Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[native] Suppress connector values from being logged #24410

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[native] Suppress connector values from being logged #24410

wants to merge 1 commit into from

Conversation

czentgr
Copy link
Contributor

@czentgr czentgr commented Jan 21, 2025
edited
Loading

The log contains the connector key and value pairs read from the config files. The problem is that the key-value pairs likely contain secrets that should not be logged as this leaks credentials.

instead, only the configured keys are printed without the value because we cannot determine what are keys reliably because there is not a reliable naming convention across the storage adapters.

Description

Motivation and Context

Impact

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== NO RELEASE NOTE ==

@prestodb-ci prestodb-ci added the from:IBM PR from IBM label Jan 21, 2025
@prestodb-ci prestodb-ci requested review from a team, ScrapCodes and aaneja and removed request for a team January 21, 2025 23:12
@czentgr
Copy link
Contributor Author

czentgr commented Jan 21, 2025

@majetideepak FYI

@czentgr czentgr marked this pull request as ready for review January 22, 2025 20:00
@czentgr czentgr requested a review from a team as a code owner January 22, 2025 20:00
@czentgr czentgr force-pushed the cz_reduce_config_logging branch 2 times, most recently from da84da3 to 94e24e4 Compare January 23, 2025 16:54
@czentgr
[native] Suppress connector values from being logged
662f7ac 
The log contains the connector key and value pairs read from the
config files. The problem is that certain key-value pairs likely contain
secrets that should not be logged as this leaks credentials.

We cannot filter the keys to be able to print non-secret information
because there is no consistency for naming schemes of these properties
and we could miss newly ones added.
@czentgr czentgr force-pushed the cz_reduce_config_logging branch from 94e24e4 to 662f7ac Compare January 23, 2025 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@majetideepak majetideepak majetideepak approved these changes

@ScrapCodes ScrapCodes Awaiting requested review from ScrapCodes ScrapCodes was automatically assigned from prestodb/ibm-reviewers

@aaneja aaneja Awaiting requested review from aaneja aaneja was automatically assigned from prestodb/ibm-reviewers

Assignees
No one assigned
Labels
from:IBM PR from IBM
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@czentgr @majetideepak @prestodb-ci