fix(variables): hide sensitive data from terminal output (closes #301)

bleenco · Dec 21, 2017 · 6cb71d9 · 6cb71d9
1 parent 412eb3e
commit 6cb71d9
Show file tree

Hide file tree

Showing 8 changed files with 115 additions and 62 deletions.
diff --git a/src/api/deploy.ts b/src/api/deploy.ts
@@ -2,8 +2,11 @@ import { Observable, Observer } from 'rxjs';
 import { s3Deploy } from './deploy/aws-s3';
 import { codeDeploy } from './deploy/aws-code-deploy';
 import { elasticDeploy } from './deploy/aws-elastic';
+import * as envVars from './env-variables';
 
-export function deploy(preferences: any, container: string, variables: string[]): Observable<any> {
+export function deploy(
+  preferences: any, container: string, variables: envVars.EnvVariables
+): Observable<any> {
   return new Observable((observer: Observer<any>) => {
     if (preferences) {
       const provider = preferences.provider;
@@ -18,7 +21,9 @@ export function deploy(preferences: any, container: string, variables: string[])
   });
 }
 
-function deployProvider(provider, preferences, container, variables): Observable<any> {
+function deployProvider(
+  provider: string, preferences: any, container: string, variables: envVars.EnvVariables
+): Observable<any> {
   switch (provider) {
     case 's3':
       return s3Deploy(preferences, container, variables);
@@ -37,14 +42,10 @@ function deployProvider(provider, preferences, container, variables): Observable
   }
 }
 
-export function findFromEnvVariables(variables, property) {
-  let value = variables.find(v => v.startsWith(property));
-
-  if (value) {
-    const tmp = value.split('=');
-    if (tmp.length > 1) {
-      return tmp[1];
-    }
+export function findFromEnvVariables(variables: envVars.EnvVariables, property: string) {
+  let value = variables[property];
+  if (typeof value !== 'undefined') {
+    return value.value;
   }
 
   return null;

diff --git a/src/api/deploy/aws-code-deploy.ts b/src/api/deploy/aws-code-deploy.ts
@@ -5,9 +5,10 @@ import { findFromEnvVariables } from '../deploy';
 import * as style from 'ansi-styles';
 import { error } from 'util';
 import chalk from 'chalk';
+import * as envVars from '../env-variables';
 
 export function codeDeploy(
-  preferences: any, container: string, variables: string[]
+  preferences: any, container: string, variables: envVars.EnvVariables
 ): Observable<any> {
   return new Observable((observer: Observer<any>) => {
 
@@ -89,7 +90,7 @@ export function codeDeploy(
       let command = {
         type: CommandType.deploy, command: `aws configure set aws_access_key_id ${accessKeyId}`
       };
-      dockerExec(container, command)
+      dockerExec(container, command, variables)
         .toPromise()
         .then(result => {
           if (!(result && result.data === 0)) {
@@ -103,7 +104,7 @@ export function codeDeploy(
             command: `aws configure set aws_secret_access_key ${secretAccessKey}`
           };
 
-          return dockerExec(container, command).toPromise();
+          return dockerExec(container, command, variables).toPromise();
         })
         .then(result => {
           if (!(result && result.data === 0)) {
@@ -116,7 +117,7 @@ export function codeDeploy(
             type: CommandType.deploy, command: `aws configure set region ${region}`
           };
 
-          return dockerExec(container, command).toPromise();
+          return dockerExec(container, command, variables).toPromise();
         })
         .then(result => {
           if (!(result && result.data === 0)) {
@@ -137,7 +138,7 @@ export function codeDeploy(
                   + ` --deployment-group-name ${deployGroup} --service-role-arn ${arn}`
               };
 
-              return dockerExec(container, command)
+              return dockerExec(container, command, variables)
                 .toPromise()
                 .then(result => {
                   if (!(result && result.data === 0)) {
@@ -182,7 +183,7 @@ export function codeDeploy(
             return Promise.reject(1);
           }
 
-          return dockerExec(container, command)
+          return dockerExec(container, command, variables)
             .toPromise()
             .then(result => {
               if (!(result && result.data === 0)) {
@@ -211,7 +212,7 @@ export function codeDeploy(
   });
 }
 
