Use a separate function

Clebam · Clebam · commit 2bc679ca9cf0 · 2025-02-17T10:30:24.000+01:00
diff --git a/lib/puppet/provider/dsc_base_provider/dsc_base_provider.rb b/lib/puppet/provider/dsc_base_provider/dsc_base_provider.rb
@@ -777,7 +777,7 @@ def prepare_credentials(resource)
       variable_name = random_variable_name
       credential_hash = {
         'user' => property_hash[:value]['user'],
-        'password' => escape_quotes(unwrap(property_hash[:value]['password']))
+        'password' => escape_quotes(unwrap_string(property_hash[:value]['password']))
       }
       credentials_block << format_pscredential(variable_name, credential_hash)
       instantiated_variables.merge!(variable_name => credential_hash)
@@ -908,7 +908,7 @@ def invoke_params(resource)
                                   # the Credential hash interpolable as it will be replaced by a variable reference.
                                   {
                                     'user' => property_hash[:value]['user'],
-                                    'password' => escape_quotes(unwrap(property_hash[:value]['password']))
+                                    'password' => escape_quotes(unwrap_string(property_hash[:value]['password']))
                                   }
                                 when 'DateTime'
                                   # These have to be handled specifically because they rely on the *Puppet* DateTime,
@@ -1001,6 +1001,19 @@ def unwrap(value)
     end
   end
 
+  # Unwrap sensitive strings and handle string
+  #
+  # @param value [Object] The object to unwrap sensitive data inside of
+  # @return [Object] The object with any sensitive strings unwrapped
+  def unwrap_string(value)
+    case value
+    when Puppet::Pops::Types::PSensitiveType::Sensitive
+      value.unwrap
+    else
+      value
+    end
+  end
+
   # Escape any nested single quotes in a Sensitive string
   #
   # @param text [String] the text to escape
