This is an automated email from the ASF dual-hosted git repository.
heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
The following commit(s) were added to refs/heads/master by this push:
new 1b8427d allow $brooklyn: DSL values as strings when enforcing
sensitive fields
1b8427d is described below
commit 1b8427da61e27dd66ed496d6b4f314d1f4f03e2c
Author: Alex Heneveld <[email protected]>
AuthorDate: Wed Sep 22 13:26:17 2021 +0100
allow $brooklyn: DSL values as strings when enforcing sensitive fields
---
.../brooklyn/core/typereg/AbstractTypePlanTransformer.java | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git
a/core/src/main/java/org/apache/brooklyn/core/typereg/AbstractTypePlanTransformer.java
b/core/src/main/java/org/apache/brooklyn/core/typereg/AbstractTypePlanTransformer.java
index b3aa038..6f14c2f 100644
---
a/core/src/main/java/org/apache/brooklyn/core/typereg/AbstractTypePlanTransformer.java
+++
b/core/src/main/java/org/apache/brooklyn/core/typereg/AbstractTypePlanTransformer.java
@@ -259,8 +259,16 @@ public abstract class AbstractTypePlanTransformer
implements BrooklynTypePlanTra
}
// sensitive named key
+
+ if (val instanceof String) {
+ if (((String) val).startsWith("$brooklyn:")) {
+ // DSL expression, allow
+ return;
+ }
+ }
+
if (val instanceof String ||
Boxing.isPrimitiveOrBoxedClass(val.getClass()) || val instanceof Number) {
- // value
+ // non-DSL plaintext value
throw new IllegalStateException("Insecure value supplied for
'"+key+"'; external suppliers must be used here");
}
// complex values allowed
