yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9840 from olcai/redact-influxdb-tokens 

fix: redact influxdb tokens in logs and reduce log level
This commit is contained in:
Zaiming (Stone) Shi 2023-01-28 11:47:36 +01:00 committed by GitHub
parent 6a58bafcb0 1f235ffee9
commit 7f66c6a9e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 35 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_bridge/src/emqx_bridge.erl
View File

@ -279,7 +279,7 @@ create(BridgeType, BridgeName, RawConf) ->
brige_action => create,
bridge_type => BridgeType,
bridge_name => BridgeName,
bridge_raw_config => RawConf
bridge_raw_config => emqx_misc:redact(RawConf)
}),
emqx_conf:update(
emqx_bridge:config_key_path() ++ [BridgeType, BridgeName],

6
apps/emqx_bridge/src/emqx_bridge_resource.erl
View File

@ -137,7 +137,7 @@ create(Type, Name, Conf, Opts0) ->
msg => "create bridge",
type => Type,
name => Name,
config => Conf
config => emqx_misc:redact(Conf)
}),
Opts = override_start_after_created(Conf, Opts0),
{ok, _Data} = emqx_resource:create_local(
@ -172,7 +172,7 @@ update(Type, Name, {OldConf, Conf}, Opts0) ->
msg => "update bridge",
type => Type,
name => Name,
config => Conf
config => emqx_misc:redact(Conf)
}),
case recreate(Type, Name, Conf, Opts) of
{ok, _} ->
@ -182,7 +182,7 @@ update(Type, Name, {OldConf, Conf}, Opts0) ->
msg => "updating_a_non_existing_bridge",
type => Type,
name => Name,
config => Conf
config => emqx_misc:redact(Conf)
}),
create(Type, Name, Conf, Opts);
{error, Reason} ->

8
apps/emqx_conf/src/emqx_cluster_rpc.erl
View File

@ -495,15 +495,15 @@ log_and_alarm(IsSuccess, Res, #{kind := ?APPLY_KIND_INITIATE} = Meta) ->
%% because nothing is committed
case IsSuccess of
true ->
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_result", result => Res});
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_result", result => emqx_misc:redact(Res)});
false ->
?SLOG(warning, Meta#{msg => "cluster_rpc_apply_result", result => Res})
?SLOG(warning, Meta#{msg => "cluster_rpc_apply_result", result => emqx_misc:redact(Res)})
end;
log_and_alarm(true, Res, Meta) ->
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_ok", result => Res}),
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_ok", result => emqx_misc:redact(Res)}),
do_alarm(deactivate, Res, Meta);
log_and_alarm(false, Res, Meta) ->
?SLOG(error, Meta#{msg => "cluster_rpc_apply_failed", result => Res}),
?SLOG(error, Meta#{msg => "cluster_rpc_apply_failed", result => emqx_misc:redact(Res)}),
do_alarm(activate, Res, Meta).
do_alarm(Fun, Res, #{tnx_id := Id} = Meta) ->

2
apps/emqx_conf/src/emqx_conf.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_conf, [
{description, "EMQX configuration management"},
{vsn, "0.1.10"},
{vsn, "0.1.11"},
{registered, []},
{mod, {emqx_conf_app, []}},
{applications, [kernel, stdlib]},

4
apps/emqx_resource/src/emqx_resource_manager.erl
View File

@ -487,7 +487,7 @@ start_resource(Data, From) ->
Actions = maybe_reply([{state_timeout, 0, health_check}], From, ok),
{next_state, connecting, UpdatedData, Actions};
{error, Reason} = Err ->
?SLOG(error, #{
?SLOG(warning, #{
msg => start_resource_failed,
id => Data#data.id,
reason => Reason
@ -546,7 +546,7 @@ handle_connected_health_check(Data) ->
Actions = [{state_timeout, health_check_interval(Data#data.opts), health_check}],
{keep_state, UpdatedData, Actions};
(Status, UpdatedData) ->
?SLOG(error, #{
?SLOG(warning, #{
msg => health_check_failed,
id => Data#data.id,
status => Status

33
lib-ee/emqx_ee_connector/src/emqx_ee_connector_influxdb.erl
View File

@ -200,15 +200,15 @@ start_client(InstId, Config) ->
?SLOG(info, #{
msg => "starting influxdb connector",
connector => InstId,
config => Config,
client_config => ClientConfig
config => emqx_misc:redact(Config),
client_config => emqx_misc:redact(ClientConfig)
}),
try
do_start_client(InstId, ClientConfig, Config)
catch
E:R:S ->
?tp(influxdb_connector_start_exception, #{error => {E, R}}),
?SLOG(error, #{
?SLOG(warning, #{
msg => "start influxdb connector error",
connector => InstId,
error => E,
@ -236,16 +236,16 @@ do_start_client(
?SLOG(info, #{
msg => "starting influxdb connector success",
connector => InstId,
client => Client,
state => State
client => redact_auth(Client),
state => redact_auth(State)
}),
{ok, State};
false ->
?tp(influxdb_connector_start_failed, #{error => influxdb_client_not_alive}),
?SLOG(error, #{
?SLOG(warning, #{
msg => "starting influxdb connector failed",
connector => InstId,
client => Client,
client => redact_auth(Client),
reason => "client is not alive"
}),
%% no leak
@ -257,13 +257,13 @@ do_start_client(
?SLOG(info, #{
msg => "restarting influxdb connector, found already started client",
connector => InstId,
old_client => Client0
old_client => redact_auth(Client0)
}),
_ = influxdb:stop_client(Client0),
do_start_client(InstId, ClientConfig, Config);
{error, Reason} ->
?tp(influxdb_connector_start_failed, #{error => Reason}),
?SLOG(error, #{
?SLOG(warning, #{
msg => "starting influxdb connector failed",
connector => InstId,
reason => Reason
@ -340,6 +340,14 @@ password(#{password := Password}) ->
password(_) ->
[].
redact_auth(Term) ->
emqx_misc:redact(Term, fun is_auth_key/1).
is_auth_key(Key) when is_binary(Key) ->
string:equal("authorization", Key, true);
is_auth_key(_) ->
false.
%% -------------------------------------------------------------------------------------------------
%% Query
do_query(InstId, Client, Points) ->
@ -623,6 +631,13 @@ is_unrecoverable_error(_) ->
-ifdef(TEST).
-include_lib("eunit/include/eunit.hrl").
is_auth_key_test_() ->
[
?_assert(is_auth_key(<<"Authorization">>)),
?_assertNot(is_auth_key(<<"Something">>)),
?_assertNot(is_auth_key(89))
].
%% for coverage
desc_test_() ->
[