cscli: hide hashed api keys (#2874)
* cscli: hide hashed api keys * lint
This commit is contained in:
mmetc
GitHub
parent
5356ccc6cd
commit
e611d01c90
4 changed files with 23 additions and 19 deletions
|
|
@ -36,8 +36,6 @@ def test_register_bouncer_env(crowdsec, flavor):
|
||||||
bouncer1, bouncer2 = j
|
bouncer1, bouncer2 = j
|
||||||
assert bouncer1['name'] == 'bouncer1name'
|
assert bouncer1['name'] == 'bouncer1name'
|
||||||
assert bouncer2['name'] == 'bouncer2name'
|
assert bouncer2['name'] == 'bouncer2name'
|
||||||
assert bouncer1['api_key'] == hex512('bouncer1key')
|
|
||||||
assert bouncer2['api_key'] == hex512('bouncer2key')
|
|
||||||
|
|
||||||
# add a second bouncer at runtime
|
# add a second bouncer at runtime
|
||||||
res = cs.cont.exec_run('cscli bouncers add bouncer3name -k bouncer3key')
|
res = cs.cont.exec_run('cscli bouncers add bouncer3name -k bouncer3key')
|
||||||
|
|
@ -48,7 +46,6 @@ def test_register_bouncer_env(crowdsec, flavor):
|
||||||
assert len(j) == 3
|
assert len(j) == 3
|
||||||
bouncer3 = j[2]
|
bouncer3 = j[2]
|
||||||
assert bouncer3['name'] == 'bouncer3name'
|
assert bouncer3['name'] == 'bouncer3name'
|
||||||
assert bouncer3['api_key'] == hex512('bouncer3key')
|
|
||||||
|
|
||||||
# remove all bouncers
|
# remove all bouncers
|
||||||
res = cs.cont.exec_run('cscli bouncers delete bouncer1name bouncer2name bouncer3name')
|
res = cs.cont.exec_run('cscli bouncers delete bouncer1name bouncer2name bouncer3name')
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,7 @@ func (c *Client) ListBouncers() ([]*ent.Bouncer, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrapf(QueryFail, "listing bouncers: %s", err)
|
return nil, errors.Wrapf(QueryFail, "listing bouncers: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return result, nil
|
return result, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -48,8 +49,10 @@ func (c *Client) CreateBouncer(name string, ipAddr string, apiKey string, authTy
|
||||||
if ent.IsConstraintError(err) {
|
if ent.IsConstraintError(err) {
|
||||||
return nil, fmt.Errorf("bouncer %s already exists", name)
|
return nil, fmt.Errorf("bouncer %s already exists", name)
|
||||||
}
|
}
|
||||||
return nil, fmt.Errorf("unable to create bouncer: %s", err)
|
|
||||||
|
return nil, fmt.Errorf("unable to create bouncer: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return bouncer, nil
|
return bouncer, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -63,7 +66,7 @@ func (c *Client) DeleteBouncer(name string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if nbDeleted == 0 {
|
if nbDeleted == 0 {
|
||||||
return fmt.Errorf("bouncer doesn't exist")
|
return errors.New("bouncer doesn't exist")
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
@ -74,36 +77,41 @@ func (c *Client) BulkDeleteBouncers(bouncers []*ent.Bouncer) (int, error) {
|
||||||
for i, b := range bouncers {
|
for i, b := range bouncers {
|
||||||
ids[i] = b.ID
|
ids[i] = b.ID
|
||||||
}
|
}
|
||||||
|
|
||||||
nbDeleted, err := c.Ent.Bouncer.Delete().Where(bouncer.IDIn(ids...)).Exec(c.CTX)
|
nbDeleted, err := c.Ent.Bouncer.Delete().Where(bouncer.IDIn(ids...)).Exec(c.CTX)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nbDeleted, fmt.Errorf("unable to delete bouncers: %s", err)
|
return nbDeleted, fmt.Errorf("unable to delete bouncers: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nbDeleted, nil
|
return nbDeleted, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) UpdateBouncerLastPull(lastPull time.Time, ID int) error {
|
func (c *Client) UpdateBouncerLastPull(lastPull time.Time, id int) error {
|
||||||
_, err := c.Ent.Bouncer.UpdateOneID(ID).
