Merge pull request #238 from harness/SPG-435

SPG-435: Mask API Key in http request logs
harness · Nov 25, 2022 · dc09b9c · dc09b9c
2 parents 06181a9 + ea2ecf3
commit dc09b9c
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 6 deletions.
diff --git a/harness/cd/client.go b/harness/cd/client.go
@@ -51,7 +51,7 @@ type ApiClient struct {
 
 func DefaultConfig() *Config {
 	logger := logging.NewLogger()
-	if helpers.EnvVars.DebugEnabled.Get() == "true" {
+	if helpers.EnvVars.TfLog.Get() == "DEBUG" {
 		logger.SetLevel(log.DebugLevel)
 	}
 

diff --git a/harness/helpers/envvars.go b/harness/helpers/envvars.go
@@ -11,15 +11,15 @@ var EnvVars = struct {
 	DelegateSecret EnvVar
 	Endpoint       EnvVar
 	PlatformApiKey EnvVar
-	DebugEnabled   EnvVar
+	TfLog          EnvVar
 }{
 	AccountId:      "HARNESS_ACCOUNT_ID",
 	ApiKey:         "HARNESS_API_KEY",
 	BearerToken:    "HARNESS_BEARER_TOKEN",
 	DelegateSecret: "HARNESS_DELEGATE_SECRET",
 	Endpoint:       "HARNESS_ENDPOINT",
 	PlatformApiKey: "HARNESS_PLATFORM_API_KEY",
-	DebugEnabled:   "HARNESS_DEBUG_ENABLED",
+	TfLog:          "TF_LOG",
 }
 
 func (e EnvVar) String() string {

diff --git a/harness/nextgen/configuration.go b/harness/nextgen/configuration.go
@@ -71,7 +71,7 @@ type Configuration struct {
 
 func NewConfiguration() *Configuration {
 	logger := logging.NewLogger()
-	if helpers.EnvVars.DebugEnabled.Get() == "true" {
+	if helpers.EnvVars.TfLog.Get() == "DEBUG" {
 		logger.SetLevel(log.DebugLevel)
 	}
 

diff --git a/logging/transport.go b/logging/transport.go
@@ -8,6 +8,7 @@ import (
 	"net/http/httputil"
 	"strings"
 
+	"github.com/harness/harness-go-sdk/harness/helpers"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -22,7 +23,7 @@ func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	if IsDebugOrHigher(t.logger) {
 		reqData, err := httputil.DumpRequestOut(req, true)
 		if err == nil {
-			t.logger.Debugf(logReqMsg, t.name, prettyPrintJsonLines(reqData))
+			t.logger.Debugf(logReqMsg, t.name, MaskAPIKey(prettyPrintJsonLines(reqData)))
 		} else {
 			t.logger.Errorf("%s API Request error: %#v", t.name, err)
 		}
@@ -36,7 +37,7 @@ func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	if IsDebugOrHigher(t.logger) {
 		respData, err := httputil.DumpResponse(resp, true)
 		if err == nil {
-			t.logger.Debugf(logRespMsg, t.name, prettyPrintJsonLines(respData))
+			t.logger.Debugf(logRespMsg, t.name, MaskAPIKey(prettyPrintJsonLines(respData)))
 		} else {
 			t.logger.Errorf("%s API Response error: %#v", t.name, err)
 		}
@@ -45,6 +46,18 @@ func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	return resp, nil
 }
 
+func MaskAPIKey(stringToMask string) string {
+	apiKey := helpers.EnvVars.ApiKey.Get()
+	platformApiKey := helpers.EnvVars.PlatformApiKey.Get()
+	if apiKey != "" {
+		stringToMask = strings.ReplaceAll(stringToMask, apiKey, "****")
+	}
+	if platformApiKey != "" {
+		stringToMask = strings.ReplaceAll(stringToMask, platformApiKey, "****")
+	}
+	return stringToMask
+}
+
 func NewTransport(name string, logger *log.Logger, t http.RoundTripper) *transport {
 	return &transport{name, logger, t}
 }