Merge pull request #8799 from cocker-cc/Make_regsubst_sensitive-aware

(PUP-11326) Make regsubst() sensitive-aware

Author: mhashizume

lib/puppet/functions/regsubst.rb

@@ -29,7 +29,7 @@
   #   $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3')
   #   ```
   dispatch :regsubst_string do
-    param          'Variant[Array[String],String]',       :target
+    param          'Variant[Array[Variant[String,Sensitive[String]]],Sensitive[Array[Variant[String,Sensitive[String]]]],Variant[String,Sensitive[String]]]', :target
     param          'String',                              :pattern
     param          'Variant[String,Hash[String,String]]', :replacement
     optional_param 'Optional[Pattern[/^[GEIM]*$/]]',      :flags
@@ -59,7 +59,7 @@
   #   $x = regsubst($ipaddress, /([0-9]+)/, '<\\1>', 'G')
   #   ```
   dispatch :regsubst_regexp do
-    param          'Variant[Array[String],String]',       :target
+    param          'Variant[Array[Variant[String,Sensitive[String]]],Sensitive[Array[Variant[String,Sensitive[String]]]],Variant[String,Sensitive[String]]]', :target
     param          'Variant[Regexp,Type[Regexp]]',        :pattern
     param          'Variant[String,Hash[String,String]]', :replacement
     optional_param 'Pattern[/^G?$/]',                     :flags
@@ -94,7 +94,26 @@ def regsubst_regexp(target, pattern, replacement, flags = nil)
   end
 
   def inner_regsubst(target, re, replacement, op)
-    target.respond_to?(op) ? target.send(op, re, replacement) : target.collect { |e| e.send(op, re, replacement) }
+    if target.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) && target.unwrap.is_a?(Array)
+      # this is a Sensitive Array
+      target = target.unwrap
+      target.map do |item|
+        inner_regsubst(item, re, replacement, op)
+      end
+    elsif target.is_a?(Array)
+      # this is an Array
+      target.map do |item|
+        inner_regsubst(item, re, replacement, op)
+      end
+    elsif target.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      # this is a Sensitive
+      target = target.unwrap
+      target = target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) }
+      Puppet::Pops::Types::PSensitiveType::Sensitive.new(target)
+    else
+      # this should be a String
+      target.respond_to?(op) ? target.send(op, re, replacement) : target.map { |e| e.send(op, re, replacement) }
+    end
   end
   private :inner_regsubst
 end

spec/unit/functions/regsubst_spec.rb

@@ -111,4 +111,34 @@ def regsubst(*args)
     end
 
   end
+
+  context 'when using a Target of Type sensitive String' do
+    it 'should process it' do
+      result = regsubst(Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret'), 'very', 'top')
+      expect(result).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      expect(result.unwrap).to eq("top secret")
+    end
+  end
+
+  context 'when using a Target of Type Array with mixed String and sensitive String' do
+    it 'should process it' do
+      my_array = ['very down', Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret')]
+      expect(regsubst(my_array, 'very', 'top')).to be_a(Array)
+      expect(regsubst(my_array, 'very', 'top')[0]).to eq('top down')
+      result = regsubst(my_array, 'very', 'top')[1]
+      expect(result).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      expect(result.unwrap).to eq('top secret')
+    end
+  end
+
+  context 'when using a Target of Type Sensitive Array with mixed String and sensitive String' do
+    it 'should process it' do
+      my_array = Puppet::Pops::Types::PSensitiveType::Sensitive.new(['very down', Puppet::Pops::Types::PSensitiveType::Sensitive.new('very secret')])
+      expect(regsubst(my_array, 'very', 'top')).to be_a(Array)
+      expect(regsubst(my_array, 'very', 'top')[0]).to eq('top down')
+      result = regsubst(my_array, 'very', 'top')[1]
+      expect(result).to be_a(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      expect(result.unwrap).to eq('top secret')
+    end
+  end
 end