Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DPE-4266] Strip passwords from command execute output and tracebacks #473

Merged
merged 6 commits into from
Aug 12, 2024
Merged

[DPE-4266] Strip passwords from command execute output and tracebacks #473

merged 6 commits into from
Aug 12, 2024

Conversation

shayancanonical
Copy link
Contributor

Issue

We are leaking passwords when there's an issue creating a backup. For instance:

unit-mysql-k8s-0: 19:14:27 ERROR unit.mysql-k8s/0.juju-log Failed command: commands=['bash', '-c', 'set -o pipefail; xxtrabackup --defaults-file=/etc/mysql/my.cnf --defaults-group=mysqld --no-version-check --par
allel=12 --user=backups --password=vrEsWPEgo93NN8cv1a12nnZu --socket=/var/run/mysqld/mysqld.sock --lock-ddl --backup --stream=xbstream --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=/var/lib/m
ysql/xtra_backup_Eq2D --no-server-version-check | xbcloud put --curl-retriable-errors=7 --insecure --parallel=10 --md5 --storage=S3 --s3-region=us-east-1 --s3-bucket=mysql-backups-development --s3-endpoint=https
://s3.amazonaws.com --s3-api-version=auto --s3-bucket-lookup=auto mysql-k8s-test/2024-07-31T19:14:25Z'], user='mysql', group='mysql'                                                                               
Traceback (most recent call last):                                                                                                                                                                                 
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/src/mysql_k8s_helpers.py", line 572, in _execute_commands                                                                                                      
    stdout, stderr = process.wait_output()                                                                                                                                                                         
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/venv/ops/pebble.py", line 1771, in wait_output                                                                                                                 
    raise ExecError[AnyStr](self._command, exit_code, out_value, err_value)                                                                                                                                        
ops.pebble.ExecError: non-zero exit code 1 executing ['bash', '-c', 'set -o pipefail; xxtrabackup --defaults-file=/etc/mysql/my.cnf --defaults-group=mysqld --no-version-check --parallel=12 --user=backups --passw
ord=vrEsWPEgo93NN8cv1a12nnZu --socket=/var/run/mysqld/mysqld.sock --lock-ddl --backup --stream=xbstream --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=/var/lib/mysql/xtra_backup_Eq2D --no-serv
er-version-check | xbcloud put --curl-retriable-errors=7 --insecure --parallel=10 --md5 --storage=S3 --s3-region=us-east-1 --s3-bucket=mysql-backups-development --s3-endpoint=https://s3.amazonaws.com --s3-api-ve
rsion=auto --s3-bucket-lookup=auto mysql-k8s-test/2024-07-31T19:14:25Z'], stdout='', stderr=''                                                                                                                     
unit-mysql-k8s-0: 19:14:27 ERROR unit.mysql-k8s/0.juju-log Failed to execute backup commands                                                                                                                       
Traceback (most recent call last):                                                                                                                                                                                 
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/src/mysql_k8s_helpers.py", line 572, in _execute_commands                                                                                                      
    stdout, stderr = process.wait_output()                                                                                                                                                                         
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/venv/ops/pebble.py", line 1771, in wait_output                                                                                                                 
    raise ExecError[AnyStr](self._command, exit_code, out_value, err_value)                                                                                                                                        
ops.pebble.ExecError: non-zero exit code 1 executing ['bash', '-c', 'set -o pipefail; xxtrabackup --defaults-file=/etc/mysql/my.cnf --defaults-group=mysqld --no-version-check --parallel=12 --user=backups --passw
ord=vrEsWPEgo93NN8cv1a12nnZu --socket=/var/run/mysqld/mysqld.sock --lock-ddl --backup --stream=xbstream --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=/var/lib/mysql/xtra_backup_Eq2D --no-serv
er-version-check | xbcloud put --curl-retriable-errors=7 --insecure --parallel=10 --md5 --storage=S3 --s3-region=us-east-1 --s3-bucket=mysql-backups-development --s3-endpoint=https://s3.amazonaws.com --s3-api-ve
rsion=auto --s3-bucket-lookup=auto mysql-k8s-test/2024-07-31T19:14:25Z'], stdout='', stderr=''                                                                                                                     
                                                                                                                                                                                                                   
