Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

streamingccl: redact ssl cert parameters in job description #95835

Merged
merged 1 commit into from
Feb 21, 2023
Merged

streamingccl: redact ssl cert parameters in job description #95835

merged 1 commit into from
Feb 21, 2023

Conversation

stevendanna
Copy link
Collaborator

This redacts ssl related query parameter from the job description of the stream ingestion job. We want these redacted because if the user is using an sslinline URL they will contain the certificate and key content itself.

One may claim that we really only need to redact sslkey in the case of sslinline=true. But, many users get spooked by seeing anything that looks like a security related artifact in these jobs descriptions, so I've opted to redact:

sslkey
sslcert
sslrootcert

Epic: none

Release note: None

@cockroach-teamcity
Copy link
Member

This change is Reviewable

@stevendanna stevendanna requested review from a team and benbardin and removed request for a team January 25, 2023 16:35
@stevendanna stevendanna force-pushed the redact-ssl-params-in-streaming-job-desc branch from 982a704 to 8fa377f Compare January 25, 2023 16:36
adityamaru
adityamaru approved these changes Jan 30, 2023
View reviewed changes
Copy link
Contributor

@adityamaru adityamaru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, should we also add a test for the output of SHOW TENANT WITH REPLICATION STATUS?

@stevendanna stevendanna force-pushed the redact-ssl-params-in-streaming-job-desc branch from 8fa377f to eb8f2d1 Compare February 21, 2023 02:36
@stevendanna stevendanna requested a review from a team as a code owner February 21, 2023 02:36
@stevendanna stevendanna force-pushed the redact-ssl-params-in-streaming-job-desc branch from eb8f2d1 to 983588e Compare February 21, 2023 08:22
@stevendanna
streamingccl: redact ssl cert parameters in job description
81c7719 
This redacts ssl related query parameter from the job description of
the stream ingestion job. We want these redacted because if the user
is using an sslinline URL they will contain the certificate and key
content itself.

One may claim that we really only need to redact sslkey in the case of
sslinline=true. But, many users get spooked by seeing anything that
looks like a security related artifact in these jobs descriptions, so
I've opted to redact:

    sslkey
    sslcert
    sslrootcert

Epic: none

Release note: None
@stevendanna stevendanna force-pushed the redact-ssl-params-in-streaming-job-desc branch from 983588e to 81c7719 Compare February 21, 2023 10:15
@stevendanna
Copy link
Collaborator Author

Good call, added the extra test.

bors r=adityamaru

@craig
Copy link
Contributor

craig bot commented Feb 21, 2023

Build succeeded:

@craig craig bot merged commit 31b610b into cockroachdb:master Feb 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adityamaru adityamaru adityamaru approved these changes

@benbardin benbardin Awaiting requested review from benbardin benbardin was automatically assigned from cockroachdb/disaster-recovery

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@stevendanna @cockroach-teamcity @adityamaru