npm - @ibm-cloud/cd-tools - Versions diffs - 1.15.16 → 1.15.17 - Mend

@ibm-cloud/cd-tools 1.15.16 → 1.15.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/cmd/copy-toolchain.js +5 -1
package/cmd/utils/import-terraform.js +8 -3
package/cmd/utils/terraform.js +14 -6
package/cmd/utils/utils.js +7 -0
package/package.json +1 -1

package/cmd/copy-toolchain.js CHANGED Viewed

@@ -86,7 +86,11 @@ async function main(options) {
 	logger.setVerbosity(verbosity);
 	if (LOG_DUMP) logger.createLogStream(`${LOGS_DIR}/copy-toolchain-${TIME_SUFFIX}.log`);
-	logger.dump(`Options: ${JSON.stringify(options)}\n`);
+	// redact apikey option in logs
+	const printOptions = options;
+	printOptions.apikey ? printOptions.apikey = '<API KEY>' : delete printOptions.apikey;
+	logger.dump(`Options: ${JSON.stringify(printOptions)}\n`);
 	let bearer;
 	let sourceToolchainId;

package/cmd/utils/import-terraform.js CHANGED Viewed

@@ -14,7 +14,7 @@ import { jsonToTf } from 'json-to-tf';
 import { getPipelineData, getToolchainTools } from './requests.js';
 import { runTerraformPlanGenerate, setTerraformEnv } from './terraform.js';
-import { getRandChars, isSecretReference, normalizeName } from './utils.js';
+import { escapeReservedChars, getRandChars, isSecretReference, normalizeName } from './utils.js';
 import { logger } from './logger.js';
 import { SECRET_KEYS_MAP, SUPPORTED_TOOLS_MAP } from '../../config.js';
@@ -263,7 +263,7 @@ export async function importTerraform(token, apiKey, region, toolchainId, toolch
                     if (propValue.startsWith(START_INDICATOR) && propValue.endsWith(END_INDICATOR)) {
                         // skip substitution for jsonencode case, don't want to mangle it
                     } else {
-                        newValue = newValue.replace(/\\/g, '\\\\').replace(/\n/g, '\\n').replace(/\r/g, '\\r').replace(/"/g, '\\"');
+                        newValue = escapeReservedChars(propValue);
                     }
                     newTfFileObj['resource'][key][k]['value'] = newValue;
                 }
@@ -314,7 +314,12 @@ export async function importTerraform(token, apiKey, region, toolchainId, toolch
     for (const [key, value] of Object.entries(generatedFileJson['resource'])) {
         for (const [k, v] of Object.entries(value)) {
             if (key === 'ibm_cd_tekton_pipeline_definition' || key === 'ibm_cd_tekton_pipeline_trigger') {
-                if (key === 'ibm_cd_tekton_pipeline_trigger' && !v['source']) continue; // skip triggers without source, which aren't tied to a repo
+                // escape filter, which may contain reserved characters
+                if (key === 'ibm_cd_tekton_pipeline_trigger' && v[0]['filter']) {
+                    newTfFileObj['resource'][key][k]['filter'] = escapeReservedChars(v[0]['filter']);
+                }
+                if (key === 'ibm_cd_tekton_pipeline_trigger' && !v[0]['source']) continue; // skip triggers without source, which aren't tied to a repo
                 try {
                     const thisUrl = newTfFileObj['resource'][key][k]['source'][0]['properties'][0]['url'];

package/cmd/utils/terraform.js CHANGED Viewed

@@ -16,7 +16,7 @@ import { jsonToTf } from 'json-to-tf';
 import { validateToolchainId, validateGritUrl } from './validate.js';
 import { logger, LOG_STAGES } from './logger.js';
-import { getRandChars, promptUserInput, replaceUrlRegion } from './utils.js';
+import { escapeReservedChars, getRandChars, promptUserInput, replaceUrlRegion } from './utils.js';
 const CLOUD_PLATFORM = process.env['IBMCLOUD_PLATFORM_DOMAIN'] || 'cloud.ibm.com';
 const DEV_MODE = CLOUD_PLATFORM !== 'cloud.ibm.com';
@@ -31,7 +31,7 @@ const writeFilePromise = promisify(fs.writeFile)
 async function execPromise(command, options) {
     try {
         const exec = promisify(child_process.exec);
-        const { stdout, _ } = await exec(command, options);
+        const { stdout, _ } = await exec(command, {...options, maxBuffer: 10 * 1024 * 1024}); // set max buffer to 10MB
         return stdout.trim();
     } catch (err) {
         throw new Error(`Command failed: ${command} \n${err.stderr || err.stdout}`);
@@ -258,8 +258,16 @@ async function setupTerraformFiles(config) {
             // by default, disable triggers
             if (disableTriggers && newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger']) {
                 for (const key of Object.keys(newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger'])) {
-                    if (newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger'][key]['type'] === 'manual') continue; // skip manual triggers
-                    newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger'][key]['enabled'] = false;
+                    // escape filter, which may contain reserved characters
+                    const filterVal = newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger'][key]['filter'];
+                    if (filterVal) {
+                        newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger'][key]['filter'] = escapeReservedChars(filterVal);
+                    }
+                    // disable all triggers (timed, git, webhooks) except manual triggers
+                    if (newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger'][key]['type'] != 'manual') {
+                        newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger'][key]['enabled'] = false;
+                    }
                 }
             }
@@ -360,7 +368,7 @@ async function setupTerraformFiles(config) {
                         if (thisValue.startsWith(START_INDICATOR) && thisValue.endsWith(END_INDICATOR)) {
                             // skip newline substitution for jsonencode case, don't want to mangle it
                         } else {
-                            newTfFileObj['resource']['ibm_cd_tekton_pipeline_property'][k]['value'] = thisValue.replace(/\\/g, '\\\\').replace(/\n/g, '\\n').replace(/\r/g, '\\r').replace(/"/g, '\\"');
+                            newTfFileObj['resource']['ibm_cd_tekton_pipeline_property'][k]['value'] = escapeReservedChars(thisValue);
                         }
                     }
                 } catch (err) {
@@ -388,7 +396,7 @@ async function setupTerraformFiles(config) {
                         if (thisValue.startsWith(START_INDICATOR) && thisValue.endsWith(END_INDICATOR)) {
                             // skip newline substitution for jsonencode case, don't want to mangle it
                         } else {
-                            newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger_property'][k]['value'] = thisValue.replace(/\\/g, '\\\\').replace(/\n/g, '\\n').replace(/\r/g, '\\r').replace(/"/g, '\\"');
+                            newTfFileObj['resource']['ibm_cd_tekton_pipeline_trigger_property'][k]['value'] = escapeReservedChars(thisValue);
                         }
                     }
                 } catch (err) {

package/cmd/utils/utils.js CHANGED Viewed

@@ -223,4 +223,11 @@ export function normalizeName(str) {
     }
     return newStr.toLowerCase();
+};
+export function escapeReservedChars(str) {
+    if (!str || typeof str !== 'string') {
+        return str;
+    }
+    return str.replace(/\\/g, '\\\\').replace(/\n/g, '\\n').replace(/\r/g, '\\r').replace(/"/g, '\\"');
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ibm-cloud/cd-tools",
-  "version": "1.15.16",
+  "version": "1.15.17",
   "description": "Tools and utilities for the IBM Cloud Continuous Delivery service and resources",
   "repository": {
     "type": "git",