fix: remove logging of credentials (#1534)

pull/1526/head
nils måsén 2 years ago committed by GitHub
parent 4d661bf63b
commit cfcbcac8b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -91,7 +91,8 @@ func GetBearerHeader(challenge string, img string, registryAuth string) (string,
if registryAuth != "" {
logrus.Debug("Credentials found.")
logrus.Tracef("Credentials: %v", registryAuth)
// CREDENTIAL: Uncomment to log registry credentials
// logrus.Tracef("Credentials: %v", registryAuth)
r.Header.Add("Authorization", fmt.Sprintf("Basic %s", registryAuth))
} else {
logrus.Debug("No credentials found.")

@ -6,15 +6,16 @@ import (
"encoding/json"
"errors"
"fmt"
"net"
"net/http"
"strings"
"time"
"github.com/containrrr/watchtower/internal/meta"
"github.com/containrrr/watchtower/pkg/registry/auth"
"github.com/containrrr/watchtower/pkg/registry/manifest"
"github.com/containrrr/watchtower/pkg/types"
"github.com/sirupsen/logrus"
"net"
"net/http"
"strings"
"time"
)
// ContentDigestHeader is the key for the key-value pair containing the digest header
@ -25,7 +26,7 @@ func CompareDigest(container types.Container, registryAuth string) (bool, error)
if !container.HasImageInfo() {
return false, errors.New("container image info missing")
}
var digest string
registryAuth = TransformAuth(registryAuth)
@ -93,12 +94,13 @@ func GetDigest(url string, token string) (string, error) {
req, _ := http.NewRequest("HEAD", url, nil)
req.Header.Set("User-Agent", meta.UserAgent)
if token != "" {
logrus.WithField("token", token).Trace("Setting request token")
} else {
if token == "" {
return "", errors.New("could not fetch token")
}
// CREDENTIAL: Uncomment to log the request token
// logrus.WithField("token", token).Trace("Setting request token")
req.Header.Add("Authorization", token)
req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v2+json")
req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.list.v2+json")

@ -19,7 +19,9 @@ func GetPullOptions(imageName string) (types.ImagePullOptions, error) {
if auth == "" {
return types.ImagePullOptions{}, nil
}
log.Tracef("Got auth value: %s", auth)
// CREDENTIAL: Uncomment to log docker config auth
// log.Tracef("Got auth value: %s", auth)
return types.ImagePullOptions{
RegistryAuth: auth,

@ -38,7 +38,8 @@ func EncodedEnvAuth(ref string) (string, error) {
Password: password,
}
log.Debugf("Loaded auth credentials for user %s on registry %s", auth.Username, ref)
log.Tracef("Using auth password %s", auth.Password)
// CREDENTIAL: Uncomment to log REPO_PASS environment variable
// log.Tracef("Using auth password %s", auth.Password)
return EncodeAuth(auth)
}
return "", errors.New("registry auth environment variables (REPO_USER, REPO_PASS) not set")
@ -71,7 +72,8 @@ func EncodedConfigAuth(ref string) (string, error) {
return "", nil
}
log.Debugf("Loaded auth credentials for user %s, on registry %s, from file %s", auth.Username, ref, configFile.Filename)
log.Tracef("Using auth password %s", auth.Password)
// CREDENTIAL: Uncomment to log docker config password
// log.Tracef("Using auth password %s", auth.Password)
return EncodeAuth(auth)
}

Loading…
Cancel
Save