(ctx context.Context, instance *storepb.Instance)
| 346 | } |
| 347 | |
| 348 | func (s *Store) obfuscateInstance(ctx context.Context, instance *storepb.Instance) (*storepb.Instance, error) { |
| 349 | secret, err := s.GetAuthSecret(ctx) |
| 350 | if err != nil { |
| 351 | return nil, errors.Wrap(err, "failed to get auth secret") |
| 352 | } |
| 353 | |
| 354 | redacted := proto.CloneOf(instance) |
| 355 | for _, ds := range redacted.GetDataSources() { |
| 356 | ds.ObfuscatedPassword = common.Obfuscate(ds.GetPassword(), secret) |
| 357 | ds.Password = "" |
| 358 | ds.ObfuscatedSslCa = common.Obfuscate(ds.GetSslCa(), secret) |
| 359 | ds.SslCa = "" |
| 360 | ds.ObfuscatedSslCaPath = common.Obfuscate(ds.GetSslCaPath(), secret) |
| 361 | ds.SslCaPath = "" |
| 362 | ds.ObfuscatedSslCert = common.Obfuscate(ds.GetSslCert(), secret) |
| 363 | ds.SslCert = "" |
| 364 | ds.ObfuscatedSslCertPath = common.Obfuscate(ds.GetSslCertPath(), secret) |
| 365 | ds.SslCertPath = "" |
| 366 | ds.ObfuscatedSslKey = common.Obfuscate(ds.GetSslKey(), secret) |
| 367 | ds.SslKey = "" |
| 368 | ds.ObfuscatedSslKeyPath = common.Obfuscate(ds.GetSslKeyPath(), secret) |
| 369 | ds.SslKeyPath = "" |
| 370 | ds.ObfuscatedSshPassword = common.Obfuscate(ds.GetSshPassword(), secret) |
| 371 | ds.SshPassword = "" |
| 372 | ds.ObfuscatedSshPrivateKey = common.Obfuscate(ds.GetSshPrivateKey(), secret) |
| 373 | ds.SshPrivateKey = "" |
| 374 | ds.ObfuscatedAuthenticationPrivateKey = common.Obfuscate(ds.GetAuthenticationPrivateKey(), secret) |
| 375 | ds.AuthenticationPrivateKey = "" |
| 376 | ds.ObfuscatedAuthenticationPrivateKeyPassphrase = common.Obfuscate(ds.GetAuthenticationPrivateKeyPassphrase(), secret) |
| 377 | ds.AuthenticationPrivateKeyPassphrase = "" |
| 378 | ds.ObfuscatedMasterPassword = common.Obfuscate(ds.GetMasterPassword(), secret) |
| 379 | ds.MasterPassword = "" |
| 380 | |
| 381 | if azureCredential := ds.GetAzureCredential(); azureCredential != nil { |
| 382 | azureCredential.ObfuscatedClientSecret = common.Obfuscate(azureCredential.ClientSecret, secret) |
| 383 | azureCredential.ClientSecret = "" |
| 384 | } |
| 385 | if awsCredential := ds.GetAwsCredential(); awsCredential != nil { |
| 386 | awsCredential.ObfuscatedAccessKeyId = common.Obfuscate(awsCredential.AccessKeyId, secret) |
| 387 | awsCredential.AccessKeyId = "" |
| 388 | |
| 389 | awsCredential.ObfuscatedSecretAccessKey = common.Obfuscate(awsCredential.SecretAccessKey, secret) |
| 390 | awsCredential.SecretAccessKey = "" |
| 391 | |
| 392 | awsCredential.ObfuscatedSessionToken = common.Obfuscate(awsCredential.SessionToken, secret) |
| 393 | awsCredential.SessionToken = "" |
| 394 | } |
| 395 | if gcpCredential := ds.GetGcpCredential(); gcpCredential != nil { |
| 396 | gcpCredential.ObfuscatedContent = common.Obfuscate(gcpCredential.Content, secret) |
| 397 | gcpCredential.Content = "" |
| 398 | } |
| 399 | if externalSecret := ds.GetExternalSecret(); externalSecret != nil { |
| 400 | externalSecret.ObfuscatedVaultSslCa = common.Obfuscate(externalSecret.GetVaultSslCa(), secret) |
| 401 | externalSecret.VaultSslCa = "" |
| 402 | externalSecret.ObfuscatedVaultSslCert = common.Obfuscate(externalSecret.GetVaultSslCert(), secret) |
| 403 | externalSecret.VaultSslCert = "" |
| 404 | externalSecret.ObfuscatedVaultSslKey = common.Obfuscate(externalSecret.GetVaultSslKey(), secret) |
| 405 | externalSecret.VaultSslKey = "" |
no test coverage detected