diff --git a/README.md b/README.md
index da64fc3..7b78b89 100644
--- a/README.md
+++ b/README.md
@@ -1,24 +1,20 @@
-
-[![README Header][readme_header_img]][readme_header_link]
-
-[![Cloud Posse][logo]](https://cpco.io/homepage)
-
-# tfmask [](https://travis-ci.org/cloudposse/tfmask) [](https://github.com/cloudposse/tfmask/releases/latest) [](https://slack.cloudposse.com)
-
+-->
Command line utility to mask sensitive output from a `transform plan` or `terraform apply`.
---
-This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
+This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps.
[
][share_email]
[
][share_googleplus]
[
][share_facebook]
@@ -126,7 +106,7 @@ Example `.envrc`:
```sh
# Export terraform environment
export TFMASK_CHAR="#"
-export TFMASK_VALUES_REGEX="(?i)^.*(oauth|secret|token|password|key|result).*$"
+export TFMASK_VALUES_REGEX="(?i)^.*[^a-zA-Z](oauth|secret|token|password|key|result|id).*$"
```
@@ -243,9 +223,9 @@ terraform apply -no-color | tfmask
-## Share the Love
+## Share the Love
-Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/tfmask)! (it helps us **a lot**)
+Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/tfmask)! (it helps us **a lot**)
Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =)
@@ -264,7 +244,7 @@ Check out these related projects.
## Help
-**Got a question?** We got answers.
+**Got a question?** We got answers.
File a GitHub [issue](https://github.com/cloudposse/tfmask/issues), send us an [email][email] or join our [Slack Community][slack].
@@ -273,7 +253,7 @@ File a GitHub [issue](https://github.com/cloudposse/tfmask/issues), send us an [
## DevOps Accelerator for Startups
-We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us.
+We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us.
[][commercial_support]
@@ -302,11 +282,11 @@ Participate in our [Discourse Forums][discourse]. Here you'll find answers to co
## Newsletter
-Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover.
+Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover.
## Office Hours
-[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone!
+[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone!
[![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours]
@@ -337,9 +317,9 @@ Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright)
-## License
+## License
-[](https://opensource.org/licenses/Apache-2.0)
+[](https://opensource.org/licenses/Apache-2.0)
See [LICENSE](LICENSE) for full details.
@@ -380,7 +360,7 @@ This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? P
We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source].
-We offer [paid support][commercial_support] on all of our projects.
+We offer [paid support][commercial_support] on all of our projects.
Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation.
diff --git a/README.yaml b/README.yaml
index 35160ab..94ca289 100644
--- a/README.yaml
+++ b/README.yaml
@@ -83,7 +83,7 @@ usage: |-
```sh
# Export terraform environment
export TFMASK_CHAR="#"
- export TFMASK_VALUES_REGEX="(?i)^.*(oauth|secret|token|password|key|result).*$"
+ export TFMASK_VALUES_REGEX="(?i)^.*[^a-zA-Z](oauth|secret|token|password|key|result|id).*$"
```
diff --git a/main.go b/main.go
index d0f7e70..d03687e 100644
--- a/main.go
+++ b/main.go
@@ -25,11 +25,11 @@ type match struct {
}
type keyValueMatch struct {
- leadingWhitespace string
- property string
- trailingWhitespaceBefore string
