Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logutil, *: implement log desensitization #3011

Merged
merged 15 commits into from
Sep 24, 2020
Merged

logutil, *: implement log desensitization #3011

merged 15 commits into from
Sep 24, 2020

Conversation

Yisaer
Copy link
Contributor

@Yisaer Yisaer commented Sep 22, 2020

What problem does this PR solve?

close #2852

Implement log desensitization to omit the region key information from the log.

What is changed and how it works?

Check List

Tests

  • Unit test

Code changes

  • Has configuration change

Related changes

Release note

  • Support configuration enable-redact-log to enable log desensitization or not.

@Yisaer
support log redact
02d0457 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
add test
8fc8bfc 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
add comment
7bd8a31 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
fix nil
a310cc8 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
fix test
74871f5 
Signed-off-by: Song Gao <[email protected]>
@rleungx
Copy link
Member

rleungx commented Sep 23, 2020

BTW, I think there are more logs which need to be handled.

disksing
disksing reviewed Sep 23, 2020
View reviewed changes
cmd/pd-server/main.go Outdated Show resolved Hide resolved
server/config/config.go Outdated
@@ -144,6 +144,8 @@ type Config struct {
Dashboard DashboardConfig `toml:"dashboard" json:"dashboard"`

ReplicationMode ReplicationModeConfig `toml:"replication-mode" json:"replication-mode"`
// EnableRedactLog indicates that whether redact log, 0 is disable. 1 is enable.
EnableRedactLog int32 `toml:"enable-redact-log" json:"enable-redact-log"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use boolean?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To keep the same behavior with tidb

https://github.com/pingcap/tidb/blob/fd0299f58ecc174e5ed8f91660299ebac8fa2b9c/config/config.go#L163-L164

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They use int32 because they need to do atomic operations but we don't. I think we don't have to follow them.

pkg/logutil/log_test.go Outdated Show resolved Hide resolved
pkg/logutil/log.go Outdated Show resolved Hide resolved
@Yisaer
Copy link
Contributor Author

Yisaer commented Sep 23, 2020

BTW, I think there are more logs which need to be handled.

After discussion, only start-key and end-key of the region need to be redacted in the log. @rleungx

rleungx
rleungx reviewed Sep 23, 2020
View reviewed changes
server/cluster/cluster.go Outdated Show resolved Hide resolved
@rleungx
Copy link
Member

rleungx commented Sep 23, 2020

BTW, I think there are more logs which need to be handled.

After discussion, only start-key and end-key of the region need to be redacted in the log. @rleungx

Does RegionToHexMeta need to be changed to ??

@nolouch nolouch added the component/log Log. label Sep 23, 2020
@Yisaer Yisaer added the component/security Security logic. label Sep 23, 2020
@Yisaer
address the comment
cda3343 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
address the comment
2b791e4 
Signed-off-by: Song Gao <[email protected]>
disksing
disksing reviewed Sep 23, 2020
View reviewed changes
pkg/logutil/log.go Outdated
}

// RedactBytesArgIfNeeded receives []byte argument and return omitted information if redact log enabled
func RedactBytesArgIfNeeded(arg []byte) []byte {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks verbose. How about just RedactBytes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated.

@Yisaer
address the comment
e539e4b 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
address the comment
0b8675a 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
fix lint
5be08ce 
Signed-off-by: Song Gao <[email protected]>
@ti-srebot ti-srebot added the status/LGT1 Indicates that a PR has LGTM 1. label Sep 23, 2020
@Yisaer
fix error
90fd966 
Signed-off-by: Song Gao <[email protected]>
HunDunDM
HunDunDM reviewed Sep 24, 2020
View reviewed changes
Copy link
Member

@HunDunDM HunDunDM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about using a function like func ZapRedact(key string, val interface{}) zap.Field?

HunDunDM
HunDunDM reviewed Sep 24, 2020
View reviewed changes
pkg/logutil/log.go Outdated Show resolved Hide resolved
pkg/logutil/log.go Show resolved Hide resolved
@Yisaer
address the comment
ab179da 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
Copy link
Contributor Author

Yisaer commented Sep 24, 2020

How about using a function like func ZapRedact(key string, val interface{}) zap.Field?

good idea.

@Yisaer Yisaer requested review from rleungx and HunDunDM September 24, 2020 06:10
@Yisaer
address the comment
cc492b4 
Signed-off-by: Song Gao <[email protected]>
@Yisaer
address the comment
e8b34c4 
Signed-off-by: Song Gao <[email protected]>
HunDunDM
HunDunDM approved these changes Sep 24, 2020
View reviewed changes
Copy link
Member

@HunDunDM HunDunDM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-srebot ti-srebot removed the status/LGT1 Indicates that a PR has LGTM 1. label Sep 24, 2020
@ti-srebot ti-srebot added the status/LGT2 Indicates that a PR has LGTM 2. label Sep 24, 2020
@Yisaer
Copy link
Contributor Author

Yisaer commented Sep 24, 2020

/merge

@ti-srebot ti-srebot added the status/can-merge Indicates a PR has been approved by a committer. label Sep 24, 2020
@ti-srebot
Copy link
Contributor

/run-all-tests

@ti-srebot ti-srebot merged commit 941b5fe into tikv:master Sep 24, 2020
@Yisaer Yisaer added the needs-cherry-pick-release-4.0 The PR needs to cherry pick to release-4.0 branch. label Dec 11, 2020
@Yisaer
Copy link
Contributor Author

Yisaer commented Dec 11, 2020

/cherry-picker

ti-srebot pushed a commit to ti-srebot/pd that referenced this pull request Dec 11, 2020
@Yisaer @ti-srebot
cherry pick tikv#3011 to release-4.0
670d2a5 
Signed-off-by: ti-srebot <[email protected]>
@ti-srebot ti-srebot mentioned this pull request Dec 11, 2020
Merged
@ti-srebot
Copy link
Contributor

cherry pick to release-4.0 in PR #3266

ti-chi-bot added a commit that referenced this pull request Dec 31, 2020
@ti-srebot @Yisaer @ti-chi-bot
logutil, *: implement log desensitization (#3011) (#3266)
7b36ffc 
* cherry pick #3011 to release-4.0

Signed-off-by: ti-srebot <[email protected]>

* fix conflict

Signed-off-by: Song Gao <[email protected]>

* fix conflict

Signed-off-by: Song Gao <[email protected]>

Co-authored-by: Song Gao <[email protected]>
Co-authored-by: Ti Prow Robot <71242396+ti-community-prow-bot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ti-srebot ti-srebot ti-srebot approved these changes

@HunDunDM HunDunDM HunDunDM approved these changes

@disksing disksing disksing approved these changes

@rleungx rleungx Awaiting requested review from rleungx

Assignees
No one assigned
Labels
component/log Log. component/security Security logic. needs-cherry-pick-release-4.0 The PR needs to cherry pick to release-4.0 branch. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

log: requesting log desensitization
6 participants
@Yisaer @rleungx @ti-srebot @disksing @HunDunDM @nolouch