Add option to disable hiding of secrets (#460)
This commit is contained in:
Cat™
GitHub
parent
a9b3d6426b
commit
80a245652e
4 changed files with 15 additions and 7 deletions
|
|
@ -20,6 +20,7 @@ type Input struct {
|
|||
noOutput bool
|
||||
envfile string
|
||||
secretfile string
|
||||
insecureSecrets bool
|
||||
defaultBranch string
|
||||
privileged bool
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ func Execute(ctx context.Context, version string) {
|
|||
rootCmd.PersistentFlags().BoolVarP(&input.noOutput, "quiet", "q", false, "disable logging of output from steps")
|
||||
rootCmd.PersistentFlags().BoolVarP(&input.dryrun, "dryrun", "n", false, "dryrun mode")
|
||||
rootCmd.PersistentFlags().StringVarP(&input.secretfile, "secret-file", "", "", "file with list of secrets to read from (e.g. --secret-file .secrets)")
|
||||
rootCmd.PersistentFlags().BoolVarP(&input.insecureSecrets, "insecure-secrets", "", false, "NOT RECOMMENDED! Doesn't hide secrets while printing logs.")
|
||||
rootCmd.PersistentFlags().StringVarP(&input.envfile, "env-file", "", ".env", "environment file to read and use as env in the containers")
|
||||
rootCmd.SetArgs(args())
|
||||
|
||||
|
|
@ -184,6 +185,7 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str
|
|||
LogOutput: !input.noOutput,
|
||||
Env: envs,
|
||||
Secrets: secrets,
|
||||
InsecureSecrets: input.insecureSecrets,
|
||||
Platforms: input.newPlatforms(),
|
||||
Privileged: input.privileged,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,12 +38,13 @@ func init() {
|
|||
}
|
||||
|
||||
// WithJobLogger attaches a new logger to context that is aware of steps
|
||||
func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string) context.Context {
|
||||
func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string, insecureSecrets bool) context.Context {
|
||||
mux.Lock()
|
||||
defer mux.Unlock()
|
||||
formatter := new(stepLogFormatter)
|
||||
formatter.color = colors[nextColor%len(colors)]
|
||||
formatter.secrets = secrets
|
||||
formatter.insecureSecrets = insecureSecrets
|
||||
nextColor++
|
||||
|
||||
logger := logrus.New()
|
||||
|
|
@ -56,16 +57,19 @@ func WithJobLogger(ctx context.Context, jobName string, secrets map[string]strin
|
|||
}
|
||||
|
||||
type stepLogFormatter struct {
|
||||
color int
|
||||
secrets map[string]string
|
||||
color int
|
||||
secrets map[string]string
|
||||
insecureSecrets bool
|
||||
}
|
||||
|
||||
func (f *stepLogFormatter) Format(entry *logrus.Entry) ([]byte, error) {
|
||||
b := &bytes.Buffer{}
|
||||
|
||||
// Replace any secrets in the entry
|
||||
for _, v := range f.secrets {
|
||||
entry.Message = strings.ReplaceAll(entry.Message, v, "***")
|
||||
// Replace any secrets in the entry if insecure-secrets flag is not used
|
||||
if !f.insecureSecrets {
|
||||
for _, v := range f.secrets {
|
||||
entry.Message = strings.ReplaceAll(entry.Message, v, "***")
|
||||
}
|
||||
}
|
||||
|
||||
if f.isColored(entry) {
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ type Config struct {
|
|||
LogOutput bool // log the output from docker run
|
||||
Env map[string]string // env for containers
|
||||
Secrets map[string]string // list of secrets
|
||||
InsecureSecrets bool // switch hiding output when printing to terminal
|
||||
Platforms map[string]string // list of platforms
|
||||
Privileged bool // use privileged mode
|
||||
}
|
||||
|
|
@ -75,7 +76,7 @@ func (runner *runnerImpl) NewPlanExecutor(plan *model.Plan) common.Executor {
|
|||
}
|
||||
stageExecutor = append(stageExecutor, func(ctx context.Context) error {
|
||||
jobName := fmt.Sprintf("%-*s", maxJobNameLen, rc.String())
|
||||
return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets))
|
||||
return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets, rc.Config.InsecureSecrets))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue