[E2E] Mask secrets in kubernettes_cluster setup
What does this MR do and why?
For security purposes we should avoid logging test secret values and tokens during E2E test execution to avoid any potential for them to be leaked inadvertently.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
WORKSPACES_OAUTH_APP_ID=aaa WORKSPACES_OAUTH_APP_SECRET=bbb WORKSPACES_PROXY_DOMAIN=abc.def WORKSPACES_OAUTH_SIGNING_KEY=ccc WORKSPACES_DOMAIN_CERT=ddd workspaces_domain_key=eee WORKSPACES_WILDCARD_CERT=fff WORKSPACES_WILDCARD_KEY=ggg WORKSPACES_DOMAIN_KEY=hhh bundle exec rspec qa/specs/features/ee/browser_ui/3_create/remote_development/workspace_actions_spec.rb
Note when the test runs the helm repo add gitlab-workspaces-proxy ....
command these variables should be masked in the console output.
QA::Service::Shellout::CommandError:
Command: `helm repo add gitlab-workspaces-proxy https://gitlab.com/api/v4/projects/gitlab-org%2fremote-development%2fgitlab-workspaces-proxy/packages/helm/devel && helm repo update && helm upgrade --install gitlab-workspaces-proxy gitlab-workspaces-proxy/gitlab-workspaces-proxy --version 0.1.6 --namespace=gitlab-workspaces --create-namespace --set="auth.client_id=aaa" --set="auth.client_secret=****" --set="auth.host=http://gdk.test:3000" --set="auth.redirect_uri=https://abc.def/auth/callback" --set="auth.signing_key=****" --set="ingress.host.workspaceDomain=abc.def" --set="ingress.host.wildcardDomain=*.abc.def" --set="ingress.tls.workspaceDomainCert=$(cat ddd)" --set="ingress.tls.workspaceDomainKey=$(cat hhh)" --set="ingress.tls.wildcardDomainCert=$(cat fff)" --set="ingress.tls.wildcardDomainKey=$(cat ggg)" --set="ingress.className=nginx" ` failed! ✘
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.