Skip to content

chore: corrected setting config precedence for secret config #2546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aryamohanan merged 2 commits into from
May 13, 2026
Merged

chore: corrected setting config precedence for secret config #2546

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
82b63c5
chore: corrected the config precedence for secret config
aryamohanan May 12, 2026
6116a53
chore: updated
aryamohanan May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 34 additions & 23 deletions packages/core/src/config/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -751,7 +751,7 @@ function normalizeDisableTracing({ userConfig = {}, defaultConfig = {}, finalCon
finalConfig.tracing.enabled = false;
finalConfig.tracing.disable = {};
configStore.set('config.tracing.disable', {
source: CONFIG_SOURCES.DEFAULT
source: disableRes.source
Copy link
Copy Markdown
Contributor

@kirrg001 kirrg001 May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yaaaa

});
return;
}
Expand Down Expand Up @@ -857,44 +857,55 @@ function normalizeSecrets({ userConfig = {}, defaultConfig = {}, finalConfig = {
fromEnvVar = parseSecretsEnvVar(process.env.INSTANA_SECRETS);
}

if (finalConfig.secrets.matcherMode) {
logger.debug(`[config] incode:config.secrets.matcherMode = ${finalConfig.secrets.matcherMode}`);
configStore.set('config.secrets.matcherMode', { source: CONFIG_SOURCES.INCODE });
} else if (fromEnvVar.matcherMode) {
logger.debug(`[config] env:INSTANA_SECRETS (matcherMode) = ${fromEnvVar.matcherMode}`);
configStore.set('config.secrets.matcherMode', { source: CONFIG_SOURCES.ENV });
let matcherModeSource;
let matcherMode;

if (fromEnvVar.matcherMode) {
matcherMode = fromEnvVar.matcherMode;
matcherModeSource = CONFIG_SOURCES.ENV;
logger.debug(`[config] env:INSTANA_SECRETS (matcherMode) = ${matcherMode}`);
} else if (userSecrets?.matcherMode) {
matcherMode = userSecrets.matcherMode;
matcherModeSource = CONFIG_SOURCES.INCODE;
logger.debug(`[config] incode:config.secrets.matcherMode = ${matcherMode}`);
} else {
matcherMode = defaultConfig.secrets.matcherMode;
matcherModeSource = CONFIG_SOURCES.DEFAULT;
}

if (finalConfig.secrets.keywords) {
logger.debug('[config] incode:config.secrets.keywords');
configStore.set('config.secrets.keywords', { source: CONFIG_SOURCES.INCODE });
} else if (fromEnvVar.keywords) {
let keywordsSource;
let keywords;

if (fromEnvVar.keywords) {
keywords = fromEnvVar.keywords;
keywordsSource = CONFIG_SOURCES.ENV;
logger.debug('[config] env:INSTANA_SECRETS (keywords)');
configStore.set('config.secrets.keywords', { source: CONFIG_SOURCES.ENV });
} else if (userSecrets?.keywords) {
keywords = userSecrets.keywords;
keywordsSource = CONFIG_SOURCES.INCODE;
logger.debug('[config] incode:config.secrets.keywords');
} else {
keywords = defaultConfig.secrets.keywords;
keywordsSource = CONFIG_SOURCES.DEFAULT;
}
const matcherMode = userSecrets?.matcherMode || fromEnvVar.matcherMode || defaultConfig.secrets.matcherMode;

const keywords = userSecrets?.keywords || fromEnvVar.keywords || defaultConfig.secrets.keywords;

if (typeof matcherMode !== 'string') {
logger.warn(
// eslint-disable-next-line max-len
`The value of config.secrets.matcherMode ("${matcherMode}") is not a string. Assuming the default value ${defaults.secrets.matcherMode}.`
);
finalConfig.secrets.matcherMode = defaultConfig.secrets.matcherMode;
configStore.set('config.secrets.matcherMode', { source: CONFIG_SOURCES.INCODE });
configStore.set('config.secrets.matcherMode', { source: CONFIG_SOURCES.DEFAULT });
} else if (validSecretsMatcherModes.indexOf(matcherMode) < 0) {
logger.warn(
// eslint-disable-next-line max-len
`The value of config.secrets.matcherMode (or the matcher mode parsed from INSTANA_SECRETS) (${matcherMode}) is not a supported matcher mode. Assuming the default value ${defaults.secrets.matcherMode}.`
);
finalConfig.secrets.matcherMode = defaultConfig.secrets.matcherMode;
configStore.set('config.secrets.matcherMode', {
source: CONFIG_SOURCES.INCODE
});
configStore.set('config.secrets.matcherMode', { source: CONFIG_SOURCES.DEFAULT });
} else {
finalConfig.secrets.matcherMode = matcherMode;
configStore.set('config.secrets.matcherMode', { source: CONFIG_SOURCES.INCODE });
configStore.set('config.secrets.matcherMode', { source: matcherModeSource });
}

