Merge pull request #18389 from bparees/secretrefs

openshift-merge-robot · web-flow · commit 7681cd4e3986 · 2018-02-01T21:00:51.000-08:00
Automatic merge from submit-queue (batch tested with PRs 18390, 18389, 18290, 18377, 18385).

mask webhook secret value in builds
diff --git a/pkg/build/generator/generator_test.go b/pkg/build/generator/generator_test.go
@@ -1963,7 +1963,7 @@ func TestInstantiateBuildTriggerCauseImageChange(t *testing.T) {
 func TestInstantiateBuildTriggerCauseGenericWebHook(t *testing.T) {
 	buildTriggerCauses := []buildapi.BuildTriggerCause{}
 	changeMessage := "Generic WebHook"
-	webHookSecret := "testsecret"
+	webHookSecret := "<secret>"
 
 	gitRevision := &buildapi.SourceRevision{
 		Git: &buildapi.GitSourceRevision{
@@ -1980,7 +1980,7 @@ func TestInstantiateBuildTriggerCauseGenericWebHook(t *testing.T) {
 			buildapi.BuildTriggerCause{
 				Message: changeMessage,
 				GenericWebHook: &buildapi.GenericWebHookCause{
-					Secret:   webHookSecret,
+					Secret:   "<secret>",
 					Revision: gitRevision,
 				},
 			},
@@ -2008,7 +2008,7 @@ func TestInstantiateBuildTriggerCauseGenericWebHook(t *testing.T) {
 func TestInstantiateBuildTriggerCauseGitHubWebHook(t *testing.T) {
 	buildTriggerCauses := []buildapi.BuildTriggerCause{}
 	changeMessage := buildapi.BuildTriggerCauseGithubMsg
-	webHookSecret := "testsecret"
+	webHookSecret := "<secret>"
 
 	gitRevision := &buildapi.SourceRevision{
 		Git: &buildapi.GitSourceRevision{
@@ -2025,7 +2025,7 @@ func TestInstantiateBuildTriggerCauseGitHubWebHook(t *testing.T) {
 			buildapi.BuildTriggerCause{
 				Message: changeMessage,
 				GitHubWebHook: &buildapi.GitHubWebHookCause{
-					Secret:   webHookSecret,
+					Secret:   "<secret>",
 					Revision: gitRevision,
 				},
 			},
@@ -2053,7 +2053,7 @@ func TestInstantiateBuildTriggerCauseGitHubWebHook(t *testing.T) {
 func TestInstantiateBuildTriggerCauseGitLabWebHook(t *testing.T) {
 	buildTriggerCauses := []buildapi.BuildTriggerCause{}
 	changeMessage := buildapi.BuildTriggerCauseGitLabMsg
-	webHookSecret := "testsecret"
+	webHookSecret := "<secret>"
 
 	gitRevision := &buildapi.SourceRevision{
 		Git: &buildapi.GitSourceRevision{
@@ -2072,7 +2072,7 @@ func TestInstantiateBuildTriggerCauseGitLabWebHook(t *testing.T) {
 				GitLabWebHook: &buildapi.GitLabWebHookCause{
 					CommonWebHookCause: buildapi.CommonWebHookCause{
 						Revision: gitRevision,
-						Secret:   webHookSecret,
+						Secret:   "<secret>",
 					},
 				},
 			},
@@ -2100,7 +2100,7 @@ func TestInstantiateBuildTriggerCauseGitLabWebHook(t *testing.T) {
 func TestInstantiateBuildTriggerCauseBitbucketWebHook(t *testing.T) {
 	buildTriggerCauses := []buildapi.BuildTriggerCause{}
 	changeMessage := buildapi.BuildTriggerCauseBitbucketMsg
-	webHookSecret := "testsecret"
+	webHookSecret := "<secret>"
 
 	gitRevision := &buildapi.SourceRevision{
 		Git: &buildapi.GitSourceRevision{
@@ -2118,7 +2118,7 @@ func TestInstantiateBuildTriggerCauseBitbucketWebHook(t *testing.T) {
 				Message: changeMessage,
 				BitbucketWebHook: &buildapi.BitbucketWebHookCause{
 					CommonWebHookCause: buildapi.CommonWebHookCause{
-						Secret:   webHookSecret,
+						Secret:   "<secret>",
 						Revision: gitRevision,
 					},
 				},
diff --git a/pkg/build/registry/buildconfig/webhook.go b/pkg/build/registry/buildconfig/webhook.go
@@ -146,7 +146,7 @@ func (w *WebHookHandler) ProcessWebHook(writer http.ResponseWriter, req *http.Re
 	}
 	warning := err
 
