Revert "Implement secrets concealer in build logs"

This reverts commit 5377c62844.
2025-02-19 20:56:21 +00:00 · 2016-11-16 17:08:25 -08:00 · 2016-11-16 17:08:25 -08:00 · 9eee1c158a
commit 9eee1c158a
parent 25da304294
5 changed files with 42 additions and 95 deletions
--- a/agent/agent.go
+++ b/agent/agent.go
@ -33,7 +33,6 @@ type Agent struct {
 	Netrc     []string
 	Local     string
 	Pull      bool
-	ConcealSecrets bool
 }

 func (a *Agent) Poll() error {
@ -189,7 +188,6 @@ func (a *Agent) exec(spec *yaml.Config, payload *model.Work, cancel <-chan bool)
 		return err
 	}

-	secretsReplacer := newSecretsReplacer(payload.Secrets)
 	timeout := time.After(time.Duration(payload.Repo.Timeout) * time.Minute)

 	for {
@ -229,25 +227,11 @@ func (a *Agent) exec(spec *yaml.Config, payload *model.Work, cancel <-chan bool)
 				pipeline.Exec()
 			}
 		case line := <-pipeline.Pipe():
-			// FIXME(vaijab): avoid checking a.ConcealSecrets is true everytime new line is received
-			if a.ConcealSecrets {
-				line.Out = secretsReplacer.Replace(line.Out)
-			}
 			a.Logger(line)
 		}
 	}
 }

-// newSecretsReplacer takes []*model.Secret as secrets and returns a list of
-// secret value, "*****" pairs.
-func newSecretsReplacer(secrets []*model.Secret) *strings.Replacer {
-	var r []string
-	for _, s := range secrets {
-		r = append(r, s.Value, "*****")
-	}
-	return strings.NewReplacer(r...)
-}
-
 func toEnv(w *model.Work) map[string]string {
 	envs := map[string]string{
 		"CI":                         "drone",
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@ -1,23 +0,0 @@
-package agent
-
-import "testing"
-import "github.com/drone/drone/model"
-
-func Test_newSecretsReplacer(t *testing.T) {
-	secrets := []*model.Secret{
-		{Name: "SECRET",
-			Value:  "secret_value",
-			Images: []string{"*"},
-			Events: []string{"*"},
-		},
-	}
-
-	text := "This is SECRET: secret_value"
-	expected := "This is SECRET: *****"
-	secretsReplacer := newSecretsReplacer(secrets)
-	result := secretsReplacer.Replace(text)
-
-	if result != expected {
-		t.Errorf("Wanted %q, got %q.", expected, result)
-	}
-}
--- a/drone/agent/agent.go
+++ b/drone/agent/agent.go
@ -75,11 +75,6 @@ var AgentCmd = cli.Command{
 			Name:   "drone-secret",
 			Usage:  "drone agent secret",
 		},
-		cli.BoolFlag{
-			Name:   "conceal-secrets",
-			Usage:  "conceal secrets from build logs",
-			EnvVar: "DRONE_CONCEAL_SECRETS",
-		},
 		cli.DurationFlag{
 			EnvVar: "DRONE_BACKOFF",
 			Name:   "backoff",
@ -197,7 +192,6 @@ func start(c *cli.Context) {
 				privileged: c.StringSlice("privileged"),
 				pull:       c.BoolT("pull"),
 				logs:       int64(c.Int("max-log-size")) * 1000000,
-				concealSecrets: c.Bool("conceal-secrets"),
 			},
 		}

--- a/drone/agent/exec.go
+++ b/drone/agent/exec.go
@ -19,7 +19,6 @@ type config struct {
 	pull       bool
 	logs       int64
 	timeout    time.Duration
-	concealSecrets bool
 }

 type pipeline struct {
@ -49,7 +48,6 @@ func (r *pipeline) run(w *model.Work) {
 		Namespace: r.config.namespace,
 		Escalate:  r.config.privileged,
 		Pull:      r.config.pull,
-		ConcealSecrets: r.config.concealSecrets,
 	}

 	cancelFunc := func(m *stomp.Message) {
--- a/drone/exec.go
+++ b/drone/exec.go
@ -48,11 +48,6 @@ var execCmd = cli.Command{
 			Usage:  "build secrets file in KEY=VALUE format",
 			EnvVar: "DRONE_SECRETS_FILE",
 		},
-		cli.BoolFlag{
-			Name:   "conceal-secrets",
-			Usage:  "conceal secrets from build logs",
-			EnvVar: "DRONE_CONCEAL_SECRETS",
-		},
 		cli.StringSliceFlag{
 			Name:   "matrix",
 			Usage:  "build matrix in KEY=VALUE format",
@ -342,7 +337,6 @@ func exec(c *cli.Context) error {
 		Netrc:     []string{},
 		Local:     dir,
 		Pull:      c.Bool("pull"),
-		ConcealSecrets: c.Bool("conceal-secrets"),
 	}

 	payload := &model.Work{