diff --git a/command/meta.go b/command/meta.go index b8dfdfbf5..584d87e88 100644 --- a/command/meta.go +++ b/command/meta.go @@ -33,6 +33,7 @@ type Meta struct { // These are set by command-line flags flagBuildExcept []string flagBuildOnly []string + flagPrivVars []string flagVars map[string]string } @@ -119,6 +120,8 @@ func (m *Meta) FlagSet(n string, fs FlagSetFlags) *flag.FlagSet { if fs&FlagSetVars != 0 { f.Var((*kvflag.Flag)(&m.flagVars), "var", "") f.Var((*kvflag.FlagJSON)(&m.flagVars), "var-file", "") + // designate any of the above variables that are private + f.Var((*sliceflag.StringFlag)(&m.flagPrivVars), "private", "") } // Create an io.Writer that writes to our Ui properly for errors. diff --git a/command/push.go b/command/push.go index a0edd6b84..e2d898134 100644 --- a/command/push.go +++ b/command/push.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/atlas-go/archive" "github.com/hashicorp/atlas-go/v1" "github.com/hashicorp/packer/helper/flag-kv" + "github.com/hashicorp/packer/helper/flag-slice" "github.com/hashicorp/packer/template" ) @@ -190,6 +191,12 @@ func (c *PushCommand) Run(args []string) int { } // Collect the variables from CLI args and any var files + if privs := flags.Lookup("private"); privs != nil { + pvf := privs.Value.(*sliceflag.StringFlag) + pvars := []string(*pvf) + uploadOpts.PrivVars = pvars + } + uploadOpts.Vars = make(map[string]string) if vs := flags.Lookup("var"); vs != nil { f := vs.Value.(*kvflag.Flag) @@ -334,12 +341,19 @@ func (c *PushCommand) upload( } // Build the BuildVars struct - buildVars := atlas.BuildVars{} for k, v := range opts.Vars { + isSensitive := false + for _, sensitiveVar := range opts.PrivVars { + if string(sensitiveVar) == string(k) { + isSensitive = true + break + } + } buildVars = append(buildVars, atlas.BuildVar{ - Key: k, - Value: v, + Key: k, + Value: v, + Sensitive: isSensitive, }) } @@ -372,6 +386,7 @@ type uploadOpts struct { Builds map[string]*uploadBuildInfo Metadata map[string]interface{} Vars map[string]string + PrivVars []string } type uploadBuildInfo struct { diff --git a/command/push_test.go b/command/push_test.go index 35dd27050..b1af61799 100644 --- a/command/push_test.go +++ b/command/push_test.go @@ -208,6 +208,7 @@ func TestPush_vars(t *testing.T) { "-var", "one=two", "-var-file", filepath.Join(testFixture("push-vars"), "vars.json"), "-var", "overridden=yes", + "-private", "super,secret", filepath.Join(testFixture("push-vars"), "template.json"), } if code := c.Run(args); code != 0 { @@ -224,10 +225,17 @@ func TestPush_vars(t *testing.T) { "null": "", "one": "two", "overridden": "yes", + "super": "this should be secret", + "secret": "this one too", } if !reflect.DeepEqual(actualOpts.Vars, expected) { t.Fatalf("bad vars: got %#v\n expected %#v\n", actualOpts.Vars, expected) } + + expected_priv := []string{"super", "secret"} + if !reflect.DeepEqual(actualOpts.PrivVars, expected_priv) { + t.Fatalf("bad vars: got %#v\n expected %#v\n", actualOpts.PrivVars, expected_priv) + } } func testArchive(t *testing.T, r io.Reader) []string { diff --git a/command/test-fixtures/push-vars/vars.json b/command/test-fixtures/push-vars/vars.json index 4d5c9cc27..44edd612c 100644 --- a/command/test-fixtures/push-vars/vars.json +++ b/command/test-fixtures/push-vars/vars.json @@ -1,5 +1,7 @@ { "null": null, "bar": "baz", - "overridden": "no" + "overridden": "no", + "super": "this should be secret", + "secret": "this one too" } diff --git a/vendor/github.com/hashicorp/atlas-go/v1/build_config.go b/vendor/github.com/hashicorp/atlas-go/v1/build_config.go index b8eda1fde..fbcd91270 100644 --- a/vendor/github.com/hashicorp/atlas-go/v1/build_config.go +++ b/vendor/github.com/hashicorp/atlas-go/v1/build_config.go @@ -15,8 +15,9 @@ type bcWrapper struct { // Atlas expects a list of key/value vars type BuildVar struct { - Key string `json:"key"` - Value string `json:"value"` + Key string `json:"key"` + Value string `json:"value"` + Sensitive bool `json:"sensitive"` } type BuildVars []BuildVar diff --git a/vendor/github.com/hashicorp/go-checkpoint/README.md b/vendor/github.com/hashicorp/go-checkpoint/README.md index ab8ebc0d3..e717b6ad3 100644 --- a/vendor/github.com/hashicorp/go-checkpoint/README.md +++ b/vendor/github.com/hashicorp/go-checkpoint/README.md @@ -1,7 +1,7 @@ # Go Checkpoint Client [Checkpoint](http://checkpoint.hashicorp.com) is an internal service at -Hashicorp that we use to check version information, broadcoast security +Hashicorp that we use to check version information, broadcast security bulletins, etc. We understand that software making remote calls over the internet @@ -10,7 +10,7 @@ disabled in all of our software that includes it. You can view the source of this client to see that we're not sending any private information. Each Hashicorp application has it's specific configuration option -to disable chekpoint calls, but the `CHECKPOINT_DISABLE` makes +to disable checkpoint calls, but the `CHECKPOINT_DISABLE` makes the underlying checkpoint component itself disabled. For example in the case of packer: ``` diff --git a/vendor/vendor.json b/vendor/vendor.json index d4b22dac6..a2307178e 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -461,11 +461,11 @@ "revisionTime": "2016-11-07T20:49:10Z" }, { - "checksumSHA1": "lrfddRS4/LDKnF0sAbyZ59eUSjo=", + "checksumSHA1": "IR7S+SOsSUnPnLxgRrfemXfCqNM=", "comment": "20141209094003-92-g95fa852", "path": "github.com/hashicorp/atlas-go/v1", - "revision": "1792bd8de119ba49b17fd8d3c3c1f488ec613e62", - "revisionTime": "2016-11-07T20:49:10Z" + "revision": "047827faf4f20cc74f1a420fdf679d59162a09c7", + "revisionTime": "2017-06-05T23:14:32Z" }, { "checksumSHA1": "cdOCt0Yb+hdErz8NAQqayxPmRsY=", @@ -473,9 +473,10 @@ "revision": "7554cd9344cec97297fa6649b055a8c98c2a1e55" }, { - "checksumSHA1": "nd3S1qkFv7zZxA9be0bw4nT0pe0=", + "checksumSHA1": "SF8aIBEMV6/MXLFTgErdONaX8f0=", "path": "github.com/hashicorp/go-checkpoint", - "revision": "e4b2dc34c0f698ee04750bf2035d8b9384233e1b" + "revision": "f8cfd20c53506d1eb3a55c2c43b84d009fab39bd", + "revisionTime": "2016-08-16T19:50:56Z" }, { "checksumSHA1": "fSe5y1UgTDeYlnFfUcDA1zzcw+U=",