mirror of
https://github.com/versity/versitygw.git
synced 2026-07-02 16:54:25 +00:00
195 lines
5.2 KiB
Bash
195 lines
5.2 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Copyright 2024 Versity Software
|
|
# This file is licensed under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http:#www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# levels: 1 - crit, 2 - err, 3 - warn, 4 - info, 5 - debug, 6 - trace
|
|
|
|
check_log_params() {
|
|
if [ $# -ne 4 ]; then
|
|
echo "'check_log_params' requires function name, params list, expected, actual"
|
|
return 1
|
|
fi
|
|
if [ "$3" -ne "$4" ]; then
|
|
echo "function $1 requires $2" >&2
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
log() {
|
|
if ! check_log_params "log" "level, message" 2 $#; then
|
|
return 1
|
|
fi
|
|
if ! log_with_stack_ref "$1" "$2" 2; then
|
|
echo "error logging with stack ref"
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
log_with_stack_ref() {
|
|
if [[ $# -ne 3 ]]; then
|
|
echo "log_with_stack_ref function requires level, message, stack reference"
|
|
return 1
|
|
fi
|
|
# shellcheck disable=SC2153
|
|
if [[ $1 -gt ${LOG_LEVEL_INT:=4} ]]; then
|
|
return 0
|
|
fi
|
|
log_level=""
|
|
case "$1" in
|
|
1) log_level="CRIT";;
|
|
2) log_level="ERROR";;
|
|
3) log_level="WARN";;
|
|
4) log_level="INFO";;
|
|
5) log_level="DEBUG";;
|
|
6) log_level="TRACE";;
|
|
*) echo "invalid log level $1"; return 1
|
|
esac
|
|
if [[ ( "$2" == *"access"* ) || ( "$2" == *"secret"* ) || ( "$2" == *"Credential="* ) ]]; then
|
|
log_mask "$log_level" "$2" "$3"
|
|
return 0
|
|
fi
|
|
if ! log_message "$log_level" "$2" "$3"; then
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
log_mask() {
|
|
if ! check_log_params "log_mask" "level, string, stack reference" 3 $#; then
|
|
return 1
|
|
fi
|
|
local response masked_data
|
|
|
|
if ! response=$(mask_args "$2" 2>&1); then
|
|
echo "error masking args: $response"
|
|
return 1
|
|
fi
|
|
masked_data="$response"
|
|
|
|
if ! log_message "$1" "$masked_data" "$3"; then
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
mask_args() {
|
|
if ! check_log_params "mask_args" "string" 1 $#; then
|
|
return 1
|
|
fi
|
|
local unmasked_array=() first_line masked_data="" response masked_line
|
|
|
|
while IFS= read -r line; do
|
|
unmasked_array+=("$line")
|
|
done <<< "$1"
|
|
|
|
# shellcheck disable=SC2068
|
|
first_line=true
|
|
for line in "${unmasked_array[@]}"; do
|
|
if ! response=$(mask_arg_array "$line" 2>&1); then
|
|
echo "error masking arg array: $response"
|
|
return 1
|
|
fi
|
|
masked_line="$response"
|
|
|
|
if [ "$first_line" == "true" ]; then
|
|
masked_data="$masked_line"
|
|
first_line="false"
|
|
else
|
|
masked_data+=$(printf "\n%s" "$masked_line")
|
|
fi
|
|
done
|
|
echo "$masked_data"
|
|
return 0
|
|
}
|
|
|
|
mask_arg_array() {
|
|
if [ $# -eq 0 ]; then
|
|
echo "'mask_arg_array' requires data to be logged"
|
|
return 1
|
|
fi
|
|
|
|
local mask_next=false is_access=false masked_args=() # Initialize an array to hold the masked arguments
|
|
# shellcheck disable=SC2068
|
|
for arg in $@; do
|
|
if ! response=$(check_arg_for_mask "$mask_next" "$is_access" "$arg" 2>&1); then
|
|
echo "error checking arg for mask: $response"
|
|
return 1
|
|
fi
|
|
read -r mask_next is_access masked_arg <<< "$response"
|
|
masked_args+=("$masked_arg")
|
|
done
|
|
echo "${masked_args[*]}"
|
|
return 0
|
|
}
|
|
|
|
check_arg_for_mask() {
|
|
if ! check_log_params "check_arg_for_mask" "mask next, is access ID, arg" 3 $#; then
|
|
return 1
|
|
fi
|
|
local mask_next="$1" is_access="$2" arg="$3"
|
|
|
|
if [[ $mask_next == true ]]; then
|
|
if [ "$is_access" == "true" ]; then
|
|
masked_arg="${arg:0:4}****"
|
|
is_access=false
|
|
else
|
|
masked_arg="\********"
|
|
fi
|
|
mask_next=false
|
|
elif [[ "$arg" == --secret_key=* ]]; then
|
|
masked_arg="--secret_key=********"
|
|
elif [[ "$arg" == --secret=* ]]; then
|
|
masked_arg="--secret=********"
|
|
elif [[ "$arg" == --access=* ]]; then
|
|
masked_arg="${arg:0:13}****"
|
|
elif [[ "$arg" == --access_key=* ]]; then
|
|
masked_arg="${arg:0:17}****"
|
|
elif [[ "$arg" == *"Credential="* ]]; then
|
|
masked_arg="$(echo "$arg" | sed -E 's/(Credential=[A-Z0-9]{5})[^\/]*/\1****/g')"
|
|
elif [[ "$arg" == *"AWS_ACCESS_KEY_ID="* ]]; then
|
|
masked_arg="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:0:5}****"
|
|
else
|
|
if [[ "$arg" == "--secret_key" ]] || [[ "$arg" == "--secret" ]] || [[ "$arg" == "--s3-iam-secret" ]]; then
|
|
mask_next=true
|
|
elif [[ ( "$arg" == "--access" ) || ( "$arg" == "--owner") ]]; then
|
|
mask_next=true
|
|
is_access=true
|
|
fi
|
|
masked_arg="$arg"
|
|
fi
|
|
echo "$mask_next $is_access $masked_arg"
|
|
return 0
|
|
}
|
|
|
|
log_message() {
|
|
if ! check_log_params "log_message" "level, message, stack reference" 3 $#; then
|
|
return 1
|
|
fi
|
|
local bash_source_ref=$(($3+1)) now
|
|
now="$(date "+%Y-%m-%d %H:%M:%S")"
|
|
if [[ ( "$1" == "CRIT" ) || ( "$1" == "ERROR" ) ]]; then
|
|
printf "%s\n" "$now $1 $2" >&2
|
|
fi
|
|
if [[ -n "$TEST_LOG_FILE" ]]; then
|
|
if ! printf "%s\n" "$now ${BASH_SOURCE[$bash_source_ref]}:${BASH_LINENO[$3]} $1 $2" >> "${TEST_LOG_FILE}.${TEST_ID}"; then
|
|
echo "unable to write to log file '${TEST_LOG_FILE}.${TEST_ID}'"
|
|
return 1
|
|
fi
|
|
fi
|
|
return 0
|
|
}
|