MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-04 11:50:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add anonymous flag to prevent logging sensitive information (#6899)

Browse Source
This commit is contained in:
Anis Elleuch 2018-12-19 01:08:11 +01:00 committed by kannappanr
parent 4f31a9a33b
commit 99b843a64e
8 changed files with 84 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
cmd/common-main.go
View File

@ -80,6 +80,31 @@ func loadLoggers() {
func handleCommonCmdArgs(ctx *cli.Context) { func handleCommonCmdArgs(ctx *cli.Context) {
// Get "json" flag from command line argument and
// enable json and quite modes if jason flag is turned on.
globalCLIContext.JSON = ctx.IsSet("json") || ctx.GlobalIsSet("json")
if globalCLIContext.JSON {
logger.EnableJSON()
}
// Get quiet flag from command line argument.
globalCLIContext.Quiet = ctx.IsSet("quiet") || ctx.GlobalIsSet("quiet")
if globalCLIContext.Quiet {
logger.EnableQuiet()
}
// Get anonymous flag from command line argument.
globalCLIContext.Anonymous = ctx.IsSet("anonymous") || ctx.GlobalIsSet("anonymous")
if globalCLIContext.Anonymous {
logger.EnableAnonymous()
}
// Fetch address option
globalCLIContext.Addr = ctx.GlobalString("address")
if globalCLIContext.Addr == "" || globalCLIContext.Addr == ":"+globalMinioDefaultPort {
globalCLIContext.Addr = ctx.String("address")
}
var configDir string var configDir string
switch { switch {

25
cmd/gateway-main.go
View File

@ -112,30 +112,11 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
cli.ShowCommandHelpAndExit(ctx, gatewayName, 1) cli.ShowCommandHelpAndExit(ctx, gatewayName, 1)
} }
// Get "json" flag from command line argument and
// enable json and quite modes if jason flag is turned on.
jsonFlag := ctx.IsSet("json") || ctx.GlobalIsSet("json")
if jsonFlag {
logger.EnableJSON()
}
// Get quiet flag from command line argument.
quietFlag := ctx.IsSet("quiet") || ctx.GlobalIsSet("quiet")
if quietFlag {
logger.EnableQuiet()
}
// Fetch address option
gatewayAddr := ctx.GlobalString("address")
if gatewayAddr == ":"+globalMinioPort {
gatewayAddr = ctx.String("address")
}
// Handle common command args. // Handle common command args.
handleCommonCmdArgs(ctx) handleCommonCmdArgs(ctx)
// Get port to listen on from gateway address // Get port to listen on from gateway address
globalMinioHost, globalMinioPort = mustSplitHostPort(gatewayAddr) globalMinioHost, globalMinioPort = mustSplitHostPort(globalCLIContext.Addr)
// On macOS, if a process already listens on LOCALIPADDR:PORT, net.Listen() falls back // On macOS, if a process already listens on LOCALIPADDR:PORT, net.Listen() falls back
// to IPv6 address ie minio will start listening on IPv6 address whereas another // to IPv6 address ie minio will start listening on IPv6 address whereas another
@ -207,7 +188,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
getCert = globalTLSCerts.GetCertificate getCert = globalTLSCerts.GetCertificate
} }
globalHTTPServer = xhttp.NewServer([]string{gatewayAddr}, criticalErrorHandler{registerHandlers(router, globalHandlers...)}, getCert) globalHTTPServer = xhttp.NewServer([]string{globalCLIContext.Addr}, criticalErrorHandler{registerHandlers(router, globalHandlers...)}, getCert)
globalHTTPServer.UpdateBytesReadFunc = globalConnStats.incInputBytes globalHTTPServer.UpdateBytesReadFunc = globalConnStats.incInputBytes
globalHTTPServer.UpdateBytesWrittenFunc = globalConnStats.incOutputBytes globalHTTPServer.UpdateBytesWrittenFunc = globalConnStats.incOutputBytes
go func() { go func() {
@ -294,7 +275,7 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
globalObjLayerMutex.Unlock() globalObjLayerMutex.Unlock()
// Prints the formatted startup message once object layer is initialized. // Prints the formatted startup message once object layer is initialized.
if !quietFlag { if !globalCLIContext.Quiet {
mode := globalMinioModeGatewayPrefix + gatewayName mode := globalMinioModeGatewayPrefix + gatewayName
// Check update mode. // Check update mode.
checkUpdate(mode) checkUpdate(mode)

2
cmd/gateway-startup-msg.go
View File

@ -58,7 +58,7 @@ func printGatewayCommonMsg(apiEndpoints []string) {
// Colorize the message and print. // Colorize the message and print.
logger.StartupMessage(colorBlue("Endpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(apiEndpointStr), 1), apiEndpointStr))) logger.StartupMessage(colorBlue("Endpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(apiEndpointStr), 1), apiEndpointStr)))
if isTerminal() { if isTerminal() && !globalCLIContext.Anonymous {
logger.StartupMessage(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKey))) logger.StartupMessage(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKey)))
logger.StartupMessage(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretKey))) logger.StartupMessage(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretKey)))
} }

