Skip to content

Commit

Permalink
fix: Prevent redis password from being logged (#3031)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jopemachine
jopemachine authored Nov 28, 2024
1 parent 088344a commit 96d9e41
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 3 deletions.
1 change: 1 addition & 0 deletions changes/3031.fix.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Prevent redis password from being logged.
7 changes: 7 additions & 0 deletions src/ai/backend/common/types.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1155,6 +1155,13 @@ class EtcdRedisConfig(TypedDict, total=False):
redis_helper_config: RedisHelperConfig


def safe_print_redis_config(config: EtcdRedisConfig) -> str:
safe_config = config.copy()
if "password" in safe_config:
safe_config["password"] = "********"
return str(safe_config)


class RedisHelperConfig(TypedDict, total=False):
socket_timeout: float
socket_connect_timeout: float
Expand Down
19 changes: 16 additions & 3 deletions src/ai/backend/storage/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
from ai.backend.common.events import EventDispatcher, EventProducer
from ai.backend.common.events_experimental import EventDispatcher as ExperimentalEventDispatcher
from ai.backend.common.msgpack import DEFAULT_PACK_OPTS, DEFAULT_UNPACK_OPTS
from ai.backend.common.types import safe_print_redis_config
from ai.backend.common.utils import env_info
from ai.backend.logging import BraceStyleAdapter, Logger, LogLevel

Expand Down Expand Up @@ -104,7 +105,11 @@ async def server_main(
redis_config = redis_config_iv.check(
await etcd.get_prefix("config/redis"),
)
log.info("PID: {0} - configured redis_config: {1}", pidx, redis_config)
log.info(
"PID: {0} - configured redis_config: {1}",
pidx,
safe_print_redis_config(redis_config),
)
except Exception as e:
log.exception("Unable to read config from etcd")
raise e
Expand All @@ -120,15 +125,23 @@ async def server_main(
db=REDIS_STREAM_DB,
log_events=local_config["debug"]["log-events"],
)
log.info("PID: {0} - Event producer created. (redis_config: {1})", pidx, redis_config)
log.info(
"PID: {0} - Event producer created. (redis_config: {1})",
pidx,
safe_print_redis_config(redis_config),
)
event_dispatcher = await event_dispatcher_cls.new(
redis_config,
db=REDIS_STREAM_DB,
log_events=local_config["debug"]["log-events"],
node_id=local_config["storage-proxy"]["node-id"],
consumer_group=EVENT_DISPATCHER_CONSUMER_GROUP,
)
log.info("PID: {0} - Event dispatcher created. (redis_config: {1})", pidx, redis_config)
log.info(
"PID: {0} - Event dispatcher created. (redis_config: {1})",
pidx,
safe_print_redis_config(redis_config),
)
if local_config["storage-proxy"]["use-watcher"]:
if not _is_root():
raise ValueError(
Expand Down

0 comments on commit 96d9e41

Please sign in to comment.