From 820e26720e1ce6de3fd402970c0e8167d2b4e5e2 Mon Sep 17 00:00:00 2001
From: Marcos Marx <marcosmarxm@users.noreply.github.com>
Date: Thu, 11 Aug 2022 13:42:32 -0400
Subject: [PATCH] CI Credentials Validation: correct condition for non-string
 type and add tests (#15562)

* correct condition and tests

* add eof
---
 .../ci_credentials/secrets_loader.py              |  2 +-
 tools/ci_credentials/tests/test_secrets.py        | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/tools/ci_credentials/ci_credentials/secrets_loader.py b/tools/ci_credentials/ci_credentials/secrets_loader.py
index 4cf8b70f092ac..60979c96b1be9 100644
--- a/tools/ci_credentials/ci_credentials/secrets_loader.py
+++ b/tools/ci_credentials/ci_credentials/secrets_loader.py
@@ -145,7 +145,7 @@ def mask_secrets_from_action_log(self, key, value):
                 for pattern in MASK_KEY_PATTERNS:
                     if re.search(pattern, key):
                         self.logger.info(f"Add mask for key: {key}")
-                        for line in value.splitlines():
+                        for line in str(value).splitlines():
                             line = str(line).strip()
                             # don't output } and such
                             if len(line) > 1 and not os.getenv("VERSION") == "dev":
diff --git a/tools/ci_credentials/tests/test_secrets.py b/tools/ci_credentials/tests/test_secrets.py
index b0436d13e4d21..db502e20b5d6b 100644
--- a/tools/ci_credentials/tests/test_secrets.py
+++ b/tools/ci_credentials/tests/test_secrets.py
@@ -3,6 +3,7 @@
 import re
 import shutil
 import tempfile
+import sys
 from pathlib import Path
 from unittest.mock import patch
 
@@ -166,3 +167,17 @@ def test_write(connector_name, secrets, expected_files):
                 has = True
                 break
         assert has, f"incorrect file data: {target_file}"
+
+
+@pytest.mark.parametrize(
+    "connector_name,dict_json_value,expected_secret",
+    (
+            ("source-default", "{\"org_id\": 111}", "::add-mask::111"),
+            ("source-default", "{\"org\": 111}", ""),
+    )
+)
+def test_validate_mask_values(connector_name, dict_json_value, expected_secret, capsys):
+    loader = SecretsLoader(connector_name=connector_name, gsm_credentials={})
+    json_value = json.loads(dict_json_value)
+    loader.mask_secrets_from_action_log(None, json_value)
+    assert expected_secret in capsys.readouterr().out