Enhance logic to hide credentials in log

Issue-ID: CCSDK-1839

Signed-off-by: Hong Guan <hg4105@att.com>
Change-Id: I8687e1de5165851f05dfffe2c45dcad3d844573d

diff --git a/helm/helm-type.yaml b/helm/helm-type.yaml
index b404f7f..37c22d4 100644 (file)
--- a/helm/helm-type.yaml
+++ b/helm/helm-type.yaml
@@ -19,7 +19,7 @@ plugins:
   helm-plugin:
     executor: central_deployment_agent
     package_name: helm
-    package_version: 4.0.1
+    package_version: 4.0.2
 
 node_types:
 

diff --git a/helm/plugin/tasks.py b/helm/plugin/tasks.py
index c0e8921..ac27764 100644 (file)
--- a/helm/plugin/tasks.py
+++ b/helm/plugin/tasks.py
@@ -37,9 +37,17 @@ from cloudify.decorators import operation
 from cloudify import exceptions
 from cloudify.exceptions import NonRecoverableError
 
+def debug_log_mask_credentials(_command_str):
+    debug_str = _command_str
+    if _command_str.find("@") != -1:
+        head, end = _command_str.rsplit('@', 1)
+        proto, auth = head.rsplit('//', 1)
+        uname, passwd = auth.rsplit(':', 1)
+        debug_str = _command_str.replace(passwd, "************")
+    ctx.logger.debug('command {0}.'.format(debug_str))
 
 def execute_command(_command):
-    ctx.logger.debug('_command {0}.'.format(_command))
+    debug_log_mask_credentials(_command)
 
     subprocess_args = {
         'args': _command.split(),
@@ -47,7 +55,7 @@ def execute_command(_command):
         'stderr': subprocess.PIPE
     }
 
-    ctx.logger.debug('subprocess_args {0}.'.format(subprocess_args))
+    debug_log_mask_credentials(str(subprocess_args))
     try:
         process = subprocess.Popen(**subprocess_args)
         output, error = process.communicate()
@@ -55,13 +63,13 @@ def execute_command(_command):
         ctx.logger.debug(str(e))
         return False
 
-    ctx.logger.debug('command: {0} '.format(_command))
+    debug_log_mask_credentials(_command)
     ctx.logger.debug('output: {0} '.format(output))
     ctx.logger.debug('error: {0} '.format(error))
     ctx.logger.debug('process.returncode: {0} '.format(process.returncode))
 
     if process.returncode:
-        ctx.logger.error('Running `{0}` returns error.'.format(_command))
+        ctx.logger.error('Error was returned while running helm command')
         return False
 
     return output

diff --git a/helm/pom.xml b/helm/pom.xml
index f1a716c..c135653 100644 (file)
--- a/helm/pom.xml
+++ b/helm/pom.xml
@@ -41,7 +41,7 @@ limitations under the License.
     <!-- path of types file itself relative to this file -->
     <typefile.source>helm-type.yaml</typefile.source>
     <!-- path, in repo, to store type file -->
-    <typefile.dest>type_files/helm/4.0.1/helm-type.yaml</typefile.dest>
+    <typefile.dest>type_files/helm/4.0.2/helm-type.yaml</typefile.dest>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <sonar.sources>.</sonar.sources>
     <sonar.junit.reportsPath>nosetests.xml</sonar.junit.reportsPath>

diff --git a/helm/setup.py b/helm/setup.py
index df41f23..a0b17ef 100644 (file)
--- a/helm/setup.py
+++ b/helm/setup.py
@@ -24,7 +24,7 @@ setup(
 
     # Do not use underscores in the plugin name.
     name='helm',
-    version='4.0.1',
+    version='4.0.2',
     author='Nicolas Hu(AT&T)',
     author_email='jh245g@att.com',
     description='This plugin will install/uninstall/upgrade/rollback helm '