Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

br: redact secret strings when logging arguments (#57593) #57602

Open
wants to merge 2 commits into
base: release-7.1
Choose a base branch
from
Open

br: redact secret strings when logging arguments (#57593) #57602

wants to merge 2 commits into from
+49 −8

Conversation

ti-chi-bot
Copy link
Member

This is an automated cherry-pick of #57593

What problem does this PR solve?

Issue Number: close #57585

Problem Summary: Some values from the command line are not properly redacted.

What changed and how does it work?

In additional to the existing handling for --storage, we also apply redaction to the following parameters:

  • --full-backup-storage
  • --crypter.key
  • --log.crypter.key
  • --azblob.encryption-key
  • --master-key (the current implementation of this may be too conservative)

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No need to test
    • I checked and no code files have been changed.

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

When invoking BR in command line with secret keys passed directly from arguments, they are no longer printed as plaintext in the log.

@ti-chi-bot ti-chi-bot added component/br This issue is related to BR of TiDB. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 21, 2024
@ti-chi-bot ti-chi-bot mentioned this pull request Nov 21, 2024
Merged
13 tasks
@ti-chi-bot ti-chi-bot added type/bugfix This PR fixes a bug. type/cherry-pick-for-release-7.1 This PR is cherry-picked to release-7.1 from a source PR. labels Nov 21, 2024
kennytm
kennytm reviewed Nov 21, 2024
View reviewed changes
br/pkg/task/common.go Outdated Show resolved Hide resolved
br/pkg/task/common_test.go Outdated Show resolved Hide resolved
br/pkg/task/common_test.go Outdated Show resolved Hide resolved
@codecov Codecov
Copy link

codecov bot commented Nov 21, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (release-7.1@f00a584). Learn more about missing BASE report.

Additional details and impacted files 
@@               Coverage Diff                @@
##             release-7.1     #57602   +/-   ##
================================================
  Coverage               ?   73.4737%           
================================================
  Files                  ?       1213           
  Lines                  ?     382067           
  Branches               ?          0           
================================================
  Hits                   ?     280719           
  Misses                 ?      83446           
  Partials               ?      17902
---- 🚨 Try these New Features:

@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Nov 22, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kennytm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot
Copy link

ti-chi-bot bot commented Nov 22, 2024

[LGTM Timeline notifier]

Timeline:

  • 2024-11-22 02:08:12.605708335 +0000 UTC m=+170280.225362850: ☑️ agreed by kennytm.

@ti-chi-bot ti-chi-bot bot added needs-1-more-lgtm Indicates a PR needs 1 more LGTM. approved cherry-pick-approved Cherry pick PR approved by release team. and removed do-not-merge/cherry-pick-not-approved labels Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kennytm kennytm kennytm approved these changes

Assignees

@kennytm kennytm

Labels
approved cherry-pick-approved Cherry pick PR approved by release team. component/br This issue is related to BR of TiDB. needs-1-more-lgtm Indicates a PR needs 1 more LGTM. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/bugfix This PR fixes a bug. type/cherry-pick-for-release-7.1 This PR is cherry-picked to release-7.1 from a source PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ti-chi-bot @kennytm