Merge pull request #6610 from hashicorp/filter_logs

Filter logs
2018-08-23 13:30:21 -07:00 · 2018-08-23 13:30:21 -07:00 · 1f79b430ee
parent 7f518cc2d0 1a04b2a31a
commit 1f79b430ee
34 changed files with 243 additions and 83 deletions
--- a/builder/alicloud/ecs/builder.go
+++ b/builder/alicloud/ecs/builder.go
@ -67,7 +67,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 		return nil, errs
 	}

-	log.Println(common.ScrubConfig(b.config, b.config.AlicloudAccessKey, b.config.AlicloudSecretKey))
+	packer.LogSecretFilter.Set(b.config.AlicloudAccessKey, b.config.AlicloudSecretKey)
+	log.Println(b.config)
 	return nil, nil
 }

--- a/builder/amazon/chroot/builder.go
+++ b/builder/amazon/chroot/builder.go
@ -176,7 +176,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 		return warns, errs
 	}

-	log.Println(common.ScrubConfig(b.config, b.config.AccessKey, b.config.SecretKey, b.config.Token))
+	packer.LogSecretFilter.Set(b.config.AccessKey, b.config.SecretKey, b.config.Token)
+	log.Println(b.config)
 	return warns, nil
 }

--- a/builder/amazon/common/step_get_password.go
+++ b/builder/amazon/common/step_get_password.go
@ -95,7 +95,9 @@ WaitLoop:
 			"Password (since debug is enabled): %s", s.Comm.WinRMPassword))
 	}
 	// store so that we can access this later during provisioning
+
 	commonhelper.SetSharedState("winrm_password", s.Comm.WinRMPassword, s.BuildName)
+	packer.LogSecretFilter.Set(s.Comm.WinRMPassword)

 	return multistep.ActionContinue
 }
--- a/builder/amazon/ebs/builder.go
+++ b/builder/amazon/ebs/builder.go
@ -81,7 +81,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 		return nil, errs
 	}

-	log.Println(common.ScrubConfig(b.config, b.config.AccessKey, b.config.SecretKey, b.config.Token))
+	packer.LogSecretFilter.Set(b.config.AccessKey, b.config.SecretKey, b.config.Token)
+	log.Println(b.config)
 	return nil, nil
 }

@ -260,7 +261,6 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 	// Run!
 	b.runner = common.NewRunner(steps, b.config.PackerConfig, ui)
 	b.runner.Run(state)
-
 	// If there was an error, return that
 	if rawErr, ok := state.GetOk("error"); ok {
 		return nil, rawErr.(error)
--- a/builder/amazon/ebssurrogate/builder.go
+++ b/builder/amazon/ebssurrogate/builder.go
@ -96,7 +96,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 		return nil, errs
 	}

-	log.Println(common.ScrubConfig(b.config, b.config.AccessKey, b.config.SecretKey, b.config.Token))
+	packer.LogSecretFilter.Set(b.config.AccessKey, b.config.SecretKey, b.config.Token)
+	log.Println(b.config)
 	return nil, nil
 }

--- a/builder/amazon/ebsvolume/builder.go
+++ b/builder/amazon/ebsvolume/builder.go
@ -81,7 +81,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 		return nil, errs
 	}

-	log.Println(common.ScrubConfig(b.config, b.config.AccessKey, b.config.SecretKey, b.config.Token))
+	packer.LogSecretFilter.Set(b.config.AccessKey, b.config.SecretKey, b.config.Token)
+	log.Println(b.config)
 	return nil, nil
 }

--- a/builder/amazon/instance/builder.go
+++ b/builder/amazon/instance/builder.go
@ -166,8 +166,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 	if errs != nil && len(errs.Errors) > 0 {
 		return nil, errs
 	}
-
-	log.Println(common.ScrubConfig(b.config, b.config.AccessKey, b.config.SecretKey, b.config.Token))
+	packer.LogSecretFilter.Set(b.config.AccessKey, b.config.SecretKey, b.config.Token)
+	log.Println(b.config)
 	return nil, nil
 }

