Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POC: attribute redactions with slog #3085

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

POC: attribute redactions with slog #3085

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2321f22
POC
AustinAbro321 Oct 9, 2024
a863217
comments
AustinAbro321 Oct 9, 2024
ca81723
comments
AustinAbro321 Oct 9, 2024
4bd5e2e
POC
AustinAbro321 Oct 9, 2024
87adca8
comment
AustinAbro321 Oct 9, 2024
fc9bf6e
implement for the others
AustinAbro321 Oct 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 9 additions & 8 deletions src/cmd/initialize.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,23 +202,24 @@ func init() {
// Flags for using an external Git server
initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.Address, "git-url", v.GetString(common.VInitGitURL), lang.CmdInitFlagGitURL)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.PushUsername, "git-push-username", v.GetString(common.VInitGitPushUser), lang.CmdInitFlagGitPushUser)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.PushPassword, "git-push-password", v.GetString(common.VInitGitPushPass), lang.CmdInitFlagGitPushPass)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.PullUsername, "git-pull-username", v.GetString(common.VInitGitPullUser), lang.CmdInitFlagGitPullUser)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.PullPassword, "git-pull-password", v.GetString(common.VInitGitPullPass), lang.CmdInitFlagGitPullPass)
// Ignoring for POC
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.PushPassword, "git-push-password", v.GetString(common.VInitGitPushPass), lang.CmdInitFlagGitPushPass)
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.PullUsername, "git-pull-username", v.GetString(common.VInitGitPullUser), lang.CmdInitFlagGitPullUser)
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.GitServer.PullPassword, "git-pull-password", v.GetString(common.VInitGitPullPass), lang.CmdInitFlagGitPullPass)

// Flags for using an external registry
initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.Address, "registry-url", v.GetString(common.VInitRegistryURL), lang.CmdInitFlagRegURL)
initCmd.Flags().IntVar(&pkgConfig.InitOpts.RegistryInfo.NodePort, "nodeport", v.GetInt(common.VInitRegistryNodeport), lang.CmdInitFlagRegNodePort)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.PushUsername, "registry-push-username", v.GetString(common.VInitRegistryPushUser), lang.CmdInitFlagRegPushUser)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.PushPassword, "registry-push-password", v.GetString(common.VInitRegistryPushPass), lang.CmdInitFlagRegPushPass)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.PullUsername, "registry-pull-username", v.GetString(common.VInitRegistryPullUser), lang.CmdInitFlagRegPullUser)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.PullPassword, "registry-pull-password", v.GetString(common.VInitRegistryPullPass), lang.CmdInitFlagRegPullPass)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.Secret, "registry-secret", v.GetString(common.VInitRegistrySecret), lang.CmdInitFlagRegSecret)
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.PushPassword, "registry-push-password", v.GetString(common.VInitRegistryPushPass), lang.CmdInitFlagRegPushPass)
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.PullUsername, "registry-pull-username", v.GetString(common.VInitRegistryPullUser), lang.CmdInitFlagRegPullUser)
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.PullPassword, "registry-pull-password", v.GetString(common.VInitRegistryPullPass), lang.CmdInitFlagRegPullPass)
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.RegistryInfo.Secret, "registry-secret", v.GetString(common.VInitRegistrySecret), lang.CmdInitFlagRegSecret)

// Flags for using an external artifact server
initCmd.Flags().StringVar(&pkgConfig.InitOpts.ArtifactServer.Address, "artifact-url", v.GetString(common.VInitArtifactURL), lang.CmdInitFlagArtifactURL)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.ArtifactServer.PushUsername, "artifact-push-username", v.GetString(common.VInitArtifactPushUser), lang.CmdInitFlagArtifactPushUser)
initCmd.Flags().StringVar(&pkgConfig.InitOpts.ArtifactServer.PushToken, "artifact-push-token", v.GetString(common.VInitArtifactPushToken), lang.CmdInitFlagArtifactPushToken)
// initCmd.Flags().StringVar(&pkgConfig.InitOpts.ArtifactServer.PushToken, "artifact-push-token", v.GetString(common.VInitArtifactPushToken), lang.CmdInitFlagArtifactPushToken)

