This repository has been archived by the owner on Nov 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
config.go
103 lines (85 loc) · 2.41 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package flux
import (
"crypto/rsa"
"encoding/base64"
"encoding/json"
"strings"
"golang.org/x/crypto/ssh"
)
const secretReplacement = "******"
// Instance configuration, mutated via `fluxctl config`. It can be
// supplied as YAML (hence YAML annotations) and is transported as
// JSON (hence JSON annotations).
type GitConfig struct {
URL string `json:"URL" yaml:"URL"`
Path string `json:"path" yaml:"path"`
Branch string `json:"branch" yaml:"branch"`
Key string `json:"key" yaml:"key"`
}
// NotifierConfig is the config used to set up a notifier.
type NotifierConfig struct {
HookURL string `json:"hookURL" yaml:"hookURL"`
Username string `json:"username" yaml:"username"`
ReleaseTemplate string `json:"releaseTemplate" yaml:"releaseTemplate"`
}
type RegistryConfig struct {
// Map of index host to Basic auth string (base64 encoded
// username:password), to make it easy to copypasta from docker
// config.
Auths map[string]Auth `json:"auths" yaml:"auths"`
}
type Auth struct {
Auth string `json:"auth" yaml:"auth"`
}
type InstanceConfig struct {
Git GitConfig `json:"git" yaml:"git"`
Slack NotifierConfig `json:"slack" yaml:"slack"`
Registry RegistryConfig `json:"registry" yaml:"registry"`
}
// As a safeguard, we make the default behaviour to hide secrets when
// marshalling config.
type SafeInstanceConfig InstanceConfig
type UnsafeInstanceConfig InstanceConfig
func (c InstanceConfig) MarshalJSON() ([]byte, error) {
return json.Marshal(c.HideSecrets())
}
func (c InstanceConfig) HideSecrets() SafeInstanceConfig {
c.Git = c.Git.HideKey()
for host, auth := range c.Registry.Auths {
c.Registry.Auths[host] = auth.HidePassword()
}
return SafeInstanceConfig(c)
}
func (a Auth) HidePassword() Auth {
if a.Auth == "" {
return a
}
bytes, err := base64.StdEncoding.DecodeString(a.Auth)
if err != nil {
return Auth{secretReplacement}
}
parts := strings.SplitN(string(bytes), ":", 2)
return Auth{parts[0] + ":" + secretReplacement}
}
func (g GitConfig) HideKey() GitConfig {
if g.Key == "" {
return g
}
key, err := ssh.ParseRawPrivateKey([]byte(g.Key))
if err != nil {
g.Key = secretReplacement
return g
}
privKey, ok := key.(*rsa.PrivateKey)
if !ok {
g.Key = secretReplacement
return g
}
pubKey, err := ssh.NewPublicKey(&privKey.PublicKey)
if err != nil {
g.Key = secretReplacement
return g
}
g.Key = string(ssh.MarshalAuthorizedKey(pubKey))
return g
}