--- a/builder/azure/arm/config.go
+++ b/builder/azure/arm/config.go
@ -363,6 +363,7 @@ func setRuntimeValues(c *Config) {
 	c.tmpAdminPassword = tempName.AdminPassword
 	// store so that we can access this later during provisioning
 	commonhelper.SetSharedState("winrm_password", c.tmpAdminPassword, c.PackerConfig.PackerBuildName)
+	packer.LogSecretFilter.Set(c.tmpAdminPassword)

 	c.tmpCertificatePassword = tempName.CertificatePassword
 	if c.TempComputeName == "" {
--- a/builder/azure/arm/step_save_winrm_password.go
+++ b/builder/azure/arm/step_save_winrm_password.go
@ -5,6 +5,7 @@ import (

 	commonhelper "github.com/hashicorp/packer/helper/common"
 	"github.com/hashicorp/packer/helper/multistep"
+	"github.com/hashicorp/packer/packer"
 )

 type StepSaveWinRMPassword struct {
@ -15,6 +16,7 @@ type StepSaveWinRMPassword struct {
 func (s *StepSaveWinRMPassword) Run(_ context.Context, state multistep.StateBag) multistep.StepAction {
 	// store so that we can access this later during provisioning
 	commonhelper.SetSharedState("winrm_password", s.Password, s.BuildName)
+	packer.LogSecretFilter.Set(s.Password)
 	return multistep.ActionContinue
 }

--- a/builder/digitalocean/config.go
+++ b/builder/digitalocean/config.go
@ -138,6 +138,6 @@ func NewConfig(raws ...interface{}) (*Config, []string, error) {
 		return nil, nil, errs
 	}

-	common.ScrubConfig(c, c.APIToken)
+	packer.LogSecretFilter.Set(c.APIToken)
 	return c, nil, nil
 }
--- a/builder/googlecompute/step_create_windows_password.go
+++ b/builder/googlecompute/step_create_windows_password.go
@ -33,6 +33,7 @@ func (s *StepCreateWindowsPassword) Run(_ context.Context, state multistep.State

 	if c.Comm.WinRMPassword != "" {
 		state.Put("winrm_password", c.Comm.WinRMPassword)
+		packer.LogSecretFilter.Set(c.Comm.WinRMPassword)
 		return multistep.ActionContinue
 	}

@ -114,6 +115,7 @@ func (s *StepCreateWindowsPassword) Run(_ context.Context, state multistep.State

 	state.Put("winrm_password", data.password)
 	commonhelper.SetSharedState("winrm_password", data.password, c.PackerConfig.PackerBuildName)
+	packer.LogSecretFilter.Set(data.password)

 	return multistep.ActionContinue
 }
--- a/builder/oneandone/config.go
+++ b/builder/oneandone/config.go
@ -109,7 +109,6 @@ func NewConfig(raws ...interface{}) (*Config, []string, error) {
 	if errs != nil && len(errs.Errors) > 0 {
 		return nil, nil, errs
 	}
-	common.ScrubConfig(c, c.Token)
-
+	packer.LogSecretFilter.Set(c.Token)
 	return &c, nil, nil
 }
--- a/builder/openstack/builder.go
+++ b/builder/openstack/builder.go
@ -57,7 +57,8 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
 		b.config.InstanceName = b.config.ImageName
 	}

-	log.Println(common.ScrubConfig(b.config, b.config.Password))
+	packer.LogSecretFilter.Set(b.config.Password)
+	log.Println(b.config)
 	return nil, nil
 }

--- a/builder/oracle/oci/step_get_default_credentials.go
+++ b/builder/oracle/oci/step_get_default_credentials.go
@ -53,7 +53,7 @@ func (s *stepGetDefaultCredentials) Run(ctx context.Context, state multistep.Sta

 	// store so that we can access this later during provisioning
 	commonhelper.SetSharedState("winrm_password", s.Comm.WinRMPassword, s.BuildName)
-
+	packer.LogSecretFilter.Set(s.Comm.WinRMPassword)
 	return multistep.ActionContinue
 }

