ibm-cloud-sdk-core 5.0.1 → 5.0.2

package/.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "package-lock.json|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-06-06T19:22:54Z",
+  "generated_at": "2024-08-29T14:54:57Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -96,7 +96,7 @@
         "hashed_secret": "bc2f74c22f98f7b6ffbc2f67453dbfa99bce9a32",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 174,
+        "line_number": 207,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -106,7 +106,7 @@
         "hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 63,
+        "line_number": 62,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -126,7 +126,7 @@
         "hashed_secret": "bbccdf2efb33b52e6c9d0a14dd70b2d415fbea6e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 52,
+        "line_number": 53,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -210,7 +210,7 @@
         "hashed_secret": "d5ff02fa48e492fac0a245ad63d1ae608e705c05",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 98,
+        "line_number": 99,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -218,7 +218,7 @@
         "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 99,
+        "line_number": 100,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -226,7 +226,7 @@
         "hashed_secret": "45a15668db917c293f16e8add0f5d801889e5923",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 116,
+        "line_number": 117,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -234,7 +234,7 @@
         "hashed_secret": "65e622227634e8876cfa733000233fb80c6f0473",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 117,
+        "line_number": 118,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -296,7 +296,7 @@
         "hashed_secret": "8f4bfc22c4fd7cb884f94ec175ff4a3284a174a1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 79,
+        "line_number": 80,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -304,7 +304,7 @@
         "hashed_secret": "65e622227634e8876cfa733000233fb80c6f0473",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 95,
+        "line_number": 96,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -442,7 +442,7 @@
         "hashed_secret": "1572bd30ac06678a82df42b5913e5e52e27f9a12",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 27,
+        "line_number": 32,
         "type": "Secret Keyword",
         "verified_result": null
       },
@@ -450,7 +450,7 @@
         "hashed_secret": "16856d955c788df03735a24feb2e3ffefd91f3dc",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 28,
+        "line_number": 33,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -522,7 +522,7 @@
         "hashed_secret": "a7ef1be18bb8d37af79f3d87761a203378bf26a2",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 169,
+        "line_number": 158,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -542,7 +542,7 @@
         "hashed_secret": "f2e7745f43b0ef0e2c2faf61d6c6a28be2965750",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 26,
+        "line_number": 31,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -582,7 +582,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.56.dss",
+  "version": "0.13.1+ibm.62.dss",
   "word_list": {
     "file": null,
     "hash": null

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+## [5.0.2](https://github.com/IBM/node-sdk-core/compare/v5.0.1...v5.0.2) (2024-09-03)
+
+
+### Bug Fixes
+
+* **logging:** improve node core's debug logging ([#286](https://github.com/IBM/node-sdk-core/issues/286)) ([7bcb404](https://github.com/IBM/node-sdk-core/commit/7bcb404fa88592079571149c4b4224f97798f47d))
+
 ## [5.0.1](https://github.com/IBM/node-sdk-core/compare/v5.0.0...v5.0.1) (2024-08-14)
 
 

package/auth/authenticators/basic-authenticator.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/auth/authenticators/basic-authenticator.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -37,6 +37,7 @@ exports.BasicAuthenticator = void 0;
 var extend_1 = __importDefault(require("extend"));
 var helpers_1 = require("../utils/helpers");
 var authenticator_1 = require("./authenticator");
+var logger_1 = __importDefault(require("../../lib/logger"));
 /**
  * The BasicAuthenticator is used to add basic authentication information to
  *   requests.
@@ -79,6 +80,7 @@ var BasicAuthenticator = /** @class */ (function (_super) {
         var _this = this;
         return new Promise(function (resolve) {
             requestOptions.headers = (0, extend_1.default)(true, {}, requestOptions.headers, _this.authHeader);
+            logger_1.default.debug("Authenticated outbound request (type=".concat(_this.authenticationType(), ")"));
             resolve();
         });
     };

