From 9125a56b6a227e4077c3f62a370d74071e259b28 Mon Sep 17 00:00:00 2001 From: Szabolcs Toth Date: Fri, 8 Sep 2023 10:52:03 +0100 Subject: [PATCH] Use shared secret redacting --- cli/analytics.go | 9 +++++---- cli/run_util.go | 3 ++- stepruncmd/stdout.go | 19 ++++++++++--------- stepruncmd/stepruncmd.go | 11 ++++++----- 4 files changed, 23 insertions(+), 19 deletions(-) diff --git a/cli/analytics.go b/cli/analytics.go index 29b1fd836..5d6254f28 100644 --- a/cli/analytics.go +++ b/cli/analytics.go @@ -5,8 +5,9 @@ import ( "fmt" "io" - "github.com/bitrise-io/bitrise/stepruncmd/filterwriter" "github.com/bitrise-io/envman/models" + "github.com/bitrise-io/go-utils/v2/log" + "github.com/bitrise-io/go-utils/v2/redactwriter" ) func redactStepInputs(environment map[string]string, inputs []models.EnvironmentItemModel, secrets []string) (map[string]string, map[string]string, error) { @@ -49,12 +50,12 @@ func redactStepInputs(environment map[string]string, inputs []models.Environment func redactWithSecrets(inputValue string, secrets []string) (string, error) { src := bytes.NewReader([]byte(inputValue)) dstBuf := new(bytes.Buffer) - secretFilterDst := filterwriter.New(secrets, dstBuf) + redactWriterDst := redactwriter.New(secrets, dstBuf, log.NewLogger()) - if _, err := io.Copy(secretFilterDst, src); err != nil { + if _, err := io.Copy(redactWriterDst, src); err != nil { return "", fmt.Errorf("failed to redact secrets, stream copy failed: %s", err) } - if err := secretFilterDst.Close(); err != nil { + if err := redactWriterDst.Close(); err != nil { return "", fmt.Errorf("failed to redact secrets, closing the stream failed: %s", err) } diff --git a/cli/run_util.go b/cli/run_util.go index 49368528e..febaf446e 100644 --- a/cli/run_util.go +++ b/cli/run_util.go @@ -33,6 +33,7 @@ import ( "github.com/bitrise-io/go-utils/pointers" "github.com/bitrise-io/go-utils/retry" coreanalytics "github.com/bitrise-io/go-utils/v2/analytics" + logV2 "github.com/bitrise-io/go-utils/v2/log" "github.com/bitrise-io/go-utils/versions" stepmanModels "github.com/bitrise-io/stepman/models" ) @@ -433,7 +434,7 @@ func (r WorkflowRunner) executeStep( return 1, fmt.Errorf("failed to read command environment: %w", err) } - cmd := stepruncmd.New(name, args, bitriseSourceDir, envs, stepSecrets, timeout, noOutputTimeout, stdout) + cmd := stepruncmd.New(name, args, bitriseSourceDir, envs, stepSecrets, timeout, noOutputTimeout, stdout, logV2.NewLogger()) return cmd.Run() } diff --git a/stepruncmd/stdout.go b/stepruncmd/stdout.go index dda5e183a..3fae6cee4 100644 --- a/stepruncmd/stdout.go +++ b/stepruncmd/stdout.go @@ -4,34 +4,35 @@ import ( "io" "github.com/bitrise-io/bitrise/stepruncmd/errorfinder" - "github.com/bitrise-io/bitrise/stepruncmd/filterwriter" + "github.com/bitrise-io/go-utils/v2/log" + "github.com/bitrise-io/go-utils/v2/redactwriter" ) type StdoutWriter struct { writer io.Writer - secretWriter *filterwriter.Writer + redactWriter *redactwriter.Writer errorWriter *errorfinder.ErrorFinder destWriter io.Writer } -func NewStdoutWriter(secrets []string, dest io.Writer) StdoutWriter { +func NewStdoutWriter(secrets []string, dest io.Writer, logger log.Logger) StdoutWriter { var outWriter io.Writer outWriter = dest errorWriter := errorfinder.NewErrorFinder(outWriter) outWriter = errorWriter - var secretWriter *filterwriter.Writer + var redactWriter *redactwriter.Writer if len(secrets) > 0 { - secretWriter = filterwriter.New(secrets, outWriter) - outWriter = secretWriter + redactWriter = redactwriter.New(secrets, outWriter, logger) + outWriter = redactWriter } return StdoutWriter{ writer: outWriter, - secretWriter: secretWriter, + redactWriter: redactWriter, errorWriter: errorWriter, destWriter: dest, } @@ -42,8 +43,8 @@ func (w StdoutWriter) Write(p []byte) (n int, err error) { } func (w StdoutWriter) Close() error { - if w.secretWriter != nil { - if err := w.secretWriter.Close(); err != nil { + if w.redactWriter != nil { + if err := w.redactWriter.Close(); err != nil { return err } } diff --git a/stepruncmd/stepruncmd.go b/stepruncmd/stepruncmd.go index 91dc5b241..cff65674b 100644 --- a/stepruncmd/stepruncmd.go +++ b/stepruncmd/stepruncmd.go @@ -8,17 +8,18 @@ import ( "os/exec" "time" - "github.com/bitrise-io/bitrise/log" "github.com/bitrise-io/bitrise/stepruncmd/timeoutcmd" + "github.com/bitrise-io/go-utils/v2/log" ) type Cmd struct { cmd timeoutcmd.Command stdout StdoutWriter + logger log.Logger } -func New(name string, args []string, workDir string, envs, secrets []string, timeout, noOutputTimeout time.Duration, stdout io.Writer) Cmd { - outWriter := NewStdoutWriter(secrets, stdout) +func New(name string, args []string, workDir string, envs, secrets []string, timeout, noOutputTimeout time.Duration, stdout io.Writer, logger log.Logger) Cmd { + outWriter := NewStdoutWriter(secrets, stdout, logger) cmd := timeoutcmd.New(workDir, name, args...) cmd.SetTimeout(timeout) @@ -26,14 +27,14 @@ func New(name string, args []string, workDir string, envs, secrets []string, tim cmd.SetStandardIO(os.Stdin, outWriter, outWriter) cmd.SetEnv(append(envs, "PWD="+workDir)) - return Cmd{cmd: cmd, stdout: outWriter} + return Cmd{cmd: cmd, stdout: outWriter, logger: logger} } func (c *Cmd) Run() (int, error) { cmdErr := c.cmd.Start() if err := c.stdout.Close(); err != nil { - log.Warnf("Failed to close command output writer: %s", err) + c.logger.Warnf("Failed to close command output writer: %s", err) } if cmdErr == nil {