fix: hide new include-ims-annotation secrets

lib/common-templates/utils.js

@@ -24,12 +24,18 @@ governing permissions and limitations under the License.
  *
  */
 function stringParameters (params) {
+  // hide credentials from the include-ims-credentials annotation
+  let imsCredentials = params.__ims_oauth_s2s || {}
+  if (imsCredentials.client_secret) {
+    imsCredentials = { ...imsCredentials, client_secret: '<hidden>' }
+  }
   // hide authorization token without overriding params
   let headers = params.__ow_headers || {}
   if (headers.authorization) {
     headers = { ...headers, authorization: '<hidden>' }
   }
-  return JSON.stringify({ ...params, __ow_headers: headers })
+
+  return JSON.stringify({ ...params, __ow_headers: headers, __ims_oauth_s2s: imsCredentials })
 }
 
 /**

lib/common-templates/utils.test.js

@@ -60,6 +60,13 @@ describe('stringParameters', () => {
     expect(utils.stringParameters(params)).toEqual(expect.stringContaining('"authorization":"<hidden>"'))
     expect(utils.stringParameters(params)).not.toEqual(expect.stringContaining('secret'))
   })
+  test('with ims credentials', () => {
+    const params = {
+      a: 1, b: 2, __ims_oauth_s2s: { client_id: 'fake-client-id', client_secret: 'secret', org_id: 'fake@AdobeOrg' }
+    }
+    expect(utils.stringParameters(params)).toEqual(expect.stringContaining('"client_secret":"<hidden>"'))
+    expect(utils.stringParameters(params)).not.toEqual(expect.stringContaining('secret'))
+  })
 })
 
 describe('checkMissingRequestInputs', () => {