package/auth/authenticators/bearer-token-authenticator.js

@@ -37,6 +37,7 @@ exports.BearerTokenAuthenticator = void 0;
 var extend_1 = __importDefault(require("extend"));
 var helpers_1 = require("../utils/helpers");
 var authenticator_1 = require("./authenticator");
+var logger_1 = __importDefault(require("../../lib/logger"));
 /**
  * The BearerTokenAuthenticator will set a user-provided bearer token
  *   in requests.
@@ -84,6 +85,7 @@ var BearerTokenAuthenticator = /** @class */ (function (_super) {
         return new Promise(function (resolve) {
             var authHeader = { Authorization: "Bearer ".concat(_this.bearerToken) };
             requestOptions.headers = (0, extend_1.default)(true, {}, requestOptions.headers, authHeader);
+            logger_1.default.debug("Authenticated outbound request (type=".concat(_this.authenticationType(), ")"));
             resolve();
         });
     };

package/auth/authenticators/token-request-based-authenticator.js

@@ -37,6 +37,7 @@ exports.TokenRequestBasedAuthenticator = void 0;
 var extend_1 = __importDefault(require("extend"));
 var jwt_token_manager_1 = require("../token-managers/jwt-token-manager");
 var authenticator_1 = require("./authenticator");
+var logger_1 = __importDefault(require("../../lib/logger"));
 /**
  * Class for common functionality shared by token-request authenticators.
  * TokenRequestBasedAuthenticators use token managers to retrieve, store,
@@ -105,9 +106,11 @@ var TokenRequestBasedAuthenticator = /** @class */ (function (_super) {
      * @param requestOptions - The request to augment with authentication information.
      */
     TokenRequestBasedAuthenticator.prototype.authenticate = function (requestOptions) {
+        var _this = this;
         return this.tokenManager.getToken().then(function (token) {
             var authHeader = { Authorization: "Bearer ".concat(token) };
             requestOptions.headers = (0, extend_1.default)(true, {}, requestOptions.headers, authHeader);
+            logger_1.default.debug("Authenticated outbound request (type=".concat(_this.authenticationType(), ")"));
         });
     };
     return TokenRequestBasedAuthenticator;

package/auth/token-managers/cp4d-token-manager.js

@@ -38,6 +38,7 @@ var extend_1 = __importDefault(require("extend"));
 var helpers_1 = require("../utils/helpers");
 var build_user_agent_1 = require("../../lib/build-user-agent");
 var jwt_token_manager_1 = require("./jwt-token-manager");
+var logger_1 = __importDefault(require("../../lib/logger"));
 /**
  * Token Manager of CloudPak for data.
  *
@@ -99,7 +100,11 @@ var Cp4dTokenManager = /** @class */ (function (_super) {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger_1.default.debug("Invoking CP4D token service operation: ".concat(parameters.options.url));
+        return this.requestWrapperInstance.sendRequest(parameters).then(function (response) {
+            logger_1.default.debug('Returned from CP4D token service operation');
+            return response;
+        });
     };
     return Cp4dTokenManager;
 }(jwt_token_manager_1.JwtTokenManager));

package/auth/token-managers/iam-request-based-token-manager.js

@@ -168,7 +168,11 @@ var IamRequestBasedTokenManager = /** @class */ (function (_super) {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger_1.default.debug("Invoking IAM get_token operation: ".concat(parameters.options.url));
+        return this.requestWrapperInstance.sendRequest(parameters).then(function (response) {
+            logger_1.default.debug('Returned from IAM get_token operation');
+            return response;
+        });
     };
     /**
      * Returns true iff the currently-cached IAM access token is expired.

package/auth/token-managers/mcsp-token-manager.js

@@ -38,6 +38,7 @@ var extend_1 = __importDefault(require("extend"));
 var helpers_1 = require("../utils/helpers");
 var build_user_agent_1 = require("../../lib/build-user-agent");
 var jwt_token_manager_1 = require("./jwt-token-manager");
+var logger_1 = __importDefault(require("../../lib/logger"));
 /**
  * This is the path associated with the operation used to obtain
  * an access token from the MCSP token service.
@@ -90,7 +91,11 @@ var McspTokenManager = /** @class */ (function (_super) {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger_1.default.debug("Invoking MCSP token service operation: ".concat(parameters.options.url));
+        return this.requestWrapperInstance.sendRequest(parameters).then(function (response) {
+            logger_1.default.debug('Returned from MCSP token service operation');
+            return response;
+        });
     };
     return McspTokenManager;
 }(jwt_token_manager_1.JwtTokenManager));

