Merge pull request #388 from fluxcd/masktoken-pkg

Use masktoken pkg for redacting token
fluxcd · Jul 4, 2022 · a37485b · a37485b
2 parents 098d6d1 + 9b8586e
commit a37485b
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 106 deletions.
diff --git a/go.mod b/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/containrrr/shoutrrr v0.6.0
 	github.com/fluxcd/notification-controller/api v0.24.0
 	github.com/fluxcd/pkg/apis/meta v0.14.2
+	github.com/fluxcd/pkg/masktoken v0.0.1
 	github.com/fluxcd/pkg/runtime v0.16.2
 	github.com/fluxcd/pkg/ssa v0.16.1
 	github.com/getsentry/sentry-go v0.13.0

diff --git a/go.sum b/go.sum
@@ -207,6 +207,8 @@ github.com/fluxcd/pkg/apis/acl v0.0.3 h1:Lw0ZHdpnO4G7Zy9KjrzwwBmDZQuy4qEjaU/RvA6
 github.com/fluxcd/pkg/apis/acl v0.0.3/go.mod h1:XPts6lRJ9C9fIF9xVWofmQwftvhY25n1ps7W9xw0XLU=
 github.com/fluxcd/pkg/apis/meta v0.14.2 h1:/Hf7I/Vz01vv3m7Qx7DtQvrzAL1oVt0MJcLb/I1Y1HE=
 github.com/fluxcd/pkg/apis/meta v0.14.2/go.mod h1:ijZ61VG/8T3U17gj0aFL3fdtZL+mulD6V8VrLLUCAgM=
+github.com/fluxcd/pkg/masktoken v0.0.1 h1:egWR/ibTzf4L3PxE8TauKO1srD1Ye/aalgQRQuKKRdU=
+github.com/fluxcd/pkg/masktoken v0.0.1/go.mod h1:sQmMtX4s5RwdGlByJazzNasWFFgBdmtNcgeZcGBI72Y=
 github.com/fluxcd/pkg/runtime v0.16.2 h1:CexfMmJK+r12sHTvKWyAax0pcPomjd6VnaHXcxjUrRY=
 github.com/fluxcd/pkg/runtime v0.16.2/go.mod h1:OHSKsrO+T+Ym8WZRS2oidrnauWRARuE2nfm8ewevm7M=
 github.com/fluxcd/pkg/ssa v0.16.1 h1:hWXMtDhiAPRPHpHiQ5NzVjqIDhOfyzWmc2zA49Wxw7E=

diff --git a/internal/server/event_handlers.go b/internal/server/event_handlers.go
@@ -29,13 +29,13 @@ import (
 	"time"
 
 	"github.com/fluxcd/pkg/runtime/conditions"
-	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/yaml"
 
+	"github.com/fluxcd/pkg/masktoken"
 	"github.com/fluxcd/pkg/runtime/events"
 
 	"github.com/fluxcd/notification-controller/api/v1beta1"
@@ -44,6 +44,7 @@ import (
 
 func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
+		r.Context()
 		body, err := io.ReadAll(r.Body)
 		if err != nil {
 			s.logger.Error(err, "reading the request body failed")
@@ -265,8 +266,12 @@ func (s *EventServer) handleEvent() func(w http.ResponseWriter, r *http.Request)
 
 			go func(n notifier.Interface, e events.Event) {
 				if err := n.Post(e); err != nil {
-					err = redactTokenFromError(err, token, s.logger)
-
+					maskedErrStr, maskErr := masktoken.MaskTokenFromString(err.Error(), token)
+					if maskErr != nil {
+						err = maskErr
+					} else {
+						err = errors.New(maskedErrStr)
+					}
 					s.logger.Error(err, "failed to send notification",
 						"reconciler kind", event.InvolvedObject.Kind,
 						"name", event.InvolvedObject.Name,
@@ -319,22 +324,6 @@ func (s *EventServer) eventMatchesAlert(ctx context.Context, event *events.Event
 	return false
 }
 
-func redactTokenFromError(err error, token string, log logr.Logger) error {
-	if token == "" {
-		return err
-	}
-
-	re, compileErr := regexp.Compile(fmt.Sprintf("%s*", regexp.QuoteMeta(token)))
-	if compileErr != nil {
-		newErrStr := fmt.Sprintf("error redacting token from error message: %s", compileErr)
-		return errors.New(newErrStr)
-	}
-
-	redacted := re.ReplaceAllString(err.Error(), "*****")
-
-	return errors.New(redacted)
-}
-
 // TODO: move the metadata filtering function to fluxcd/pkg/runtime/events
 // cleanupMetadata removes metadata entries which are not used for alerting
 func cleanupMetadata(event *events.Event) {

diff --git a/internal/server/event_handlers_test.go b/internal/server/event_handlers_test.go