10
cmd/globals.go
View File

@ -42,6 +42,8 @@ import (
const ( const (
globalMinioCertExpireWarnDays = time.Hour * 24 * 30 // 30 days. globalMinioCertExpireWarnDays = time.Hour * 24 * 30 // 30 days.
globalMinioDefaultPort = "9000"
globalMinioDefaultRegion = "" globalMinioDefaultRegion = ""
// This is a sha256 output of ``arn:aws:iam::minio:user/admin``, // This is a sha256 output of ``arn:aws:iam::minio:user/admin``,
// this is kept in present form to be compatible with S3 owner ID // this is kept in present form to be compatible with S3 owner ID
@ -90,6 +92,12 @@ const (
maxLocationConstraintSize = 3 * humanize.MiByte maxLocationConstraintSize = 3 * humanize.MiByte
) )
var globalCLIContext = struct {
JSON, Quiet bool
Anonymous bool
Addr string
}{}
var ( var (
// Indicates the total number of erasure coded sets configured. // Indicates the total number of erasure coded sets configured.
globalXLSetCount int globalXLSetCount int
@ -127,7 +135,7 @@ var (
// Minio local server address (in `host:port` format) // Minio local server address (in `host:port` format)
globalMinioAddr = "" globalMinioAddr = ""
// Minio default port, can be changed through command line. // Minio default port, can be changed through command line.
globalMinioPort = "9000" globalMinioPort = globalMinioDefaultPort
// Holds the host that was passed using --address // Holds the host that was passed using --address
globalMinioHost = "" globalMinioHost = ""

37
cmd/logger/logger.go
View File

@ -18,17 +18,28 @@ package logger
import ( import (
"context" "context"
"encoding/hex"
"fmt" "fmt"
"go/build" "go/build"
"hash"
"path/filepath" "path/filepath"
"reflect"
"runtime" "runtime"
"strings" "strings"
"time" "time"
"github.com/minio/highwayhash"
"github.com/minio/minio-go/pkg/set" "github.com/minio/minio-go/pkg/set"
"github.com/minio/minio/cmd/logger/message/log" "github.com/minio/minio/cmd/logger/message/log"
) )
var (
// HighwayHash key for logging in anonymous mode
magicHighwayHash256Key = []byte("\x4b\xe7\x34\xfa\x8e\x23\x8a\xcd\x26\x3e\x83\xe6\xbb\x96\x85\x52\x04\x0f\x93\x5d\xa3\x9f\x44\x14\x97\xe0\x9d\x13\x22\xde\x36\xa0")
// HighwayHash hasher for logging in anonymous mode
loggerHighwayHasher hash.Hash
)
// Disable disables all logging, false by default. (used for "go test") // Disable disables all logging, false by default. (used for "go test")
var Disable = false var Disable = false
@ -94,7 +105,7 @@ func (level Level) String() string {
// quietFlag: Hide startup messages if enabled // quietFlag: Hide startup messages if enabled
// jsonFlag: Display in JSON format, if enabled // jsonFlag: Display in JSON format, if enabled
var ( var (
quietFlag, jsonFlag bool quietFlag, jsonFlag, anonFlag bool
// Custom function to format error // Custom function to format error
errorFmtFunc func(string, error, bool) string errorFmtFunc func(string, error, bool) string
) )
@ -110,6 +121,12 @@ func EnableJSON() {
quietFlag = true quietFlag = true
} }
// EnableAnonymous - turns anonymous flag
// to avoid printing sensitive information.
func EnableAnonymous() {
anonFlag = true
}
// IsJSON - returns true if jsonFlag is true // IsJSON - returns true if jsonFlag is true
func IsJSON() bool { func IsJSON() bool {
return jsonFlag return jsonFlag
@ -187,6 +204,8 @@ func Init(goPath string, goRoot string) {
// paths like "{GOROOT}/src/github.com/minio/minio" // paths like "{GOROOT}/src/github.com/minio/minio"
// and "{GOPATH}/src/github.com/minio/minio" // and "{GOPATH}/src/github.com/minio/minio"
trimStrings = append(trimStrings, filepath.Join("github.com", "minio", "minio")+string(filepath.Separator)) trimStrings = append(trimStrings, filepath.Join("github.com", "minio", "minio")+string(filepath.Separator))
loggerHighwayHasher, _ = highwayhash.New(magicHighwayHash256Key) // New will never return error since key is 256 bit
} }
func trimTrace(f string) string { func trimTrace(f string) string {
@ -239,6 +258,14 @@ func getTrace(traceLevel int) []string {
return trace return trace
} }
// Return the highway hash of the passed string
func hashString(input string) string {
defer loggerHighwayHasher.Reset()
loggerHighwayHasher.Write([]byte(input))
checksum := loggerHighwayHasher.Sum(nil)
return hex.EncodeToString(checksum)
}
// LogAlwaysIf prints a detailed error message during // LogAlwaysIf prints a detailed error message during
// the execution of the server. // the execution of the server.
func LogAlwaysIf(ctx context.Context, err error) { func LogAlwaysIf(ctx context.Context, err error) {
@ -312,6 +339,14 @@ func logIf(ctx context.Context, err error) {
}, },
} }
if anonFlag {
entry.API.Args.Bucket = hashString(entry.API.Args.Bucket)
entry.API.Args.Object = hashString(entry.API.Args.Object)
entry.RemoteHost = hashString(entry.RemoteHost)
entry.Message = reflect.TypeOf(err).String()
entry.Trace.Variables = make(map[string]string)
}
// Iterate over all logger targets to send the log entry // Iterate over all logger targets to send the log entry
for _, t := range Targets { for _, t := range Targets {
t.Send(entry) t.Send(entry)