-function depGroupExists(container, application, group): Promise<any> {
+function depGroupExists(container: string, application: string, group: string): Promise<any> {
   return new Promise((resolve, reject) => {
     const command = `aws deploy get-deployment-group --application-name ${application}`
       + ` --deployment-group ${group}`;

diff --git a/src/api/deploy/aws-elastic.ts b/src/api/deploy/aws-elastic.ts
@@ -4,9 +4,10 @@ import { CommandType } from '../config';
 import { findFromEnvVariables } from '../deploy';
 import * as style from 'ansi-styles';
 import chalk from 'chalk';
+import * as envVars from '../env-variables';
 
 export function elasticDeploy(
-  preferences: any, container: string, variables: string[]
+  preferences: any, container: string, variables: envVars.EnvVariables
 ): Observable<any> {
   return new Observable((observer: Observer<any>) => {
     // 1. check preferences
@@ -106,7 +107,7 @@ export function elasticDeploy(
       let command = {
         type: CommandType.deploy, command: `aws configure set aws_access_key_id ${accessKeyId}`
       };
-      dockerExec(container, command)
+      dockerExec(container, command, variables)
         .toPromise()
         .then(result => {
           if (!(result && result.data === 0)) {
@@ -120,7 +121,7 @@ export function elasticDeploy(
             command: `aws configure set aws_secret_access_key ${secretAccessKey}`
           };
 
-          return dockerExec(container, command).toPromise();
+          return dockerExec(container, command, variables).toPromise();
         })
         .then(result => {
           if (!(result && result.data === 0)) {
@@ -133,7 +134,7 @@ export function elasticDeploy(
             type: CommandType.deploy, command: `aws configure set region ${region}`
           };
 
-          return dockerExec(container, command).toPromise();
+          return dockerExec(container, command, variables).toPromise();
         })
         .then(result => {
           if (!(result && result.data === 0)) {
@@ -160,7 +161,7 @@ export function elasticDeploy(
             };
           }
 
-          return dockerExec(container, command).toPromise();
+          return dockerExec(container, command, variables).toPromise();
         })
         .then(() => {
           // 3. check if environment exists
@@ -176,7 +177,7 @@ export function elasticDeploy(
                   + ` --template-name "${environmentTemplate}"`
               };
 
-              return dockerExec(container, command)
+              return dockerExec(container, command, variables)
                 .toPromise()
                 .then(result => {
                   if (!(result && result.data === 0)) {
@@ -194,7 +195,7 @@ export function elasticDeploy(
                   + ` --solution-stack-name "${solutionStackName}"`
               };
 
-              return dockerExec(container, command)
+              return dockerExec(container, command, variables)
                 .toPromise()
                 .then(result => {
                   if (!(result && result.data === 0)) {
@@ -233,7 +234,7 @@ export function elasticDeploy(
   });
 }
 
-function environmentExists(container, environment): Promise<any> {
+function environmentExists(container: string, environment: string): Promise<any> {
   return new Promise((resolve, reject) => {
     const getEnvCommand = `aws elasticbeanstalk describe-environments --environment-names`
       + ` "${environment}"`;

diff --git a/src/api/deploy/aws-s3.ts b/src/api/deploy/aws-s3.ts
@@ -4,9 +4,10 @@ import { CommandType } from '../config';
 import { findFromEnvVariables } from '../deploy';
 import * as style from 'ansi-styles';
 import chalk from 'chalk';
+import * as envVars from '../env-variables';
 
 export function s3Deploy(
-  preferences: any, container: string, variables: string[]
+  preferences: any, container: string, variables: envVars.EnvVariables
 ): Observable<any> {
   return new Observable((observer: Observer<any>) => {
 
@@ -75,7 +76,7 @@ export function s3Deploy(
         }
 
         return Observable
-          .concat(...commands.map(command => dockerExec(container, command)))
+          .concat(...commands.map(command => dockerExec(container, command, variables)))
           .toPromise();
       })
       .then(result => {
@@ -90,7 +91,7 @@ export function s3Deploy(
           type: CommandType.deploy, command: `aws configure set aws_access_key_id ${accessKeyId}`
         };
 
-        return dockerExec(container, command).toPromise();
+        return dockerExec(container, command, variables).toPromise();
       })
       .then(result => {
         if (!(result && result.data === 0)) {
@@ -104,7 +105,7 @@ export function s3Deploy(
           command: `aws configure set aws_secret_access_key ${secretAccessKey}`
         };
 
