cscli: hide hashed api keys (#2874)

* cscli: hide hashed api keys
* lint

docker/test/tests/test_bouncer.py

@@ -36,8 +36,6 @@ def test_register_bouncer_env(crowdsec, flavor):
         bouncer1, bouncer2 = j
         assert bouncer1['name'] == 'bouncer1name'
         assert bouncer2['name'] == 'bouncer2name'
-        assert bouncer1['api_key'] == hex512('bouncer1key')
-        assert bouncer2['api_key'] == hex512('bouncer2key')
 
         # add a second bouncer at runtime
         res = cs.cont.exec_run('cscli bouncers add bouncer3name -k bouncer3key')
@@ -48,7 +46,6 @@ def test_register_bouncer_env(crowdsec, flavor):
         assert len(j) == 3
         bouncer3 = j[2]
         assert bouncer3['name'] == 'bouncer3name'
-        assert bouncer3['api_key'] == hex512('bouncer3key')
 
         # remove all bouncers
         res = cs.cont.exec_run('cscli bouncers delete bouncer1name bouncer2name bouncer3name')

pkg/database/bouncers.go

@@ -33,6 +33,7 @@ func (c *Client) ListBouncers() ([]*ent.Bouncer, error) {
 	if err != nil {
 		return nil, errors.Wrapf(QueryFail, "listing bouncers: %s", err)
 	}
+
 	return result, nil
 }
 
@@ -48,8 +49,10 @@ func (c *Client) CreateBouncer(name string, ipAddr string, apiKey string, authTy
 		if ent.IsConstraintError(err) {
 			return nil, fmt.Errorf("bouncer %s already exists", name)
 		}
-		return nil, fmt.Errorf("unable to create bouncer: %s", err)
+
+		return nil, fmt.Errorf("unable to create bouncer: %w", err)
 	}
+
 	return bouncer, nil
 }
 
@@ -63,7 +66,7 @@ func (c *Client) DeleteBouncer(name string) error {
 	}
 
 	if nbDeleted == 0 {
-		return fmt.Errorf("bouncer doesn't exist")
+		return errors.New("bouncer doesn't exist")
 	}
 
 	return nil
@@ -74,36 +77,41 @@ func (c *Client) BulkDeleteBouncers(bouncers []*ent.Bouncer) (int, error) {
 	for i, b := range bouncers {
 		ids[i] = b.ID
 	}
+
 	nbDeleted, err := c.Ent.Bouncer.Delete().Where(bouncer.IDIn(ids...)).Exec(c.CTX)
 	if err != nil {
-		return nbDeleted, fmt.Errorf("unable to delete bouncers: %s", err)
+		return nbDeleted, fmt.Errorf("unable to delete bouncers: %w", err)
 	}
+
 	return nbDeleted, nil
 }
 
-func (c *Client) UpdateBouncerLastPull(lastPull time.Time, ID int) error {
-	_, err := c.Ent.Bouncer.UpdateOneID(ID).
+func (c *Client) UpdateBouncerLastPull(lastPull time.Time, id int) error {
+	_, err := c.Ent.Bouncer.UpdateOneID(id).
 		SetLastPull(lastPull).
 		Save(c.CTX)
 	if err != nil {
-		return fmt.Errorf("unable to update machine last pull in database: %s", err)
+		return fmt.Errorf("unable to update machine last pull in database: %w", err)
 	}
+
 	return nil
 }
 
-func (c *Client) UpdateBouncerIP(ipAddr string, ID int) error {
-	_, err := c.Ent.Bouncer.UpdateOneID(ID).SetIPAddress(ipAddr).Save(c.CTX)
+func (c *Client) UpdateBouncerIP(ipAddr string, id int) error {
+	_, err := c.Ent.Bouncer.UpdateOneID(id).SetIPAddress(ipAddr).Save(c.CTX)
 	if err != nil {
-		return fmt.Errorf("unable to update bouncer ip address in database: %s", err)
+		return fmt.Errorf("unable to update bouncer ip address in database: %w", err)
 	}
+
 	return nil
 }
 
-func (c *Client) UpdateBouncerTypeAndVersion(bType string, version string, ID int) error {
-	_, err := c.Ent.Bouncer.UpdateOneID(ID).SetVersion(version).SetType(bType).Save(c.CTX)
+func (c *Client) UpdateBouncerTypeAndVersion(bType string, version string, id int) error {
+	_, err := c.Ent.Bouncer.UpdateOneID(id).SetVersion(version).SetType(bType).Save(c.CTX)
 	if err != nil {
-		return fmt.Errorf("unable to update bouncer type and version in database: %s", err)
+		return fmt.Errorf("unable to update bouncer type and version in database: %w", err)
 	}
+
 	return nil
 }
 

pkg/database/ent/schema/bouncer.go

@@ -21,7 +21,7 @@ func (Bouncer) Fields() []ent.Field {
 			Default(types.UtcNow).
 			UpdateDefault(types.UtcNow).Nillable().Optional().StructTag(`json:"updated_at"`),
 		field.String("name").Unique().StructTag(`json:"name"`),
-		field.String("api_key").StructTag(`json:"api_key"`), // hash of api_key
+		field.String("api_key").Sensitive(), // hash of api_key
 		field.Bool("revoked").StructTag(`json:"revoked"`),
 		field.String("ip_address").Default("").Optional().StructTag(`json:"ip_address"`),
 		field.String("type").Optional().StructTag(`json:"type"`),