Skip to content

N
nexpie-grafana-theme
Commit aa064b18 by Soulou
Options

Test environment override for secret and url with credentials

parent e2c5fac9
Showing with 30 additions and 0 deletions
pkg/setting/setting.go
...@@ -183,6 +183,11 @@ func shouldRedactKey(s string) bool { ...@@ -183,6 +183,11 @@ func shouldRedactKey(s string) bool {
return strings.Contains(uppercased, "PASSWORD") || strings.Contains(uppercased, "SECRET") return strings.Contains(uppercased, "PASSWORD") || strings.Contains(uppercased, "SECRET")
} }
func shouldRedactURLKey(s string) bool {
uppercased := strings.ToUpper(s)
return strings.Contains(uppercased, "DATABASE_URL")
}
func applyEnvVariableOverrides() { func applyEnvVariableOverrides() {
appliedEnvOverrides = make([]string, 0) appliedEnvOverrides = make([]string, 0)
for _, section := range Cfg.Sections() { for _, section := range Cfg.Sections() {
...@@ -197,6 +202,17 @@ func applyEnvVariableOverrides() { ...@@ -197,6 +202,17 @@ func applyEnvVariableOverrides() {
if shouldRedactKey(envKey) { if shouldRedactKey(envKey) {
envValue = "*********" envValue = "*********"
} }
if shouldRedactURLKey(envKey) {
u, _ := url.Parse(envValue)
ui := u.User
if ui != nil {
_, exists := ui.Password()
if exists {
u.User = url.UserPassword(ui.Username(), "-redacted-")
envValue = u.String()
}
}
}
appliedEnvOverrides = append(appliedEnvOverrides, fmt.Sprintf("%s=%s", envKey, envValue)) appliedEnvOverrides = append(appliedEnvOverrides, fmt.Sprintf("%s=%s", envKey, envValue))
} }
} }
......
pkg/setting/setting_test.go
...@@ -29,6 +29,20 @@ func TestLoadingSettings(t *testing.T) { ...@@ -29,6 +29,20 @@ func TestLoadingSettings(t *testing.T) {
So(LogsPath, ShouldEqual, filepath.Join(DataPath, "log")) So(LogsPath, ShouldEqual, filepath.Join(DataPath, "log"))
}) })
Convey("Should replace password when defined in environment", func() {
os.Setenv("GF_SECURITY_ADMIN_PASSWORD", "supersecret")
NewConfigContext(&CommandLineArgs{HomePath: "../../"})
So(appliedEnvOverrides, ShouldContain, "GF_SECURITY_ADMIN_PASSWORD=*********")
})
Convey("Should replace password in URL when url environment is defined", func() {
os.Setenv("GF_DATABASE_URL", "mysql://user:secret@localhost:3306/database")
NewConfigContext(&CommandLineArgs{HomePath: "../../"})
So(appliedEnvOverrides, ShouldContain, "GF_DATABASE_URL=mysql://user:-redacted-@localhost:3306/database")
})
Convey("Should get property map from command line args array", func() { Convey("Should get property map from command line args array", func() {
props := getCommandLineProperties([]string{"cfg:test=value", "cfg:map.test=1"}) props := getCommandLineProperties([]string{"cfg:test=value", "cfg:map.test=1"})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment