Merge pull request #9840 from olcai/redact-influxdb-tokens
fix: redact influxdb tokens in logs and reduce log level
This commit is contained in:
Zaiming (Stone) Shi
GitHub
commit
7f66c6a9e2
|
|
@ -279,7 +279,7 @@ create(BridgeType, BridgeName, RawConf) ->
|
||||||
brige_action => create,
|
brige_action => create,
|
||||||
bridge_type => BridgeType,
|
bridge_type => BridgeType,
|
||||||
bridge_name => BridgeName,
|
bridge_name => BridgeName,
|
||||||
bridge_raw_config => RawConf
|
bridge_raw_config => emqx_misc:redact(RawConf)
|
||||||
}),
|
}),
|
||||||
emqx_conf:update(
|
emqx_conf:update(
|
||||||
emqx_bridge:config_key_path() ++ [BridgeType, BridgeName],
|
emqx_bridge:config_key_path() ++ [BridgeType, BridgeName],
|
||||||
|
|
|
||||||
|
|
@ -137,7 +137,7 @@ create(Type, Name, Conf, Opts0) ->
|
||||||
msg => "create bridge",
|
msg => "create bridge",
|
||||||
type => Type,
|
type => Type,
|
||||||
name => Name,
|
name => Name,
|
||||||
config => Conf
|
config => emqx_misc:redact(Conf)
|
||||||
}),
|
}),
|
||||||
Opts = override_start_after_created(Conf, Opts0),
|
Opts = override_start_after_created(Conf, Opts0),
|
||||||
{ok, _Data} = emqx_resource:create_local(
|
{ok, _Data} = emqx_resource:create_local(
|
||||||
|
|
@ -172,7 +172,7 @@ update(Type, Name, {OldConf, Conf}, Opts0) ->
|
||||||
msg => "update bridge",
|
msg => "update bridge",
|
||||||
type => Type,
|
type => Type,
|
||||||
name => Name,
|
name => Name,
|
||||||
config => Conf
|
config => emqx_misc:redact(Conf)
|
||||||
}),
|
}),
|
||||||
case recreate(Type, Name, Conf, Opts) of
|
case recreate(Type, Name, Conf, Opts) of
|
||||||
{ok, _} ->
|
{ok, _} ->
|
||||||
|
|
@ -182,7 +182,7 @@ update(Type, Name, {OldConf, Conf}, Opts0) ->
|
||||||
msg => "updating_a_non_existing_bridge",
|
msg => "updating_a_non_existing_bridge",
|
||||||
type => Type,
|
type => Type,
|
||||||
name => Name,
|
name => Name,
|
||||||
config => Conf
|
config => emqx_misc:redact(Conf)
|
||||||
}),
|
}),
|
||||||
create(Type, Name, Conf, Opts);
|
create(Type, Name, Conf, Opts);
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
|
|
|
||||||
|
|
@ -495,15 +495,15 @@ log_and_alarm(IsSuccess, Res, #{kind := ?APPLY_KIND_INITIATE} = Meta) ->
|
||||||
%% because nothing is committed
|
%% because nothing is committed
|
||||||
case IsSuccess of
|
case IsSuccess of
|
||||||
true ->
|
true ->
|
||||||
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_result", result => Res});
|
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_result", result => emqx_misc:redact(Res)});
|
||||||
false ->
|
false ->
|
||||||
?SLOG(warning, Meta#{msg => "cluster_rpc_apply_result", result => Res})
|
?SLOG(warning, Meta#{msg => "cluster_rpc_apply_result", result => emqx_misc:redact(Res)})
|
||||||
end;
|
end;
|
||||||
log_and_alarm(true, Res, Meta) ->
|
log_and_alarm(true, Res, Meta) ->
|
||||||
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_ok", result => Res}),
|
?SLOG(debug, Meta#{msg => "cluster_rpc_apply_ok", result => emqx_misc:redact(Res)}),
|
||||||
do_alarm(deactivate, Res, Meta);
|
do_alarm(deactivate, Res, Meta);
|
||||||
log_and_alarm(false, Res, Meta) ->
|
log_and_alarm(false, Res, Meta) ->
|
||||||
?SLOG(error, Meta#{msg => "cluster_rpc_apply_failed", result => Res}),
|
?SLOG(error, Meta#{msg => "cluster_rpc_apply_failed", result => emqx_misc:redact(Res)}),
|
||||||
do_alarm(activate, Res, Meta).
|
do_alarm(activate, Res, Meta).
|
||||||
|
|
||||||
do_alarm(Fun, Res, #{tnx_id := Id} = Meta) ->
|
do_alarm(Fun, Res, #{tnx_id := Id} = Meta) ->
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_conf, [
|
{application, emqx_conf, [
|
||||||
{description, "EMQX configuration management"},
|
{description, "EMQX configuration management"},
|
||||||
{vsn, "0.1.10"},
|
{vsn, "0.1.11"},
|
||||||
{registered, []},
|
{registered, []},
|
||||||
{mod, {emqx_conf_app, []}},
|
{mod, {emqx_conf_app, []}},
|
||||||
{applications, [kernel, stdlib]},
|
{applications, [kernel, stdlib]},
|
||||||
|
|
|
||||||
|
|
@ -487,7 +487,7 @@ start_resource(Data, From) ->
|
||||||
Actions = maybe_reply([{state_timeout, 0, health_check}], From, ok),
|
Actions = maybe_reply([{state_timeout, 0, health_check}], From, ok),
|
||||||
{next_state, connecting, UpdatedData, Actions};
|
{next_state, connecting, UpdatedData, Actions};
|
||||||
{error, Reason} = Err ->
|
{error, Reason} = Err ->
|
||||||
?SLOG(error, #{
|
?SLOG(warning, #{
|
||||||
msg => start_resource_failed,
|
msg => start_resource_failed,
|
||||||
id => Data#data.id,
|
id => Data#data.id,
|
||||||
reason => Reason
|
reason => Reason
|
||||||
|
|
@ -546,7 +546,7 @@ handle_connected_health_check(Data) ->
|
||||||
Actions = [{state_timeout, health_check_interval(Data#data.opts), health_check}],
|
Actions = [{state_timeout, health_check_interval(Data#data.opts), health_check}],
|
||||||
{keep_state, UpdatedData, Actions};
|
{keep_state, UpdatedData, Actions};
|
||||||
(Status, UpdatedData) ->
|
(Status, UpdatedData) ->
|
||||||
?SLOG(error, #{
|
?SLOG(warning, #{
|
||||||
msg => health_check_failed,
|
msg => health_check_failed,
|
||||||
id => Data#data.id,
|
id => Data#data.id,
|
||||||
status => Status
|
status => Status
|
||||||
|
|
|
||||||
|
|
@ -200,15 +200,15 @@ start_client(InstId, Config) ->
|
||||||
?SLOG(info, #{
|
?SLOG(info, #{
|
||||||
msg => "starting influxdb connector",
|
msg => "starting influxdb connector",
|
||||||
connector => InstId,
|
connector => InstId,
|
||||||
config => Config,
|
config => emqx_misc:redact(Config),
|
||||||
client_config => ClientConfig
|
client_config => emqx_misc:redact(ClientConfig)
|
||||||
}),
|
}),
|
||||||
try
|
try
|
||||||
do_start_client(InstId, ClientConfig, Config)
|
do_start_client(InstId, ClientConfig, Config)
|
||||||
catch
|
catch
|
||||||
E:R:S ->
|
E:R:S ->
|
||||||
?tp(influxdb_connector_start_exception, #{error => {E, R}}),
|
?tp(influxdb_connector_start_exception, #{error => {E, R}}),
|
||||||
?SLOG(error, #{
|
?SLOG(warning, #{
|
||||||
msg => "start influxdb connector error",
|
msg => "start influxdb connector error",
|
||||||
connector => InstId,
|
connector => InstId,
|
||||||
error => E,
|
error => E,
|
||||||
|
|
@ -236,16 +236,16 @@ do_start_client(
|
||||||
?SLOG(info, #{
|
?SLOG(info, #{
|
||||||
msg => "starting influxdb connector success",
|
msg => "starting influxdb connector success",
|
||||||
connector => InstId,
|
connector => InstId,
|
||||||
client => Client,
