Closed mattsmitton closed 5 years ago
This issue also shows that the logic around the execute resource's sensitive property being controlled by the sensu_ctl debug
property is reversed. By default, with debug
set to false, the full sensuctl command with the password contents is revealed in the log output.
fixed via #61
Chef Version
Input
Output
Impact
We must use a password that doesn't require any shell escaping.
Expected Behavior
The sensu_ctl resource's command arguments should be properly escaped.
Actual Behavior
An ampersand in the password property will break the sensu_ctl resource.
Steps to Reproduce your problem
See input section, you should be able to reproduce the error even if the backend is still using the default password. Rather than getting an authentication error, you'll see the command not found error as shown in the output section above.