Log redacted config on config changes (#1671)

* Log redacted config on config changes * Fix redact linter warnings * Fix redaction * Fix redaction, redact service token * fix redacted initialization to fix tests * Change logging location to reduce duplication
elastic · Aug 12, 2022 · 7f4576c · 7f4576c
1 parent 7a1372a
commit 7f4576c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -11,3 +11,4 @@
 - Add start_time and minimum_execution_duration to actions to allow fleet-server to schedule agent actions. {pull}1381[1381]
 - Fleet Server now allows setting global labels on APM instrumentation. {pull}1649[1649]
 - Fleet Server now allows setting transaction sample rate on APM instrumentation {pull}1681[1681]
+- Log redacted config when config updates. {issue}1626[1626] {pull}1668[1668]
diff --git a/cmd/fleet/main.go b/cmd/fleet/main.go
@@ -585,6 +585,10 @@ func redactOutputCfg(cfg *config.Config) config.Output {
 		redacted.Elasticsearch.APIKey = kRedacted
 	}
 
+	if redacted.Elasticsearch.ServiceToken != "" {
+		redacted.Elasticsearch.ServiceToken = kRedacted
+	}
+
 	if redacted.Elasticsearch.TLS != nil {
 		newTLS := *redacted.Elasticsearch.TLS
 
@@ -621,25 +625,38 @@ func redactServerCfg(cfg *config.Config) config.Server {
 	return redacted
 }
 
+func redactConfig(cfg *config.Config) *config.Config {
+	redacted := &config.Config{
+		Fleet:   cfg.Fleet,
+		Output:  cfg.Output,
+		Inputs:  make([]config.Input, 1),
+		Logging: cfg.Logging,
+		HTTP:    cfg.HTTP,
+	}
+	redacted.Inputs[0].Server = redactServerCfg(cfg)
+	redacted.Output = redactOutputCfg(cfg)
+	return redacted
+}
+
 func configChangedServer(curCfg, newCfg *config.Config) bool {
 
-	zlog := log.With().Interface("new", redactServerCfg(newCfg)).Logger()
+	zlog := log.With().Interface("new", redactConfig(newCfg)).Logger()
 
 	changed := true
 	switch {
 	case curCfg == nil:
 		zlog.Info().Msg("initial server configuration")
 	case !reflect.DeepEqual(curCfg.Fleet, newCfg.Fleet):
 		zlog.Info().
-			Interface("old", curCfg).
+			Interface("old", redactConfig(curCfg)).
 			Msg("fleet configuration has changed")
 	case !reflect.DeepEqual(curCfg.Output, newCfg.Output):
 		zlog.Info().
-			Interface("old", redactOutputCfg(curCfg)).
+			Interface("old", redactConfig(curCfg)).
 			Msg("output configuration has changed")
 	case !reflect.DeepEqual(curCfg.Inputs[0].Server, newCfg.Inputs[0].Server):
 		zlog.Info().
-			Interface("old", redactServerCfg(curCfg)).
+			Interface("old", redactConfig(curCfg)).
 			Msg("server configuration has changed")
 	default:
 		changed = false