Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

etcdserver: not print password in the warning message of expensive request

Fix https://github.com/coreos/etcd/issues/9635
Hitoshi Mitake 7 years ago
parent
b8e8d75677
commit
a9225c164a
3 changed files with 61 additions and 4 deletions
Split View Show Diff Stats
  1. 2 2
      etcdserver/apply.go
  2. 58 0
      etcdserver/etcdserverpb/raft_internal_stringer.go
  3. 1 2
      etcdserver/v3_server.go

+ 2 - 2
etcdserver/apply.go
View File 

@@ -27,9 +27,9 @@ import (
 
 	"github.com/coreos/etcd/mvcc"
 
 	"github.com/coreos/etcd/mvcc/mvccpb"
 
 	"github.com/coreos/etcd/pkg/types"
 
-	"go.uber.org/zap"
 
 
 	"github.com/gogo/protobuf/proto"
 
+	"go.uber.org/zap"
 
 )
 
 
 const (
 
@@ -109,7 +109,7 @@ func (s *EtcdServer) newApplierV3() applierV3 {
 
 }
 
 
 func (a *applierV3backend) Apply(r *pb.InternalRaftRequest) *applyResult {
 
-	defer warnOfExpensiveRequest(a.s.getLogger(), time.Now(), r)
 
+	defer warnOfExpensiveRequest(a.s.getLogger(), time.Now(), &pb.InternalRaftStringer{Request: r})
 
 
 	ar := &applyResult{}

+ 58 - 0
etcdserver/etcdserverpb/raft_internal_stringer.go
View File 

@@ -0,0 +1,58 @@
 
+// Copyright 2018 The etcd Authors
 
+//
 
+// Licensed under the Apache License, Version 2.0 (the "License");
 
+// you may not use this file except in compliance with the License.
 
+// You may obtain a copy of the License at
 
+//
 
+//     http://www.apache.org/licenses/LICENSE-2.0
 
+//
 
+// Unless required by applicable law or agreed to in writing, software
 
+// distributed under the License is distributed on an "AS IS" BASIS,
 
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+// See the License for the specific language governing permissions and
 
+// limitations under the License.
 
+
 
+package etcdserverpb
 
+
 
+import "fmt"
 
+
 
+// InternalRaftStringer implements custom proto Stringer:
 
+// redact password, shorten output(TODO).
 
+type InternalRaftStringer struct {
 
+	Request *InternalRaftRequest
 
+}
 
+
 
+func (as *InternalRaftStringer) String() string {
 
+	switch {
 
+	case as.Request.LeaseGrant != nil:
 
+		return fmt.Sprintf("header:<%s> lease_grant:<ttl:%d-second id:%016x>",
 
+			as.Request.Header.String(),
 
+			as.Request.LeaseGrant.TTL,
 
+			as.Request.LeaseGrant.ID,
 
+		)
 
+	case as.Request.LeaseRevoke != nil:
 
+		return fmt.Sprintf("header:<%s> lease_revoke:<id:%016x>",
 
+			as.Request.Header.String(),
 
+			as.Request.LeaseRevoke.ID,
 
+		)
 
+	case as.Request.Authenticate != nil:
 
+		return fmt.Sprintf("header:<%s> authenticate:<name:%s simple_token:%s>",
 
+			as.Request.Header.String(),
 
+			as.Request.Authenticate.Name,
 
+			as.Request.Authenticate.SimpleToken,
 
+		)
 
+	case as.Request.AuthUserAdd != nil:
 
+		return fmt.Sprintf("header:<%s> auth_user_add:<name:%s>",
 
+			as.Request.Header.String(),
 
+			as.Request.AuthUserAdd.Name,
 
+		)
 
+	case as.Request.AuthUserChangePassword != nil:
 
+		return fmt.Sprintf("header:<%s> auth_user_change_password:<name:%s>",
 
+			as.Request.Header.String(),
 
+			as.Request.AuthUserChangePassword.Name,
 
+		)
 
+	default:
 
+		// nothing to redact
 
+	}
 
+	return as.Request.String()
 
+}

+ 1 - 2
etcdserver/v3_server.go
View File 

@@ -21,8 +21,6 @@ import (
 
 	"fmt"
 
 	"time"
 
 
-	"go.uber.org/zap"
 
-
 
 	"github.com/coreos/etcd/auth"
 
 	pb "github.com/coreos/etcd/etcdserver/etcdserverpb"
 
 	"github.com/coreos/etcd/etcdserver/membership"
 
@@ -32,6 +30,7 @@ import (
 
 	"github.com/coreos/etcd/raft"
 
 
 	"github.com/gogo/protobuf/proto"
 
+	"go.uber.org/zap"
 
 )
 
 
 const (