From 22aa1df894c1f6a3476d42c13b78755b1fc592ec Mon Sep 17 00:00:00 2001 From: Erin Call Date: Tue, 21 Jan 2020 16:23:55 -0800 Subject: [PATCH] Don't bother trying to hide secrets in values [#34] While testing this I discovered the secrets are revealed anyway, since the lint/upgrade jobs' debug output includes the command they generated. Might as well make the code a little simpler. --- internal/env/config.go | 13 ++----------- internal/env/config_test.go | 11 ++--------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/internal/env/config.go b/internal/env/config.go index 71f6392..68e49f3 100644 --- a/internal/env/config.go +++ b/internal/env/config.go @@ -89,12 +89,12 @@ func NewConfig(stdout, stderr io.Writer) (*Config, error) { cfg.Timeout = fmt.Sprintf("%ss", cfg.Timeout) } + cfg.loadValuesSecrets() + if cfg.Debug && cfg.Stderr != nil { cfg.logDebug() } - cfg.loadValuesSecrets() - cfg.deprecationWarn() return &cfg, nil @@ -108,9 +108,6 @@ func (cfg *Config) loadValuesSecrets() { varName = sigils.ReplaceAllString(varName, "") if value, ok := os.LookupEnv(varName); ok { - if cfg.Debug { - fmt.Fprintf(cfg.Stderr, "Replaced $%s with value in environment\n", varName) - } return value } @@ -120,13 +117,7 @@ func (cfg *Config) loadValuesSecrets() { return "" } - if cfg.Debug { - fmt.Fprintf(cfg.Stderr, "Replacing environment variable references in Values\n") - } cfg.Values = findVar.ReplaceAllStringFunc(cfg.Values, replacer) - if cfg.Debug { - fmt.Fprintf(cfg.Stderr, "Replacing environment variable references in StringValues\n") - } cfg.StringValues = findVar.ReplaceAllStringFunc(cfg.StringValues, replacer) } diff --git a/internal/env/config_test.go b/internal/env/config_test.go index a17fffa..4288342 100644 --- a/internal/env/config_test.go +++ b/internal/env/config_test.go @@ -208,15 +208,8 @@ func (suite *ConfigTestSuite) TestValuesSecretsWithDebugLogging() { _, err := NewConfig(&strings.Builder{}, &stderr) suite.Require().NoError(err) - // Make a good-faith effort to avoid putting secrets in the log output, but still mention they were found - suite.Contains(stderr.String(), "Values:fire=$SECRET_FIRE,water=$SECRET_WATER") - suite.Contains(stderr.String(), ` -Replacing environment variable references in Values -Replaced $SECRET_FIRE with value in environment -$SECRET_WATER not present in environment, replaced with "" -Replacing environment variable references in StringValues -Replaced $SECRET_FIRE with value in environment -`) + suite.Contains(stderr.String(), "Values:fire=Eru_Ilúvatar,water=") + suite.Contains(stderr.String(), `$SECRET_WATER not present in environment, replaced with ""`) } func (suite *ConfigTestSuite) setenv(key, val string) {