benchmarks: clean up infra logs (#15198)

The response from curl could contain secrets for the test ephimeral cluster. There is no need to display it unless an error occurred, when we may need it for debugging purposes.
elastic · Jan 10, 2025 · 1261584 · 1261584
1 parent 2d205c5
commit 1261584
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/testing/infra/terraform/modules/ec_deployment/scripts/enable_features.tftpl b/testing/infra/terraform/modules/ec_deployment/scripts/enable_features.tftpl
@@ -23,7 +23,10 @@ echo $${POLICY} | jq '.item' | \
     jq 'select(.inputs[].policy_template == "apmserver").inputs[].vars.tail_sampling_storage_limit = {"value":"${tail_sampling_storage_limit}","type":"text"}' |\
     jq 'select(.inputs[].policy_template == "apmserver").inputs[].vars.tail_sampling_enabled = {type: "bool", value: ${enable_tail_sampling}}' > policy.json
 
-# Update the policy
-curl -s -H 'content-type: application/json' -H 'kbn-xsrf: true' -X PUT -k [email protected] -u $${KIBANA_AUTH} $${KIBANA_ENDPOINT}
+# Update the policy, hide output to prevent secret leakage.
+if ! curl -s -o response.txt -H 'content-type: application/json' -H 'kbn-xsrf: true' -X PUT -k [email protected] -u $${KIBANA_AUTH} $${KIBANA_ENDPOINT}; then
+  # If command failed print output to aid troubleshooting.
+  cat response.txt
+fi
 
 rm -f policy.json