Skip to content

Commit 57bf323

Browse files
jason-lynchjason-lynch
authored
feat: censor sensitive fields in API responses (#58)
PLAT-86
2 parents 20aa970 + 5d5c2b2 commit 57bf323

File tree

19 files changed

+797
-133
lines changed

19 files changed

+797
-133
lines changed

api/v1/design/database.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ var DatabaseUserSpec = g.Type("DatabaseUserSpec", func() {
8080
g.MinLength(1)
8181
})
8282
g.Attribute("password", g.String, func() {
83-
g.Description("The password for this database user.")
83+
g.Description("The password for this database user. This field will be excluded from the response of all endpoints.")
8484
g.Example("secret")
8585
g.MinLength(1)
8686
})
@@ -101,7 +101,7 @@ var DatabaseUserSpec = g.Type("DatabaseUserSpec", func() {
101101
g.Example([]string{"pgedge_superuser"})
102102
})
103103

104-
g.Required("username", "password")
104+
g.Required("username")
105105
})
106106

107107
var BackupRepositorySpec = g.Type("BackupRepositorySpec", func() {
@@ -134,13 +134,13 @@ var BackupRepositorySpec = g.Type("BackupRepositorySpec", func() {
134134
g.Example("s3.us-east-1.amazonaws.com")
135135
})
136136
g.Attribute("s3_key", g.String, func() {
137-
g.Description("An optional AWS access key ID to use for this repository. If not provided, pgbackrest will use the default credential provider chain.")
137+
g.Description("An optional AWS access key ID to use for this repository. If not provided, pgbackrest will use the default credential provider chain. This field will be excluded from the response of all endpoints.")
138138
g.MinLength(16)
139139
g.MaxLength(128)
140140
g.Example("AKIAIOSFODNN7EXAMPLE")
141141
})
142142
g.Attribute("s3_key_secret", g.String, func() {
143-
g.Description("The corresponding secret for the AWS access key ID in s3_key.")
143+
g.Description("The corresponding secret for the AWS access key ID in s3_key. This field will be excluded from the response of all endpoints.")
144144
g.MaxLength(128)
145145
g.Example("wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY")
146146
})
@@ -157,7 +157,7 @@ var BackupRepositorySpec = g.Type("BackupRepositorySpec", func() {
157157
g.Example("localhost")
158158
})
159159
g.Attribute("gcs_key", g.String, func() {
160-
g.Description("Optional base64-encoded private key data. If omitted, pgbackrest will use the service account attached to the instance profile.")
160+
g.Description("Optional base64-encoded private key data. If omitted, pgbackrest will use the service account attached to the instance profile. This field will be excluded from the response of all endpoints.")
161161
g.MaxLength(1024)
162162
g.Example("ZXhhbXBsZSBnY3Mga2V5Cg==")
163163
})
@@ -180,7 +180,7 @@ var BackupRepositorySpec = g.Type("BackupRepositorySpec", func() {
180180
g.Example("blob.core.usgovcloudapi.net")
181181
})
182182
g.Attribute("azure_key", g.String, func() {
183-
g.Description("An optional Azure storage account access key to use for this repository. If not provided, pgbackrest will use the VM's managed identity.")
183+
g.Description("The Azure storage account access key to use for this repository. This field will be excluded from the response of all endpoints.")
184184
g.MaxLength(128)
185185
g.Example("YXpLZXk=")
186186
})

api/v1/gen/control_plane/service.go

Lines changed: 13 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/v1/gen/control_plane/views/view.go

Lines changed: 10 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/v1/gen/http/control_plane/client/encode_decode.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)