feat: mask environment variables from outputs

[carnei-ro]

fixes #462

[CLAassistant]

All committers have signed the CLA.

[dancallaghan]

Just wondering what the status was on this PR? We noticed that the diff command was resulting in secrets being leaked in our CI.

[thesheps]

Just wondering what the status was on this PR? We noticed that the diff command was resulting in secrets being leaked in our CI.

Can confirm this is also causing us problem across all our environments. More than happy to contribute or review any supporting PRs if that's of any use?

[hbagdi]

This looks promising. Could you please add an integration test for this?

[carnei-ro]

@hbagdi TBH I have no idea how to create a "diff" integration test that actually looks to the diff output 😞
Is there any "CONTRIBUTING" doc to help me out?
I've rebased, created a simple unit test, and edited the existing integration test. It is masking the value.

=== RUN   Test_Diff_Workspace
=== RUN   Test_Diff_Workspace/diff_with_not_existent_workspace_doesn't_error_out
creating workspace test
creating service svc1  {
+  "connect_timeout": 60000
+  "host": "mockbin.org"
+  "id": "d0d2ec9b-fe41-4516-be12-50766a770523"
+  "name": "[masked]"
+  "protocol": "http"
+  "read_timeout": 60000
+  "write_timeout": 60000
 }

[hbagdi]

@GGabriele Could you help out, please?

[GGabriele]

Hi @carnei-ro ,

thanks for this very nice feature AND apologies for the super late response!

The trick here would be to capture the output from the decK command and compare it to some expected one. Behind the scenes, decK uses github.com/fatih/color to generate diff reports, and specifically this method to print them out.

In order to redirect the output to something we can use during tests, we can overwrite color.Output in our diff utils function with something like this:

func diff(kongFile string, opts ...string) (string, error) {
	deckCmd := cmd.NewRootCmd()
	args := []string{"diff", "-s", kongFile}
	if len(opts) > 0 {
		args = append(args, opts...)
	}
	deckCmd.SetArgs(args)

	// overwrite default standard output
	r, w, _ := os.Pipe()
	color.Output = w

	// execute decK command
	cmdErr := deckCmd.ExecuteContext(context.Background())

	// read command output
	w.Close()
	out, _ := ioutil.ReadAll(r)

	return string(out), cmdErr
}

At that point, you can compare out in the test case with some output you expect to get (you'd need to hardcode the entities IDs in the kong.yaml, otherwise they will get re-generated every time):

			out, err := diff(tc.stateFile)
			assert.NoError(t, err)
			assert.Equal(t, out, expected)

[carnei-ro]

Thanks @GGabriele it really did the job. Masked and Unmasked for Kong < 3 and Kong >= 3 tests are there!

[GGabriele]

@carnei-ro I just added a couple of more comments which would require a bit of refactoring (sorry for not pushing these earlier).

@rainest can you take a look at this PR too? I want to make sure KIC is good with these changes (and the ones I proposed)

[GGabriele]

@carnei-ro Awesome job here! Merging this now, thanks a lot again!

[carnei-ro]

@GGabriele, thanks for merging it! Does decK project have custom contributor T-shirts? I'm collecting them - I already have Kong, KIC and it would be great to have one of decK.

[GGabriele]

Does decK project have custom contributor T-shirts?

Unfortunately it doesn't :( not yet at least