Obfuscate token for lookupACL error

2016-03-15 17:16:25 -04:00 · 2016-03-15 17:16:25 -04:00 · 7215d9bdef
parent f327eb8ab3
commit 7215d9bdef
1 changed files with 8 additions and 1 deletions
--- a/consul/acl.go
+++ b/consul/acl.go
@ -180,7 +180,14 @@ func (c *aclCache) lookupACL(id, authDC string) (acl.ACL, error) {
 	if strings.Contains(err.Error(), aclNotFound) {
 		return nil, errors.New(aclNotFound)
 	} else {
-		c.logger.Printf("[ERR] consul.acl: Failed to get policy for '%s': %v", id, err)
+		s := id
+		// Print last 3 chars of the token if long enough, otherwise completly hide it
+		if len(s) > 3 {
+			s = fmt.Sprintf("token ending in '%s'", s[len(s)-1:])
+		} else {
+			s = redactedToken
+		}
+		c.logger.Printf("[ERR] consul.acl: Failed to get policy for %s: %v", s, err)
 	}

 	// Unable to refresh, apply the down policy