4 rokov pred · 1db8483bb3
--- a/bin/node_dump
+++ b/bin/node_dump
@@ -8,7 +8,7 @@ echo "Running node dump in ${ROOT_DIR}"
 
				 
			
 
				 cd "${ROOT_DIR}"
			
 
				 
			
 
				-DUMP="log/node_dump_$(date +"%y%m%d_%H%M%S").tar.gz"
			
 
				+DUMP="log/node_dump_$(date +"%Y%m%d_%H%M%S").tar.gz"
			
 
				 
			
 
				 collect() {
			
 
				     echo "========================================================"
			
@@ -40,6 +40,9 @@ tar czf "${DUMP}" log/*.log.* log/run_erl.log* log/sysinfo.txt log/conf.dump
 
				 
			
 
				 ## Cleanup:
			
 
				 rm log/sysinfo.txt
			
 
				-rm log/conf.dump
			
 
				+#rm log/conf.dump
			
 
				 
			
 
				 echo "Created a node dump ${DUMP}"
			
 
				+echo -e "\nWarning: this script tries to obfuscate secrets, but make sure to
			
 
				+inspect log/conf.dump file manually before uploading the node dump
			
 
				+to a public location."
			
--- a/src/emqx_node_dump.erl
+++ b/src/emqx_node_dump.erl
@@ -36,35 +36,40 @@ censor([{{env, App, Key}, Val} | Rest]) ->
 
				 censor([_ | Rest]) ->
			
 
				     censor(Rest).
			
 
				 
			
 
				-censor(Path, L) when is_list(L) ->
			
 
				-    [censor(Path, I) || I <- L];
			
 
				+censor(Path, {Key, Val}) when is_atom(Key) ->
			
 
				+    {Key, censor([Key|Path], Val)};
			
 
				 censor(Path, M) when is_map(M) ->
			
 
				     Fun = fun(Key, Val) ->
			
 
				                   censor([Key|Path], Val)
			
 
				           end,
			
 
				     maps:map(Fun, M);
			
 
				-censor(Path, {Key, Val}) when is_atom(Key) ->
			
 
				-    {Key, censor([Key|Path], Val)};
			
 
				+censor(Path, L = [Fst|_]) when is_tuple(Fst) ->
			
 
				+    [censor(Path, I) || I <- L];
			
 
				 censor(Path, Val) ->
			
 
				     case Path of
			
 
				-        [password|_] when is_binary(Val) ->
			
 
				-            <<"censored">>;
			
 
				-        [password|_] when is_list(Val) ->
			
 
				-            "censored";
			
 
				+        [password|_] ->
			
 
				+            obfuscate_value(Val);
			
 
				+        [secret|_]  ->
			
 
				+            obfuscate_value(Val);
			
 
				         _ ->
			
 
				             Val
			
 
				     end.
			
 
				 
			
 
				+obfuscate_value(Val) when is_binary(Val) ->
			
 
				+    <<"********">>;
			
 
				+obfuscate_value(_Val) ->
			
 
				+    "********".
			
 
				+
			
 
				 -ifdef(TEST).
			
 
				 
			
 
				 -include_lib("eunit/include/eunit.hrl").
			
 
				 
			
 
				 censor_test() ->
			
 
				-    ?assertMatch( [{{env, emqx, listeners}, #{password := <<"censored">>}}]
			
 
				+    ?assertMatch( [{{env, emqx, listeners}, #{password := <<"********">>}}]
			
 
				                 , censor([foo, {{env, emqx, listeners}, #{password => <<"secret">>}}, {app, bar}])
			
 
				                 ),
			
 
				-    ?assertMatch( [{{env, emqx, listeners}, [{foo, 1}, {password, <<"censored">>}]}]
			
 
				-                , censor([{{env, emqx, listeners}, [{foo, 1}, {password, <<"secret">>}]}])
			
 
				+    ?assertMatch( [{{env, emqx, listeners}, [{foo, 1}, {password, "********"}]}]
			
 
				+                , censor([{{env, emqx, listeners}, [{foo, 1}, {password, "secret"}]}])
			
 
				                 ).
			
 
				 
			
 
				 -endif. %% TEST