add sensitive type for accesskey

dgraph-io · Nov 4, 2024 · 12dae9d · 12dae9d
1 parent 64ff7b8
commit 12dae9d
Show file tree

Hide file tree

Showing 9 changed files with 886 additions and 6,289 deletions.
diff --git a/graphql/admin/restore.go b/graphql/admin/restore.go
@@ -69,7 +69,7 @@ func resolveTenantRestore(ctx context.Context, m schema.Mutation) (*resolve.Reso
 		IncrementalFrom:         uint64(input.RestoreInput.IncrementalFrom),
 		IsPartial:               input.RestoreInput.IsPartial,
 		EncryptionKeyFile:       input.RestoreInput.EncryptionKeyFile,
-		AccessKey:               input.RestoreInput.AccessKey,
+		AccessKey:               pb.Sensitive(input.RestoreInput.AccessKey),
 		SecretKey:               input.RestoreInput.SecretKey,
 		SessionToken:            input.RestoreInput.SessionToken,
 		Anonymous:               input.RestoreInput.Anonymous,
@@ -100,7 +100,7 @@ func resolveRestore(ctx context.Context, m schema.Mutation) (*resolve.Resolved,
 		IncrementalFrom:         uint64(input.IncrementalFrom),
 		IsPartial:               input.IsPartial,
 		EncryptionKeyFile:       input.EncryptionKeyFile,
-		AccessKey:               input.AccessKey,
+		AccessKey:               pb.Sensitive(input.AccessKey),
 		SecretKey:               input.SecretKey,
 		SessionToken:            input.SessionToken,
 		Anonymous:               input.Anonymous,
@@ -119,7 +119,7 @@ func resolveRestore(ctx context.Context, m schema.Mutation) (*resolve.Resolved,
 func restore(ctx context.Context, m schema.Mutation, req pb.RestoreRequest) (*resolve.Resolved, bool) {
 	wg := &sync.WaitGroup{}
 	if err := worker.ProcessRestoreRequest(context.Background(), &req, wg); err != nil {
-		pb.Redact(req.ProtoReflect().Interface())
+		// pb.Redact(req.ProtoReflect().Interface())
 		glog.Warningf("error processing restore request: %+v, err: %v", req, err)
 		return resolve.DataResult(
 			m,

diff --git a/protos/pb.proto b/protos/pb.proto
@@ -301,7 +301,7 @@ message RestoreRequest {
   string backup_id = 4;
 
   // Credentials when using a minio or S3 bucket as the backup location.
-  string access_key = 5 [(dataSensitive) = true];
+  bytes access_key = 5 [(dataSensitive) = true];
   string secret_key = 6 [(dataSensitive) = true];
   string session_token = 7;
   bool anonymous = 8;
@@ -769,7 +769,7 @@ message BackupKey {
   string attr = 2;
   uint64 uid = 3;
   uint64 start_uid = 4;
-  bytes term = 5;
+  string term = 5;
   uint32 count = 6;
   uint64 namespace = 7;
 }

diff --git a/protos/pb/pb.pb.go b/protos/pb/pb.pb.go
diff --git a/protos/pb/sensitive.go b/protos/pb/sensitive.go
@@ -16,24 +16,27 @@
 
 package pb
 
-import (
-	"google.golang.org/protobuf/proto"
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/types/descriptorpb"
-)
+// Sensitive implements the Stringer interface to redact its contents.
+// Use this type for sensitive info such as keys, passwords, or secrets so it doesn't leak
+// as output such as logs.
+type Sensitive []byte
 
-// Redact replaces sensitive string fields with "****"
-func Redact(pb proto.Message) {
-	m := pb.ProtoReflect()
-	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
-		// Check for custom option indicating sensitivity
-		opts := fd.Options().(*descriptorpb.FieldOptions)
-		if proto.GetExtension(opts, E_DataSensitive).(bool) {
-			// If the field is a string type, replace the value with "****"
-			if fd.Kind() == protoreflect.StringKind {
-				m.Set(fd, protoreflect.ValueOfString("****"))
-			}
-		}
-		return true
-	})
+func (Sensitive) String() string {
+	return "****"
 }
+
+// Redact replaces sensitive string fields with "****"
+// func Redact(pb proto.Message) {
+// 	m := pb.ProtoReflect()
+// 	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
+// 		// Check for custom option indicating sensitivity
+// 		opts := fd.Options().(*descriptorpb.FieldOptions)
+// 		if proto.GetExtension(opts, E_DataSensitive).(bool) {
+// 			// If the field is a string type, replace the value with "****"
+// 			if fd.Kind() == protoreflect.StringKind {
+// 				m.Set(fd, protoreflect.ValueOfString("****"))
+// 			}
+// 		}
+// 		return true
+// 	})
+// }
diff --git a/worker/backup_handler.go b/worker/backup_handler.go
@@ -225,15 +225,15 @@ func FillRestoreCredentials(location string, req *pb.RestoreRequest) error {
 	}
 
