Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changefeedccl: redact user-sensitive info from SHOW JOBS output #115535

Merged
merged 1 commit into from Dec 4, 2023
Merged

changefeedccl: redact user-sensitive info from SHOW JOBS output #115535

merged 1 commit into from Dec 4, 2023

Conversation

wenyihu6
Copy link
Contributor

@wenyihu6 wenyihu6 commented Dec 4, 2023
edited

Previously, SHOW CHANGEFEED JOB revealed sensitive user data like api_secret
for confluent cloud sinks. This patch now redacts api_secret, sasl_password,
client_cert, and ca_cert in the job description and sinkURI output column.

Fixes: #113503

Release note (enterprise change): SHOW CHANGEFEED JOB, SHOW CHANGEFEED JOBS,
and SHOW JOBS no longer expose user sensitive infromation(api_secret,
sasl_password, client_cert, and ca_cert) in the job description and
sinkURI output column would reveal sensitive user information (api_secret,
sasl_password, client_cert, ca_cert).

@cockroach-teamcity
Copy link
Member

This change is Reviewable

@wenyihu6
changefeedccl: redact user-sensitive info from SHOW JOBS output
d3c9ada 
Previously, `SHOW CHANGEFEED JOB` revealed sensitive user data like `api_secret`
for confluent cloud sinks. This patch now redacts `api_secret`, `sasl_password`,
`client_cert`, and `ca_cert` in the job description and sinkURI output column.

Fixes: cockroachdb#113503

Release note (enterprise change): SHOW CHANGEFEED JOB,  SHOW CHANGEFEED JOBS,
and SHOW JOBS no longer expose user sensitive infromation(`api_secret`,
`sasl_password`, `client_cert`, and `ca_cert`) in the job description and
sinkURI output column would reveal sensitive user information (api_secret,
sasl_password, client_cert, ca_cert).
@wenyihu6 wenyihu6 marked this pull request as ready for review December 4, 2023 17:27
@wenyihu6 wenyihu6 requested a review from a team as a code owner December 4, 2023 17:27
@wenyihu6 wenyihu6 requested review from jayshrivastava and removed request for a team December 4, 2023 17:27
@wenyihu6 wenyihu6 self-assigned this Dec 4, 2023
@jayshrivastava jayshrivastava added the backport-23.2.x Flags PRs that need to be backported to 23.2. label Dec 4, 2023
@wenyihu6
Copy link
Contributor Author

wenyihu6 commented Dec 4, 2023
edited

TFTR!!

bors r=jayshrivastava

@craig
Copy link
Contributor

craig bot commented Dec 4, 2023

Build succeeded:

@craig craig bot merged commit ee279d9 into cockroachdb:master Dec 4, 2023
9 checks passed
@blathers-crl blathers-crl bot mentioned this pull request Dec 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jayshrivastava jayshrivastava jayshrivastava approved these changes

Assignees

@wenyihu6 wenyihu6

Labels
backport-23.2.x Flags PRs that need to be backported to 23.2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Redact the API secret for Confluent Cloud sinks from show jobs output
3 participants
@wenyihu6 @cockroach-teamcity @jayshrivastava