package/auth/token-managers/token-manager.js

@@ -49,11 +49,13 @@ var TokenManager = /** @class */ (function () {
     TokenManager.prototype.getToken = function () {
         var _this = this;
         if (!this.accessToken || this.isTokenExpired()) {
-            // 1. request a new token
+            // 1. Need a new token.
+            logger_1.default.debug('Performing synchronous token refresh');
             return this.pacedRequestToken().then(function () { return _this.accessToken; });
         }
-        // If refresh needed, kick one off
         if (this.tokenNeedsRefresh()) {
+            // 2. Need to refresh the current (valid) token.
+            logger_1.default.debug('Performing background asynchronous token fetch');
             this.requestToken().then(function (tokenResponse) {
                 _this.saveTokenInfo(tokenResponse);
             }, function (err) {
@@ -67,7 +69,9 @@ var TokenManager = /** @class */ (function () {
                 logger_1.default.debug(err);
             });
         }
-        // 2. use valid, managed token
+        else {
+            logger_1.default.debug('Using cached access token');
+        }
         return Promise.resolve(this.accessToken);
     };
     /**

package/auth/token-managers/vpc-instance-token-manager.js

@@ -162,7 +162,10 @@ var VpcInstanceTokenManager = /** @class */ (function (_super) {
                             },
                         };
                         logger_1.default.debug("Invoking VPC 'create_iam_token' operation: ".concat(parameters.options.url));
-                        return [2 /*return*/, this.requestWrapperInstance.sendRequest(parameters)];
+                        return [2 /*return*/, this.requestWrapperInstance.sendRequest(parameters).then(function (response) {
+                                logger_1.default.debug("Returned from VPC 'create_iam_token' operation");
+                                return response;
+                            })];
                 }
             });
         });

package/auth/utils/read-external-sources.js

@@ -48,6 +48,7 @@ function getProperties(serviceName) {
     // 3. VCAP Services (Cloud Foundry)
     // only get properties from one source, return null if none found
     var properties = null;
+    logger_1.default.debug("Retrieving config properties for service '".concat(serviceName, "'"));
     properties = filterPropertiesByServiceName((0, file_reading_helpers_1.readCredentialsFile)(), serviceName);
     if ((0, helper_1.isEmptyObject)(properties)) {
         properties = filterPropertiesByServiceName(process.env, serviceName);
@@ -55,6 +56,7 @@ function getProperties(serviceName) {
     if ((0, helper_1.isEmptyObject)(properties)) {
         properties = getPropertiesFromVCAP(serviceName);
     }
+    logger_1.default.debug("Retrieved ".concat(Object.keys(properties).length, " properties"));
     return properties;
 }
 /**

package/es/auth/authenticators/basic-authenticator.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

package/es/auth/authenticators/basic-authenticator.js

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2024.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 import extend from 'extend';
 import { computeBasicAuthHeader, validateInput } from '../utils/helpers';
 import { Authenticator } from './authenticator';
+import logger from '../../lib/logger';
 /**
  * The BasicAuthenticator is used to add basic authentication information to
  *   requests.
@@ -55,6 +56,7 @@ export class BasicAuthenticator extends Authenticator {
     authenticate(requestOptions) {
         return new Promise((resolve) => {
             requestOptions.headers = extend(true, {}, requestOptions.headers, this.authHeader);
+            logger.debug(`Authenticated outbound request (type=${this.authenticationType()})`);
             resolve();
         });
     }

package/es/auth/authenticators/bearer-token-authenticator.js

@@ -16,6 +16,7 @@
 import extend from 'extend';
 import { validateInput } from '../utils/helpers';
 import { Authenticator } from './authenticator';
+import logger from '../../lib/logger';
 /**
  * The BearerTokenAuthenticator will set a user-provided bearer token
  *   in requests.
@@ -60,6 +61,7 @@ export class BearerTokenAuthenticator extends Authenticator {
         return new Promise((resolve) => {
             const authHeader = { Authorization: `Bearer ${this.bearerToken}` };
             requestOptions.headers = extend(true, {}, requestOptions.headers, authHeader);
+            logger.debug(`Authenticated outbound request (type=${this.authenticationType()})`);
             resolve();
         });
     }

