Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mask all sensitive values #523

Merged
merged 5 commits into from
Jun 22, 2023
Merged

mask all sensitive values #523

merged 5 commits into from
Jun 22, 2023

Conversation

johnsonaj
Copy link
Contributor

@johnsonaj johnsonaj commented Jun 21, 2023
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Reference: #32164

Sensitive values can be logged when the TF_LOG=TRACE. To avoid leaking secrets of any kind, logging should mask any pattern that appears to be a secret.

@johnsonaj johnsonaj marked this pull request as ready for review June 22, 2023 14:23
@johnsonaj johnsonaj requested a review from a team as a code owner June 22, 2023 14:23
@ewbankkit
Copy link
Contributor

Can this be unit tested?

@johnsonaj
Copy link
Contributor Author 

go test -v ./logging/...                                                                                                                                                                                    1 ↵
=== RUN   TestMaskAWSSensitiveValues
=== PAUSE TestMaskAWSSensitiveValues
=== CONT  TestMaskAWSSensitiveValues
=== RUN   TestMaskAWSSensitiveValues/mask_simple
=== PAUSE TestMaskAWSSensitiveValues/mask_simple
=== RUN   TestMaskAWSSensitiveValues/mask_complex_json
=== PAUSE TestMaskAWSSensitiveValues/mask_complex_json
=== RUN   TestMaskAWSSensitiveValues/no_mask
=== PAUSE TestMaskAWSSensitiveValues/no_mask
=== RUN   TestMaskAWSSensitiveValues/mask_xml
=== PAUSE TestMaskAWSSensitiveValues/mask_xml
=== CONT  TestMaskAWSSensitiveValues/mask_simple
=== CONT  TestMaskAWSSensitiveValues/mask_complex_json
=== CONT  TestMaskAWSSensitiveValues/no_mask
=== CONT  TestMaskAWSSensitiveValues/mask_xml
--- PASS: TestMaskAWSSensitiveValues (0.00s)
    --- PASS: TestMaskAWSSensitiveValues/mask_simple (0.00s)
    --- PASS: TestMaskAWSSensitiveValues/mask_complex_json (0.00s)
    --- PASS: TestMaskAWSSensitiveValues/no_mask (0.00s)
    --- PASS: TestMaskAWSSensitiveValues/mask_xml (0.00s)
PASS
ok  	github.com/hashicorp/aws-sdk-go-base/v2/logging	0.862s

@johnsonaj
Copy link
Contributor Author

@ewbankkit added unit test

ewbankkit
ewbankkit approved these changes Jun 22, 2023
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

@gdavison gdavison merged commit 97104cc into main Jun 22, 2023
@gdavison gdavison deleted the f-logging-mask-sensitive-values branch June 22, 2023 22:23
gdavison added a commit that referenced this pull request Jun 22, 2023
@gdavison
Adds CHANGELOG entries for #523 and #524
20d7508
@ewbankkit ewbankkit mentioned this pull request Jul 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johnsonaj @ewbankkit @gdavison