a bunch of PRs and
caused this one to conflict, I'm sorry!

—
Reply to this email directly or view it on GitHub
#199 (comment).

[hufman]

Looks good to me!