|
client => redact_auth(Client),
|
||||||
state => State
|
state => redact_auth(State)
|
||||||
}),
|
}),
|
||||||
{ok, State};
|
{ok, State};
|
||||||
false ->
|
false ->
|
||||||
?tp(influxdb_connector_start_failed, #{error => influxdb_client_not_alive}),
|
?tp(influxdb_connector_start_failed, #{error => influxdb_client_not_alive}),
|
||||||
?SLOG(error, #{
|
?SLOG(warning, #{
|
||||||
msg => "starting influxdb connector failed",
|
msg => "starting influxdb connector failed",
|
||||||
connector => InstId,
|
connector => InstId,
|
||||||
client => Client,
|
client => redact_auth(Client),
|
||||||
reason => "client is not alive"
|
reason => "client is not alive"
|
||||||
}),
|
}),
|
||||||
%% no leak
|
%% no leak
|
||||||
|
|
@ -257,13 +257,13 @@ do_start_client(
|
||||||
?SLOG(info, #{
|
?SLOG(info, #{
|
||||||
msg => "restarting influxdb connector, found already started client",
|
msg => "restarting influxdb connector, found already started client",
|
||||||
connector => InstId,
|
connector => InstId,
|
||||||
old_client => Client0
|
old_client => redact_auth(Client0)
|
||||||
}),
|
}),
|
||||||
_ = influxdb:stop_client(Client0),
|
_ = influxdb:stop_client(Client0),
|
||||||
do_start_client(InstId, ClientConfig, Config);
|
do_start_client(InstId, ClientConfig, Config);
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?tp(influxdb_connector_start_failed, #{error => Reason}),
|
?tp(influxdb_connector_start_failed, #{error => Reason}),
|
||||||
?SLOG(error, #{
|
?SLOG(warning, #{
|
||||||
msg => "starting influxdb connector failed",
|
msg => "starting influxdb connector failed",
|
||||||
connector => InstId,
|
connector => InstId,
|
||||||
reason => Reason
|
reason => Reason
|
||||||
|
|
@ -340,6 +340,14 @@ password(#{password := Password}) ->
|
||||||
password(_) ->
|
password(_) ->
|
||||||
[].
|
[].
|
||||||
|
|
||||||
|
redact_auth(Term) ->
|
||||||
|
emqx_misc:redact(Term, fun is_auth_key/1).
|
||||||
|
|
||||||
|
is_auth_key(Key) when is_binary(Key) ->
|
||||||
|
string:equal("authorization", Key, true);
|
||||||
|
is_auth_key(_) ->
|
||||||
|
false.
|
||||||
|
|
||||||
%% -------------------------------------------------------------------------------------------------
|
%% -------------------------------------------------------------------------------------------------
|
||||||
%% Query
|
%% Query
|
||||||
do_query(InstId, Client, Points) ->
|
do_query(InstId, Client, Points) ->
|
||||||
|
|
@ -623,6 +631,13 @@ is_unrecoverable_error(_) ->
|
||||||
-ifdef(TEST).
|
-ifdef(TEST).
|
||||||
-include_lib("eunit/include/eunit.hrl").
|
-include_lib("eunit/include/eunit.hrl").
|
||||||
|
|
||||||
|
is_auth_key_test_() ->
|
||||||
|
[
|
||||||
|
?_assert(is_auth_key(<<"Authorization">>)),
|
||||||
|
?_assertNot(is_auth_key(<<"Something">>)),
|
||||||
|
?_assertNot(is_auth_key(89))
|
||||||
|
].
|
||||||
|
|
||||||
%% for coverage
|
%% for coverage
|
||||||
desc_test_() ->
|
desc_test_() ->
|
||||||
[
|
[
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue