Skip to content

Commit

Permalink
Extract hiding sensitive info to public helper
Browse files Browse the repository at this point in the history
  • Loading branch information
pkosiec committed Jul 2, 2024
1 parent 8529383 commit 3c25f34
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 44 deletions.
44 changes: 44 additions & 0 deletions pkg/config/redacted.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
package config

import (
"fmt"
)

const redactedSecretStr = "*** REDACTED ***"

// HideSensitiveInfo removes sensitive information from the config.
func HideSensitiveInfo(in Config) Config {
out := in
// TODO: avoid printing sensitive data without need to resetting them manually (which is an error-prone approach)
for key, val := range out.Communications {
val.SocketSlack.AppToken = redactedSecretStr
val.SocketSlack.BotToken = redactedSecretStr
val.Elasticsearch.Password = redactedSecretStr
val.Discord.Token = redactedSecretStr
val.Mattermost.Token = redactedSecretStr
val.CloudSlack.Token = redactedSecretStr
// To keep the printed config readable, we don't print the certificate bytes.
val.CloudSlack.Server.TLS.CACertificate = nil
val.CloudTeams.Server.TLS.CACertificate = nil

// Replace private channel names with aliases
cloudSlackChannels := make(IdentifiableMap[CloudSlackChannel])
for _, channel := range val.CloudSlack.Channels {
if channel.Alias == nil {
cloudSlackChannels[channel.ChannelBindingsByName.Name] = channel
continue
}

outChannel := channel
outChannel.ChannelBindingsByName.Name = fmt.Sprintf("%s (public alias)", *channel.Alias)
outChannel.Alias = nil
cloudSlackChannels[*channel.Alias] = outChannel
}
val.CloudSlack.Channels = cloudSlackChannels

// maps are not addressable: https://stackoverflow.com/questions/42605337/cannot-assign-to-struct-field-in-a-map
out.Communications[key] = val
}

return out
}
48 changes: 4 additions & 44 deletions pkg/execute/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,54 +48,14 @@ func (e *ConfigExecutor) Commands() map[command.Verb]CommandFn {

// Show returns Config in yaml format
func (e *ConfigExecutor) Show(_ context.Context, cmdCtx CommandContext) (interactive.CoreMessage, error) {
cfg, err := e.renderBotkubeConfiguration()
redactedCfg := config.HideSensitiveInfo(e.cfg)
bytes, err := yaml.Marshal(redactedCfg)
if err != nil {
return interactive.CoreMessage{}, fmt.Errorf("while rendering Botkube configuration: %w", err)
}
return respond(cfg, cmdCtx), nil
}

const redactedSecretStr = "*** REDACTED ***"

func (e *ConfigExecutor) renderBotkubeConfiguration() (string, error) {
cfg := e.cfg

// hide sensitive info
// TODO: avoid printing sensitive data without need to resetting them manually (which is an error-prone approach)
for key, val := range cfg.Communications {
val.SocketSlack.AppToken = redactedSecretStr
val.SocketSlack.BotToken = redactedSecretStr
val.Elasticsearch.Password = redactedSecretStr
val.Discord.Token = redactedSecretStr
val.Mattermost.Token = redactedSecretStr
val.CloudSlack.Token = redactedSecretStr
// To keep the printed config readable, we don't print the certificate bytes.
val.CloudSlack.Server.TLS.CACertificate = nil
val.CloudTeams.Server.TLS.CACertificate = nil

// Replace private channel names with aliases
cloudSlackChannels := make(config.IdentifiableMap[config.CloudSlackChannel])
for _, channel := range val.CloudSlack.Channels {
if channel.Alias == nil {
cloudSlackChannels[channel.ChannelBindingsByName.Name] = channel
continue
}

outChannel := channel
outChannel.ChannelBindingsByName.Name = fmt.Sprintf("%s (public alias)", *channel.Alias)
outChannel.Alias = nil
cloudSlackChannels[*channel.Alias] = outChannel
}
val.CloudSlack.Channels = cloudSlackChannels

// maps are not addressable: https://stackoverflow.com/questions/42605337/cannot-assign-to-struct-field-in-a-map
cfg.Communications[key] = val
}

b, err := yaml.Marshal(cfg)
if err != nil {
return "", err
return interactive.CoreMessage{}, fmt.Errorf("while rendering Botkube configuration: %w", err)
}

return string(b), nil
return respond(string(bytes), cmdCtx), nil
}

0 comments on commit 3c25f34

Please sign in to comment.