|
_, err := c.Ent.Bouncer.UpdateOneID(id).
|
||||||
SetLastPull(lastPull).
|
SetLastPull(lastPull).
|
||||||
Save(c.CTX)
|
Save(c.CTX)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to update machine last pull in database: %s", err)
|
return fmt.Errorf("unable to update machine last pull in database: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) UpdateBouncerIP(ipAddr string, ID int) error {
|
func (c *Client) UpdateBouncerIP(ipAddr string, id int) error {
|
||||||
_, err := c.Ent.Bouncer.UpdateOneID(ID).SetIPAddress(ipAddr).Save(c.CTX)
|
_, err := c.Ent.Bouncer.UpdateOneID(id).SetIPAddress(ipAddr).Save(c.CTX)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to update bouncer ip address in database: %s", err)
|
return fmt.Errorf("unable to update bouncer ip address in database: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Client) UpdateBouncerTypeAndVersion(bType string, version string, ID int) error {
|
func (c *Client) UpdateBouncerTypeAndVersion(bType string, version string, id int) error {
|
||||||
_, err := c.Ent.Bouncer.UpdateOneID(ID).SetVersion(version).SetType(bType).Save(c.CTX)
|
_, err := c.Ent.Bouncer.UpdateOneID(id).SetVersion(version).SetType(bType).Save(c.CTX)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("unable to update bouncer type and version in database: %s", err)
|
return fmt.Errorf("unable to update bouncer type and version in database: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ type Bouncer struct {
|
||||||
// Name holds the value of the "name" field.
|
// Name holds the value of the "name" field.
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
// APIKey holds the value of the "api_key" field.
|
// APIKey holds the value of the "api_key" field.
|
||||||
APIKey string `json:"api_key"`
|
APIKey string `json:"-"`
|
||||||
// Revoked holds the value of the "revoked" field.
|
// Revoked holds the value of the "revoked" field.
|
||||||
Revoked bool `json:"revoked"`
|
Revoked bool `json:"revoked"`
|
||||||
// IPAddress holds the value of the "ip_address" field.
|
// IPAddress holds the value of the "ip_address" field.
|
||||||
|
|
@ -193,8 +193,7 @@ func (b *Bouncer) String() string {
|
||||||
builder.WriteString("name=")
|
builder.WriteString("name=")
|
||||||
builder.WriteString(b.Name)
|
builder.WriteString(b.Name)
|
||||||
builder.WriteString(", ")
|
builder.WriteString(", ")
|
||||||
builder.WriteString("api_key=")
|
builder.WriteString("api_key=<sensitive>")
|
||||||
builder.WriteString(b.APIKey)
|
|
||||||
builder.WriteString(", ")
|
builder.WriteString(", ")
|
||||||
builder.WriteString("revoked=")
|
builder.WriteString("revoked=")
|
||||||
builder.WriteString(fmt.Sprintf("%v", b.Revoked))
|
builder.WriteString(fmt.Sprintf("%v", b.Revoked))
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ func (Bouncer) Fields() []ent.Field {
|
||||||
Default(types.UtcNow).
|
Default(types.UtcNow).
|
||||||
UpdateDefault(types.UtcNow).Nillable().Optional().StructTag(`json:"updated_at"`),
|
UpdateDefault(types.UtcNow).Nillable().Optional().StructTag(`json:"updated_at"`),
|
||||||
field.String("name").Unique().StructTag(`json:"name"`),
|
field.String("name").Unique().StructTag(`json:"name"`),
|
||||||
field.String("api_key").StructTag(`json:"api_key"`), // hash of api_key
|
field.String("api_key").Sensitive(), // hash of api_key
|
||||||
field.Bool("revoked").StructTag(`json:"revoked"`),
|
field.Bool("revoked").StructTag(`json:"revoked"`),
|
||||||
field.String("ip_address").Default("").Optional().StructTag(`json:"ip_address"`),
|
field.String("ip_address").Default("").Optional().StructTag(`json:"ip_address"`),
|
||||||
field.String("type").Optional().StructTag(`json:"type"`),
|
field.String("type").Optional().StructTag(`json:"type"`),
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue