Do not print secret content in error message (#276)

vpnachev · web-flow · commit e35b77c05cf4 · 2021-05-14T16:41:14.000+03:00
diff --git a/pkg/openstack/credentials.go b/pkg/openstack/credentials.go
@@ -57,19 +57,19 @@ func ExtractCredentials(secret *corev1.Secret) (*Credentials, error) {
 	if secret.Data == nil {
 		return nil, fmt.Errorf("secret does not contain any data")
 	}
-	domainName, err := getRequired(secret.Data, DomainName)
+	domainName, err := getRequired(secret, DomainName)
 	if err != nil {
 		return nil, err
 	}
-	tenantName, err := getRequired(secret.Data, TenantName)
+	tenantName, err := getRequired(secret, TenantName)
 	if err != nil {
 		return nil, err
 	}
-	userName, err := getRequired(secret.Data, UserName)
+	userName, err := getRequired(secret, UserName)
 	if err != nil {
 		return nil, err
 	}
-	password, err := getRequired(secret.Data, Password)
+	password, err := getRequired(secret, Password)
 	if err != nil {
 		return nil, err
 	}
@@ -85,13 +85,13 @@ func ExtractCredentials(secret *corev1.Secret) (*Credentials, error) {
 }
 
 // getRequired checks if the provided map has a valid value for a corresponding key.
-func getRequired(data map[string][]byte, key string) (string, error) {
-	value, ok := data[key]
+func getRequired(secret *corev1.Secret, key string) (string, error) {
+	value, ok := secret.Data[key]
 	if !ok {
-		return "", fmt.Errorf("map %v does not contain key %s", data, key)
+		return "", fmt.Errorf("missing %q data key in secret %s/%s", key, secret.Namespace, secret.Name)
 	}
 	if len(value) == 0 {
-		return "", fmt.Errorf("key %s may not be empty", key)
+		return "", fmt.Errorf("key %q in secret %s/%s cannot be empty", key, secret.Namespace, secret.Name)
 	}
 	return string(value), nil
 }

Original file line number	Diff line number	Diff line change
`@@ -57,19 +57,19 @@ func ExtractCredentials(secret corev1.Secret) (Credentials, error) {`
`57`	`57`	`if secret.Data == nil {`
`58`	`58`	`return nil, fmt.Errorf("secret does not contain any data")`
`59`	`59`	`}`
`60`		`- domainName, err := getRequired(secret.Data, DomainName)`
	`60`	`+ domainName, err := getRequired(secret, DomainName)`
`61`	`61`	`if err != nil {`
`62`	`62`	`return nil, err`
`63`	`63`	`}`
`64`		`- tenantName, err := getRequired(secret.Data, TenantName)`
	`64`	`+ tenantName, err := getRequired(secret, TenantName)`
`65`	`65`	`if err != nil {`
`66`	`66`	`return nil, err`
`67`	`67`	`}`
`68`		`- userName, err := getRequired(secret.Data, UserName)`
	`68`	`+ userName, err := getRequired(secret, UserName)`
`69`	`69`	`if err != nil {`
`70`	`70`	`return nil, err`
`71`	`71`	`}`
`72`		`- password, err := getRequired(secret.Data, Password)`
	`72`	`+ password, err := getRequired(secret, Password)`
`73`	`73`	`if err != nil {`
`74`	`74`	`return nil, err`
`75`	`75`	`}`
`@@ -85,13 +85,13 @@ func ExtractCredentials(secret corev1.Secret) (Credentials, error) {`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`// getRequired checks if the provided map has a valid value for a corresponding key.`
`88`		`-func getRequired(data map[string][]byte, key string) (string, error) {`
`89`		`- value, ok := data[key]`
	`88`	`+func getRequired(secret *corev1.Secret, key string) (string, error) {`
	`89`	`+ value, ok := secret.Data[key]`
`90`	`90`	`if !ok {`
`91`		`- return "", fmt.Errorf("map %v does not contain key %s", data, key)`
	`91`	`+ return "", fmt.Errorf("missing %q data key in secret %s/%s", key, secret.Namespace, secret.Name)`
`92`	`92`	`}`
`93`	`93`	`if len(value) == 0 {`
`94`		`- return "", fmt.Errorf("key %s may not be empty", key)`
	`94`	`+ return "", fmt.Errorf("key %q in secret %s/%s cannot be empty", key, secret.Namespace, secret.Name)`
`95`	`95`	`}`
`96`	`96`	`return string(value), nil`
`97`	`97`	`}`