import,backup: show redacted secrets in job UI #44737
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously the IMPORT code prefixed individual errors in makeRowErr with the filename, but then also wrapped any error encountered while processing a given file with the filename as well, resulting in the same filename prefixed to the error twice in some cases. Release note: none.
|
This change is |
miretskiy
approved these changes
Feb 5, 2020
There was a problem hiding this comment.
Reviewed 1 of 2 files at r1.
Reviewable status:complete! 0 of 0 LGTMs obtained (waiting on @aaron-crl and @miretskiy)
|
Added changefeeds, which also include some secret params in their URIs that are not cloud URIs (and this the |
ajwerner
reviewed
Feb 5, 2020
There was a problem hiding this comment.
CDC stuff
Reviewed 3 of 9 files at r2.
Reviewable status:
Previously the IMPORT and BACKUP jobs would hide all query parameters. This gave some users / engineers the false sense that those secrets were gone or irrecoverable from the job record, but any super-user with read access to the system tables can extract the raw URLs, including the params that include things like AWS_SECRET_ACCESS_KEY, from the raw job data. This change replaces the blanket hiding of all params with targetted redacting of just the values for sensitive params, replacing their value with the word 'redacted'. This is hoped to make is clearer what is going on -- that the params are still there and we're just not showing the value. Release note (general change): Jobs show the parameters used for connecting to external storage in SHOW JOBS and the Jobs UI page, with only the values of parameters classified as secrets redacted.
|
bors r+ |
craig bot
pushed a commit
that referenced
this pull request
Feb 5, 2020
44737: import,backup: show redacted secrets in job UI r=dt a=dt Previously the IMPORT and BACKUP jobs would hide all query parameters. This gave some users / engineers the false sense that those secrets were gone or irrecoverable from the job record, but any super-user with read access to the system tables can extract the raw URLs, including the params that include things like AWS_SECRET_ACCESS_KEY, from the raw job data. This change replaces the blanket hiding of all params with targetted redacting of just the values for sensitive params, replacing their value with the word 'redacted'. This is hoped to make is clearer what is going on -- that the params are still there and we're just not showing the value. Release note (general change): Jobs show the parameters used for connecting to external storage in SHOW JOBS and the Jobs UI page, with only the values of parameters classified as secrets redacted. While I'm here: remove duplicate filename prefix in some IMPORT error messages (see first commit for details). Co-authored-by: David Taylor <tinystatemachine@gmail.com>
Build succeeded |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously the IMPORT and BACKUP jobs would hide all query parameters.
This gave some users / engineers the false sense that those secrets were
gone or irrecoverable from the job record, but any super-user with read
access to the system tables can extract the raw URLs, including the params
that include things like AWS_SECRET_ACCESS_KEY, from the raw job data.
This change replaces the blanket hiding of all params with targetted
redacting of just the values for sensitive params, replacing their value
with the word 'redacted'. This is hoped to make is clearer what is going
on -- that the params are still there and we're just not showing the value.
Release note (general change): Jobs show the parameters used for connecting to external storage in SHOW JOBS and the Jobs UI page, with only the values of parameters classified as secrets redacted.
While I'm here: remove duplicate filename prefix in some IMPORT error messages (see first commit for details).