Skip to content

Commit 9d5a8e4

Browse files
robot-clickhouserobot-clickhouse
committed
Backport #95325 to 25.8: Mask password in logs and system tables for the redis table function
1 parent f54dfc0 commit 9d5a8e4

2 files changed

Lines changed: 16 additions & 2 deletions

File tree

src/Parsers/FunctionSecretArgumentsFinder.h

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,10 @@ class FunctionSecretArgumentsFinder
140140
{
141141
findURLSecretArguments();
142142
}
143+
else if (function->name() == "redis")
144+
{
145+
findRedisFunctionSecretArguments();
146+
}
143147
else if (function->name() == "ytsaurus")
144148
{
145149
findYTsaurusStorageTableEngineSecretArguments();
@@ -194,7 +198,7 @@ class FunctionSecretArgumentsFinder
194198
result.replacement = std::move(uri);
195199
}
196200

197-
void findRedisSecretArguments()
201+
void findRedisTableEngineSecretArguments()
198202
{
199203
/// Redis does not have URL/address argument,
200204
/// only 'host:port' and separate "password" argument.
@@ -530,7 +534,7 @@ class FunctionSecretArgumentsFinder
530534
}
531535
else if (engine_name == "Redis")
532536
{
533-
findRedisSecretArguments();
537+
findRedisTableEngineSecretArguments();
534538
}
535539
else if (engine_name == "YTsaurus")
536540
{
@@ -626,6 +630,12 @@ class FunctionSecretArgumentsFinder
626630
markSecretArgument(url_arg_idx + 4);
627631
}
628632

633+
void findRedisFunctionSecretArguments()
634+
{
635+
// redis(host:port, key, structure, db_index, password, pool_size)
636+
markSecretArgument(4);
637+
}
638+
629639
void findYTsaurusStorageTableEngineSecretArguments()
630640
{
631641
// YTsaurus('base_uri', 'yt_path', 'auth_token')

tests/integration/test_mask_sensitive_info/test.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -291,6 +291,7 @@ def test_create_table():
291291
f"Kafka() SETTINGS kafka_broker_list = '127.0.0.1', kafka_topic_list = 'topic', kafka_group_name = 'group', kafka_format = 'JSONEachRow', kafka_security_protocol = 'sasl_ssl', kafka_sasl_mechanism = 'PLAIN', kafka_sasl_username = 'user', kafka_sasl_password = '{password}', format_avro_schema_registry_url = 'http://schema_user:{password}@'",
292292
f"Kafka() SETTINGS kafka_broker_list = '127.0.0.1', kafka_topic_list = 'topic', kafka_group_name = 'group', kafka_format = 'JSONEachRow', kafka_security_protocol = 'sasl_ssl', kafka_sasl_mechanism = 'PLAIN', kafka_sasl_username = 'user', kafka_sasl_password = '{password}', format_avro_schema_registry_url = 'http://schema_user:{password}@domain.com'",
293293
f"S3('http://minio1:9001/root/data/test5.csv.gz', 'CSV', access_key_id = 'minio', secret_access_key = '{password}', compression_method = 'gzip')",
294+
f"Redis('localhost', 0, '{password}') PRIMARY KEY x;",
294295
]
295296

296297
def make_test_case(i):
@@ -370,6 +371,7 @@ def make_test_case(i):
370371
"CREATE TABLE table33 (`x` int) ENGINE = Kafka SETTINGS kafka_broker_list = '127.0.0.1', kafka_topic_list = 'topic', kafka_group_name = 'group', kafka_format = 'JSONEachRow', kafka_security_protocol = 'sasl_ssl', kafka_sasl_mechanism = 'PLAIN', kafka_sasl_username = 'user', kafka_sasl_password = '[HIDDEN]', format_avro_schema_registry_url = 'http://schema_user:[HIDDEN]@'",
371372
"CREATE TABLE table34 (`x` int) ENGINE = Kafka SETTINGS kafka_broker_list = '127.0.0.1', kafka_topic_list = 'topic', kafka_group_name = 'group', kafka_format = 'JSONEachRow', kafka_security_protocol = 'sasl_ssl', kafka_sasl_mechanism = 'PLAIN', kafka_sasl_username = 'user', kafka_sasl_password = '[HIDDEN]', format_avro_schema_registry_url = 'http://schema_user:[HIDDEN]@domain.com'",
372373
"CREATE TABLE table35 (`x` int) ENGINE = S3('http://minio1:9001/root/data/test5.csv.gz', 'CSV', access_key_id = 'minio', secret_access_key = '[HIDDEN]', compression_method = 'gzip')",
374+
"CREATE TABLE table36 (`x` int) ENGINE = Redis('localhost', 0, '[HIDDEN]') PRIMARY KEY x",
373375
],
374376
must_not_contain=[password],
375377
)
@@ -489,6 +491,7 @@ def test_table_functions():
489491
f"icebergAzure('{azure_storage_account_url}', 'cont', 'test_simple_6.csv', '{azure_account_name}', '{azure_account_key}', 'CSV', 'none', 'auto')",
490492
f"deltaLakeAzure('{azure_storage_account_url}', 'cont', 'test_simple_6.csv', '{azure_account_name}', '{azure_account_key}', 'CSV', 'none', 'auto')",
491493
f"hudi('http://minio1:9001/root/data/test7.csv', 'minio', '{password}')",
494+
f"redis('localhost', 'key', 'key Int64', 0, '{password}')"
492495
]
493496

494497
def make_test_case(i):
@@ -574,6 +577,7 @@ def make_test_case(i):
574577
f"CREATE TABLE tablefunc42 (`x` int) AS icebergAzure('{azure_storage_account_url}', 'cont', 'test_simple_6.csv', '{azure_account_name}', '[HIDDEN]', 'CSV', 'none', 'auto')",
575578
f"CREATE TABLE tablefunc43 (`x` int) AS deltaLakeAzure('{azure_storage_account_url}', 'cont', 'test_simple_6.csv', '{azure_account_name}', '[HIDDEN]', 'CSV', 'none', 'auto')",
576579
"CREATE TABLE tablefunc44 (`x` int) AS hudi('http://minio1:9001/root/data/test7.csv', 'minio', '[HIDDEN]')",
580+
"CREATE TABLE tablefunc45 (`x` int) AS redis('localhost', 'key', 'key Int64', 0, '[HIDDEN]')",
577581
],
578582
must_not_contain=[password],
579583
)

0 commit comments

Comments
 (0)