During handling of the above exception, another exception occurred:                                                                                                                                                
                                                                                                                                                                                                                   
Traceback (most recent call last):                                                                                                                                                                                 
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/lib/charms/mysql/v0/mysql.py", line 2452, in execute_backup_commands                                                                                           
    return self._execute_commands(                                                                                                                                                                                 
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/lib/charms/tempo_k8s/v1/charm_tracing.py", line 647, in wrapped_function                                                                                       
    return callable(*args, **kwargs)  # type: ignore                                                                                                                                                               
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/src/mysql_k8s_helpers.py", line 576, in _execute_commands                                                                                                      
    raise MySQLExecError                                                                                                                                                                                           
charms.mysql.v0.mysql.MySQLExecError

Solution

Modify code to avoid leaks of any passwords when _execute_command or _run_mysqlcli_script is called. For instance, the above stack trace becomes:

unit-mysql-k8s-0: 20:45:38 ERROR unit.mysql-k8s/0.juju-log Failed command: commands=bash -c set -o pipefail; xxtrabackup --defaults-file=/etc/mysql/my.cnf --defaults-group=mysqld --no-version-check --parallel=12 --user=backups --password=xxxxxxxxxxxx --socket=/var/run/mysqld/mysqld.sock --lock-ddl --backup --stream=xbstream --xtrabackup-plugin-dir=/usr/lib64/xtrabackup/plugin --target-dir=/var/lib/mysql/xtra_backup_g7WB --no-server-version-check | xbcloud put --curl-retriable-errors=7 --insecure --parallel=10 --md5 --storage=S3 --s3-region=us-east-1 --s3-bucket=mysql-backups-development --s3-endpoint=https://s3.amazonaws.com --s3-api-version=auto --s3-bucket-lookup=auto mysql-k8s-test/2024-07-31T20:45:36Z, user='mysql', group='mysql'
unit-mysql-k8s-0: 20:45:38 ERROR unit.mysql-k8s/0.juju-log Failed to execute backup commands
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/lib/charms/mysql/v0/mysql.py", line 2460, in execute_backup_commands
    return self._execute_commands(
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/lib/charms/tempo_k8s/v1/charm_tracing.py", line 647, in wrapped_function
    return callable(*args, **kwargs)  # type: ignore
  File "/var/lib/juju/agents/unit-mysql-k8s-0/charm/src/mysql_k8s_helpers.py", line 578, in _execute_commands
    raise MySQLExecError from None
charms.mysql.v0.mysql.MySQLExecError

taurus-forever
taurus-forever approved these changes Aug 1, 2024
View reviewed changes
Copy link
Contributor

@taurus-forever taurus-forever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tnx for taking care!

carlcsaposs-canonical
carlcsaposs-canonical approved these changes Aug 1, 2024
View reviewed changes
Copy link
Contributor

@carlcsaposs-canonical carlcsaposs-canonical left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if possible, might be safer to pass password via env variable

if that's not possible, might be safer to never include password in string that will get logged in the first place then to rely on substitution (e.g. https://github.com/canonical/mysql-router-k8s-operator/blob/ae2e8eb634a57807192cbe3946509f434e47dde8/src/mysql_shell/__init__.py#L77-L80)

but definitely an improvement as-is

@carlcsaposs-canonical carlcsaposs-canonical mentioned this pull request Aug 6, 2024
Merged
@shayancanonical shayancanonical merged commit 88d684e into main Aug 12, 2024
57 checks passed
@shayancanonical shayancanonical deleted the feature/prevent_leaked_password branch August 12, 2024 21:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carlcsaposs-canonical carlcsaposs-canonical carlcsaposs-canonical approved these changes

@taurus-forever taurus-forever taurus-forever approved these changes

@paulomach paulomach paulomach approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@shayancanonical @paulomach @taurus-forever @carlcsaposs-canonical