From e873d4a9d8b9d1f132522fd7ebaaa91aa8e9452d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Carlos=20Mej=C3=ADas=20Rodr=C3=ADguez?=
 <juan.mejias@reduc.edu.cu>
Date: Sat, 24 Nov 2018 15:09:14 -0500
Subject: [PATCH] Add debug mode

---
 README.md |  6 ++++++
 psu       | 49 +++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 1abfbe3..c061f48 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,7 @@ This is particularly useful for CI/CD pipelines.
 - `PORTAINER_ENDPOINT` (int, optional): Which endpoint to use. Defaults to `1`.
 - `HTTPIE_VERIFY_SSL` ("yes" or "no", optional): Whether to verify SSL certificate or not. Defaults to `"yes"`.
 - `VERBOSE_MODE` ("true" or "false", optional): Whether to activate verbose output mode or not. Defaults to `"false"`.
+- `DEBUG_MODE` ("true" or "false", optional): Whether to activate debug output mode or not. Defaults to `"false"`. See [debug mode warning](#debug-mode) below.
 
 #### Examples
 
@@ -72,6 +73,7 @@ This is more suitable for standalone script usage.
 - `-e` (int, optional): Which endpoint to use. Defaults to `1`.
 - `-s` ("yes" or "no", optional): Whether to verify SSL certificate or not. Defaults to `"yes"`.
 - `-v` ("true" or "false", optional): Whether to activate verbose output mode or not. Defaults to `"false"`.
+- `-d` ("true" or "false", optional): Whether to activate debug output mode or not. Defaults to `"false"`. See [debug mode warning](#debug-mode) below.
 
