spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Redact build args (since they are often tokens)

Browse Source
This commit is contained in:
David Heinemeier Hansson
2023-01-15 13:15:14 +01:00
parent bb8a8d3399
commit 760a87fe06
4 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/mrsk/commands/app.rb
View File

@@ -8,7 +8,7 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
"-d", "-d",
"--restart unless-stopped", "--restart unless-stopped",
"--name", config.service_with_version, "--name", config.service_with_version,
"-e", redact("RAILS_MASTER_KEY=#{config.master_key}"), "-e", Mrsk::Utils.redact("RAILS_MASTER_KEY=#{config.master_key}"),
*config.env_args, *config.env_args,
*role.label_args, *role.label_args,
config.absolute_image, config.absolute_image,
@@ -34,7 +34,7 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
def exec(*command, interactive: false) def exec(*command, interactive: false)
docker :exec, docker :exec,
("-it" if interactive), ("-it" if interactive),
"-e", redact("RAILS_MASTER_KEY=#{config.master_key}"), "-e", Mrsk::Utils.redact("RAILS_MASTER_KEY=#{config.master_key}"),
*config.env_args, *config.env_args,
config.service_with_version, config.service_with_version,
*command *command

5
lib/mrsk/commands/base.rb
View File

@@ -18,10 +18,5 @@ module Mrsk::Commands
def docker(*args) def docker(*args)
args.compact.unshift :docker args.compact.unshift :docker
end end
# Copied from SSHKit::Backend::Abstract#redact to be available inside Commands classes
def redact(arg) # Used in execute_command to hide redact() args a user passes in
arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc
end
end end
end end

2
lib/mrsk/commands/builder/base.rb
View File

@@ -8,7 +8,7 @@ class Mrsk::Commands::Builder::Base < Mrsk::Commands::Base
end end
def build_args def build_args
argumentize "--build-arg", args argumentize "--build-arg", args, redacted: true
end end
private private

5
lib/mrsk/configuration.rb
View File

@@ -3,6 +3,7 @@ require "active_support/core_ext/string/inquiry"
require "active_support/core_ext/module/delegation" require "active_support/core_ext/module/delegation"
require "pathname" require "pathname"
require "erb" require "erb"
require "mrsk/utils"
class Mrsk::Configuration class Mrsk::Configuration
delegate :service, :image, :servers, :env, :labels, :registry, :builder, to: :config, allow_nil: true delegate :service, :image, :servers, :env, :labels, :registry, :builder, to: :config, allow_nil: true
@@ -16,8 +17,8 @@ class Mrsk::Configuration
end end
end end
def argumentize(argument, attributes) def argumentize(argument, attributes, redacted: false)
attributes.flat_map { |k, v| [ argument, "#{k}=#{v}" ] } attributes.flat_map { |k, v| [ argument, redacted ? Mrsk::Utils.redact("#{k}=#{v}") : "#{k}=#{v}" ] }
end end
end end