From 3c25f34d278433336ec4cc1d54c468f8a2176cdd Mon Sep 17 00:00:00 2001 From: Pawel Kosiec Date: Tue, 2 Jul 2024 22:33:09 +0200 Subject: [PATCH] Extract hiding sensitive info to public helper --- pkg/config/redacted.go | 44 ++++++++++++++++++++++++++++++++++++++ pkg/execute/config.go | 48 ++++-------------------------------------- 2 files changed, 48 insertions(+), 44 deletions(-) create mode 100644 pkg/config/redacted.go diff --git a/pkg/config/redacted.go b/pkg/config/redacted.go new file mode 100644 index 000000000..b40e36a1f --- /dev/null +++ b/pkg/config/redacted.go @@ -0,0 +1,44 @@ +package config + +import ( + "fmt" +) + +const redactedSecretStr = "*** REDACTED ***" + +// HideSensitiveInfo removes sensitive information from the config. +func HideSensitiveInfo(in Config) Config { + out := in + // TODO: avoid printing sensitive data without need to resetting them manually (which is an error-prone approach) + for key, val := range out.Communications { + val.SocketSlack.AppToken = redactedSecretStr + val.SocketSlack.BotToken = redactedSecretStr + val.Elasticsearch.Password = redactedSecretStr + val.Discord.Token = redactedSecretStr + val.Mattermost.Token = redactedSecretStr + val.CloudSlack.Token = redactedSecretStr + // To keep the printed config readable, we don't print the certificate bytes. + val.CloudSlack.Server.TLS.CACertificate = nil + val.CloudTeams.Server.TLS.CACertificate = nil + + // Replace private channel names with aliases + cloudSlackChannels := make(IdentifiableMap[CloudSlackChannel]) + for _, channel := range val.CloudSlack.Channels { + if channel.Alias == nil { + cloudSlackChannels[channel.ChannelBindingsByName.Name] = channel + continue + } + + outChannel := channel + outChannel.ChannelBindingsByName.Name = fmt.Sprintf("%s (public alias)", *channel.Alias) + outChannel.Alias = nil + cloudSlackChannels[*channel.Alias] = outChannel + } + val.CloudSlack.Channels = cloudSlackChannels + + // maps are not addressable: https://stackoverflow.com/questions/42605337/cannot-assign-to-struct-field-in-a-map + out.Communications[key] = val + } + + return out +} diff --git a/pkg/execute/config.go b/pkg/execute/config.go index f4fcb9672..7be7d4bc5 100644 --- a/pkg/execute/config.go +++ b/pkg/execute/config.go @@ -48,54 +48,14 @@ func (e *ConfigExecutor) Commands() map[command.Verb]CommandFn { // Show returns Config in yaml format func (e *ConfigExecutor) Show(_ context.Context, cmdCtx CommandContext) (interactive.CoreMessage, error) { - cfg, err := e.renderBotkubeConfiguration() + redactedCfg := config.HideSensitiveInfo(e.cfg) + bytes, err := yaml.Marshal(redactedCfg) if err != nil { return interactive.CoreMessage{}, fmt.Errorf("while rendering Botkube configuration: %w", err) } - return respond(cfg, cmdCtx), nil -} - -const redactedSecretStr = "*** REDACTED ***" - -func (e *ConfigExecutor) renderBotkubeConfiguration() (string, error) { - cfg := e.cfg - - // hide sensitive info - // TODO: avoid printing sensitive data without need to resetting them manually (which is an error-prone approach) - for key, val := range cfg.Communications { - val.SocketSlack.AppToken = redactedSecretStr - val.SocketSlack.BotToken = redactedSecretStr - val.Elasticsearch.Password = redactedSecretStr - val.Discord.Token = redactedSecretStr - val.Mattermost.Token = redactedSecretStr - val.CloudSlack.Token = redactedSecretStr - // To keep the printed config readable, we don't print the certificate bytes. - val.CloudSlack.Server.TLS.CACertificate = nil - val.CloudTeams.Server.TLS.CACertificate = nil - - // Replace private channel names with aliases - cloudSlackChannels := make(config.IdentifiableMap[config.CloudSlackChannel]) - for _, channel := range val.CloudSlack.Channels { - if channel.Alias == nil { - cloudSlackChannels[channel.ChannelBindingsByName.Name] = channel - continue - } - outChannel := channel - outChannel.ChannelBindingsByName.Name = fmt.Sprintf("%s (public alias)", *channel.Alias) - outChannel.Alias = nil - cloudSlackChannels[*channel.Alias] = outChannel - } - val.CloudSlack.Channels = cloudSlackChannels - - // maps are not addressable: https://stackoverflow.com/questions/42605337/cannot-assign-to-struct-field-in-a-map - cfg.Communications[key] = val - } - - b, err := yaml.Marshal(cfg) if err != nil { - return "", err + return interactive.CoreMessage{}, fmt.Errorf("while rendering Botkube configuration: %w", err) } - - return string(b), nil + return respond(string(bytes), cmdCtx), nil }