Skip to content

Commit 60960e8

Browse files
Adnan AlhomssiDrvi
Adnan Alhomssi
and
Drvi
authored
Redact AWS credentials printing like Azure (#36)
* redact secrets while printing AWSCredential * add tests * bump version * fix printing style * Fixes for 1.6 --------- Co-authored-by: Tomáš Drvoštěp <[email protected]>
1 parent a8a8b15 commit 60960e8

File tree

3 files changed

+28
-1
lines changed

3 files changed

+28
-1
lines changed

Project.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
name = "CloudBase"
22
uuid = "85eb1798-d7c4-4918-bb13-c944d38e27ed"
33
authors = ["quinnj <[email protected]>"]
4-
version = "1.4.6"
4+
version = "1.4.7"
55

66
[deps]
77
Base64 = "2a0f44e3-6c83-55bd-87e4-b1978d98bd5f"

src/aws.jl

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,17 @@ mutable struct AWSCredentials <: CloudCredentials
1010
expireThreshold::Dates.Period
1111
end
1212

13+
14+
function Base.show(io::IO, creds::AWSCredentials)
15+
print(io, "AWSCredentials(")
16+
print(io, "profile=", creds.profile, ",")
17+
print(io, "access_key_id=", "****", ",")
18+
print(io, "secret_access_key=", "****", ",")
19+
print(io, "session_token=", "****", ",")
20+
print(io, "expiration=", creds.expiration, ",")
21+
print(io, "expireThreshold=", creds.expireThreshold, ")")
22+
end
23+
1324
AWSCredentials(profile::String, access_key_id::String, secret_access_key::String, session_token::String, expiration, expireThreshold) =
1425
AWSCredentials(ReentrantLock(), profile, access_key_id, secret_access_key, session_token, expiration, expireThreshold)
1526

test/runtests.jl

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -234,3 +234,19 @@ end
234234
@test CloudBase.urlServiceRegion("bucket.s3.us-west-2.amazonaws.com") == ("s3", "us-west-2")
235235
@test CloudBase.urlServiceRegion("bucket.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com") == ("s3", "us-east-1")
236236
end
237+
238+
@testset "redact credentials" begin
239+
# Make sure we don't show secrets in the output
240+
function test_output(creds)
241+
io_buffer = IOBuffer()
242+
Base.show(io_buffer, creds)
243+
str = String(take!(io_buffer))
244+
@test !occursin("0123456789abcdef", str)
245+
@test occursin("***", str)
246+
return nothing
247+
end
248+
test_output(CloudBase.AWSCredentials("0123456789abcdef", "0123456789abcdef", "0123456789abcdef"))
249+
# same for Azure
250+
test_output(Azure.Credentials(CloudBase.SharedKey("account_name", "0123456789abcdef")))
251+
test_output(Azure.Credentials(CloudBase.generateAccountSASToken("account_name", "0123456789abcdef")))
252+
end

0 commit comments

Comments
 (0)