Mask password/token in log messages.

sonarqube/httpHelpers.go

@@ -2,8 +2,11 @@ package sonarqube
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
+	"net/url"
+	"strings"
 
 	"github.com/hashicorp/go-retryablehttp"
 )
@@ -26,17 +29,17 @@ type Paging struct {
 }
 
 // helper function to make api request to sonarqube
-func httpRequestHelper(client *retryablehttp.Client, method string, sonarqubeURL string, expectedResponseCode int, errormsg string) (http.Response, error) {
+func httpRequestHelper(client *retryablehttp.Client, method string, sonarqubeURL url.URL, expectedResponseCode int, errormsg string) (http.Response, error) {
 	// Prepare request
-	req, err := retryablehttp.NewRequest(method, sonarqubeURL, http.NoBody)
+	req, err := retryablehttp.NewRequest(method, sonarqubeURL.String(), http.NoBody)
 	if err != nil {
-		return http.Response{}, fmt.Errorf("failed to prepare http request: %v. Request: %v", err, req)
+		return http.Response{}, fmt.Errorf("failed to prepare http request: %v", censorError(err, sonarqubeURL.User.String()))
 	}
 
 	// Execute request
 	resp, err := client.Do(req)
 	if err != nil {
-		return http.Response{}, fmt.Errorf("failed to execute http request: %v. Request: %v", err, req)
+		return http.Response{}, fmt.Errorf("failed to execute http request: %v", censorError(err, sonarqubeURL.User.String()))
 	}
 
 	// Check response code
@@ -57,3 +60,13 @@ func httpRequestHelper(client *retryablehttp.Client, method string, sonarqubeURL
 
 	return *resp, nil
 }
+
+// https://github.com/jdamata/terraform-provider-sonarqube/issues/201
+// go-retryablehttp error contains the token/user:pass in plaintext.
+// We want to censor that secret before logging the error
+func censorError(err error, secret string) error {
+	// Replace the secret with asterisks of the same length
+	asterisks := strings.Repeat("*", len(secret))
+	result := strings.Replace(err.Error(), secret, asterisks, -1)
+	return errors.New(result)
+}

sonarqube/httpHelpers_test.go

@@ -0,0 +1,29 @@
+package sonarqube
+
+import (
+	"errors"
+	"reflect"
+	"testing"
+)
+
+// TestCensorError calls censorError with sample log messages , checking
+// for a valid return value.
+func TestCensorError(t *testing.T) {
+	cases := []struct {
+		errorMessage error
+		token        string
+		expected     string
+	}{
+		{
+			errorMessage: errors.New("Error updating SonarQube user: failed to execute http request: POST https://PASSWORD:@sonarqube.example.com/api/users/update_identity_provider?login=gitlab-john-doe&newExternalIdentity=john-doe&newExternalProvider=gitlab giving up after 5 attempt(s). Request: &{0xab1940 0xc00021c600}"),
+			token:        "PASSWORD",
+			expected:     "Error updating SonarQube user: failed to execute http request: POST https://********:@sonarqube.example.com/api/users/update_identity_provider?login=gitlab-john-doe&newExternalIdentity=john-doe&newExternalProvider=gitlab giving up after 5 attempt(s). Request: &{0xab1940 0xc00021c600}",
+		},
+	}
+	for _, c := range cases {
+		out := censorError(c.errorMessage, c.token)
+		if !reflect.DeepEqual(out.Error(), c.expected) {
+			t.Fatalf("Error matching output and expected: %#v vs %#v", out.Error(), c.expected)
+		}
+	}
+}

sonarqube/provider.go

@@ -207,7 +207,7 @@ func sonarqubeSystemInfo(client *retryablehttp.Client, sonarqube url.URL) (strin
 	resp, err := httpRequestHelper(
 		client,
 		"GET",
-		sonarqube.String(),
+		sonarqube,
 		http.StatusOK,
 		"sonarqubeHealth",
 	)

sonarqube/resource_sonarqube_alm_azure.go

@@ -69,7 +69,7 @@ func resourceSonarqubeAlmAzureCreate(d *schema.ResourceData, m interface{}) erro
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAlmAzureCreate",
 	)
@@ -90,7 +90,7 @@ func resourceSonarqubeAlmAzureRead(d *schema.ResourceData, m interface{}) error
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeAlmAzureRead",
 	)
@@ -129,7 +129,7 @@ func resourceSonarqubeAlmAzureUpdate(d *schema.ResourceData, m interface{}) erro
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeAlmAzureUpdate",
 	)
@@ -151,7 +151,7 @@ func resourceSonarqubeAlmAzureDelete(d *schema.ResourceData, m interface{}) erro
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAlmAzureDelete",
 	)

sonarqube/resource_sonarqube_alm_github.go

@@ -86,7 +86,7 @@ func resourceSonarqubeAlmGithubCreate(d *schema.ResourceData, m interface{}) err
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAlmGithubCreate",
 	)
@@ -108,7 +108,7 @@ func resourceSonarqubeAlmGithubRead(d *schema.ResourceData, m interface{}) error
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeAlmGithubRead",
 	)
@@ -153,7 +153,7 @@ func resourceSonarqubeAlmGithubUpdate(d *schema.ResourceData, m interface{}) err
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeAlmGithubUpdate",
 	)
@@ -175,7 +175,7 @@ func resourceSonarqubeAlmGithubDelete(d *schema.ResourceData, m interface{}) err
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAlmGithubDelete",
 	)

