From 043d150cc781782e0c173fe142e93cead8122568 Mon Sep 17 00:00:00 2001
From: liranmauda <liran.mauda@gmail.com>
Date: Wed, 1 May 2024 18:17:23 +0300
Subject: [PATCH] Fix printing of Identity

Fix printing of Identity

Signed-off-by: liranmauda <liran.mauda@gmail.com>
---
 pkg/backingstore/reconciler.go   | 26 +++++++++++++-------------
 pkg/namespacestore/reconciler.go | 28 ++++++++++++++--------------
 pkg/nb/types.go                  | 14 +++++++-------
 3 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/pkg/backingstore/reconciler.go b/pkg/backingstore/reconciler.go
index 2239883a6..512e7e405 100644
--- a/pkg/backingstore/reconciler.go
+++ b/pkg/backingstore/reconciler.go
@@ -625,7 +625,7 @@ func (r *Reconciler) ReadSystemInfo() error {
 		if pool.CloudInfo == nil ||
 			pool.CloudInfo.EndpointType != conn.EndpointType ||
 			pool.CloudInfo.Endpoint != conn.Endpoint ||
-			pool.CloudInfo.Identity != conn.Identity {
+			pool.CloudInfo.Identity != string(conn.Identity) {
 			r.Logger.Warnf("using existing pool but connection mismatch %+v pool %+v %+v", conn, pool, pool.CloudInfo)
 			r.UpdateExternalConnectionParams = &nb.UpdateExternalConnectionParams{
 				Name:               conn.Name,
@@ -644,7 +644,7 @@ func (r *Reconciler) ReadSystemInfo() error {
 			c := &account.ExternalConnections.Connections[j]
 			if c.EndpointType == conn.EndpointType &&
 				c.Endpoint == conn.Endpoint &&
-				c.Identity == conn.Identity {
+				c.Identity == string(conn.Identity) {
 				r.ExternalConnectionInfo = c
 				conn.Name = c.Name
 			}
@@ -689,8 +689,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 			conn.AWSSTSARN = *r.BackingStore.Spec.AWSS3.AWSSTSRoleARN
 		} else {
 			conn.EndpointType = nb.EndpointTypeAws
-			conn.Identity = r.Secret.StringData["AWS_ACCESS_KEY_ID"]
-			conn.Secret = r.Secret.StringData["AWS_SECRET_ACCESS_KEY"]
+			conn.Identity = nb.MaskedString(r.Secret.StringData["AWS_ACCESS_KEY_ID"])
+			conn.Secret = nb.MaskedString(r.Secret.StringData["AWS_SECRET_ACCESS_KEY"])
 		}
 		awsS3 := r.BackingStore.Spec.AWSS3
 		u := url.URL{
@@ -708,8 +708,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 
 	case nbv1.StoreTypeS3Compatible:
 		conn.EndpointType = nb.EndpointTypeS3Compat
-		conn.Identity = r.Secret.StringData["AWS_ACCESS_KEY_ID"]
-		conn.Secret = r.Secret.StringData["AWS_SECRET_ACCESS_KEY"]
+		conn.Identity = nb.MaskedString(r.Secret.StringData["AWS_ACCESS_KEY_ID"])
+		conn.Secret = nb.MaskedString(r.Secret.StringData["AWS_SECRET_ACCESS_KEY"])
 		s3Compatible := r.BackingStore.Spec.S3Compatible
 		if s3Compatible.SignatureVersion == nbv1.S3SignatureVersionV4 {
 			conn.AuthMethod = "AWS_V4"
@@ -754,8 +754,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 
 	case nbv1.StoreTypeIBMCos:
 		conn.EndpointType = nb.EndpointTypeIBMCos
-		conn.Identity = r.Secret.StringData["IBM_COS_ACCESS_KEY_ID"]
-		conn.Secret = r.Secret.StringData["IBM_COS_SECRET_ACCESS_KEY"]
+		conn.Identity = nb.MaskedString(r.Secret.StringData["IBM_COS_ACCESS_KEY_ID"])
+		conn.Secret = nb.MaskedString(r.Secret.StringData["IBM_COS_SECRET_ACCESS_KEY"])
 		IBMCos := r.BackingStore.Spec.IBMCos
 		if IBMCos.SignatureVersion == nbv1.S3SignatureVersionV4 {
 			conn.AuthMethod = "AWS_V4"
@@ -801,8 +801,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 	case nbv1.StoreTypeAzureBlob:
 		conn.EndpointType = nb.EndpointTypeAzure
 		conn.Endpoint = "https://blob.core.windows.net"
-		conn.Identity = r.Secret.StringData["AccountName"]
-		conn.Secret = r.Secret.StringData["AccountKey"]
+		conn.Identity = nb.MaskedString(r.Secret.StringData["AccountName"])
+		conn.Secret = nb.MaskedString(r.Secret.StringData["AccountKey"])
 		tenantID := r.Secret.StringData["TenantID"]
 		appID := r.Secret.StringData["ApplicationID"]
 		appSecret := r.Secret.StringData["ApplicationSecret"]
@@ -831,8 +831,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 				r.Secret.Name,
 			))
 		}
-		conn.Identity = privateKey.ID
-		conn.Secret = privateKeyJSON
+		conn.Identity = nb.MaskedString(privateKey.ID)
+		conn.Secret = nb.MaskedString(privateKeyJSON)
 