-	buildTriggerCauses := webhook.GenerateBuildTriggerInfo(revision, hookType, secret)
+	buildTriggerCauses := webhook.GenerateBuildTriggerInfo(revision, hookType)
 	request := &buildapi.BuildRequest{
 		TriggeredBy: buildTriggerCauses,
 		ObjectMeta:  metav1.ObjectMeta{Name: name},
diff --git a/pkg/build/registry/buildconfig/webhook_test.go b/pkg/build/registry/buildconfig/webhook_test.go
@@ -477,8 +477,8 @@ func TestGeneratedBuildTriggerInfoGenericWebHook(t *testing.T) {
 		},
 	}
 
-	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "generic", "mysecret")
-	hiddenSecret := fmt.Sprintf("%s***", "mysecret"[:(len("mysecret")/2)])
+	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "generic")
+	hiddenSecret := "<secret>"
 	for _, cause := range buildtriggerCause {
 		if !reflect.DeepEqual(revision, cause.GenericWebHook.Revision) {
 			t.Errorf("Expected returned revision to equal: %v", revision)
@@ -507,8 +507,8 @@ func TestGeneratedBuildTriggerInfoGitHubWebHook(t *testing.T) {
 		},
 	}
 
-	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "github", "mysecret")
-	hiddenSecret := fmt.Sprintf("%s***", "mysecret"[:(len("mysecret")/2)])
+	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "github")
+	hiddenSecret := "<secret>"
 	for _, cause := range buildtriggerCause {
 		if !reflect.DeepEqual(revision, cause.GitHubWebHook.Revision) {
 			t.Errorf("Expected returned revision to equal: %v", revision)
@@ -537,8 +537,8 @@ func TestGeneratedBuildTriggerInfoGitLabWebHook(t *testing.T) {
 		},
 	}
 
-	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "gitlab", "mysecret")
-	hiddenSecret := fmt.Sprintf("%s***", "mysecret"[:(len("mysecret")/2)])
+	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "gitlab")
+	hiddenSecret := "<secret>"
 	for _, cause := range buildtriggerCause {
 		if !reflect.DeepEqual(revision, cause.GitLabWebHook.Revision) {
 			t.Errorf("Expected returned revision to equal: %v", revision)
@@ -567,8 +567,8 @@ func TestGeneratedBuildTriggerInfoBitbucketWebHook(t *testing.T) {
 		},
 	}
 
-	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "bitbucket", "mysecret")
-	hiddenSecret := fmt.Sprintf("%s***", "mysecret"[:(len("mysecret")/2)])
+	buildtriggerCause := webhook.GenerateBuildTriggerInfo(revision, "bitbucket")
+	hiddenSecret := "<secret>"
 	for _, cause := range buildtriggerCause {
 		if !reflect.DeepEqual(revision, cause.BitbucketWebHook.Revision) {
 			t.Errorf("Expected returned revision to equal: %v", revision)
diff --git a/pkg/build/webhook/webhook.go b/pkg/build/webhook/webhook.go
@@ -3,7 +3,6 @@ package webhook
 import (
 	"crypto/hmac"
 	"errors"
-	"fmt"
 	"net/http"
 	"strings"
 
@@ -89,8 +88,8 @@ func CheckSecret(namespace, userSecret string, triggers []*buildapi.WebHookTrigg
 	return nil, ErrSecretMismatch
 }
 
-func GenerateBuildTriggerInfo(revision *buildapi.SourceRevision, hookType, secret string) (buildTriggerCauses []buildapi.BuildTriggerCause) {
-	hiddenSecret := fmt.Sprintf("%s***", secret[:(len(secret)/2)])
+func GenerateBuildTriggerInfo(revision *buildapi.SourceRevision, hookType string) (buildTriggerCauses []buildapi.BuildTriggerCause) {
+	hiddenSecret := "<secret>"
 	switch {
 	case hookType == "generic":
 		buildTriggerCauses = append(buildTriggerCauses,

Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ func (w WebHookHandler) ProcessWebHook(writer http.ResponseWriter, req http.Re`
`146`	`146`	`}`
`147`	`147`	`warning := err`
`148`	`148`
`149`		`- buildTriggerCauses := webhook.GenerateBuildTriggerInfo(revision, hookType, secret)`
	`149`	`+ buildTriggerCauses := webhook.GenerateBuildTriggerInfo(revision, hookType)`
`150`	`150`	`request := &buildapi.BuildRequest{`
`151`	`151`	`TriggeredBy: buildTriggerCauses,`
`152`	`152`	`ObjectMeta: metav1.ObjectMeta{Name: name},`