improve: remove logging of full value

Debug logs are probably not visible in production anyway, but to be even more safe, only log this at trace, and trim the value to a small number of characters to prevent logging of the full value in that case.
infrahq · Oct 3, 2022 · 9a6bc74 · 9a6bc74
1 parent 422a066
commit 9a6bc74
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/internal/cmd/types/file.go b/internal/cmd/types/file.go
@@ -1,6 +1,7 @@
 package types
 
 import (
+	"errors"
 	"io"
 	"os"
 
@@ -22,10 +23,17 @@ func (s *StringOrFile) String() string {
 
 func (s *StringOrFile) Set(raw string) error {
 	fh, err := os.Open(raw)
-	if err != nil {
-		logging.L.Debug().Err(err).Msg("failed to open file")
+	switch {
+	case errors.Is(err, os.ErrNotExist):
+		// Only log a small prefix of the value, at trace level, in case the value is sensitive.
+		logging.L.Trace().
+			Str("valuePrefix", raw[:len(raw)/2]).
+			Msg("value does not appear to be a file, assuming string literal")
+
 		*s = StringOrFile(raw)
 		return nil
+	case err != nil:
+		return err
 	}
 
 	content, err := io.ReadAll(fh)