// Flags that control how a deployment proceeds
// Always require adopt-existing-resources flag (no viper)
Expand Down
8 changes: 4 additions & 4 deletions src/cmd/internal.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,12 +251,12 @@ var createReadOnlyGiteaUser = &cobra.Command{
}
defer tunnel.Close()
tunnelURL := tunnel.HTTPEndpoint()
giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, state.GitServer.PushPassword)
giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, string(state.GitServer.PushPassword))
if err != nil {
return err
}
err = tunnel.Wrap(func() error {
err = giteaClient.CreateReadOnlyUser(cmd.Context(), state.GitServer.PullUsername, state.GitServer.PullPassword)
err = giteaClient.CreateReadOnlyUser(cmd.Context(), state.GitServer.PullUsername, string(state.GitServer.PullPassword))
if err != nil {
return err
}
Expand Down Expand Up @@ -298,7 +298,7 @@ var createPackageRegistryToken = &cobra.Command{
}
defer tunnel.Close()
tunnelURL := tunnel.HTTPEndpoint()
giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, state.GitServer.PushPassword)
giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, string(state.GitServer.PushPassword))
if err != nil {
return err
}
Expand All @@ -307,7 +307,7 @@ var createPackageRegistryToken = &cobra.Command{
if err != nil {
return fmt.Errorf("unable to create an artifact registry token for Gitea: %w", err)
}
state.ArtifactServer.PushToken = tokenSha1
state.ArtifactServer.PushToken = types.Password(tokenSha1)
return nil
})
if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions src/cmd/package.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -562,12 +562,12 @@ func bindMirrorFlags(v *viper.Viper) {
// Flags for using an external Git server
mirrorFlags.StringVar(&pkgConfig.InitOpts.GitServer.Address, "git-url", v.GetString(common.VInitGitURL), lang.CmdInitFlagGitURL)
mirrorFlags.StringVar(&pkgConfig.InitOpts.GitServer.PushUsername, "git-push-username", v.GetString(common.VInitGitPushUser), lang.CmdInitFlagGitPushUser)
mirrorFlags.StringVar(&pkgConfig.InitOpts.GitServer.PushPassword, "git-push-password", v.GetString(common.VInitGitPushPass), lang.CmdInitFlagGitPushPass)
// mirrorFlags.StringVar(&pkgConfig.InitOpts.GitServer.PushPassword, "git-push-password", v.GetString(common.VInitGitPushPass), lang.CmdInitFlagGitPushPass)

// Flags for using an external registry
mirrorFlags.StringVar(&pkgConfig.InitOpts.RegistryInfo.Address, "registry-url", v.GetString(common.VInitRegistryURL), lang.CmdInitFlagRegURL)
mirrorFlags.StringVar(&pkgConfig.InitOpts.RegistryInfo.PushUsername, "registry-push-username", v.GetString(common.VInitRegistryPushUser), lang.CmdInitFlagRegPushUser)
mirrorFlags.StringVar(&pkgConfig.InitOpts.RegistryInfo.PushPassword, "registry-push-password", v.GetString(common.VInitRegistryPushPass), lang.CmdInitFlagRegPushPass)
// mirrorFlags.StringVar(&pkgConfig.InitOpts.RegistryInfo.PushPassword, "registry-push-password", v.GetString(common.VInitRegistryPushPass), lang.CmdInitFlagRegPushPass)
}

func bindInspectFlags(_ *viper.Viper) {
Expand Down
135 changes: 22 additions & 113 deletions src/cmd/tools/zarf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"errors"
"fmt"
"os"
"slices"

"github.com/AlecAivazis/survey/v2"
"github.com/sigstore/cosign/v2/pkg/cosign"
Expand All @@ -21,8 +20,6 @@ import (
"github.com/zarf-dev/zarf/src/cmd/common"
"github.com/zarf-dev/zarf/src/config"
"github.com/zarf-dev/zarf/src/config/lang"
"github.com/zarf-dev/zarf/src/internal/packager/helm"
"github.com/zarf-dev/zarf/src/internal/packager/template"
"github.com/zarf-dev/zarf/src/pkg/cluster"
"github.com/zarf-dev/zarf/src/pkg/message"
"github.com/zarf-dev/zarf/src/pkg/packager/sources"
Expand Down Expand Up @@ -90,112 +87,24 @@ var updateCredsCmd = &cobra.Command{
Aliases: []string{"uc"},
Args: cobra.MaximumNArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
validKeys := []string{message.RegistryKey, message.GitKey, message.ArtifactKey, message.AgentKey}
if len(args) == 0 {
args = validKeys
} else {
if !slices.Contains(validKeys, args[0]) {
cmd.Help()
return fmt.Errorf("invalid service key specified, valid key choices are: %v", validKeys)
}
}

ctx := cmd.Context()

timeoutCtx, cancel := context.WithTimeout(ctx, cluster.DefaultTimeout)
defer cancel()
c, err := cluster.NewClusterWithWait(timeoutCtx)
if err != nil {
return err
// Creating my own example here

args = []string{"artifact"}
oldState := &types.ZarfState{
ArtifactServer: types.ArtifactServerInfo{
Address: "whatever",
PushToken: "artifact-token",
PushUsername: "cool-guy",
},
}