--- a/builder/profitbricks/config.go
+++ b/builder/profitbricks/config.go
@ -122,7 +122,7 @@ func NewConfig(raws ...interface{}) (*Config, []string, error) {
 	if errs != nil && len(errs.Errors) > 0 {
 		return nil, nil, errs
 	}
-	common.ScrubConfig(c, c.PBUsername)
+	packer.LogSecretFilter.Set(c.PBUsername)

 	return &c, nil, nil
 }
--- a/builder/scaleway/config.go
+++ b/builder/scaleway/config.go
@ -119,6 +119,6 @@ func NewConfig(raws ...interface{}) (*Config, []string, error) {
 		return nil, nil, errs
 	}

-	common.ScrubConfig(c, c.Token)
+	packer.LogSecretFilter.Set(c.Token)
 	return c, nil, nil
 }
--- a/common/config.go
+++ b/common/config.go
@ -20,19 +20,6 @@ const PackerKeyEnv = "PACKER_KEY_INTERVAL"
 // shorter delay (e.g. 10ms) can be used on a workstation. See PackerKeyEnv.
 const PackerKeyDefault = 100 * time.Millisecond

-// ScrubConfig is a helper that returns a string representation of
-// any struct with the given values stripped out.
-func ScrubConfig(target interface{}, values ...string) string {
-	conf := fmt.Sprintf("Config: %+v", target)
-	for _, value := range values {
-		if value == "" {
-			continue
-		}
-		conf = strings.Replace(conf, value, "<Filtered>", -1)
-	}
-	return conf
-}
-
 // ChooseString returns the first non-empty value.
 func ChooseString(vals ...string) string {
 	for _, el := range vals {
--- a/common/config_test.go
+++ b/common/config_test.go
@ -310,20 +310,3 @@ func TestFileExistsLocally(t *testing.T) {
 		}
 	}
 }
-
-func TestScrubConfig(t *testing.T) {
-	type Inner struct {
-		Baz string
-	}
-	type Local struct {
-		Foo string
-		Bar string
-		Inner
-	}
-	c := Local{"foo", "bar", Inner{"bar"}}
-	expect := "Config: {Foo:foo Bar:<Filtered> Inner:{Baz:<Filtered>}}"
-	conf := ScrubConfig(c, c.Bar)
-	if conf != expect {
-		t.Fatalf("got %s, expected %s", conf, expect)
-	}
-}
--- a/common/packer_config.go
+++ b/common/packer_config.go
@ -10,4 +10,5 @@ type PackerConfig struct {
 	PackerForce         bool              `mapstructure:"packer_force"`
 	PackerOnError       string            `mapstructure:"packer_on_error"`
 	PackerUserVars      map[string]string `mapstructure:"packer_user_variables"`
+	PackerSensitiveVars []string          `mapstructure:"packer_sensitive_variables"`
 }
--- a/common/shell-local/run.go
+++ b/common/shell-local/run.go
@ -70,12 +70,7 @@ func Run(ui packer.Ui, config *Config) (bool, error) {
 		// buffers and for reading the final exit status.
 		flattenedCmd := strings.Join(interpolatedCmds, " ")
 		cmd := &packer.RemoteCmd{Command: flattenedCmd}
-		sanitized := flattenedCmd
-		if len(getWinRMPassword(config.PackerBuildName)) > 0 {
-			sanitized = strings.Replace(flattenedCmd,
-				getWinRMPassword(config.PackerBuildName), "*****", -1)
-		}
-		log.Printf("[INFO] (shell-local): starting local command: %s", sanitized)
+		log.Printf("[INFO] (shell-local): starting local command: %s", flattenedCmd)
 		if err := cmd.StartWithUi(comm, ui); err != nil {
 			return false, fmt.Errorf(
 				"Error executing script: %s\n\n"+
@ -204,5 +199,6 @@ func createFlattenedEnvVars(config *Config) (string, error) {

