EOS: Hides MACsec Key

[krisamundson]

Pre-Request Checklist

• Passes rubocop code analysis (try rubocop --auto-correct)
• Tests added or adapted (try rake test)
• Changes are reflected in the documentation
• User-visible changes appended to CHANGELOG.md

Description

Hides macsec secret key: the CKN and CAK.

• Original Syntax Example

    mac security
       fips restrictions
       !
       profile default
          cipher aes256-gcm-xpn
          key 1ffab311 7 00C655A8E47F0E4756B32767F7C9A34854716C7F33F2E948A39CA9C00D0D0A0330
          mka session rekey-period 3600
          l2-protocol lldp bypass

• Replacement Syntax Example

    mac security
       fips restrictions
       !
       profile default
          cipher aes256-gcm-xpn
          key <secret hidden>
          mka session rekey-period 3600
          l2-protocol lldp bypass

[codecov-io]

Codecov Report

Merging #2014 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #2014   +/-   ##
=======================================
  Coverage   63.32%   63.32%           
=======================================
  Files          30       30           
  Lines        1497     1497           
=======================================
  Hits          948      948           
  Misses        549      549

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update da23915...d783293. Read the comment docs.

[ytti]

The change looks fine to me, I'm not too interested in secret hiding, I think it's antiapattern but people expect it because rancid did it, so we have it. So looks OK to me. But we do not want to tie this with release of new version so please just change the change log for master and keep version as is.

We will build docker container nontheless for every commit and those docker container version strings will include the commit hash.

[wk]

I've reverted the version.rb changes and updated CHANGELOG.md to make this ready to pull in.

@krisamundson is there any reason why the key is matched as \S and not as \h, seeing how it appears to be HEX? Are there other improvements that can be made to constrain the regexp to make sure it never hits a false positive?

[wk]

This looks good to me now, let me know if you are happy with this change set and I'll merge it in!

[krisamundson]

+1 from me. Thanks for the quick turnaround and improving my regex-fu.