hide passwords and secrets from repo-config subcommand by default

2025-07-16 07:19:57 +00:00 · 2023-02-05 16:42:29 +02:00
parent 117f096d41
commit 4db8ad8e8d
14 changed files with 86 additions and 35 deletions
--- a/src/ahriman/application/ahriman.py
+++ b/src/ahriman/application/ahriman.py
@ -750,6 +750,8 @@ def _set_service_config_parser(root: SubParserAction) -> argparse.ArgumentParser
    parser = root.add_parser("service-config", aliases=["config", "repo-config"], help="dump configuration",
                             description="dump configuration for the specified architecture",
                             formatter_class=_formatter)
+    parser.add_argument("--secure", help="hide passwords and secrets from output",
+                        action=argparse.BooleanOptionalAction, default=True)
    parser.set_defaults(handler=handlers.Dump, lock=None, report=False, quiet=True, unsafe=True)
    return parser

--- a/src/ahriman/application/handlers/dump.py
+++ b/src/ahriman/application/handlers/dump.py
@ -48,4 +48,4 @@ class Dump(Handler):
        """
        dump = configuration.dump()
        for section, values in sorted(dump.items()):
-            ConfigurationPrinter(section, values).print(verbose=False, separator=" = ")
+            ConfigurationPrinter(section, values).print(verbose=not args.secure, separator=" = ")
--- a/src/ahriman/core/database/migrations/m000_initial.py
+++ b/src/ahriman/core/database/migrations/m000_initial.py
@ -114,19 +114,19 @@ def migrate_package_statuses(connection: Connection, paths: RepositoryPaths) ->
            values
            (:package_base, :version, :aur_url)
            """,
-            dict(package_base=metadata.base, version=metadata.version, aur_url=""))
+            {"package_base": metadata.base, "version": metadata.version, "aur_url": ""})
        connection.execute(
            """
            insert into package_statuses
            (package_base, status, last_updated)
            values
            (:package_base, :status, :last_updated)""",
-            dict(package_base=metadata.base, status=last_status.status.value, last_updated=last_status.timestamp))
+            {"package_base": metadata.base, "status": last_status.status.value, "last_updated": last_status.timestamp})

    def insert_packages(metadata: Package) -> None:
        package_list = []
        for name, description in metadata.packages.items():
-            package_list.append(dict(package=name, package_base=metadata.base, **description.view()))
+            package_list.append({"package": name, "package_base": metadata.base, **description.view()})
        connection.executemany(
            """
            insert into packages
--- a/src/ahriman/core/database/migrations/m001_package_source.py
+++ b/src/ahriman/core/database/migrations/m001_package_source.py
@ -80,11 +80,11 @@ def migrate_package_remotes(connection: Connection, paths: RepositoryPaths) -> N
            web_url = :web_url, source = :source
            where package_base = :package_base
            """,
-            dict(
-                package_base=base,
-                branch=remote.branch, git_url=remote.git_url, path=remote.path,
-                web_url=remote.web_url, source=remote.source
-            )
+            {
+                "package_base": base,
+                "branch": remote.branch, "git_url": remote.git_url, "path": remote.path,
+                "web_url": remote.web_url, "source": remote.source
+            }
        )

    packages = PackageOperations._packages_get_select_package_bases(connection)
--- a/src/ahriman/core/database/operations/logs_operations.py
+++ b/src/ahriman/core/database/operations/logs_operations.py
@ -71,12 +71,12 @@ class LogsOperations(Operations):
                values
                (:package_base, :process_id, :created, :record)
                """,
-                dict(
-                    package_base=log_record_id.package_base,
-                    process_id=log_record_id.process_id,
-                    created=created,
-                    record=record
-                )
+                {
+                    "package_base": log_record_id.package_base,
+                    "process_id": log_record_id.process_id,
+                    "created": created,
+                    "record": record,
+                }
            )

        return self.with_connection(run, commit=True)
--- a/src/ahriman/core/database/operations/package_operations.py
+++ b/src/ahriman/core/database/operations/package_operations.py
@ -82,15 +82,15 @@ class PackageOperations(Operations):
            on conflict (package_base) do update set
            version = :version, branch = :branch, git_url = :git_url, path = :path, web_url = :web_url, source = :source
            """,
-            dict(
-                package_base=package.base,
-                version=package.version,
-                branch=package.remote.branch if package.remote is not None else None,
-                git_url=package.remote.git_url if package.remote is not None else None,
-                path=package.remote.path if package.remote is not None else None,
-                web_url=package.remote.web_url if package.remote is not None else None,
-                source=package.remote.source.value if package.remote is not None else None,
-            )
+            {
+                "package_base": package.base,
+                "version": package.version,
+                "branch": package.remote.branch if package.remote is not None else None,
+                "git_url": package.remote.git_url if package.remote is not None else None,
+                "path": package.remote.path if package.remote is not None else None,
+                "web_url": package.remote.web_url if package.remote is not None else None,
+                "source": package.remote.source.value if package.remote is not None else None,
+            }
        )

    @staticmethod
@ -106,7 +106,7 @@ class PackageOperations(Operations):
        for name, description in package.packages.items():
            if description.architecture is None:
                continue  # architecture is required
-            package_list.append(dict(package=name, package_base=package.base, **description.view()))
+            package_list.append({"package": name, "package_base": package.base, **description.view()})
        connection.executemany(
            """
            insert into packages
@ -145,7 +145,7 @@ class PackageOperations(Operations):
            on conflict (package_base) do update set
            status = :status, last_updated = :last_updated
            """,
-            dict(package_base=package_base, status=status.status.value, last_updated=status.timestamp))
+            {"package_base": package_base, "status": status.status.value, "last_updated": status.timestamp})

    @staticmethod
    def _packages_get_select_package_bases(connection: Connection) -> Dict[str, Package]:
--- a/src/ahriman/core/formatters/configuration_printer.py
+++ b/src/ahriman/core/formatters/configuration_printer.py
@ -28,9 +28,18 @@ class ConfigurationPrinter(StringPrinter):
    print content of the configuration section

    Attributes:
+        HIDE_KEYS(List[str]): (class attribute) hide values for mentioned keys. This list must be used in order to hide
+            passwords from outputs
        values(Dict[str, str]): configuration values dictionary
    """

+    HIDE_KEYS = [
+        "api_key",  # telegram key
+        "client_secret",  # oauth secret
+        "password",  # generic password (github, email, web server, etc)
+        "secret_key",  # aws secret key
+    ]
+
    def __init__(self, section: str, values: Dict[str, str]) -> None:
        """
        default constructor
@ -50,6 +59,6 @@ class ConfigurationPrinter(StringPrinter):
            List[Property]: list of content properties
        """
        return [
-            Property(key, value, is_required=True)
+            Property(key, value, is_required=key not in self.HIDE_KEYS)
            for key, value in sorted(self.values.items())
        ]