 func getWinRMPassword(buildName string) string {
 	winRMPass, _ := commonhelper.RetrieveSharedState("winrm_password", buildName)
+	packer.LogSecretFilter.Set(winRMPass)
 	return winRMPass
 }
--- a/helper/config/decode.go
+++ b/helper/config/decode.go
@ -112,6 +112,7 @@ func DetectContext(raws ...interface{}) (*interpolate.Context, error) {
 		BuildType     string            `mapstructure:"packer_builder_type"`
 		TemplatePath  string            `mapstructure:"packer_template_path"`
 		Vars          map[string]string `mapstructure:"packer_user_variables"`
+		SensitiveVars []string          `mapstructure:"packer_sensitive_variables"`
 	}

 	for _, r := range raws {
@ -125,6 +126,7 @@ func DetectContext(raws ...interface{}) (*interpolate.Context, error) {
 		BuildType:          s.BuildType,
 		TemplatePath:       s.TemplatePath,
 		UserVariables:      s.Vars,
+		SensitiveVariables: s.SensitiveVars,
 	}, nil
 }

--- a/main.go
+++ b/main.go
@ -55,6 +55,10 @@ func realMain() int {
 			logWriter = ioutil.Discard
 		}

+		packer.LogSecretFilter.SetOutput(logWriter)
+
+		//packer.LogSecrets.
+
 		// Disable logging here
 		log.SetOutput(ioutil.Discard)

@ -87,7 +91,7 @@ func realMain() int {

 		// Create the configuration for panicwrap and wrap our executable
 		wrapConfig.Handler = panicHandler(logTempFile)
-		wrapConfig.Writer = io.MultiWriter(logTempFile, logWriter)
+		wrapConfig.Writer = io.MultiWriter(logTempFile, &packer.LogSecretFilter)
 		wrapConfig.Stdout = outW
 		wrapConfig.DetectDuration = 500 * time.Millisecond
 		wrapConfig.ForwardSignals = []os.Signal{syscall.SIGTERM}
@ -125,7 +129,8 @@ func wrappedMain() int {
 		runtime.GOMAXPROCS(runtime.NumCPU())
 	}

-	log.SetOutput(os.Stderr)
+	packer.LogSecretFilter.SetOutput(os.Stderr)
+	log.SetOutput(&packer.LogSecretFilter)

 	log.Printf("[INFO] Packer version: %s", version.FormattedVersion())
 	log.Printf("Packer Target OS/Arch: %s %s", runtime.GOOS, runtime.GOARCH)
--- a/packer/core.go
+++ b/packer/core.go
@ -19,6 +19,7 @@ type Core struct {
 	variables  map[string]string
 	builds     map[string]*template.Builder
 	version    string
+	secrets    []string
 }

 // CoreConfig is the structure for initializing a new Core. Once a CoreConfig
@ -27,6 +28,7 @@ type CoreConfig struct {
 	Components         ComponentFinder
 	Template           *template.Template
 	Variables          map[string]string
+	SensitiveVariables []string
 	Version            string
 }

@ -60,12 +62,16 @@ func NewCore(c *CoreConfig) (*Core, error) {
 		variables:  c.Variables,
 		version:    c.Version,
 	}
+
 	if err := result.validate(); err != nil {
 		return nil, err
 	}
 	if err := result.init(); err != nil {
 		return nil, err
 	}
+	for _, secret := range result.secrets {
+		LogSecretFilter.Set(secret)
+	}

 	// Go through and interpolate all the build names. We should be able
 	// to do this at this point with the variables.
@ -302,6 +308,16 @@ func (c *Core) init() error {
 		c.variables[k] = def
 	}

+	for _, v := range c.Template.SensitiveVariables {
+		def, err := interpolate.Render(v.Default, ctx)
+		if err != nil {
+			return fmt.Errorf(
+				"error interpolating default value for '%#v': %s",
+				v, err)
+		}
+		c.secrets = append(c.secrets, def)
+	}
+
 	// Interpolate the push configuration
 	if _, err := interpolate.RenderInterface(&c.Template.Push, c.Context()); err != nil {
 		return fmt.Errorf("Error interpolating 'push': %s", err)
--- a/packer/core_test.go
+++ b/packer/core_test.go
@ -516,12 +516,67 @@ func TestCoreValidate(t *testing.T) {
 			Variables: tc.Vars,
 			Version:   "1.0.0",
 		})
+
 		if (err != nil) != tc.Err {
 			t.Fatalf("err: %s\n\n%s", tc.File, err)
 		}
 	}
 }

