PoC for filtering logs

2018-08-01 11:20:52 -07:00 · 2018-08-01 11:20:52 -07:00 · 31fcfe4bc2
parent a1fa35dff5
commit 31fcfe4bc2
6 changed files with 64 additions and 2 deletions
--- a/builder/amazon/ebs/builder.go
+++ b/builder/amazon/ebs/builder.go
@ -39,6 +39,7 @@ type Builder struct {
 }

 func (b *Builder) Prepare(raws ...interface{}) ([]string, error) {
+	log.Printf("SECRET: matt")
 	b.config.ctx.Funcs = awscommon.TemplateFuncs
 	err := config.Decode(&b.config, &config.DecodeOpts{
 		Interpolate:        true,
--- a/command/build.go
+++ b/command/build.go
@ -110,6 +110,7 @@ func (c *BuildCommand) Run(args []string) int {
 	log.Printf("Build debug mode: %v", cfgDebug)
 	log.Printf("Force build: %v", cfgForce)
 	log.Printf("On error: %v", cfgOnError)
+	//log.Printf("my secrets: %v", c.CoreConfig.

 	// Set the debug and force mode and prepare all the builds
 	for _, b := range builds {
--- a/command/meta.go
+++ b/command/meta.go
@ -29,6 +29,8 @@ type Meta struct {
 	Cache      packer.Cache
 	Ui         packer.Ui
 	Version    string
+	//Secrets        []string
+	//secrets:        []string{"matt"},

 	// These are set by command-line flags
 	flagBuildExcept []string
--- a/main.go
+++ b/main.go
@ -55,6 +55,10 @@ func realMain() int {
 			logWriter = ioutil.Discard
 		}

+		packer.LogSecretFilter.SetOutput(logWriter)
+
+		//packer.LogSecrets.
+
 		// Disable logging here
 		log.SetOutput(ioutil.Discard)

@ -87,7 +91,7 @@ func realMain() int {

 		// Create the configuration for panicwrap and wrap our executable
 		wrapConfig.Handler = panicHandler(logTempFile)
-		wrapConfig.Writer = io.MultiWriter(logTempFile, logWriter)
+		wrapConfig.Writer = io.MultiWriter(logTempFile, &packer.LogSecretFilter)
 		wrapConfig.Stdout = outW
 		wrapConfig.DetectDuration = 500 * time.Millisecond
 		wrapConfig.ForwardSignals = []os.Signal{syscall.SIGTERM}
@ -125,7 +129,8 @@ func wrappedMain() int {
 		runtime.GOMAXPROCS(runtime.NumCPU())
 	}

-	log.SetOutput(os.Stderr)
+	packer.LogSecretFilter.SetOutput(os.Stderr)
+	log.SetOutput(&packer.LogSecretFilter)

 	log.Printf("[INFO] Packer version: %s", version.FormattedVersion())
 	log.Printf("Packer Target OS/Arch: %s %s", runtime.GOOS, runtime.GOARCH)
--- a/packer/core.go
+++ b/packer/core.go
@ -19,6 +19,7 @@ type Core struct {
 	variables  map[string]string
 	builds     map[string]*template.Builder
 	version    string
+	secrets    []string
 }

 // CoreConfig is the structure for initializing a new Core. Once a CoreConfig
@ -66,6 +67,8 @@ func NewCore(c *CoreConfig) (*Core, error) {
 	if err := result.init(); err != nil {
 		return nil, err
 	}
+	LogSecretFilter.Set("matt")
+	//log.Printf("NewCore: %+v", result.Template.Variables["efoo"])

 	// Go through and interpolate all the build names. We should be able
 	// to do this at this point with the variables.
--- a/packer/logs.go
+++ b/packer/logs.go
@ -0,0 +1,50 @@
+package packer
+
+import (
+	"bytes"
+	"io"
+	"sync"
+)
+
+type secretFilter struct {
+	s map[string]struct{}
+	m sync.Mutex
+	w io.Writer
+}
+
+func (l *secretFilter) Set(secrets ...string) {
+	l.m.Lock()
+	defer l.m.Unlock()
+	for _, s := range secrets {
+		l.s[s] = struct{}{}
+	}
+}
+
+func (l *secretFilter) SetOutput(output io.Writer) {
+	l.m.Lock()
+	defer l.m.Unlock()
+	l.w = output
+}
+
+func (l *secretFilter) Write(p []byte) (n int, err error) {
+	for s := range l.s {
+		p = bytes.Replace(p, []byte(s), []byte("<filtered>"), -1)
+	}
+	return l.w.Write(p)
+	// return l.w.Write([]byte("foobar"))
+}
+
+func (l *secretFilter) get() (s []string) {
+	l.m.Lock()
+	defer l.m.Unlock()
+	for k := range l.s {
+		s = append(s, k)
+	}
+	return
+}
+
+var LogSecretFilter secretFilter
+
+func init() {
+	LogSecretFilter.s = make(map[string]struct{})
+}