Adding json type files to crawl_n_mask #3435
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
danpawlik
left a comment
danpawlik
left a comment
There was a problem hiding this comment.
Generally it looks ok, but want to see result
michburk
left a comment
michburk
left a comment
There was a problem hiding this comment.
I did a test running the module locally with some basic examples. I noticed that in JSON files, the secrets get masked slightly differently than in yaml files. I ran crawl_n_mask on a dir with the following yaml and json files.
yaml file:
---
password: password123json file:
{
"password": "password123"
}after crawling the dir, the files look like:
---
password: 'pa**********23'{
"password": "p**********3"
}The secret in the yaml file is masked as expected, but it seems that in the json file, the double quotes surrounding the actual secret are counted as part of the secret's length.
plugins/modules/crawl_n_mask.py
Outdated
| for word in PROTECT_KEYS: | ||
| if key.strip() == word: | ||
| masked = partial_mask(value) | ||
| if key.strip().replace('"', "") == word.strip(): |
There was a problem hiding this comment.
Could move this key.strip().replace('"', "") into a variable calculated just above the for loop in order to avoid constantly re-evaluating these string operations while we check the same key against each new word in PROTECT_KEYS.
evallesp
force-pushed
the
add-json-extension-crawl-n-mask
branch
from
87435b7 to
f4fb6b9
Compare
Good catch. I've updated the PR, but waiting the testproject results |
evallesp
force-pushed
the
add-json-extension-crawl-n-mask
branch
from
f4fb6b9 to
9fea55a
Compare
|
Json masking is working properly now in my local tests 👍 |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/36c4a133dea84791b8f96f3a6d087a22 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 36m 26s |
|
@evallesp re-run black on the python file and we can go |
We're adding json type files to crawl_n_mask. It checks the extension and return the value of the masked key different between yaml and json formats.
evallesp
force-pushed
the
add-json-extension-crawl-n-mask
branch
from
9fea55a to
88ebe1c
Compare
done |
|
Check METADATA_SHARED_SECRET: |
|
I think this is redundant since the creation of: #3447 |
3 participants
We're adding json type files to crawl_n_mask.
It checks the extension and return the value of the masked key different between yaml and json formats.