fix: remove logging of credentials (#1534)

pull/1526/head
nils måsén 2 years ago committed by GitHub
parent 4d661bf63b
commit cfcbcac8b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -91,7 +91,8 @@ func GetBearerHeader(challenge string, img string, registryAuth string) (string,
if registryAuth != "" { if registryAuth != "" {
logrus.Debug("Credentials found.") logrus.Debug("Credentials found.")
logrus.Tracef("Credentials: %v", registryAuth) // CREDENTIAL: Uncomment to log registry credentials
// logrus.Tracef("Credentials: %v", registryAuth)
r.Header.Add("Authorization", fmt.Sprintf("Basic %s", registryAuth)) r.Header.Add("Authorization", fmt.Sprintf("Basic %s", registryAuth))
} else { } else {
logrus.Debug("No credentials found.") logrus.Debug("No credentials found.")

@ -6,15 +6,16 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"net"
"net/http"
"strings"
"time"
"github.com/containrrr/watchtower/internal/meta" "github.com/containrrr/watchtower/internal/meta"
"github.com/containrrr/watchtower/pkg/registry/auth" "github.com/containrrr/watchtower/pkg/registry/auth"
"github.com/containrrr/watchtower/pkg/registry/manifest" "github.com/containrrr/watchtower/pkg/registry/manifest"
"github.com/containrrr/watchtower/pkg/types" "github.com/containrrr/watchtower/pkg/types"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"net"
"net/http"
"strings"
"time"
) )
// ContentDigestHeader is the key for the key-value pair containing the digest header // ContentDigestHeader is the key for the key-value pair containing the digest header
@ -25,7 +26,7 @@ func CompareDigest(container types.Container, registryAuth string) (bool, error)
if !container.HasImageInfo() { if !container.HasImageInfo() {
return false, errors.New("container image info missing") return false, errors.New("container image info missing")
} }
var digest string var digest string
registryAuth = TransformAuth(registryAuth) registryAuth = TransformAuth(registryAuth)
@ -93,12 +94,13 @@ func GetDigest(url string, token string) (string, error) {
req, _ := http.NewRequest("HEAD", url, nil) req, _ := http.NewRequest("HEAD", url, nil)
req.Header.Set("User-Agent", meta.UserAgent) req.Header.Set("User-Agent", meta.UserAgent)
if token != "" { if token == "" {
logrus.WithField("token", token).Trace("Setting request token")
} else {
return "", errors.New("could not fetch token") return "", errors.New("could not fetch token")
} }
// CREDENTIAL: Uncomment to log the request token
// logrus.WithField("token", token).Trace("Setting request token")
req.Header.Add("Authorization", token) req.Header.Add("Authorization", token)
req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v2+json") req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.v2+json")
req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.list.v2+json") req.Header.Add("Accept", "application/vnd.docker.distribution.manifest.list.v2+json")

@ -19,7 +19,9 @@ func GetPullOptions(imageName string) (types.ImagePullOptions, error) {
if auth == "" { if auth == "" {
return types.ImagePullOptions{}, nil return types.ImagePullOptions{}, nil
} }
log.Tracef("Got auth value: %s", auth)
// CREDENTIAL: Uncomment to log docker config auth
// log.Tracef("Got auth value: %s", auth)
return types.ImagePullOptions{ return types.ImagePullOptions{
RegistryAuth: auth, RegistryAuth: auth,

@ -38,7 +38,8 @@ func EncodedEnvAuth(ref string) (string, error) {
Password: password, Password: password,
} }
log.Debugf("Loaded auth credentials for user %s on registry %s", auth.Username, ref) log.Debugf("Loaded auth credentials for user %s on registry %s", auth.Username, ref)
log.Tracef("Using auth password %s", auth.Password) // CREDENTIAL: Uncomment to log REPO_PASS environment variable
// log.Tracef("Using auth password %s", auth.Password)
return EncodeAuth(auth) return EncodeAuth(auth)
} }
return "", errors.New("registry auth environment variables (REPO_USER, REPO_PASS) not set") return "", errors.New("registry auth environment variables (REPO_USER, REPO_PASS) not set")
@ -71,7 +72,8 @@ func EncodedConfigAuth(ref string) (string, error) {
return "", nil return "", nil
} }
log.Debugf("Loaded auth credentials for user %s, on registry %s, from file %s", auth.Username, ref, configFile.Filename) log.Debugf("Loaded auth credentials for user %s, on registry %s, from file %s", auth.Username, ref, configFile.Filename)
log.Tracef("Using auth password %s", auth.Password) // CREDENTIAL: Uncomment to log docker config password
// log.Tracef("Using auth password %s", auth.Password)
return EncodeAuth(auth) return EncodeAuth(auth)
} }

Loading…
Cancel
Save