 	case nbv1.StoreTypePVPool:
 		return nil, util.NewPersistentError("InvalidType",
@@ -843,7 +843,7 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 			fmt.Sprintf("Invalid backing store type %q", r.BackingStore.Spec.Type))
 	}
 	if !util.IsSTSClusterBS(r.BackingStore) {
-		if !util.IsStringGraphicOrSpacesCharsOnly(conn.Identity) || !util.IsStringGraphicOrSpacesCharsOnly(conn.Secret) {
+		if !util.IsStringGraphicOrSpacesCharsOnly(string(conn.Identity)) || !util.IsStringGraphicOrSpacesCharsOnly(string(conn.Secret)) {
 			return nil, util.NewPersistentError("InvalidSecret",
 				fmt.Sprintf("Invalid secret containing non graphic characters (perhaps not base64 encoded?) %q", r.Secret.Name))
 		}
diff --git a/pkg/namespacestore/reconciler.go b/pkg/namespacestore/reconciler.go
index f632d1c38..95e8b1631 100644
--- a/pkg/namespacestore/reconciler.go
+++ b/pkg/namespacestore/reconciler.go
@@ -476,7 +476,7 @@ func (r *Reconciler) ReadSystemInfo() error {
 	if nsr != nil {
 		if nsr.EndpointType != conn.EndpointType ||
 			nsr.Endpoint != conn.Endpoint ||
-			nsr.Identity != conn.Identity {
+			nsr.Identity != string(conn.Identity) {
 			r.Logger.Warnf("using existing namespace resource but connection mismatch %+v namespace store %+v", conn, nsr)
 			r.UpdateExternalConnectionParams = &nb.UpdateExternalConnectionParams{
 				Name:               conn.Name,
@@ -495,7 +495,7 @@ func (r *Reconciler) ReadSystemInfo() error {
 			c := &account.ExternalConnections.Connections[j]
 			if c.EndpointType == conn.EndpointType &&
 				c.Endpoint == conn.Endpoint &&
-				c.Identity == conn.Identity {
+				c.Identity == string(conn.Identity) {
 				r.ExternalConnectionInfo = c
 				conn.Name = c.Name
 			}
@@ -579,7 +579,7 @@ func (r *Reconciler) LoadNamespaceStoreSecret() error {
 }
 
 // MakeExternalConnectionParams translates the namespace store spec and secret,
-// to noobaa api structures to be used for creating/updating external connetion and namespace store
+// to noobaa api structures to be used for creating/updating external connection and namespace store
 func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionParams, error) {
 
 	conn := &nb.AddExternalConnectionParams{
@@ -596,8 +596,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 			conn.AWSSTSARN = *r.NamespaceStore.Spec.AWSS3.AWSSTSRoleARN
 		} else {
 			conn.EndpointType = nb.EndpointTypeAws
-			conn.Identity = r.Secret.StringData["AWS_ACCESS_KEY_ID"]
-			conn.Secret = r.Secret.StringData["AWS_SECRET_ACCESS_KEY"]
+			conn.Identity = nb.MaskedString(r.Secret.StringData["AWS_ACCESS_KEY_ID"])
+			conn.Secret = nb.MaskedString(r.Secret.StringData["AWS_SECRET_ACCESS_KEY"])
 		}
 		awsS3 := r.NamespaceStore.Spec.AWSS3
 		u := url.URL{
@@ -615,8 +615,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 
 	case nbv1.NSStoreTypeS3Compatible:
 		conn.EndpointType = nb.EndpointTypeS3Compat
-		conn.Identity = r.Secret.StringData["AWS_ACCESS_KEY_ID"]
-		conn.Secret = r.Secret.StringData["AWS_SECRET_ACCESS_KEY"]
+		conn.Identity = nb.MaskedString(r.Secret.StringData["AWS_ACCESS_KEY_ID"])
+		conn.Secret = nb.MaskedString(r.Secret.StringData["AWS_SECRET_ACCESS_KEY"])
 		s3Compatible := r.NamespaceStore.Spec.S3Compatible
 
