99 p3 clean up sensitive log data (#239)

Fix logging of potentially sensitive data.

* Disable docker automation

kanidm_proto/src/v1.rs

@@ -332,13 +332,23 @@ impl ModifyRequest {
 //
 // On loginSuccess, we send a cookie, and that allows the token to be
 // generated. The cookie can be shared between servers.
-#[derive(Debug, Serialize, Deserialize)]
+#[derive(Serialize, Deserialize)]
 pub enum AuthCredential {
     Anonymous,
     Password(String),
     TOTP(u32),
 }
 
+impl fmt::Debug for AuthCredential {
+    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            AuthCredential::Anonymous => write!(fmt, "Anonymous"),
+            AuthCredential::Password(_) => write!(fmt, "Password(_)"),
+            AuthCredential::TOTP(_) => write!(fmt, "TOTP(_)"),
+        }
+    }
+}
+
 #[derive(Debug, Serialize, Deserialize)]
 pub enum AuthStep {
     // name, application id?

kanidmd/src/lib/async_log.rs

@@ -66,7 +66,7 @@ impl Handler<AuditScope> for EventLog {
     type Result = ();
 
     fn handle(&mut self, event: AuditScope, _: &mut SyncContext<Self>) -> Self::Result {
-        debug!("audit: {}", event);
+        info!("{}", event);
     }
 }
 

kanidmd/src/lib/entry.rs

@@ -252,7 +252,6 @@ fn compare_attrs(
 /// [`access`]: ../access/index.html
 /// [`event`]: ../event/index.html
 ///
-#[derive(Debug)]
 pub struct Entry<VALID, STATE> {
     valid: VALID,
     state: STATE,
@@ -260,6 +259,17 @@ pub struct Entry<VALID, STATE> {
     attrs: BTreeMap<String, BTreeSet<Value>>,
 }
 
+impl<VALID, STATE> std::fmt::Debug for Entry<VALID, STATE>
+where
+    STATE: std::fmt::Debug,
+{
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        f.debug_struct("Entry<EntrySealed, _>")
+            .field("state", &self.state)
+            .finish()
+    }
+}
+
 impl<STATE> std::fmt::Display for Entry<EntrySealed, STATE> {
     fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
         write!(f, "{}", self.get_uuid())
@@ -341,7 +351,14 @@ impl Entry<EntryInit, EntryNew> {
         es: &str,
         qs: &mut QueryServerWriteTransaction,
     ) -> Result<Self, OperationError> {
-        ltrace!(audit, "Parsing -> {}", es);
+        if cfg!(test) {
+            if es.len() > 256 {
+                let (dsp_es, _) = es.split_at(255);
+                ltrace!(audit, "Parsing -> {}...", dsp_es);
+            } else {
+                ltrace!(audit, "Parsing -> {}", es);
+            }
+        }
         // str -> Proto entry
         let pe: ProtoEntry = try_audit!(
             audit,

kanidmd/src/lib/idm/server.rs

@@ -130,7 +130,7 @@ impl<'a> IdmServerWriteTransaction<'a> {
         ae: &AuthEvent,
         ct: Duration,
     ) -> Result<AuthResult, OperationError> {
-        ltrace!(au, "Received AuthEvent -> {:?}", ae);
+        ltrace!(au, "Received -> {:?}", ae);
 
         // Match on the auth event, to see what we need to do.
 

kanidmd/src/lib/value.rs

@@ -202,13 +202,23 @@ impl fmt::Display for SyntaxType {
     }
 }
 
-#[derive(Debug, Clone)]
+#[derive(Clone)]
 pub enum DataValue {
     Cred(Credential),
     SshKey(String),
     RadiusCred(String),
 }
 
+impl std::fmt::Debug for DataValue {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        match self {
+            DataValue::Cred(_) => write!(f, "DataValue::Cred(_)"),
+            DataValue::SshKey(_) => write!(f, "DataValue::SshKey(_)"),
+            DataValue::RadiusCred(_) => write!(f, "DataValue::RadiusCred(_)"),
+        }
+    }
+}
+
 #[derive(Debug, Clone, Eq, Ord, PartialOrd, PartialEq, Deserialize, Serialize)]
 pub enum PartialValue {
     Utf8(String),