Add option to disable hiding of secrets (#460)

This commit is contained in:
Cat™ 2021-01-12 06:28:45 +00:00 committed by GitHub
parent a9b3d6426b
commit 80a245652e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 7 deletions

View File

@ -20,6 +20,7 @@ type Input struct {
noOutput bool
envfile string
secretfile string
insecureSecrets bool
defaultBranch string
privileged bool
}

View File

@ -51,6 +51,7 @@ func Execute(ctx context.Context, version string) {
rootCmd.PersistentFlags().BoolVarP(&input.noOutput, "quiet", "q", false, "disable logging of output from steps")
rootCmd.PersistentFlags().BoolVarP(&input.dryrun, "dryrun", "n", false, "dryrun mode")
rootCmd.PersistentFlags().StringVarP(&input.secretfile, "secret-file", "", "", "file with list of secrets to read from (e.g. --secret-file .secrets)")
rootCmd.PersistentFlags().BoolVarP(&input.insecureSecrets, "insecure-secrets", "", false, "NOT RECOMMENDED! Doesn't hide secrets while printing logs.")
rootCmd.PersistentFlags().StringVarP(&input.envfile, "env-file", "", ".env", "environment file to read and use as env in the containers")
rootCmd.SetArgs(args())
@ -184,6 +185,7 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str
LogOutput: !input.noOutput,
Env: envs,
Secrets: secrets,
InsecureSecrets: input.insecureSecrets,
Platforms: input.newPlatforms(),
Privileged: input.privileged,
}

View File

@ -38,12 +38,13 @@ func init() {
}
// WithJobLogger attaches a new logger to context that is aware of steps
func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string) context.Context {
func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string, insecureSecrets bool) context.Context {
mux.Lock()
defer mux.Unlock()
formatter := new(stepLogFormatter)
formatter.color = colors[nextColor%len(colors)]
formatter.secrets = secrets
formatter.insecureSecrets = insecureSecrets
nextColor++
logger := logrus.New()
@ -56,16 +57,19 @@ func WithJobLogger(ctx context.Context, jobName string, secrets map[string]strin
}
type stepLogFormatter struct {
color int
secrets map[string]string
color int
secrets map[string]string
insecureSecrets bool
}
func (f *stepLogFormatter) Format(entry *logrus.Entry) ([]byte, error) {
b := &bytes.Buffer{}
// Replace any secrets in the entry
for _, v := range f.secrets {
entry.Message = strings.ReplaceAll(entry.Message, v, "***")
// Replace any secrets in the entry if insecure-secrets flag is not used
if !f.insecureSecrets {
for _, v := range f.secrets {
entry.Message = strings.ReplaceAll(entry.Message, v, "***")
}
}
if f.isColored(entry) {

View File

@ -28,6 +28,7 @@ type Config struct {
LogOutput bool // log the output from docker run
Env map[string]string // env for containers
Secrets map[string]string // list of secrets
InsecureSecrets bool // switch hiding output when printing to terminal
Platforms map[string]string // list of platforms
Privileged bool // use privileged mode
}
@ -75,7 +76,7 @@ func (runner *runnerImpl) NewPlanExecutor(plan *model.Plan) common.Executor {
}
stageExecutor = append(stageExecutor, func(ctx context.Context) error {
jobName := fmt.Sprintf("%-*s", maxJobNameLen, rc.String())
return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets))
return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets, rc.Config.InsecureSecrets))
})
}
}