Skip to content

Commit

Permalink
fix: Mask the password parameter and print it to the log
Browse files Browse the repository at this point in the history
  • Loading branch information
@youngmn
youngmn committed Jan 6, 2025
1 parent e9d2b3e commit 6a3d316
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 4 deletions.
8 changes: 8 additions & 0 deletions internal/common/json.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package common

import (
"encoding/json"
"fmt"
"regexp"
)

Expand All @@ -20,3 +21,10 @@ func ReplaceNull(s string) string {
re := regexp.MustCompile(`:<null>`)
return re.ReplaceAllString(s, ":null")
}

func MaskString(value interface{}, target string) string {
s := MarshalUncheckedString(value)
pattern := fmt.Sprintf(`"%s":"[^"]*"`, target)
replace := fmt.Sprintf(`"%s":"***"`, target)
return regexp.MustCompile(pattern).ReplaceAllString(s, replace)
}
7 changes: 3 additions & 4 deletions internal/service/mongodb/mongodb_users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,8 +151,7 @@ func (r *mongodbUsersResource) Create(ctx context.Context, req resource.CreateRe
CloudMongoDbInstanceNo: plan.ID.ValueStringPointer(),
CloudMongoDbUserList: convertToAddOrChangeParameters(plan.MongoDbUserSet),
}

tflog.Info(ctx, "CreateMongodbUserList reqParams="+common.MarshalUncheckedString(reqParams))
tflog.Info(ctx, "CreateMongodbUserList reqParams="+common.MaskString(reqParams, "password"))

response, err := r.config.Client.Vmongodb.V2Api.AddCloudMongoDbUserList(reqParams)
if err != nil {
Expand Down Expand Up @@ -437,7 +436,7 @@ func addOrChangeUserList(ctx context.Context, config *conn.ProviderConfig, id *s
CloudMongoDbInstanceNo: id,
CloudMongoDbUserList: changeParameters,
}
tflog.Info(ctx, "ChangeCloudMongoDbUserList reqParams="+common.MarshalUncheckedString(reqParams))
tflog.Info(ctx, "ChangeCloudMongoDbUserList reqParams="+common.MaskString(reqParams, "password"))

response, err := config.Client.Vmongodb.V2Api.ChangeCloudMongoDbUserList(reqParams)
if err != nil {
Expand All @@ -461,7 +460,7 @@ func addOrChangeUserList(ctx context.Context, config *conn.ProviderConfig, id *s
CloudMongoDbInstanceNo: id,
CloudMongoDbUserList: addParameters,
}
tflog.Info(ctx, "AddCloudMongoDbUserList reqParams="+common.MarshalUncheckedString(reqParams))
tflog.Info(ctx, "AddCloudMongoDbUserList reqParams="+common.MaskString(reqParams, "password"))

response, err := config.Client.Vmongodb.V2Api.AddCloudMongoDbUserList(reqParams)
if err != nil {
Expand Down

0 comments on commit 6a3d316

Please sign in to comment.