Mask Azure storage connection string in logs (#451)

github · Jun 15, 2022 · 51fafbf · 51fafbf
1 parent 8736d28
commit 51fafbf
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 15 deletions.
diff --git a/src/OctoshiftCLI.Tests/gei/Commands/GenerateScriptCommandTests.cs b/src/OctoshiftCLI.Tests/gei/Commands/GenerateScriptCommandTests.cs
@@ -383,6 +383,8 @@ public async Task Sequential_Github_Ghes_Repo()
 
             // Assert
             _script.Should().Be(expected);
+            _mockOctoLogger.Verify(m => m.LogInformation("AZURE STORAGE CONNECTION STRING: ***"));
+            _mockOctoLogger.Verify(m => m.LogInformation($"GHES API URL: {ghesApiUrl}"));
         }
 
         [Fact]
@@ -419,6 +421,7 @@ public async Task Sequential_Github_Ghes_Repo_No_Ssl()
 
             // Assert
             _script.Should().Be(expected);
+            _mockOctoLogger.Verify(m => m.LogInformation("SSL verification disabled"));
         }
 
         [Fact]
@@ -828,10 +831,10 @@ exit 1
 
             // Assert
             _script.Should().Be(expected.ToString());
+            _mockOctoLogger.Verify(m => m.LogInformation("AZURE STORAGE CONNECTION STRING: ***"));
+            _mockOctoLogger.Verify(m => m.LogInformation($"GHES API URL: {ghesApiUrl}"));
         }
 
-        // start of log download
-
         [Fact]
         public async Task Sequential_Ado_Single_Repo_With_Download_Migration_Logs()
         {
@@ -1303,6 +1306,7 @@ exit 1
 
             // Assert
             _script.Should().Be(expected.ToString());
+            _mockOctoLogger.Verify(m => m.LogInformation("SSL verification disabled"));
         }
 
         [Fact]

diff --git a/src/OctoshiftCLI.Tests/gei/Commands/MigrateRepoCommandTests.cs b/src/OctoshiftCLI.Tests/gei/Commands/MigrateRepoCommandTests.cs
@@ -391,7 +391,7 @@ public async Task Happy_Path_GithubSource_Ghes()
 
             _mockGithubApi.Verify(x => x.GetMigration(migrationId));
             _mockOctoLogger.Verify(x => x.LogInformation($"GHES API URL: {GHES_API_URL}"), Times.Once);
-            _mockOctoLogger.Verify(x => x.LogInformation($"AZURE STORAGE CONNECTION STRING: {AZURE_CONNECTION_STRING}"), Times.Once);
+            _mockOctoLogger.Verify(x => x.LogInformation("AZURE STORAGE CONNECTION STRING: ***"), Times.Once);
         }
 
         [Fact]

diff --git a/src/gei/Commands/GenerateScriptCommand.cs b/src/gei/Commands/GenerateScriptCommand.cs
@@ -183,6 +183,10 @@ public async Task Invoke(GenerateScriptCommandArgs args)
                         throw new OctoshiftCliException("Please set either --azure-storage-connection-string or AZURE_STORAGE_CONNECTION_STRING");
                     }
                 }
+                else
+                {
+                    _log.LogInformation("AZURE STORAGE CONNECTION STRING: ***");
+                }
 
                 if (args.NoSslVerify)
                 {

diff --git a/src/gei/Commands/MigrateRepoCommand.cs b/src/gei/Commands/MigrateRepoCommand.cs
@@ -273,8 +273,6 @@ private string ExtractGhesBaseUrl(string ghesApiUrl)
           string githubSourcePat,
           bool noSslVerify = false)
         {
-            _log.LogInformation($"GHES API URL: {ghesApiUrl}");
-
             if (string.IsNullOrWhiteSpace(azureStorageConnectionString))
             {
                 _log.LogInformation("--azure-storage-connection-string not set, using environment variable AZURE_STORAGE_CONNECTION_STRING");
@@ -285,15 +283,6 @@ private string ExtractGhesBaseUrl(string ghesApiUrl)
                     throw new OctoshiftCliException("Please set either --azure-storage-connection-string or AZURE_STORAGE_CONNECTION_STRING");
                 }
             }
-            else
-            {
-                _log.LogInformation($"AZURE STORAGE CONNECTION STRING: {azureStorageConnectionString}");
-            }
-
-            if (noSslVerify)
-            {
-                _log.LogInformation("SSL verification disabled");
-            }
 
             var ghesApi = noSslVerify ? _sourceGithubApiFactory.CreateClientNoSsl(ghesApiUrl, githubSourcePat) : _sourceGithubApiFactory.Create(ghesApiUrl, githubSourcePat);
             var azureApi = noSslVerify ? _azureApiFactory.CreateClientNoSsl(azureStorageConnectionString) : _azureApiFactory.Create(azureStorageConnectionString);
@@ -411,7 +400,6 @@ private void LogAndValidateOptions(MigrateRepoCommandArgs args)
                 _log.LogInformation("ADO PAT: ***");
             }
 
-
             if (string.IsNullOrWhiteSpace(args.GithubSourceOrg) && string.IsNullOrWhiteSpace(args.AdoSourceOrg))
             {
                 throw new OctoshiftCliException("Must specify either --github-source-org or --ado-source-org");
@@ -433,6 +421,21 @@ private void LogAndValidateOptions(MigrateRepoCommandArgs args)
                 args.TargetRepo = args.SourceRepo;
             }
 
+            if (args.GhesApiUrl.HasValue())
+            {
+                _log.LogInformation($"GHES API URL: {args.GhesApiUrl}");
+            }
+
+            if (args.AzureStorageConnectionString.HasValue())
+            {
+                _log.LogInformation("AZURE STORAGE CONNECTION STRING: ***");
+            }
+
+            if (args.NoSslVerify)
+            {
+                _log.LogInformation("SSL verification disabled");
+            }
+
             if (args.SkipReleases)
             {
                 _log.LogInformation("SKIP RELEASES: true");