- trailingWhitespaceAfter string
- oldValue string
+ leadingWhitespace string
+ property string
+ assignmentOperator string
+ trailingWhitespaceAfter string
+ oldValue string
}
type expression struct {
@@ -68,7 +68,7 @@ var versionedExpressions = map[string]expression{
"^([~/+-]+) (.*?) +(.*)$",
),
reMapKeyPair: regexp.MustCompile(
- "(?i)^(\\s+(?:[~+-] )?)\"(.*)\"(\\s+)=(\\s+)\"(.*)\"$",
+ "(?i)^(\\s+(?:[~+-] )?)(.*)(\\s?[=:])(\\s+)\"(.*)\"$",
),
resourceIndex: 2,
assign: ":",
@@ -85,7 +85,7 @@ var versionedExpressions = map[string]expression{
"^([~/+-]+) (.*?) +(.*) (.*) (.*)$",
),
reMapKeyPair: regexp.MustCompile(
- "(?i)^(\\s+(?:[~+-] )?)\"(.*)\"(\\s+)=(\\s+)\"(.*)\"$",
+ "(?i)^(\\s+(?:[~+-] )?)(.*)(\\s=)(\\s+)\"(.*)\"$",
),
resourceIndex: 3,
assign: "=",
@@ -100,7 +100,7 @@ func main() {
var tfmaskChar = getEnv("TFMASK_CHAR", "*")
// Pattern representing sensitive output
var tfmaskValuesRegex = getEnv("TFMASK_VALUES_REGEX",
- "(?i)^.*(oauth|secret|token|password|key|result|id).*$")
+ "(?i)^.*[^a-zA-Z](oauth|secret|token|password|key|result|id).*$")
// Pattern representing sensitive resource
var tfmaskResourceRegex = getEnv("TFMASK_RESOURCES_REGEX",
"(?i)^(random_id|random_string).*$")
@@ -192,11 +192,11 @@ func matchFromLine(reTfPlanLine *regexp.Regexp, line string) match {
func matchFromAssignment(reMapKeyPair *regexp.Regexp, line string) keyValueMatch {
subMatch := reMapKeyPair.FindStringSubmatch(line)
return keyValueMatch{
- leadingWhitespace: subMatch[1],
- property: subMatch[2],
- trailingWhitespaceBefore: subMatch[3],
- trailingWhitespaceAfter: subMatch[4],
- oldValue: subMatch[5],
+ leadingWhitespace: subMatch[1],
+ property: subMatch[2],
+ assignmentOperator: subMatch[3],
+ trailingWhitespaceAfter: subMatch[4],
+ oldValue: subMatch[5],
}
}
@@ -222,10 +222,10 @@ func assignmentLine(reMapKeyPair, reTfValues *regexp.Regexp, tfmaskChar, line st
match := matchFromAssignment(reMapKeyPair, line)
if reTfValues.MatchString(match.property) {
maskedValue := maskValue(match.oldValue, tfmaskChar)
- line = fmt.Sprintf("%v\"%v\"%v=%v\"%v\"",
+ line = fmt.Sprintf("%v%v%v%v\"%v\"",
match.leadingWhitespace,
match.property,
- match.trailingWhitespaceBefore,
+ match.assignmentOperator,
match.trailingWhitespaceAfter,
maskedValue)
}
diff --git a/main_test.go b/main_test.go
index 2790c23..223352a 100644
--- a/main_test.go
+++ b/main_test.go
@@ -173,12 +173,28 @@ var assignmentTests = []struct {
expectedResult string
minorVersion string
}{
+ // tf 0.11 ------------------------------------
+ {
+ " + client_secret: \"123456\"",
+ " + client_secret: \"******\"",
+ "0.11",
+ },
+ {
+ " + client_secret = \"123456\"",
+ " + client_secret = \"******\"",
+ "0.11",
+ },
// tf 0.12 ------------------------------------
{
" + \"foo_secret\" = \"123456\"",
" + \"foo_secret\" = \"******\"",
"0.12",
},
+ {
+ " + foo_secret = \"123456\"",
+ " + foo_secret = \"******\"",
+ "0.12",
+ },
{
" - \"foo_secret\" = \"123456\"",
" - \"foo_secret\" = \"******\"",
@@ -205,7 +221,7 @@ func TestAssignmentLine(t *testing.T) {
// Character used to mask sensitive output
var tfmaskChar = "*"
// Pattern representing sensitive output
- var tfmaskValuesRegex = "(?i)^.*(oauth|secret|token|password|key|result|id).*$"
+ var tfmaskValuesRegex = "(?i)^.*[^a-zA-Z](oauth|secret|token|password|key|result|id).*$"
reTfValues := regexp.MustCompile(tfmaskValuesRegex)
for _, assignmentTest := range assignmentTests {