oldState, err := c.LoadZarfState(ctx)
if err != nil {
return err
}
// TODO: Determine if this is actually needed.
if oldState.Distro == "" {
return errors.New("zarf state secret did not load properly")
newState := &types.ZarfState{
ArtifactServer: types.ArtifactServerInfo{
Address: "cooler-address",
PushToken: "artifact-token-new",
PushUsername: "cool-guy",
},
}
newState, err := cluster.MergeZarfState(oldState, updateCredsInitOpts, args)
if err != nil {
return fmt.Errorf("unable to update Zarf credentials: %w", err)
}

message.PrintCredentialUpdates(oldState, newState, args)

confirm := config.CommonOptions.Confirm

if confirm {
message.Note(lang.CmdToolsUpdateCredsConfirmProvided)
} else {
prompt := &survey.Confirm{
Message: lang.CmdToolsUpdateCredsConfirmContinue,
}
if err := survey.AskOne(prompt, &confirm); err != nil {
return fmt.Errorf("confirm selection canceled: %w", err)
}
}

if confirm {
// Update registry and git pull secrets
if slices.Contains(args, message.RegistryKey) {
err := c.UpdateZarfManagedImageSecrets(ctx, newState)
if err != nil {
return err
}
}
if slices.Contains(args, message.GitKey) {
err := c.UpdateZarfManagedGitSecrets(ctx, newState)
if err != nil {
return err
}
}
// TODO once Zarf is changed so the default state is empty for a service when it is not deployed
// and sufficient time has passed for users state to get updated we can remove this check
internalGitServerExists, err := c.InternalGitServerExists(cmd.Context())
if err != nil {
return err
}

// Update artifact token (if internal)
if slices.Contains(args, message.ArtifactKey) && newState.ArtifactServer.PushToken == "" && newState.ArtifactServer.IsInternal() && internalGitServerExists {
newState.ArtifactServer.PushToken, err = c.UpdateInternalArtifactServerToken(ctx, oldState.GitServer)
if err != nil {
return fmt.Errorf("unable to create the new Gitea artifact token: %w", err)
}
}

// Save the final Zarf State
err = c.SaveZarfState(ctx, newState)
if err != nil {
return fmt.Errorf("failed to save the Zarf State to the cluster: %w", err)
}

// Update Zarf 'init' component Helm releases if present
h := helm.NewClusterOnly(&types.PackagerConfig{}, template.GetZarfVariableConfig(), newState, c)

if slices.Contains(args, message.RegistryKey) && newState.RegistryInfo.IsInternal() {
err = h.UpdateZarfRegistryValues(ctx)
if err != nil {
// Warn if we couldn't actually update the registry (it might not be installed and we should try to continue)
message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateRegistry, err.Error())
}
}
if slices.Contains(args, message.GitKey) && newState.GitServer.IsInternal() && internalGitServerExists {
err := c.UpdateInternalGitServerSecret(cmd.Context(), oldState.GitServer, newState.GitServer)
if err != nil {
return fmt.Errorf("unable to update Zarf Git Server values: %w", err)
}
}
if slices.Contains(args, message.AgentKey) {
err = h.UpdateZarfAgentValues(ctx)
if err != nil {
// Warn if we couldn't actually update the agent (it might not be installed and we should try to continue)
message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateAgent, err.Error())
}
}
}
return nil
},
}
Expand Down Expand Up @@ -346,21 +255,21 @@ func init() {
// Flags for using an external Git server
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.Address, "git-url", v.GetString(common.VInitGitURL), lang.CmdInitFlagGitURL)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.PushUsername, "git-push-username", v.GetString(common.VInitGitPushUser), lang.CmdInitFlagGitPushUser)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.PushPassword, "git-push-password", v.GetString(common.VInitGitPushPass), lang.CmdInitFlagGitPushPass)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.PullUsername, "git-pull-username", v.GetString(common.VInitGitPullUser), lang.CmdInitFlagGitPullUser)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.PullPassword, "git-pull-password", v.GetString(common.VInitGitPullPass), lang.CmdInitFlagGitPullPass)
// updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.PushPassword, "git-push-password", v.GetString(common.VInitGitPushPass), lang.CmdInitFlagGitPushPass)
// updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.PullUsername, "git-pull-username", v.GetString(common.VInitGitPullUser), lang.CmdInitFlagGitPullUser)
// updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.GitServer.PullPassword, "git-pull-password", v.GetString(common.VInitGitPullPass), lang.CmdInitFlagGitPullPass)