 		//Configure auth method
@@ -627,8 +627,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 
 	case nbv1.NSStoreTypeIBMCos:
 		conn.EndpointType = nb.EndpointTypeIBMCos
-		conn.Identity = r.Secret.StringData["IBM_COS_ACCESS_KEY_ID"]
-		conn.Secret = r.Secret.StringData["IBM_COS_SECRET_ACCESS_KEY"]
+		conn.Identity = nb.MaskedString(r.Secret.StringData["IBM_COS_ACCESS_KEY_ID"])
+		conn.Secret = nb.MaskedString(r.Secret.StringData["IBM_COS_SECRET_ACCESS_KEY"])
 		IBMCos := r.NamespaceStore.Spec.IBMCos
 
 		//Configure auth method
@@ -640,8 +640,8 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 	case nbv1.NSStoreTypeAzureBlob:
 		conn.EndpointType = nb.EndpointTypeAzure
 		conn.Endpoint = "https://blob.core.windows.net"
-		conn.Identity = r.Secret.StringData["AccountName"]
-		conn.Secret = r.Secret.StringData["AccountKey"]
+		conn.Identity = nb.MaskedString(r.Secret.StringData["AccountName"])
+		conn.Secret = nb.MaskedString(r.Secret.StringData["AccountKey"])
 		tenantID := r.Secret.StringData["TenantID"]
 		appID := r.Secret.StringData["ApplicationID"]
 		appSecret := r.Secret.StringData["ApplicationSecret"]
@@ -670,15 +670,15 @@ func (r *Reconciler) MakeExternalConnectionParams() (*nb.AddExternalConnectionPa
 				r.Secret.Name,
 			))
 		}
-		conn.Identity = privateKey.ID
-		conn.Secret = privateKeyJSON
+		conn.Identity = nb.MaskedString(privateKey.ID)
+		conn.Secret = nb.MaskedString(privateKeyJSON)
 
 	default:
 		return nil, util.NewPersistentError("InvalidType",
 			fmt.Sprintf("Invalid namespace store type %q", r.NamespaceStore.Spec.Type))
 	}
 	if util.IsSTSClusterNS(r.NamespaceStore) {
-		if !util.IsStringGraphicOrSpacesCharsOnly(conn.Identity) || !util.IsStringGraphicOrSpacesCharsOnly(conn.Secret) {
+		if !util.IsStringGraphicOrSpacesCharsOnly(string(conn.Identity)) || !util.IsStringGraphicOrSpacesCharsOnly(string(conn.Secret)) {
 			return nil, util.NewPersistentError("InvalidSecret",
 				fmt.Sprintf("Invalid secret containing non graphic characters (perhaps not base64 encoded?) %q", r.Secret.Name))
 		}
diff --git a/pkg/nb/types.go b/pkg/nb/types.go
index 311277f2f..7d2472f43 100644
--- a/pkg/nb/types.go
+++ b/pkg/nb/types.go
@@ -14,7 +14,7 @@ const (
 	maskString  = "****"
 )
 
-// MaskedString is a string type for sensitive string, masked when formated
+// MaskedString is a string type for sensitive string, masked when formatted
 type MaskedString string
 
 func (MaskedString) String() string {
@@ -701,8 +701,8 @@ type AddExternalConnectionParams struct {
 	Name               string                    `json:"name"`
 	EndpointType       EndpointType              `json:"endpoint_type"`
 	Endpoint           string                    `json:"endpoint"`
-	Identity           string                    `json:"identity"`
-	Secret             string                    `json:"secret"`
+	Identity           MaskedString              `json:"identity"`
+	Secret             MaskedString              `json:"secret"`
 	AuthMethod         CloudAuthMethod           `json:"auth_method,omitempty"`
 	AWSSTSARN          string                    `json:"aws_sts_arn,omitempty"`
 	Region             string                    `json:"region,omitempty"`
@@ -714,8 +714,8 @@ type CheckExternalConnectionParams struct {
 	Name                   string                    `json:"name"`
 	EndpointType           EndpointType              `json:"endpoint_type"`
 	Endpoint               string                    `json:"endpoint"`
-	Identity               string                    `json:"identity"`
-	Secret                 string                    `json:"secret"`
+	Identity               MaskedString              `json:"identity"`
+	Secret                 MaskedString              `json:"secret"`
 	AuthMethod             CloudAuthMethod           `json:"auth_method,omitempty"`
 	AWSSTSARN              string                    `json:"aws_sts_arn,omitempty"`
 	IgnoreNameAlreadyExist bool                      `json:"ignore_name_already_exist,omitempty"`
@@ -735,8 +735,8 @@ type CheckExternalConnectionReply struct {
 // UpdateExternalConnectionParams is the params of account_api.update_external_connection()
 type UpdateExternalConnectionParams struct {
 	Name               string                    `json:"name"`
-	Identity           string                    `json:"identity"`
-	Secret             string                    `json:"secret"`
+	Identity           MaskedString              `json:"identity"`
+	Secret             MaskedString              `json:"secret"`
 	AzureLogAccessKeys *AzureLogAccessKeysParams `json:"azure_log_access_keys,omitempty"`
 	Region             string                    `json:"region,omitempty"`
 }