+func TestSensitiveVars(t *testing.T) {
+	cases := []struct {
+		File          string
+		Vars          map[string]string
+		SensitiveVars []string
+		Expected      string
+		Err           bool
+	}{
+		// hardcoded
+		{
+			"sensitive-variables.json",
+			map[string]string{"foo": "bar"},
+			[]string{"foo"},
+			"bar",
+			false,
+		},
+		// interpolated
+		{
+			"sensitive-variables.json",
+			map[string]string{"foo": "{{build_name}}"},
+			[]string{"foo"},
+			"test",
+			false,
+		},
+	}
+
+	for _, tc := range cases {
+		f, err := os.Open(fixtureDir(tc.File))
+		if err != nil {
+			t.Fatalf("err: %s", err)
+		}
+
+		tpl, err := template.Parse(f)
+		f.Close()
+		if err != nil {
+			t.Fatalf("err: %s\n\n%s", tc.File, err)
+		}
+
+		_, err = NewCore(&CoreConfig{
+			Template:  tpl,
+			Variables: tc.Vars,
+			Version:   "1.0.0",
+		})
+
+		if (err != nil) != tc.Err {
+			t.Fatalf("err: %s\n\n%s", tc.File, err)
+		}
+		filtered := LogSecretFilter.get()
+		if filtered[0] != tc.Expected && len(filtered) != 1 {
+			t.Fatalf("not filtering sensitive vars; filtered is %#v", filtered)
+		}
+	}
+}
+
 func testComponentFinder() *ComponentFinder {
 	builderFactory := func(n string) (Builder, error) { return new(MockBuilder), nil }
 	ppFactory := func(n string) (PostProcessor, error) { return new(MockPostProcessor), nil }
--- a/packer/logs.go
+++ b/packer/logs.go
@ -0,0 +1,51 @@
+package packer
+
+import (
+	"bytes"
+	"io"
+	"sync"
+)
+
+type secretFilter struct {
+	s map[string]struct{}
+	m sync.Mutex
+	w io.Writer
+}
+
+func (l *secretFilter) Set(secrets ...string) {
+	l.m.Lock()
+	defer l.m.Unlock()
+	for _, s := range secrets {
+		l.s[s] = struct{}{}
+	}
+}
+
+func (l *secretFilter) SetOutput(output io.Writer) {
+	l.m.Lock()
+	defer l.m.Unlock()
+	l.w = output
+}
+
+func (l *secretFilter) Write(p []byte) (n int, err error) {
+	for s := range l.s {
+		if s != "" {
+			p = bytes.Replace(p, []byte(s), []byte("<sensitive>"), -1)
+		}
+	}
+	return l.w.Write(p)
+}
+
+func (l *secretFilter) get() (s []string) {
+	l.m.Lock()
+	defer l.m.Unlock()
+	for k := range l.s {
+		s = append(s, k)
+	}
+	return
+}
+
+var LogSecretFilter secretFilter
+
+func init() {
+	LogSecretFilter.s = make(map[string]struct{})
+}
--- a/packer/test-fixtures/sensitive-variables.json
+++ b/packer/test-fixtures/sensitive-variables.json
@ -0,0 +1,12 @@
+{
+    "variables": {
+        "foo": "bar"
+    },
+    "sensitive-variables": [
+    	"foo"
+    ],
+    "builders": [{
+        "type": "test",
+        "value": "{{build_name}}"
+    }]
+}
--- a/post-processor/alicloud-import/post-processor.go
+++ b/post-processor/alicloud-import/post-processor.go
@ -113,7 +113,8 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
 		return errs
 	}

-	log.Println(common.ScrubConfig(p.config, p.config.AlicloudAccessKey, p.config.AlicloudSecretKey))
+	packer.LogSecretFilter.Set(p.config.AlicloudAccessKey, p.config.AlicloudSecretKey)
+	log.Println(p.config)
 	return nil
 }

