From dcf30b1c54b32e732c151bcaf6cf84d9377f4360 Mon Sep 17 00:00:00 2001 From: Hitoshi Mitake Date: Thu, 26 Apr 2018 16:16:36 +0900 Subject: [PATCH] etcdserver: not print password in the warning message of expensive request Fix https://github.com/coreos/etcd/issues/9635 --- etcdserver/apply.go | 2 +- .../etcdserverpb/raft_internal_stringer.go | 58 +++++++++++++++++++ etcdserver/v3_server.go | 4 +- 3 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 etcdserver/etcdserverpb/raft_internal_stringer.go diff --git a/etcdserver/apply.go b/etcdserver/apply.go index 9148f5692..220366ea8 100644 --- a/etcdserver/apply.go +++ b/etcdserver/apply.go @@ -88,7 +88,7 @@ func (s *EtcdServer) newApplierV3() applierV3 { } func (a *applierV3backend) Apply(r *pb.InternalRaftRequest) *applyResult { - defer warnOfExpensiveRequest(time.Now(), r) + defer warnOfExpensiveRequest(a.s.getLogger(), time.Now(), &pb.InternalRaftStringer{Request: r}) ar := &applyResult{} diff --git a/etcdserver/etcdserverpb/raft_internal_stringer.go b/etcdserver/etcdserverpb/raft_internal_stringer.go new file mode 100644 index 000000000..8e1231c23 --- /dev/null +++ b/etcdserver/etcdserverpb/raft_internal_stringer.go @@ -0,0 +1,58 @@ +// Copyright 2018 The etcd Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package etcdserverpb + +import "fmt" + +// InternalRaftStringer implements custom proto Stringer: +// redact password, shorten output(TODO). +type InternalRaftStringer struct { + Request *InternalRaftRequest +} + +func (as *InternalRaftStringer) String() string { + switch { + case as.Request.LeaseGrant != nil: + return fmt.Sprintf("header:<%s> lease_grant:", + as.Request.Header.String(), + as.Request.LeaseGrant.TTL, + as.Request.LeaseGrant.ID, + ) + case as.Request.LeaseRevoke != nil: + return fmt.Sprintf("header:<%s> lease_revoke:", + as.Request.Header.String(), + as.Request.LeaseRevoke.ID, + ) + case as.Request.Authenticate != nil: + return fmt.Sprintf("header:<%s> authenticate:", + as.Request.Header.String(), + as.Request.Authenticate.Name, + as.Request.Authenticate.SimpleToken, + ) + case as.Request.AuthUserAdd != nil: + return fmt.Sprintf("header:<%s> auth_user_add:", + as.Request.Header.String(), + as.Request.AuthUserAdd.Name, + ) + case as.Request.AuthUserChangePassword != nil: + return fmt.Sprintf("header:<%s> auth_user_change_password:", + as.Request.Header.String(), + as.Request.AuthUserChangePassword.Name, + ) + default: + // nothing to redact + } + return as.Request.String() +} diff --git a/etcdserver/v3_server.go b/etcdserver/v3_server.go index 282ad380e..1bd528511 100644 --- a/etcdserver/v3_server.go +++ b/etcdserver/v3_server.go @@ -19,8 +19,6 @@ import ( "encoding/binary" "time" - "github.com/gogo/protobuf/proto" - "github.com/coreos/etcd/auth" pb "github.com/coreos/etcd/etcdserver/etcdserverpb" "github.com/coreos/etcd/etcdserver/membership" @@ -28,7 +26,9 @@ import ( "github.com/coreos/etcd/lease/leasehttp" "github.com/coreos/etcd/mvcc" "github.com/coreos/etcd/raft" + "github.com/gogo/protobuf/proto" + "github.com/gogo/protobuf/proto" "golang.org/x/net/context" )