 #### Examples
 
@@ -83,6 +85,10 @@ This is more suitable for standalone script usage.
 ./psu -a undeploy -u admin -p password -l http://portainer.local -n mystack
 ```
 
+### Debug mode
+
+**WARNING**: In debug mode the script prints as much information as possible, including configuration values (with portainer credentials) and Portainer API responses (with sensitive information like authentication token and stacks environment variables). Avoid using debug mode in CI/CD pipelines, as pipeline logs are usually recorded.
+
 ## License
 
 Source code contained by this project is licensed under the [GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.en.html). See [LICENSE](LICENSE) file for reference.
diff --git a/psu b/psu
index 8dc2fdc..8a27743 100755
--- a/psu
+++ b/psu
@@ -54,6 +54,18 @@ echo_verbose () {
   fi
 }
 
+#########################################
+# Print message if debug mode is active #
+# Arguments:                            #
+#   $1 Message                          #
+#########################################
+echo_debug () {
+  local message=$1
+  if [ $DEBUG_MODE == "true" ]; then
+    echo $message
+  fi
+}
+
 deploy () {
   STACK_YAML_PATH=$DOCKER_COMPOSE_FILE
 
@@ -72,20 +84,23 @@ deploy () {
     echo_verbose "Result: Stack $STACK_NAME not found."
 
     echo_verbose "Getting swarm cluster (if any)..."
-    SWARM_ID=$(http \
+    DOCKER_INFO=$(http \
       --check-status \
       --ignore-stdin \
       --verify=$HTTPIE_VERIFY_SSL \
       "$PORTAINER_URL/api/endpoints/$PORTAINER_ENDPOINT/docker/info" \
       "Authorization: Bearer $AUTH_TOKEN")
-    check_for_errors $? "$SWARM_ID"
-    SWARM_ID=$(echo $SWARM_ID | jq -r ".Swarm.Cluster.ID // empty")
+    check_for_errors $? "$DOCKER_INFO"
+    echo_debug "Docker info -> $DOCKER_INFO"
+    SWARM_ID=$(echo $DOCKER_INFO | jq -r ".Swarm.Cluster.ID // empty")
+    echo_debug "Swarm ID -> $SWARM_ID"
     
     echo_verbose "Creating stack $STACK_NAME..."
     if [ -z "$SWARM_ID" ];then
       DATA_PREFIX="{\"Name\":\"$STACK_NAME\",\"StackFileContent\":\""
       DATA_SUFFIX="\"}"
       echo "$DATA_PREFIX$STACK_YAML_CONTENT$DATA_SUFFIX" > json.tmp
+      echo_debug "Stack JSON -> $DATA_PREFIX$STACK_YAML_CONTENT$DATA_SUFFIX"
 
       CREATE=$(http \
         --check-status \
@@ -98,10 +113,12 @@ deploy () {
         method==string \
         endpointId==$PORTAINER_ENDPOINT \
         @json.tmp)
+      echo_debug "Create action response -> $CREATE"
     else
       DATA_PREFIX="{\"Name\":\"$STACK_NAME\",\"SwarmID\":\"$SWARM_ID\",\"StackFileContent\":\""
       DATA_SUFFIX="\"}"
       echo "$DATA_PREFIX$STACK_YAML_CONTENT$DATA_SUFFIX" > json.tmp
+      echo_debug "Stack JSON -> $DATA_PREFIX$STACK_YAML_CONTENT$DATA_SUFFIX"
 
       CREATE=$(http \
         --check-status \
@@ -114,6 +131,7 @@ deploy () {
         method==string \
         endpointId==$PORTAINER_ENDPOINT \
         @json.tmp)
+      echo_debug "Create action response -> $CREATE"
     fi
     check_for_errors $? "$CREATE"
 
@@ -126,6 +144,7 @@ deploy () {
     DATA_PREFIX="{\"Id\":\"$STACK_ID\",\"StackFileContent\":\""
     DATA_SUFFIX="\",\"Env\":"$STACK_ENV_VARS",\"Prune\":$PORTAINER_PRUNE}"
     echo "$DATA_PREFIX$STACK_YAML_CONTENT$DATA_SUFFIX" > json.tmp
+    echo_debug "Stack JSON -> $DATA_PREFIX$STACK_YAML_CONTENT$DATA_SUFFIX"
     
     echo_verbose "Updating stack $STACK_NAME..."
     UPDATE=$(http \
@@ -137,6 +156,7 @@ deploy () {
       "Authorization: Bearer $AUTH_TOKEN" \
       endpointId==$PORTAINER_ENDPOINT \
       @json.tmp)
+    echo_debug "Update action response -> $UPDATE"
     check_for_errors $? "$UPDATE"
     
     rm json.tmp
@@ -152,6 +172,7 @@ undeploy () {
   echo_verbose "Result: Stack $STACK_NAME found."
 
   STACK_ID="$(echo "$STACK" | jq -j ".Id")"
+  echo_debug "Stack ID -> $STACK_ID"
 
   echo_verbose "Deleting stack $STACK_NAME..."
   DELETE=$(http \
@@ -159,6 +180,7 @@ undeploy () {
     --verify=$HTTPIE_VERIFY_SSL \
     DELETE "$PORTAINER_URL/api/stacks/$STACK_ID" \
     "Authorization: Bearer $AUTH_TOKEN")
+  echo_debug "Delete action response -> $UPDATE"
   check_for_errors $? "$DELETE"
   echo_verbose "Done"
 }
@@ -174,9 +196,10 @@ PORTAINER_ENDPOINT=${PORTAINER_ENDPOINT:-"1"}
 PORTAINER_PRUNE=${PORTAINER_PRUNE:-"false"}
 HTTPIE_VERIFY_SSL=${HTTPIE_VERIFY_SSL:-"yes"}
 VERBOSE_MODE=${VERBOSE_MODE:-"false"}
+DEBUG_MODE=${DEBUG_MODE:-"false"}
 
 # Set arguments through flags
-while getopts a:u:p:l:n:c:e:rsv option; do
+while getopts a:u:p:l:n:c:e:rsvd option; do
   case "${option}" in
     a) ACTION=${OPTARG} ;;
     u) PORTAINER_USER=${OPTARG} ;;
@@ -188,9 +211,23 @@ while getopts a:u:p:l:n:c:e:rsv option; do
     r) PORTAINER_PRUNE="true" ;;
     s) HTTPIE_VERIFY_SSL="no" ;;
     v) VERBOSE_MODE="true" ;;
+    d) DEBUG_MODE="true" ;;
   esac
 done
 
+# Print config
+echo_debug "ACTION -> $ACTION"
+echo_debug "PORTAINER_USER -> $PORTAINER_USER"
+echo_debug "PORTAINER_PASSWORD -> $PORTAINER_PASSWORD"
+echo_debug "PORTAINER_URL -> $PORTAINER_URL"
+echo_debug "PORTAINER_STACK_NAME -> $PORTAINER_STACK_NAME"
+echo_debug "DOCKER_COMPOSE_FILE -> $DOCKER_COMPOSE_FILE"
+echo_debug "PORTAINER_ENDPOINT -> $PORTAINER_ENDPOINT"
+echo_debug "PORTAINER_PRUNE -> $PORTAINER_PRUNE"
+echo_debug "HTTPIE_VERIFY_SSL -> $HTTPIE_VERIFY_SSL"
+echo_debug "VERBOSE_MODE -> $VERBOSE_MODE"
+echo_debug "DEBUG_MODE -> $DEBUG_MODE"
+
 # Check required arguments have been provided
 check_argument "$ACTION" "action" "ACTION" "a"
 check_argument "$PORTAINER_USER" "portainer user" "PORTAINER_USER" "u"
@@ -208,8 +245,10 @@ AUTH_TOKEN=$(http \
   $PORTAINER_URL/api/auth \
   username=$PORTAINER_USER \
   password=$PORTAINER_PASSWORD)
+echo_debug "Get auth token response -> $AUTH_TOKEN"
 check_for_errors $? "$AUTH_TOKEN"
 AUTH_TOKEN=$(echo $AUTH_TOKEN | jq -r .jwt)
+echo_debug "Auth token -> $AUTH_TOKEN"
 echo_verbose "Done"
 
 echo_verbose "Getting stack $STACK_NAME..."
@@ -219,10 +258,12 @@ STACKS=$(http \
   --verify=$HTTPIE_VERIFY_SSL \
   "$PORTAINER_URL/api/stacks" \
   "Authorization: Bearer $AUTH_TOKEN")
+echo_debug "Get stacks response -> $STACKS"
 check_for_errors $? "$STACKS"
 
 STACK=$(echo "$STACKS" \
   | jq --arg STACK_NAME "$STACK_NAME" -jc '.[] | select(.Name == $STACK_NAME)')
+echo_debug "Stack -> $STACK"
 
 if [ $ACTION == "deploy" ]; then
   check_argument "$DOCKER_COMPOSE_FILE" "docker compose file" "DOCKER_COMPOSE_FILE" "c"