4
cmd/main.go
View File

@ -44,6 +44,10 @@ var globalFlags = []cli.Flag{
Name: "quiet", Name: "quiet",
Usage: "Disable startup information.", Usage: "Disable startup information.",
}, },
cli.BoolFlag{
Name: "anonymous",
Usage: "Hide sensitive information from logging.",
},
cli.BoolFlag{ cli.BoolFlag{
Name: "json", Name: "json",
Usage: "Output server logs and startup information in json format.", Usage: "Output server logs and startup information in json format.",

25
cmd/server-main.go
View File

@ -41,7 +41,7 @@ func init() {
var serverFlags = []cli.Flag{ var serverFlags = []cli.Flag{
cli.StringFlag{ cli.StringFlag{
Name: "address", Name: "address",
Value: ":" + globalMinioPort, Value: ":" + globalMinioDefaultPort,
Usage: "bind to a specific ADDRESS:PORT, ADDRESS can be an IP or hostname", Usage: "bind to a specific ADDRESS:PORT, ADDRESS can be an IP or hostname",
}, },
} }
@ -148,9 +148,7 @@ func serverHandleCmdArgs(ctx *cli.Context) {
// Handle common command args. // Handle common command args.
handleCommonCmdArgs(ctx) handleCommonCmdArgs(ctx)
// Server address. logger.FatalIf(CheckLocalServerAddr(globalCLIContext.Addr), "Unable to validate passed arguments")
serverAddr := ctx.String("address")
logger.FatalIf(CheckLocalServerAddr(serverAddr), "Unable to validate passed arguments")
var setupType SetupType var setupType SetupType
var err error var err error
@ -163,9 +161,9 @@ func serverHandleCmdArgs(ctx *cli.Context) {
endpoints := strings.Fields(os.Getenv("MINIO_ENDPOINTS")) endpoints := strings.Fields(os.Getenv("MINIO_ENDPOINTS"))
if len(endpoints) > 0 { if len(endpoints) > 0 {
globalMinioAddr, globalEndpoints, setupType, globalXLSetCount, globalXLSetDriveCount, err = createServerEndpoints(serverAddr, endpoints...) globalMinioAddr, globalEndpoints, setupType, globalXLSetCount, globalXLSetDriveCount, err = createServerEndpoints(globalCLIContext.Addr, endpoints...)
} else { } else {
globalMinioAddr, globalEndpoints, setupType, globalXLSetCount, globalXLSetDriveCount, err = createServerEndpoints(serverAddr, ctx.Args()...) globalMinioAddr, globalEndpoints, setupType, globalXLSetCount, globalXLSetDriveCount, err = createServerEndpoints(globalCLIContext.Addr, ctx.Args()...)
} }
logger.FatalIf(err, "Invalid command line arguments") logger.FatalIf(err, "Invalid command line arguments")
@ -206,19 +204,6 @@ func serverMain(ctx *cli.Context) {
// error during initialization will be shown as a fatal message // error during initialization will be shown as a fatal message
logger.Disable = true logger.Disable = true
// Get "json" flag from command line argument and
// enable json and quite modes if jason flag is turned on.
jsonFlag := ctx.IsSet("json") || ctx.GlobalIsSet("json")
if jsonFlag {
logger.EnableJSON()
}
// Get quiet flag from command line argument.
quietFlag := ctx.IsSet("quiet") || ctx.GlobalIsSet("quiet")
if quietFlag {
logger.EnableQuiet()
}
// Handle all server command args. // Handle all server command args.
serverHandleCmdArgs(ctx) serverHandleCmdArgs(ctx)
@ -247,7 +232,7 @@ func serverMain(ctx *cli.Context) {
} }
} }
if !quietFlag { if !globalCLIContext.Quiet {
// Check for new updates from dl.minio.io. // Check for new updates from dl.minio.io.
mode := globalMinioModeFS mode := globalMinioModeFS
if globalIsDistXL { if globalIsDistXL {

2
cmd/server-startup-msg.go
View File

@ -123,7 +123,7 @@ func printServerCommonMsg(apiEndpoints []string) {
// Colorize the message and print. // Colorize the message and print.
logger.StartupMessage(colorBlue("Endpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(apiEndpointStr), 1), apiEndpointStr))) logger.StartupMessage(colorBlue("Endpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(apiEndpointStr), 1), apiEndpointStr)))
if isTerminal() { if isTerminal() && !globalCLIContext.Anonymous {
logger.StartupMessage(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKey))) logger.StartupMessage(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKey)))
logger.StartupMessage(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretKey))) logger.StartupMessage(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretKey)))
if region != "" { if region != "" {