WIP -- How would we hide the display on /tests/$id#settings pages? --…

… Add support for configurable secrets variables Related progress issue: https://progress.opensuse.org/issues/162086
os-autoinst · Jun 11, 2024 · 17ac889 · 17ac889
1 parent 4c94cca
commit 17ac889
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/lib/OpenQA/Log.pm b/lib/OpenQA/Log.pm
@@ -208,8 +208,11 @@ sub setup_log ($app, $logfile = undef, $logdir = undef, $level = undef) {
     OpenQA::App->set_singleton($app);
 }
 
+# same approach as in os-autoinst bmwqemu.pm
 sub redact_settings ($vars) {
-    return {map { $_ !~ qr/(^_SECRET_|_PASSWORD)/ ? ($_ => $vars->{$_}) : ($_ => '[redacted]') } keys %$vars};
+    my $hide_re = '^_SECRET_|_PASSWORD';
+    $hide_re .= "|$vars->{_HIDE_MATCH_RE}" if $vars->{_HIDE_MATCH_RE};
+    return {map { $_ !~ qr/($hide_re)/ ? ($_ => $vars->{$_}) : ($_ => '[redacted]') } keys %$vars};
 }
 
 sub redact_settings_in_file ($file) {

diff --git a/t/24-worker-jobs.t b/t/24-worker-jobs.t
@@ -1503,11 +1503,27 @@ subtest 'redacting logfile' => sub {
     ok OpenQA::Worker::Job::_redact_file($test_file, 'bar'), 'no error as file skipped anyways';
     combined_like { ok !OpenQA::Worker::Job::_redact_file($test_file, 'vars.json'), 'returns falsy value on error' }
       qr/Skipping upload of vars.json because.*No such file or directory/, 'error logged';
-    $test_file->spew(encode_json({FOO => 'bar', SOME_PASSWORD => '123', _SECRET_VARIABLE => '456'}));
+    $test_file->spew(
+        encode_json(
+            {
+                FOO => 'bar',
+                SOME_PASSWORD => '123',
+                _SECRET_VARIABLE => '456',
+                SNEAKY_TEXT => 'secret',
+                _HIDE_MATCH_RE => 'SNEAK'
+            }));
     ok OpenQA::Worker::Job::_redact_file($test_file, 'vars.json'), 'file changed with no error';
     my $vars_data = $test_file->slurp;
     my $vars = decode_json($vars_data);
-    is_deeply $vars, {FOO => 'bar', SOME_PASSWORD => '[redacted]', _SECRET_VARIABLE => '[redacted]'}, 'secrets hidden'
+    is_deeply $vars,
+      {
+        FOO => 'bar',
+        SOME_PASSWORD => '[redacted]',
+        _SECRET_VARIABLE => '[redacted]',
+        SNEAKY_TEXT => '[redacted]',
+        _HIDE_MATCH_RE => 'SNEAK'
+      },
+      'secrets hidden'
       or diag explain $vars;
     like $vars_data, qr/\n/, 'JSON still formatted (with breaks at least)';
 };