refactor: do not log overriding structs #220

zmstone · 2023-01-10T22:49:53Z

background

In PR #219 the value wrapper for env override metadata is moved to richmap meta data,
as a result, the wrapping struct's meta data is propagated down to the primitive fields.
but one thing was forgotten (not released yet): the override logging started to repeating the same info at different levels.

change

This PR mutes the struct level logging (because it lacks of sensitive information at wrapping object level)
and only log primitive values instead.

example

before this change:

authentication.1 = EMQX_AUTHENTICATION__1 = #{<<“backend”>> => <<“mysql”>>,<<“database”>> => <<“emqx”>>,<<“enable”>> => true,<<“mechanism”>> => <<“password_based”>>,<<“password”>> => <<“emqx”>>,<<“password_hash_algorithm”>> => #{<<“name”>> => <<“sha256">>,<<“salt_position”>> => <<“prefix”>>},<<“query”>> => <<“SELECT password_hash, salt, is_superuser FROM mqtt_us
er WHERE username = ${username} LIMIT 1">>,<<“server”>> => <<“localhost:3306">>,<<“username”>> => <<“emqx”>>}
authentication.1.password = EMQX_AUTHENTICATION__1 = ******
authentication.1.username = EMQX_AUTHENTICATION__1 = emqx
authentication.1.database = EMQX_AUTHENTICATION__1 = emqx
authentication.1.server = EMQX_AUTHENTICATION__1 = localhost:3306
authentication.1.enable = EMQX_AUTHENTICATION__1 = true
authentication.1.query = EMQX_AUTHENTICATION__1 = SELECT password_hash, salt, is_superuser FROM mqtt_user WHERE username = ${username} LIMIT 1
authentication.1.password_hash_algorithm = EMQX_AUTHENTICATION__1 = #{<<“name”>> => <<“sha256">>,<<“salt_position”>> => <<“prefix”>>}
authentication.1.password_hash_algorithm.salt_position = EMQX_AUTHENTICATION__1 = prefix
authentication.1.password_hash_algorithm.name = EMQX_AUTHENTICATION__1 = sha256
authentication.1.backend = EMQX_AUTHENTICATION__1 = mysql
authentication.1.mechanism = EMQX_AUTHENTICATION__1 = password_based

after this change:

EMQX_AUTHENTICATION__1 [authentication.1]: {...}
EMQX_AUTHENTICATION__1 [authentication.1.password]: ******
EMQX_AUTHENTICATION__1 [authentication.1.username]: emqx
EMQX_AUTHENTICATION__1 [authentication.1.database]: emqx
EMQX_AUTHENTICATION__1 [authentication.1.server]: localhost:3306
EMQX_AUTHENTICATION__1 [authentication.1.enable]: true
EMQX_AUTHENTICATION__1 [authentication.1.query]: SELECT password_hash, salt, is_superuser FROM mqtt_user WHERE username = ${username} LIMIT 1
EMQX_AUTHENTICATION__1 [authentication.1.password_hash_algorithm]: {...}
EMQX_AUTHENTICATION__1 [authentication.1.password_hash_algorithm.salt_position]: prefix
EMQX_AUTHENTICATION__1 [authentication.1.password_hash_algorithm.name]: sha256
EMQX_AUTHENTICATION__1 [authentication.1.backend]: mysql
EMQX_AUTHENTICATION__1 [authentication.1.mechanism]: password_based

because it may contain sensitive fields

zmstone changed the title ~~refactor: do not log overriding struts~~ refactor: do not log overriding structs Jan 10, 2023

refactor: do not log overriding struts

104ecbf

because it may contain sensitive fields

zmstone force-pushed the 0110-refactor-do-not-log-struct-overrides branch from cd613ce to 104ecbf Compare January 10, 2023 22:55

zmstone requested review from thalesmg and a team January 10, 2023 22:55

zhongwencool approved these changes Jan 11, 2023

View reviewed changes

zhongwencool merged commit 437ad44 into emqx:master Jan 11, 2023

zmstone deleted the 0110-refactor-do-not-log-struct-overrides branch January 11, 2023 07:13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: do not log overriding structs #220

refactor: do not log overriding structs #220

zmstone commented Jan 10, 2023 •

edited

Loading

refactor: do not log overriding structs #220

refactor: do not log overriding structs #220

Conversation

zmstone commented Jan 10, 2023 • edited Loading

background

change

example

zmstone commented Jan 10, 2023 •

edited

Loading