Skip to content

Commit

Permalink
Redact AWS credentials printing like Azure (#36)
Browse files Browse the repository at this point in the history 
* redact secrets while printing AWSCredential

* add tests

* bump version

* fix printing style

* Fixes for 1.6

---------

Co-authored-by: Tomáš Drvoštěp <[email protected]>
  • Loading branch information
@adnan-alhomssi @Drvi
adnan-alhomssi and Drvi authored Jul 15, 2024
1 parent a8a8b15 commit 60960e8
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Project.toml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name = "CloudBase"
uuid = "85eb1798-d7c4-4918-bb13-c944d38e27ed"
authors = ["quinnj <[email protected]>"]
version = "1.4.6"
version = "1.4.7"

[deps]
Base64 = "2a0f44e3-6c83-55bd-87e4-b1978d98bd5f"
Expand Down
11 changes: 11 additions & 0 deletions src/aws.jl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,17 @@ mutable struct AWSCredentials <: CloudCredentials
expireThreshold::Dates.Period
end


function Base.show(io::IO, creds::AWSCredentials)
print(io, "AWSCredentials(")
print(io, "profile=", creds.profile, ",")
print(io, "access_key_id=", "****", ",")
print(io, "secret_access_key=", "****", ",")
print(io, "session_token=", "****", ",")
print(io, "expiration=", creds.expiration, ",")
print(io, "expireThreshold=", creds.expireThreshold, ")")
end

AWSCredentials(profile::String, access_key_id::String, secret_access_key::String, session_token::String, expiration, expireThreshold) =
AWSCredentials(ReentrantLock(), profile, access_key_id, secret_access_key, session_token, expiration, expireThreshold)

Expand Down
16 changes: 16 additions & 0 deletions test/runtests.jl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,3 +234,19 @@ end
@test CloudBase.urlServiceRegion("bucket.s3.us-west-2.amazonaws.com") == ("s3", "us-west-2")
@test CloudBase.urlServiceRegion("bucket.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com") == ("s3", "us-east-1")
end

@testset "redact credentials" begin
# Make sure we don't show secrets in the output
function test_output(creds)
io_buffer = IOBuffer()
Base.show(io_buffer, creds)
str = String(take!(io_buffer))
@test !occursin("0123456789abcdef", str)
@test occursin("***", str)
return nothing
end
test_output(CloudBase.AWSCredentials("0123456789abcdef", "0123456789abcdef", "0123456789abcdef"))
# same for Azure
test_output(Azure.Credentials(CloudBase.SharedKey("account_name", "0123456789abcdef")))
test_output(Azure.Credentials(CloudBase.generateAccountSASToken("account_name", "0123456789abcdef")))
end

2 comments on commit 60960e8

@Drvi
Copy link
Member

@Drvi Drvi commented on 60960e8 Jul 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JuliaRegistrator register

@JuliaRegistrator
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Registration pull request created: JuliaRegistries/General/111091

Tip: Release Notes

Did you know you can add release notes too? Just add markdown formatted text underneath the comment after the text
"Release notes:" and it will be added to the registry PR, and if TagBot is installed it will also be added to the
release that TagBot creates. i.e.

@JuliaRegistrator register

Release notes:

## Breaking changes

- blah

To add them here just re-invoke and the PR will be updated.

Tagging

After the above pull request is merged, it is recommended that a tag is created on this repository for the registered package version.

This will be done automatically if the Julia TagBot GitHub Action is installed, or can be done manually through the github interface, or via:

git tag -a v1.4.7 -m "<description of version>" 60960e851188a1c9fc51b1c88d33d4f1af2db7b7
git push origin v1.4.7

Please sign in to comment.