sonarqube/resource_sonarqube_alm_gitlab.go

@@ -64,7 +64,7 @@ func resourceSonarqubeAlmGitlabCreate(d *schema.ResourceData, m interface{}) err
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAlmGitlabCreate",
 	)
@@ -85,7 +85,7 @@ func resourceSonarqubeAlmGitlabRead(d *schema.ResourceData, m interface{}) error
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeAlmGitlabRead",
 	)
@@ -126,7 +126,7 @@ func resourceSonarqubeAlmGitlabUpdate(d *schema.ResourceData, m interface{}) err
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeAlmGitlabUpdate",
 	)
@@ -148,7 +148,7 @@ func resourceSonarqubeAlmGitlabDelete(d *schema.ResourceData, m interface{}) err
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAlmGitlabDelete",
 	)

sonarqube/resource_sonarqube_azure_binding.go

@@ -93,7 +93,7 @@ func resourceSonarqubeAzureBindingCreate(d *schema.ResourceData, m interface{})
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAzureBindingCreate",
 	)
@@ -129,7 +129,7 @@ func resourceSonarqubeAzureBindingRead(d *schema.ResourceData, m interface{}) er
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeAzureBindingRead",
 	)
@@ -173,7 +173,7 @@ func resourceSonarqubeAzureBindingDelete(d *schema.ResourceData, m interface{})
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeAzureBindingDelete",
 	)

sonarqube/resource_sonarqube_github_binding.go

@@ -89,7 +89,7 @@ func resourceSonarqubeGithubBindingCreate(d *schema.ResourceData, m interface{})
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeGithubBindingCreate",
 	)
@@ -119,7 +119,7 @@ func resourceSonarqubeGithubBindingRead(d *schema.ResourceData, m interface{}) e
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeGithubBindingRead",
 	)
@@ -161,7 +161,7 @@ func resourceSonarqubeGithubBindingDelete(d *schema.ResourceData, m interface{})
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeGithubBindingDelete",
 	)

sonarqube/resource_sonarqube_gitlab_binding.go

@@ -71,7 +71,7 @@ func resourceSonarqubeGitlabBindingCreate(d *schema.ResourceData, m interface{})
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeGitlabBindingCreate",
 	)
@@ -101,7 +101,7 @@ func resourceSonarqubeGitlabBindingRead(d *schema.ResourceData, m interface{}) e
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeGitlabBindingRead",
 	)
@@ -142,7 +142,7 @@ func resourceSonarqubeGitlabBindingDelete(d *schema.ResourceData, m interface{})
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeGitlabBindingDelete",
 	)

sonarqube/resource_sonarqube_group.go

@@ -68,7 +68,7 @@ func resourceSonarqubeGroupCreate(d *schema.ResourceData, m interface{}) error {
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeGroupCreate",
 	)
@@ -99,7 +99,7 @@ func resourceSonarqubeGroupRead(d *schema.ResourceData, m interface{}) error {
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeGroupRead",
 	)
@@ -168,7 +168,7 @@ func resourceSonarqubeGroupUpdate(d *schema.ResourceData, m interface{}) error {
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeGroupUpdate",
 	)
@@ -191,7 +191,7 @@ func resourceSonarqubeGroupDelete(d *schema.ResourceData, m interface{}) error {
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeGroupDelete",
 	)

sonarqube/resource_sonarqube_group_member.go

@@ -68,7 +68,7 @@ func resourceSonarqubeGroupMemberCreate(d *schema.ResourceData, m interface{}) e
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeGroupMemberCreate",
 	)
@@ -93,7 +93,7 @@ func resourceSonarqubeGroupMemberRead(d *schema.ResourceData, m interface{}) err
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeGroupMemberRead",
 	)
@@ -141,7 +141,7 @@ func resourceSonarqubeGroupMemberDelete(d *schema.ResourceData, m interface{}) e
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusNoContent,
 		"resourceSonarqubeGroupMemberDelete",
 	)
@@ -181,7 +181,7 @@ func checkGroupMemberExists(groupName string, loginName string, m interface{}) (
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"checkGroupMemberExists",
 	)

sonarqube/resource_sonarqube_new_code_periods.go

@@ -116,7 +116,7 @@ func resourceSonarqubeNewCodePeriodsCreate(d *schema.ResourceData, m interface{}
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeNewCodePeriodsCreate",
 	)
@@ -148,7 +148,7 @@ func resourceSonarqubeNewCodePeriodsRead(d *schema.ResourceData, m interface{})
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"GET",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeNewCodePeriodsRead",
 	)
@@ -197,7 +197,7 @@ func resourceSonarqubeNewCodePeriodsDelete(d *schema.ResourceData, m interface{}
 	resp, err := httpRequestHelper(
 		m.(*ProviderConfiguration).httpClient,
 		"POST",
-		sonarQubeURL.String(),
+		sonarQubeURL,
 		http.StatusOK,
 		"resourceSonarqubeNewCodePeriodsDelete",
 	)