 	defaultCreds := credentials.Value{
-		AccessKeyID:     req.AccessKey,
+		AccessKeyID:     string(req.AccessKey),
 		SecretAccessKey: string(req.SecretKey),
 		SessionToken:    string(req.SessionToken),
 	}
 	provider := x.MinioCredentialsProvider(uri.Scheme, defaultCreds)
 
 	creds, _ := provider.Retrieve() // Error is always nil.
 
-	req.AccessKey = creds.AccessKeyID
+	req.AccessKey = pb.Sensitive(creds.AccessKeyID)
 	req.SecretKey = creds.SecretAccessKey
 	req.SessionToken = creds.SessionToken
 

diff --git a/worker/online_restore.go b/worker/online_restore.go
@@ -106,7 +106,7 @@ func ProcessRestoreRequest(ctx context.Context, req *pb.RestoreRequest, wg *sync
 	}
 
 	creds := x.MinioCredentials{
-		AccessKey:    req.AccessKey,
+		AccessKey:    string(req.AccessKey),
 		SecretKey:    req.SecretKey,
 		SessionToken: req.SessionToken,
 		Anonymous:    req.Anonymous,
@@ -240,7 +240,7 @@ func handleRestoreProposal(ctx context.Context, req *pb.RestoreRequest, pidx uin
 
 	// Reset tablets and set correct tablets to match the restored backup.
 	creds := &x.MinioCredentials{
-		AccessKey:    req.AccessKey,
+		AccessKey:    string(req.AccessKey),
 		SecretKey:    req.SecretKey,
 		SessionToken: req.SessionToken,
 		Anonymous:    req.Anonymous,
@@ -509,7 +509,7 @@ func getEncConfig(req *pb.RestoreRequest) (*viper.Viper, error) {
 
 func getCredentialsFromRestoreRequest(req *pb.RestoreRequest) *x.MinioCredentials {
 	return &x.MinioCredentials{
-		AccessKey:    req.AccessKey,
+		AccessKey:    string(req.AccessKey),
 		SecretKey:    req.SecretKey,
 		SessionToken: req.SessionToken,
 		Anonymous:    req.Anonymous,

diff --git a/worker/restore_map.go b/worker/restore_map.go
@@ -327,6 +327,7 @@ func (m *mapper) processReqCh(ctx context.Context) error {
 
 		restoreKey, ns, err := fromBackupKey(kv.Key)
 		if err != nil {
+			fmt.Printf("backup key is ---------------->%x\n", kv.Key)
 			return errors.Wrap(err, "fromBackupKey")
 		}
 

diff --git a/worker/restore_map_test.go b/worker/restore_map_test.go
@@ -0,0 +1,36 @@
+package worker
+
+import (
+	"encoding/hex"
+	"fmt"
+	"testing"
+
+	"github.com/dgraph-io/dgraph/v24/protos/pb"
+	"google.golang.org/protobuf/proto"
+)
+
+func TestRestore(t *testing.T) {
+	hexVal := "0802120b417574686f722e6e616d652a210ba7095692826af0b5dbe98d882e509736f7f205006def55d6cf773bae4b7a9b23"
+
+	data, err := hex.DecodeString(hexVal)
+	if err != nil {
+		t.Fatalf("Error while decoding hex string: %v", err)
+	}
+
+	fmt.Println([]rune(string(data)))
+
+	for _, r := range string(data) {
+		fmt.Println("--------->", r, []byte(string(r)))
+	}
+
+	backupKey := &pb.BackupKey{}
+	if err := proto.Unmarshal(data, backupKey); err != nil {
+		panic("error")
+
+		// return nil, 0, errors.Wrapf(err, "while reading backup key %s", hex.Dump(key))
+	}
+	fmt.Println(string(data))
+
+	fmt.Println(fromBackupKey(data))
+	t.FailNow()
+}
diff --git a/x/keys.go b/x/keys.go
@@ -419,7 +419,7 @@ func (p ParsedKey) ToBackupKey() *pb.BackupKey {
 	key.Attr = attr
 	key.Uid = p.Uid
 	key.StartUid = p.StartUid
-	key.Term = []byte(p.Term)
+	key.Term = p.Term
 	key.Count = p.Count
 
 	switch {