mudhorn/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus.git synced 2024-12-26 06:04:05 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

config: hide authentication credentials in String() output

Browse source
This commit is contained in:
Fabian Reinartz 2015-07-06 14:25:20 +02:00
parent 92c20168c4
commit 02e06839f2
3 changed files with 20 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
config/config.go
View file

@ -20,6 +20,7 @@ var (
patJobName = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_-]*$`) patJobName = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_-]*$`)
patFileSDName = regexp.MustCompile(`^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$`) patFileSDName = regexp.MustCompile(`^[^*]*(\*[^/]*)?\.(json|yml|yaml|JSON|YML|YAML)$`)
patRulePath = regexp.MustCompile(`^[^*]*(\*[^/]*)?$`) patRulePath = regexp.MustCompile(`^[^*]*(\*[^/]*)?$`)
patAuthLine = regexp.MustCompile(`((?:username|password):\s+)(".+"|'.+'|[^\s]+)`)
) )
// Load parses the YAML input s into a Config. // Load parses the YAML input s into a Config.
@ -118,14 +119,17 @@ func checkOverflow(m map[string]interface{}, ctx string) error {
} }
func (c Config) String() string { func (c Config) String() string {
var s string
if c.original != "" { if c.original != "" {
return c.original s = c.original
} else {
b, err := yaml.Marshal(c)
if err != nil {
return fmt.Sprintf("<error creating config string: %s>", err)
}
s = string(b)
} }
b, err := yaml.Marshal(c) return patAuthLine.ReplaceAllString(s, "${1}<hidden>")
if err != nil {
return fmt.Sprintf("<error creating config string: %s>", err)
}
return string(b)
} }
// UnmarshalYAML implements the yaml.Unmarshaler interface. // UnmarshalYAML implements the yaml.Unmarshaler interface.

10
config/config_test.go
View file

@ -85,8 +85,8 @@ var expectedConf = &Config{
ScrapeTimeout: Duration(5 * time.Second), ScrapeTimeout: Duration(5 * time.Second),
BasicAuth: &BasicAuth{ BasicAuth: &BasicAuth{
Username: "admin", Username: "admin_name",
Password: "password", Password: "admin_password",
}, },
MetricsPath: "/my_path", MetricsPath: "/my_path",
Scheme: "https", Scheme: "https",
@ -183,6 +183,12 @@ func TestLoadConfig(t *testing.T) {
if !reflect.DeepEqual(c, expectedConf) { if !reflect.DeepEqual(c, expectedConf) {
t.Fatalf("%s: unexpected config result: \n\n%s\n expected\n\n%s", "testdata/conf.good.yml", bgot, bexp) t.Fatalf("%s: unexpected config result: \n\n%s\n expected\n\n%s", "testdata/conf.good.yml", bgot, bexp)
} }
// String method must not reveal authentication credentials.
s := c.String()
if strings.Contains(s, "admin_name") || strings.Contains(s, "admin_password") {
t.Fatalf("config's String method reveals authentication credentials.")
}
} }
var expectedErrors = []struct { var expectedErrors = []struct {

4
config/testdata/conf.good.yml vendored
View file

@ -49,8 +49,8 @@ scrape_configs:
- job_name: service-x - job_name: service-x
basic_auth: basic_auth:
username: admin username: admin_name
password: password password: admin_password
scrape_interval: 50s scrape_interval: 50s
scrape_timeout: 5s scrape_timeout: 5s