make exclude API params configureable to not break OSS

packages/opal-client/opal_client/config.py

@@ -115,6 +115,12 @@ class OpalClientConfig(Confi):
         description="path to the file containing the ca certificate(s) used for tls authentication with the policy store",
     )
 
+    EXCLUDE_POLICY_STORE_SECRETS = confi.bool(
+        "EXCLUDE_POLICY_STORE_SECRETS",
+        False,
+        description="If set, policy store secrets will be excluded from the logs",
+    )
+
     # create an instance of a policy store upon load
     def load_policy_store():
         from opal_client.policy_store.policy_store_client_factory import (

packages/opal-client/opal_client/policy_store/api.py

@@ -28,13 +28,19 @@ async def get_policy_store_details(claims: JWTClaims = Depends(authenticator)):
             logger.error(f"Unauthorized to publish update: {repr(e)}")
             raise
 
+        token = None
+        oauth_client_secret = None
+        if not opal_client_config.EXCLUDE_POLICY_STORE_SECRETS:
+            token = opal_client_config.POLICY_STORE_AUTH_TOKEN
+            oauth_client_secret = opal_client_config.POLICY_STORE_AUTH_OAUTH_CLIENT_SECRET
         return PolicyStoreDetails(
             url=opal_client_config.POLICY_STORE_URL,
-            token=None,
+            token=token or None,
             auth_type=opal_client_config.POLICY_STORE_AUTH_TYPE or PolicyStoreAuth.NONE,
             oauth_client_id=opal_client_config.POLICY_STORE_AUTH_OAUTH_CLIENT_ID
             or None,
-            oauth_client_secret=None,
+            oauth_client_secret=oauth_client_secret
+            or None,
             oauth_server=opal_client_config.POLICY_STORE_AUTH_OAUTH_SERVER or None,
         )