if (!Array.isArray(keywords)) {
Expand All @@ -903,15 +914,15 @@ function normalizeSecrets({ userConfig = {}, defaultConfig = {}, finalConfig = {
`The value of config.secrets.keywords (${keywords}) is not an array. Assuming the default value ${defaults.secrets.keywords}.`
);
finalConfig.secrets.keywords = defaultConfig.secrets.keywords;
configStore.set('config.secrets.keywords', { source: CONFIG_SOURCES.INCODE });
configStore.set('config.secrets.keywords', { source: CONFIG_SOURCES.DEFAULT });
} else {
finalConfig.secrets.keywords = keywords;
configStore.set('config.secrets.keywords', { source: CONFIG_SOURCES.INCODE });
configStore.set('config.secrets.keywords', { source: keywordsSource });
}

if (finalConfig.secrets.matcherMode === 'none') {
finalConfig.secrets.keywords = [];
configStore.set('config.secrets.keywords', { source: CONFIG_SOURCES.INCODE });
configStore.set('config.secrets.keywords', { source: matcherModeSource });
}
}

Expand Down
98 changes: 98 additions & 0 deletions packages/core/test/config/normalizeConfig_test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1107,6 +1107,104 @@ describe('config.normalizeConfig', () => {
expect(config.secrets.matcherMode).to.equal('contains-ignore-case');
expect(config.secrets.keywords).to.deep.equal(['nope', 'never']);
});

it('should prioritize ENV over in-code for matcherMode', () => {
process.env.INSTANA_SECRETS = 'equals:env-secret';
const config = coreConfig.normalize({
userConfig: {
secrets: {
matcherMode: 'regex',
keywords: ['incode-secret']
}
}
});
expect(config.secrets.matcherMode).to.equal('equals');
expect(config.secrets.keywords).to.deep.equal(['env-secret']);
});

it('should prioritize ENV over in-code for keywords', () => {
process.env.INSTANA_SECRETS = 'contains:env-keyword1,env-keyword2';
const config = coreConfig.normalize({
userConfig: {
secrets: {
matcherMode: 'equals',
keywords: ['incode-keyword']
}
}
});
expect(config.secrets.keywords).to.deep.equal(['env-keyword1', 'env-keyword2']);
});

it('should use in-code when ENV is not set', () => {
delete process.env.INSTANA_SECRETS;
const config = coreConfig.normalize({
userConfig: {
secrets: {
matcherMode: 'regex',
keywords: ['incode-secret']
}
}
});
expect(config.secrets.matcherMode).to.equal('regex');
expect(config.secrets.keywords).to.deep.equal(['incode-secret']);
});

it('should use DEFAULT when neither ENV nor in-code is set', () => {
delete process.env.INSTANA_SECRETS;
const config = coreConfig.normalize({
userConfig: {}
});
expect(config.secrets.matcherMode).to.equal('contains-ignore-case');
expect(config.secrets.keywords).to.deep.equal(['key', 'pass', 'secret']);
});

it('should track DEFAULT source when invalid matcherMode is provided', () => {
const config = coreConfig.normalize({
userConfig: {
secrets: {
matcherMode: 'invalid-matcher'
}
}
});
expect(config.secrets.matcherMode).to.equal('contains-ignore-case');
});

it('should track DEFAULT source when invalid keywords are provided', () => {
const config = coreConfig.normalize({
userConfig: {
secrets: {
keywords: 'not-an-array'
}
}
});
expect(config.secrets.keywords).to.deep.equal(['key', 'pass', 'secret']);
});

it('should handle matcherMode=none', () => {
const config = coreConfig.normalize({
userConfig: {
secrets: {
matcherMode: 'none'
}
}
});
expect(config.secrets.matcherMode).to.equal('none');
expect(config.secrets.keywords).to.deep.equal([]);
});

it('should handle ENV matcherMode=none', () => {
process.env.INSTANA_SECRETS = 'none';
const config = coreConfig.normalize({
userConfig: {
secrets: {
matcherMode: 'equals',
keywords: ['should-be-ignored']
}
}
});
expect(config.secrets.matcherMode).to.equal('none');
expect(config.secrets.keywords).to.deep.equal([]);
});
});

describe('package.json path configuration', () => {
Expand Down