From 4a319bedc9598608755b68be29a9fc9dc8593cc0 Mon Sep 17 00:00:00 2001 From: Klaus Post Date: Mon, 3 Feb 2025 08:56:26 -0800 Subject: [PATCH] Redact sensitive fields from DescribeBatchJob (#20881) Redacts the following if set: * replicate/credentials/secretKey * replicate/credentials/sessionToken * expire/notify/token --- cmd/batch-expire.go | 10 ++++++++++ cmd/batch-handlers.go | 27 +++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/cmd/batch-expire.go b/cmd/batch-expire.go index 619b3b5ec..07f56a79d 100644 --- a/cmd/batch-expire.go +++ b/cmd/batch-expire.go @@ -289,6 +289,16 @@ type BatchJobExpire struct { var _ yaml.Unmarshaler = &BatchJobExpire{} +// RedactSensitive will redact any sensitive information in b. +func (r *BatchJobExpire) RedactSensitive() { + if r == nil { + return + } + if r.NotificationCfg.Token != "" { + r.NotificationCfg.Token = redactedText + } +} + // UnmarshalYAML - BatchJobExpire extends default unmarshal to extract line, col information. func (r *BatchJobExpire) UnmarshalYAML(val *yaml.Node) error { type expireJob BatchJobExpire diff --git a/cmd/batch-handlers.go b/cmd/batch-handlers.go index e21460584..853fe34cd 100644 --- a/cmd/batch-handlers.go +++ b/cmd/batch-handlers.go @@ -61,6 +61,8 @@ var globalBatchConfig batch.Config const ( // Keep the completed/failed job stats 3 days before removing it oldJobsExpiration = 3 * 24 * time.Hour + + redactedText = "**REDACTED**" ) // BatchJobRequest this is an internal data structure not for external consumption. @@ -74,6 +76,29 @@ type BatchJobRequest struct { ctx context.Context `msg:"-"` } +// RedactSensitive will redact any sensitive information in b. +func (j *BatchJobRequest) RedactSensitive() { + j.Replicate.RedactSensitive() + j.Expire.RedactSensitive() + j.KeyRotate.RedactSensitive() +} + +// RedactSensitive will redact any sensitive information in b. +func (r *BatchJobReplicateV1) RedactSensitive() { + if r == nil { + return + } + if r.Target.Creds.SecretKey != "" { + r.Target.Creds.SecretKey = redactedText + } + if r.Target.Creds.SessionToken != "" { + r.Target.Creds.SessionToken = redactedText + } +} + +// RedactSensitive will redact any sensitive information in b. +func (r *BatchJobKeyRotateV1) RedactSensitive() {} + func notifyEndpoint(ctx context.Context, ri *batchJobInfo, endpoint, token string) error { if endpoint == "" { return nil @@ -1695,6 +1720,8 @@ func (a adminAPIHandlers) DescribeBatchJob(w http.ResponseWriter, r *http.Reques return } + // Remove sensitive fields. + req.RedactSensitive() buf, err := yaml.Marshal(req) if err != nil { batchLogIf(ctx, err)