in commands/credential_scan.go [442:495]
func checkAzureProviderSecret(azureProvider hcl.AzureProvider, propertyName, propertyValue string, vars map[string]hcl.Variable) []CredScanError {
credScanErrors := make([]CredScanError, 0)
if !strings.HasPrefix(propertyValue, "$") || strings.HasPrefix(propertyValue, "$local.") {
credScanErr := makeCredScanErrorForProvider(
azureProvider,
"cannot use plain text or 'local' for secret, please follow https://github.com/Azure/armstrong/blob/main/docs/guidance-for-api-test.md#4-q-i-have-some-sensitive-information-in-the-test-case-how-to-hide-it to hide the secret values",
propertyName,
)
credScanErrors = append(credScanErrors, credScanErr)
logrus.Error(credScanErr)
return credScanErrors
}
if strings.HasPrefix(propertyValue, "$var.") {
varName := strings.TrimPrefix(propertyValue, "$var.")
varName = strings.Split(varName, ".")[0]
theVar, ok := vars[varName]
if !ok {
credScanErr := makeCredScanErrorForProvider(
azureProvider,
fmt.Sprintf("variable %q was not found, please follow https://github.com/Azure/armstrong/blob/main/docs/guidance-for-api-test.md#4-q-i-have-some-sensitive-information-in-the-test-case-how-to-hide-it to set the variable for secret values", varName),
propertyName,
)
credScanErrors = append(credScanErrors, credScanErr)
logrus.Error(credScanErr)
return credScanErrors
}
if theVar.HasDefault {
credScanErr := makeCredScanErrorForProvider(
azureProvider,
fmt.Sprintf("variable %q (%v:%v) used in secret field but has a default value, please follow https://github.com/Azure/armstrong/blob/main/docs/guidance-for-api-test.md#4-q-i-have-some-sensitive-information-in-the-test-case-how-to-hide-it to set the variable for secret values", varName, theVar.FileName, theVar.LineNumber),
propertyName,
)
credScanErrors = append(credScanErrors, credScanErr)
logrus.Error(credScanErr)
}
if !theVar.IsSensitive {
credScanErr := makeCredScanErrorForProvider(
azureProvider,
fmt.Sprintf("variable %q (%v:%v) used in secret field but is not marked as sensitive, please follow https://github.com/Azure/armstrong/blob/main/docs/guidance-for-api-test.md#4-q-i-have-some-sensitive-information-in-the-test-case-how-to-hide-it to set the variable for secret values", varName, theVar.FileName, theVar.LineNumber),
propertyName,
)
credScanErrors = append(credScanErrors, credScanErr)
logrus.Error(credScanErr)
}
}
return credScanErrors
}