// Flags for using an external registry
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.Address, "registry-url", v.GetString(common.VInitRegistryURL), lang.CmdInitFlagRegURL)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.PushUsername, "registry-push-username", v.GetString(common.VInitRegistryPushUser), lang.CmdInitFlagRegPushUser)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.PushPassword, "registry-push-password", v.GetString(common.VInitRegistryPushPass), lang.CmdInitFlagRegPushPass)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.PullUsername, "registry-pull-username", v.GetString(common.VInitRegistryPullUser), lang.CmdInitFlagRegPullUser)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.PullPassword, "registry-pull-password", v.GetString(common.VInitRegistryPullPass), lang.CmdInitFlagRegPullPass)
// updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.PushPassword, "registry-push-password", v.GetString(common.VInitRegistryPushPass), lang.CmdInitFlagRegPushPass)
// updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.PullUsername, "registry-pull-username", v.GetString(common.VInitRegistryPullUser), lang.CmdInitFlagRegPullUser)
// updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.RegistryInfo.PullPassword, "registry-pull-password", v.GetString(common.VInitRegistryPullPass), lang.CmdInitFlagRegPullPass)

// Flags for using an external artifact server
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.ArtifactServer.Address, "artifact-url", v.GetString(common.VInitArtifactURL), lang.CmdInitFlagArtifactURL)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.ArtifactServer.PushUsername, "artifact-push-username", v.GetString(common.VInitArtifactPushUser), lang.CmdInitFlagArtifactPushUser)
updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.ArtifactServer.PushToken, "artifact-push-token", v.GetString(common.VInitArtifactPushToken), lang.CmdInitFlagArtifactPushToken)
// updateCredsCmd.Flags().StringVar(&updateCredsInitOpts.ArtifactServer.PushToken, "artifact-push-token", v.GetString(common.VInitArtifactPushToken), lang.CmdInitFlagArtifactPushToken)

updateCredsCmd.Flags().SortFlags = true

Expand Down
6 changes: 3 additions & 3 deletions src/internal/agent/http/proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,11 @@ func proxyRequestTransform(r *http.Request, state *types.ZarfState) error {
// Setup authentication for each type of service based on User Agent
switch {
case isGitUserAgent(r.UserAgent()):
r.SetBasicAuth(state.GitServer.PushUsername, state.GitServer.PushPassword)
r.SetBasicAuth(state.GitServer.PushUsername, string(state.GitServer.PushPassword))
case isNpmUserAgent(r.UserAgent()):
r.Header.Set("Authorization", "Bearer "+state.ArtifactServer.PushToken)
r.Header.Set("Authorization", "Bearer "+string(state.ArtifactServer.PushToken))
default:
r.SetBasicAuth(state.ArtifactServer.PushUsername, state.ArtifactServer.PushToken)
r.SetBasicAuth(state.ArtifactServer.PushUsername, string(state.ArtifactServer.PushToken))
}

// Transform the URL; if we see the NoTransform prefix, strip it; otherwise, transform the URL based on User Agent
Expand Down
4 changes: 2 additions & 2 deletions src/internal/packager/helm/zarf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ import (

// UpdateZarfRegistryValues updates the Zarf registry deployment with the new state values
func (h *Helm) UpdateZarfRegistryValues(ctx context.Context) error {
pushUser, err := utils.GetHtpasswdString(h.state.RegistryInfo.PushUsername, h.state.RegistryInfo.PushPassword)
pushUser, err := utils.GetHtpasswdString(h.state.RegistryInfo.PushUsername, string(h.state.RegistryInfo.PushPassword))
if err != nil {
return fmt.Errorf("error generating htpasswd string: %w", err)
}
pullUser, err := utils.GetHtpasswdString(h.state.RegistryInfo.PullUsername, h.state.RegistryInfo.PullPassword)
pullUser, err := utils.GetHtpasswdString(h.state.RegistryInfo.PullUsername, string(h.state.RegistryInfo.PullPassword))
if err != nil {
return fmt.Errorf("error generating htpasswd string: %w", err)
}
Expand Down
4 changes: 2 additions & 2 deletions src/internal/packager/images/common.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,12 +90,12 @@ func WithBasicAuth(username, password string) crane.Option {

// WithPullAuth returns an option for crane that sets pull auth from a given registry info.
func WithPullAuth(ri types.RegistryInfo) crane.Option {
return WithBasicAuth(ri.PullUsername, ri.PullPassword)
return WithBasicAuth(ri.PullUsername, string(ri.PullPassword))
}

// WithPushAuth returns an option for crane that sets push auth from a given registry info.
func WithPushAuth(ri types.RegistryInfo) crane.Option {
return WithBasicAuth(ri.PushUsername, ri.PushPassword)
return WithBasicAuth(ri.PushUsername, string(ri.PushPassword))
}

func createPushOpts(cfg PushConfig, pb *message.ProgressBar) []crane.Option {
Expand Down
Loading
Loading