package/es/auth/authenticators/token-request-based-authenticator.js

@@ -16,6 +16,7 @@
 import extend from 'extend';
 import { JwtTokenManager } from '../token-managers/jwt-token-manager';
 import { Authenticator } from './authenticator';
+import logger from '../../lib/logger';
 /**
  * Class for common functionality shared by token-request authenticators.
  * TokenRequestBasedAuthenticators use token managers to retrieve, store,
@@ -85,6 +86,7 @@ export class TokenRequestBasedAuthenticator extends Authenticator {
         return this.tokenManager.getToken().then((token) => {
             const authHeader = { Authorization: `Bearer ${token}` };
             requestOptions.headers = extend(true, {}, requestOptions.headers, authHeader);
+            logger.debug(`Authenticated outbound request (type=${this.authenticationType()})`);
         });
     }
 }

package/es/auth/token-managers/cp4d-token-manager.js

@@ -17,6 +17,7 @@ import extend from 'extend';
 import { validateInput } from '../utils/helpers';
 import { buildUserAgent } from '../../lib/build-user-agent';
 import { JwtTokenManager } from './jwt-token-manager';
+import logger from '../../lib/logger';
 /**
  * Token Manager of CloudPak for data.
  *
@@ -76,6 +77,10 @@ export class Cp4dTokenManager extends JwtTokenManager {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger.debug(`Invoking CP4D token service operation: ${parameters.options.url}`);
+        return this.requestWrapperInstance.sendRequest(parameters).then((response) => {
+            logger.debug('Returned from CP4D token service operation');
+            return response;
+        });
     }
 }

package/es/auth/token-managers/iam-request-based-token-manager.js

@@ -144,7 +144,11 @@ export class IamRequestBasedTokenManager extends JwtTokenManager {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger.debug(`Invoking IAM get_token operation: ${parameters.options.url}`);
+        return this.requestWrapperInstance.sendRequest(parameters).then((response) => {
+            logger.debug('Returned from IAM get_token operation');
+            return response;
+        });
     }
     /**
      * Returns true iff the currently-cached IAM access token is expired.

package/es/auth/token-managers/mcsp-token-manager.js

@@ -17,6 +17,7 @@ import extend from 'extend';
 import { validateInput } from '../utils/helpers';
 import { buildUserAgent } from '../../lib/build-user-agent';
 import { JwtTokenManager } from './jwt-token-manager';
+import logger from '../../lib/logger';
 /**
  * This is the path associated with the operation used to obtain
  * an access token from the MCSP token service.
@@ -67,6 +68,10 @@ export class McspTokenManager extends JwtTokenManager {
                 rejectUnauthorized: !this.disableSslVerification,
             },
         };
-        return this.requestWrapperInstance.sendRequest(parameters);
+        logger.debug(`Invoking MCSP token service operation: ${parameters.options.url}`);
+        return this.requestWrapperInstance.sendRequest(parameters).then((response) => {
+            logger.debug('Returned from MCSP token service operation');
+            return response;
+        });
     }
 }

package/es/auth/token-managers/token-manager.js

@@ -42,11 +42,13 @@ export class TokenManager {
      */
     getToken() {
         if (!this.accessToken || this.isTokenExpired()) {
-            // 1. request a new token
+            // 1. Need a new token.
+            logger.debug('Performing synchronous token refresh');
             return this.pacedRequestToken().then(() => this.accessToken);
         }
-        // If refresh needed, kick one off
         if (this.tokenNeedsRefresh()) {
+            // 2. Need to refresh the current (valid) token.
+            logger.debug('Performing background asynchronous token fetch');
             this.requestToken().then((tokenResponse) => {
                 this.saveTokenInfo(tokenResponse);
             }, (err) => {
@@ -60,7 +62,9 @@ export class TokenManager {
                 logger.debug(err);
             });
         }
-        // 2. use valid, managed token
+        else {
+            logger.debug('Using cached access token');
+        }
         return Promise.resolve(this.accessToken);
     }
     /**

