From dbe2eb2afc32ba1ec5c1d4bb54e4ede56d651a6d Mon Sep 17 00:00:00 2001
From: Roman Vynar <roman.vynar@goquiq.com>
Date: Fri, 2 Jun 2017 00:14:23 +0300
Subject: [PATCH] Hide consul token on UI. (#2797)

---
 config/config.go              | 2 +-
 config/config_test.go         | 3 ++-
 config/testdata/conf.good.yml | 1 +
 discovery/consul/consul.go    | 2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/config/config.go b/config/config.go
index ee088fe99b..26bffc4437 100644
--- a/config/config.go
+++ b/config/config.go
@@ -835,7 +835,7 @@ func (c *FileSDConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
 // ConsulSDConfig is the configuration for Consul service discovery.
 type ConsulSDConfig struct {
 	Server       string `yaml:"server"`
-	Token        string `yaml:"token,omitempty"`
+	Token        Secret `yaml:"token,omitempty"`
 	Datacenter   string `yaml:"datacenter,omitempty"`
 	TagSeparator string `yaml:"tag_separator,omitempty"`
 	Scheme       string `yaml:"scheme,omitempty"`
diff --git a/config/config_test.go b/config/config_test.go
index 563fbb03de..0282deb0e5 100644
--- a/config/config_test.go
+++ b/config/config_test.go
@@ -247,6 +247,7 @@ var expectedConf = &Config{
 				ConsulSDConfigs: []*ConsulSDConfig{
 					{
 						Server:       "localhost:1234",
+						Token:        "mysecret",
 						Services:     []string{"nginx", "cache", "mysql"},
 						TagSeparator: DefaultConsulSDConfig.TagSeparator,
 						Scheme:       "https",
@@ -542,7 +543,7 @@ func TestLoadConfig(t *testing.T) {
 	s := c.String()
 	secretRe := regexp.MustCompile("<secret>")
 	matches := secretRe.FindAllStringIndex(s, -1)
-	if len(matches) != 5 || strings.Contains(s, "mysecret") {
+	if len(matches) != 6 || strings.Contains(s, "mysecret") {
 		t.Fatalf("config's String method reveals authentication credentials.")
 	}
 
diff --git a/config/testdata/conf.good.yml b/config/testdata/conf.good.yml
index cb221b461a..69c9cdc880 100644
--- a/config/testdata/conf.good.yml
+++ b/config/testdata/conf.good.yml
@@ -113,6 +113,7 @@ scrape_configs:
 
   consul_sd_configs:
   - server: 'localhost:1234'
+    token: mysecret
     services: ['nginx', 'cache', 'mysql']
     scheme: https
     tls_config:
diff --git a/discovery/consul/consul.go b/discovery/consul/consul.go
index 955c6924c4..d842ca2813 100644
--- a/discovery/consul/consul.go
+++ b/discovery/consul/consul.go
@@ -105,7 +105,7 @@ func NewDiscovery(conf *config.ConsulSDConfig, logger log.Logger) (*Discovery, e
 		Address:    conf.Server,
 		Scheme:     conf.Scheme,
 		Datacenter: conf.Datacenter,
-		Token:      conf.Token,
+		Token:      string(conf.Token),
 		HttpAuth: &consul.HttpBasicAuth{
 			Username: conf.Username,
 			Password: string(conf.Password),