Browse code
Mask swarm secrets from daemon logs
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Tonis Tiigi authored on 2016/07/01 05:15:43Showing 1 changed files
| ... | ... |
@@ -5,6 +5,7 @@ import ( |
| 5 | 5 |
"encoding/json" |
| 6 | 6 |
"io" |
| 7 | 7 |
"net/http" |
| 8 |
+ "strings" |
|
| 8 | 9 |
|
| 9 | 10 |
"github.com/Sirupsen/logrus" |
| 10 | 11 |
"github.com/docker/docker/api/server/httputils" |
| ... | ... |
@@ -40,9 +41,7 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri |
| 40 | 40 |
|
| 41 | 41 |
var postForm map[string]interface{}
|
| 42 | 42 |
if err := json.Unmarshal(b, &postForm); err == nil {
|
| 43 |
- if _, exists := postForm["password"]; exists {
|
|
| 44 |
- postForm["password"] = "*****" |
|
| 45 |
- } |
|
| 43 |
+ maskSecretKeys(postForm) |
|
| 46 | 44 |
formStr, errMarshal := json.Marshal(postForm) |
| 47 | 45 |
if errMarshal == nil {
|
| 48 | 46 |
logrus.Debugf("form data: %s", string(formStr))
|
| ... | ... |
@@ -54,3 +53,24 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri |
| 54 | 54 |
return handler(ctx, w, r, vars) |
| 55 | 55 |
} |
| 56 | 56 |
} |
| 57 |
+ |
|
| 58 |
+func maskSecretKeys(inp interface{}) {
|
|
| 59 |
+ if arr, ok := inp.([]interface{}); ok {
|
|
| 60 |
+ for _, f := range arr {
|
|
| 61 |
+ maskSecretKeys(f) |
|
| 62 |
+ } |
|
| 63 |
+ return |
|
| 64 |
+ } |
|
| 65 |
+ if form, ok := inp.(map[string]interface{}); ok {
|
|
| 66 |
+ loop0: |
|
| 67 |
+ for k, v := range form {
|
|
| 68 |
+ for _, m := range []string{"password", "secret"} {
|
|
| 69 |
+ if strings.EqualFold(m, k) {
|
|
| 70 |
+ form[k] = "*****" |
|
| 71 |
+ continue loop0 |
|
| 72 |
+ } |
|
| 73 |
+ } |
|
| 74 |
+ maskSecretKeys(v) |
|
| 75 |
+ } |
|
| 76 |
+ } |
|
| 77 |
+} |