package/es/auth/token-managers/vpc-instance-token-manager.js

@@ -108,7 +108,10 @@ export class VpcInstanceTokenManager extends JwtTokenManager {
                 },
             };
             logger.debug(`Invoking VPC 'create_iam_token' operation: ${parameters.options.url}`);
-            return this.requestWrapperInstance.sendRequest(parameters);
+            return this.requestWrapperInstance.sendRequest(parameters).then((response) => {
+                logger.debug(`Returned from VPC 'create_iam_token' operation`);
+                return response;
+            });
         });
     }
     getInstanceIdentityToken() {

package/es/auth/utils/read-external-sources.js

@@ -41,6 +41,7 @@ function getProperties(serviceName) {
     // 3. VCAP Services (Cloud Foundry)
     // only get properties from one source, return null if none found
     let properties = null;
+    logger.debug(`Retrieving config properties for service '${serviceName}'`);
     properties = filterPropertiesByServiceName(readCredentialsFile(), serviceName);
     if (isEmptyObject(properties)) {
         properties = filterPropertiesByServiceName(process.env, serviceName);
@@ -48,6 +49,7 @@ function getProperties(serviceName) {
     if (isEmptyObject(properties)) {
         properties = getPropertiesFromVCAP(serviceName);
     }
+    logger.debug(`Retrieved ${Object.keys(properties).length} properties`);
     return properties;
 }
 /**

package/es/lib/base-service.js

@@ -90,6 +90,7 @@ export class BaseService {
     setServiceUrl(url) {
         if (url) {
             this.baseOptions.serviceUrl = stripTrailingSlash(url);
+            logger.debug(`Set service URL: ${this.baseOptions.serviceUrl}`);
         }
     }
     /**
@@ -164,6 +165,7 @@ export class BaseService {
      * configuration.
      */
     configureService(serviceName) {
+        logger.debug(`Configuring BaseService instance with service name: ${serviceName}`);
         if (!serviceName) {
             const err = 'Error configuring service. Service name is required.';
             logger.error(err);

package/es/lib/private-helpers.d.ts

@@ -0,0 +1,22 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Redacts secrets found in "input" so that the resulting string
+ * is suitable for debug logging.
+ * @param input - the string that potentially contains secrets
+ * @returns the input string with secrets replaced with "[redacted]"
+ */
+export declare function redactSecrets(input: string): string;

package/es/lib/private-helpers.js

@@ -0,0 +1,58 @@
+/**
+ * (C) Copyright IBM Corp. 2024.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Keywords that should be redacted.
+const redactedKeywords = [
+    'apikey',
+    'api_key',
+    'passcode',
+    'password',
+    'token',
+    'aadClientId',
+    'aadClientSecret',
+    'auth',
+    'auth_provider_x509_cert_url',
+    'auth_uri',
+    'client_email',
+    'client_id',
+    'client_x509_cert_url',
+    'key',
+    'project_id',
+    'secret',
+    'subscriptionId',
+    'tenantId',
+    'thumbprint',
+    'token_uri',
+];
+const redactedTokens = redactedKeywords.join('|');
+// Pre-compiled regular expressions used by redactSecrets().
+const reAuthHeader = new RegExp(`^(Authorization|X-Auth\\S*): .*$`, 'gim');
+const rePropertySetting = new RegExp(`(${redactedTokens})=[^&]*(&|$)`, 'gi');
+const reJsonField = new RegExp(`"([^"]*(${redactedTokens})[^"_]*)":\\s*"[^\\,]*"`, 'gi');
+// RedactSecrets() returns the input string with secrets redacted.
+/**
+ * Redacts secrets found in "input" so that the resulting string
+ * is suitable for debug logging.
+ * @param input - the string that potentially contains secrets
+ * @returns the input string with secrets replaced with "[redacted]"
+ */
+export function redactSecrets(input) {
+    const redacted = '[redacted]';
+    let redactedString = input;
+    redactedString = redactedString.replace(reAuthHeader, `$1: ${redacted}`);
+    redactedString = redactedString.replace(rePropertySetting, `$1=${redacted}$2`);
+    redactedString = redactedString.replace(reJsonField, `"$1":"${redacted}"`);
+    return redactedString;
+}