Hiding sensitive data in inspect (#64)

Author: moul

README.md

@@ -403,6 +403,7 @@ Examples:
     $ scw inspect my-server | jq '.[0].public_ip.address'
     $ scw inspect $(scw inspect my-image | jq '.[0].root_volume.id')
     $ scw inspect -f "{{ .PublicAddress.IP }}" my-server
+    $ scw --sensitive inspect my-server
 ```
 
 
@@ -1017,6 +1018,8 @@ $ scw inspect myserver | jq '.[0].public_ip.address'
 
 #### Features
 
+* Hiding sensitive data by default on `scw inspect` ([#64](https://github.com/scaleway/scaleway-cli/issues/64))
+* Support of `scw --sensitive` option ([#64](https://github.com/scaleway/scaleway-cli/issues/64))
 * Support of `scw run --attach` option ([#65](https://github.com/scaleway/scaleway-cli/issues/65))
 * `scw {create,run}`, prefixing root-volume with the server hostname ([#63](https://github.com/scaleway/scaleway-cli/issues/63))
 * `scw {create,run} IMAGE`, *IMAGE* can be a snapshot ([#19](https://github.com/scaleway/scaleway-cli/issues/19))

api/api.go

@@ -1273,3 +1273,10 @@ func (s *ScalewayAPI) GetBootscriptID(needle string) string {
 	os.Exit(1)
 	return ""
 }
+
+// HideApiCredentials removes API credentials from a string
+func (s *ScalewayAPI) HideApiCredentials(input string) string {
+	output := strings.Replace(input, s.Token, "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX", -1)
+	output = strings.Replace(output, s.Organization, "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX", -1)
+	return output
+}

commands/help.go

@@ -44,6 +44,7 @@ Options:
  -D, --debug=false            Enable debug mode
  -h, --help=false             Print usage
  -v, --version=false          Print version information and quit
+ --sensitive=false            Show sensitive data in outputs, i.e. API Token/Organization
 
 Commands:
 {{range .}}{{if not .Hidden}}    {{.Name | printf "%-9s"}} {{.Description}}

commands/inspect.go

@@ -35,6 +35,7 @@ var cmdInspect = &types.Command{
     $ scw inspect my-server | jq '.[0].public_ip.address'
     $ scw inspect $(scw inspect my-image | jq '.[0].root_volume.id')
     $ scw inspect -f "{{ .PublicAddress.IP }}" my-server
+    $ scw --sensitive inspect my-server
 `,
 }
 
@@ -92,6 +93,9 @@ func runInspect(cmd *types.Command, args []string) {
 	res += "]"
 
 	if inspectFormat == "" {
+		if os.Getenv("SCW_SENSITIVE") != "1" {
+			res = cmd.API.HideApiCredentials(res)
+		}
 		fmt.Println(res)
 	}
 

main.go

@@ -51,6 +51,7 @@ var (
 	flAPIEndPoint *string
 	flDebug       = flag.Bool([]string{"D", "-debug"}, false, "Enable debug mode")
 	flVersion     = flag.Bool([]string{"v", "-version"}, false, "Print version information and quit")
+	flSensitive   = flag.Bool([]string{"-sensitive"}, false, "Show sensitive data in outputs, i.e. API Token/Organization")
 )
 
 func main() {
@@ -73,6 +74,10 @@ func main() {
 		os.Setenv("scaleway_api_endpoint", *flAPIEndPoint)
 	}
 
+	if *flSensitive {
+		os.Setenv("SCW_SENSITIVE", "1")
+	}
+
 	if *flDebug {
 		os.Setenv("DEBUG", "1")
 	}