Make password prompting hide the string

2025-08-13 13:55:41 +00:00 · 2016-07-03 21:52:38 -07:00 · 2016-07-03 21:52:38 -07:00 · a79f714b1e
commit a79f714b1e
parent ba7f61c340
2 changed files with 30 additions and 13 deletions
--- a/pkg/client/unversioned/clientcmd/auth_loaders.go
+++ b/pkg/client/unversioned/clientcmd/auth_loaders.go
@ -23,6 +23,7 @@ import (
 	"io/ioutil"
 	"os"

+	"github.com/howeyc/gopass"
 	clientauth "k8s.io/kubernetes/pkg/client/unversioned/auth"
 )

@ -46,10 +47,13 @@ type PromptingAuthLoader struct {

 // LoadAuth parses an AuthInfo object from a file path. It prompts user and creates file if it doesn't exist.
 func (a *PromptingAuthLoader) LoadAuth(path string) (*clientauth.Info, error) {
-	var auth clientauth.Info
 	// Prompt for user/pass and write a file if none exists.
 	if _, err := os.Stat(path); os.IsNotExist(err) {
-		auth = *a.Prompt()
+		authPtr, err := a.Prompt()
+		auth := *authPtr
+		if err != nil {
+			return nil, err
+		}
 		data, err := json.Marshal(auth)
 		if err != nil {
 			return &auth, err
@ -65,19 +69,30 @@ func (a *PromptingAuthLoader) LoadAuth(path string) (*clientauth.Info, error) {
 }

 // Prompt pulls the user and password from a reader
-func (a *PromptingAuthLoader) Prompt() *clientauth.Info {
+func (a *PromptingAuthLoader) Prompt() (*clientauth.Info, error) {
+	var err error
 	auth := &clientauth.Info{}
-	auth.User = promptForString("Username", a.reader)
-	auth.Password = promptForString("Password", a.reader)
-
-	return auth
+	auth.User, err = promptForString("Username", a.reader, true)
+	if err != nil {
+		return nil, err
+	}
+	auth.Password, err = promptForString("Password", nil, false)
+	if err != nil {
+		return nil, err
+	}
+	return auth, nil
 }

-func promptForString(field string, r io.Reader) string {
+func promptForString(field string, r io.Reader, show bool) (result string, err error) {
 	fmt.Printf("Please enter %s: ", field)
-	var result string
-	fmt.Fscan(r, &result)
-	return result
+	if show {
+		_, err = fmt.Fscan(r, &result)
+	} else {
+		var data []byte
+		data, err = gopass.GetPasswdMasked()
+		result = string(data)
+	}
+	return result, err
 }

 // NewPromptingAuthLoader is an AuthLoader that parses an AuthInfo object from a file path. It prompts user and creates file if it doesn't exist.
--- a/pkg/client/unversioned/clientcmd/client_config.go
+++ b/pkg/client/unversioned/clientcmd/client_config.go
@ -195,8 +195,10 @@ func getUserIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo, fa
 	// if there still isn't enough information to authenticate the user, try prompting
 	if !canIdentifyUser(*mergedConfig) && (fallbackReader != nil) {
 		prompter := NewPromptingAuthLoader(fallbackReader)
-		promptedAuthInfo := prompter.Prompt()
-
+		promptedAuthInfo, err := prompter.Prompt()
+		if err != nil {
+			return nil, err
+		}
 		promptedConfig := makeUserIdentificationConfig(*promptedAuthInfo)
 		previouslyMergedConfig := mergedConfig
 		mergedConfig = &restclient.Config{}