-        return dockerExec(container, command).toPromise();
+        return dockerExec(container, command, variables).toPromise();
       })
       .then(result => {
         if (!(result && result.data === 0)) {
@@ -117,7 +118,7 @@ export function s3Deploy(
           type: CommandType.deploy, command: `aws configure set region ${region}`
         };
 
-        return dockerExec(container, command).toPromise();
+        return dockerExec(container, command, variables).toPromise();
       })
       .then(result => {
         if (!(result && result.data === 0)) {
@@ -140,7 +141,7 @@ export function s3Deploy(
         }
 
         return Observable
-          .concat(...application.map(command => dockerExec(container, command)))
+          .concat(...application.map(command => dockerExec(container, command, variables)))
           .toPromise();
       })
       .then(result => {
@@ -158,7 +159,7 @@ export function s3Deploy(
             + ` --s3-location s3://${preferences.bucket}/${zipName}.zip`
         };
 
-        return dockerExec(container, deploy).toPromise();
+        return dockerExec(container, deploy, variables).toPromise();
       })
       .then(result => {
         if (!(result && result.data === 0)) {
@@ -183,7 +184,7 @@ export function s3Deploy(
   });
 }
 
-function appSpecExists(container): Promise<any> {
+function appSpecExists(container: string): Promise<any> {
   return new Promise((resolve, reject) => {
     let appSpec = false;
     dockerExec(container, { type: CommandType.deploy, command: 'ls'})
@@ -199,7 +200,7 @@ function appSpecExists(container): Promise<any> {
   });
 }
 
-function applicationExists(container, application): Promise<any> {
+function applicationExists(container: string, application: string): Promise<any> {
   return new Promise((resolve, reject) => {
     const getApplicationCommand = 'aws deploy list-applications';
     let appExists = false;

diff --git a/src/api/docker.ts b/src/api/docker.ts
@@ -14,7 +14,7 @@ export const docker = new dockerode();
 export function createContainer(
   name: string,
   image: string,
-  envs: string[]
+  envs: envVars.EnvVariables
 ): Observable<ProcessOutput> {
   return new Observable(observer => {
     docker.createContainer({
@@ -23,7 +23,7 @@ export function createContainer(
       Tty: true,
       OpenStdin: true,
       StdinOnce: false,
-      Env: envs || [],
+      Env: envVars.serialize(envs) || [],
       Binds: ['/var/run/docker.sock:/var/run/docker.sock'],
       Privileged: true,
       ExposedPorts: {
@@ -60,7 +60,9 @@ export function startContainer(id: string): Promise<dockerode.Container> {
   return docker.getContainer(id).start();
 }
 
-export function dockerExec(id: string, cmd: any, env: envVars.EnvVariables = {}): Observable<any> {
+export function dockerExec(
+  id: string, cmd: any, env: envVars.EnvVariables = {}
+): Observable<any> {
   return new Observable(observer => {
     let exitCode = 255;
     let command;
@@ -125,6 +127,13 @@ export function dockerExec(id: string, cmd: any, env: envVars.EnvVariables = {})
             if (str.includes('//') && str.includes('@')) {
               str = str.replace(/\/\/(.*)@/, '//');
             }
+
+            const variable =
+              Object.keys(env).find(k => env[k].secure && str.indexOf(env[k].value) >= 0);
+            if (typeof variable !== 'undefined') {
+              str = str.replace(env[variable].value, '******');
+            }
+
             observer.next({ type: 'data', data: str });
           }
 
@@ -138,6 +147,22 @@ export function dockerExec(id: string, cmd: any, env: envVars.EnvVariables = {})
   });
 }
 
+export function dockerPwd(id: string, env: envVars.EnvVariables): Observable<ProcessOutput> {
+  return new Observable(observer => {
+    dockerExec(id, { type: CommandType.before_install, command: 'pwd'}, env)
+      .subscribe(event => {
+        if (event && event.data && event.type === 'data') {
+          envVars.set(env, 'ABSTRUSE_BUILD_DIR', event.data.replace('\r\n', ''));
+        }
+      },
+      err => observer.error(err),
+      () => {
+        observer.next({ type: 'env', data: env });
+        observer.complete();
+      });
+  });
+}
+
 export function listContainers(): Promise<dockerode.ContainerInfo[]> {
   return docker.listContainers();
 }