--- a/post-processor/amazon-import/post-processor.go
+++ b/post-processor/amazon-import/post-processor.go
@ -92,7 +92,8 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
 		return errs
 	}

-	log.Println(common.ScrubConfig(p.config, p.config.AccessKey, p.config.SecretKey, p.config.Token))
+	packer.LogSecretFilter.Set(p.config.AccessKey, p.config.SecretKey, p.config.Token)
+	log.Println(p.config)
 	return nil
 }

--- a/provisioner/ansible/provisioner.go
+++ b/provisioner/ansible/provisioner.go
@ -555,6 +555,7 @@ func newSigner(privKeyFile string) (*signer, error) {

 func getWinRMPassword(buildName string) string {
 	winRMPass, _ := commonhelper.RetrieveSharedState("winrm_password", buildName)
+	packer.LogSecretFilter.Set(winRMPass)
 	return winRMPass
 }

--- a/provisioner/powershell/provisioner.go
+++ b/provisioner/powershell/provisioner.go
@ -481,6 +481,7 @@ func (p *Provisioner) createCommandTextNonPrivileged() (command string, err erro

 func getWinRMPassword(buildName string) string {
 	winRMPass, _ := commonhelper.RetrieveSharedState("winrm_password", buildName)
+	packer.LogSecretFilter.Set(winRMPass)
 	return winRMPass
 }

--- a/template/interpolate/i.go
+++ b/template/interpolate/i.go
@ -18,6 +18,9 @@ type Context struct {
 	// "user" function reads from.
 	UserVariables map[string]string

+	// SensitiveVariables is a list of variables to sanitize.
+	SensitiveVariables []string
+
 	// EnableEnv enables the env function
 	EnableEnv bool

--- a/template/parse.go
+++ b/template/parse.go
@ -28,6 +28,7 @@ type rawTemplate struct {
 	PostProcessors     []interface{} `mapstructure:"post-processors"`
 	Provisioners       []map[string]interface{}
 	Variables          map[string]interface{}
+	SensitiveVariables []string `mapstructure:"sensitive-variables"`

 	RawContents []byte
 }
@ -60,6 +61,12 @@ func (r *rawTemplate) Template() (*Template, error) {
 			continue
 		}

+		for _, sVar := range r.SensitiveVariables {
+			if sVar == k {
+				result.SensitiveVariables = append(result.SensitiveVariables, &v)
+			}
+		}
+
 		result.Variables[k] = &v
 	}

--- a/template/template.go
+++ b/template/template.go
@ -19,6 +19,7 @@ type Template struct {
 	MinVersion  string

 	Variables          map[string]*Variable
+	SensitiveVariables []*Variable
 	Builders           map[string]*Builder
 	Provisioners       []*Provisioner
 	PostProcessors     [][]*PostProcessor
--- a/website/source/docs/templates/user-variables.html.md
+++ b/website/source/docs/templates/user-variables.html.md
@ -206,6 +206,32 @@ Results in the following variables:
 | aws\_access\_key | foo   |
 | aws\_secret\_key | baz   |

+# Sensitive Variables
+
+If you use the environment to set a variable that is sensitive, you probably
+don't want that variable printed to the Packer logs. You can make sure that
+sensitive variables won't get printed to the logs by adding them to the
+"sensitive-variables" list within the Packer template:
+
+``` json
+{
+  "variables": {
+    "my_secret": "{{env `MY_SECRET`}}",
+    "not_a_secret": "plaintext",
+    "foo": "bar"
+  },
+
+  "sensitive-variables": ["my_secret", "foo"],
+  ...
+}
+```
+
+The above snippet of code will function exactly the same as if you did not set
+"sensitive-variables", except that the Packer UI and logs will replace all
+instances of "bar" and of whatever the value of "my_secret" is with
+`<sensitive>`. This allows you to be confident that you are not printing
+secrets in plaintext to our logs by accident.
+
 # Recipes

 ## Making a provisioner step conditional on the value of a variable