fix: disable hiding of Sensitive params

if octocatalog-diff has access to them, then the user running it also has. showing them is no security issue. But not showing them is a problem when refactoring code to use Sensitive, because you don't see if you accidentally introduced other changes - for example forgetting an `unwrap` somewhere.
babiel · Feb 26, 2024 · bb030c9 · bb030c9
1 parent 665f915
commit bb030c9
Showing 1 changed file with 0 additions and 7 deletions.
diff --git a/lib/octocatalog-diff/catalog-diff/differ.rb b/lib/octocatalog-diff/catalog-diff/differ.rb
@@ -468,13 +468,6 @@ def ignored?(diff)
       def cleanse_parameters_hash(parameters_hash, sensitive_parameters)
         result = parameters_hash.dup
 
-        # hides sensitive params. We still need to know if there's a going to
-        # be a diff, so we hash the value.
-        sensitive_parameters.each do |p|
-          md5 = Digest::MD5.hexdigest Marshal.dump(result[p])
-          result[p] = 'Sensitive [md5sum ' + md5 + ']'
-        end
-
         # 'before' and 'require' handle internal Puppet ordering but do not affect what
         # happens on the target machine. Don't consider these for the purpose of catalog diff.
         result.delete('before')