From 8437e6a54ea5be9c2812815e1c30277cbf1f8d95 Mon Sep 17 00:00:00 2001
From: Chris Grindstaff <chris@gstaff.org>
Date: Thu, 3 Oct 2024 10:56:17 -0400
Subject: [PATCH] refactor: change auth credential script logging to debug

If a customer's script cmdPath contains credentials, do not log the exec.LookPath error since the cmdPath credentials may be logged too
---
 pkg/auth/auth.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index 0dbed20b1..ab5128207 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -132,7 +132,9 @@ func (c *Credentials) execScript(cmdPath string, kind string, timeout string, e
 	response := ScriptResponse{}
 	lookPath, err := exec.LookPath(cmdPath)
 	if err != nil {
-		return response, fmt.Errorf("script lookup failed kind=%s err=%w", kind, err)
+		c.logger.Debug("Failed to find script", slog.Any("err", err), slog.String("script", cmdPath), slog.String("kind", kind))
+		// Don't return the error, err, since it may contain credentials
+		return response, fmt.Errorf("script lookup failed kind=%s", kind)
 	}
 	if timeout == "" {
 		timeout = defaultTimeout