Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDK: #3764 obfuscate secrets in logging #8211

Merged
merged 15 commits into from
Dec 7, 2021
Merged

CDK: #3764 obfuscate secrets in logging #8211

merged 15 commits into from
Dec 7, 2021

Conversation

eliziario
Copy link
Contributor

What

Implements #3764 - obsfuscate airbyte secrets from logging output

How

A LoggingFilter that reads the secret property names from the spec and gets the corresponding values from the connector config to be replace by a placeholder.

Recommended reading order

  1. entrypoint.py
  2. test_secure_logger.py
  3. secure_logger.py

🚨 User Impact 🚨

cdk connectors will need to be version bumped in order to take advantage of this new functionality

Pre-merge Checklist

Expand the relevant checklist and delete the others.

New Connector

Community member or Airbyter

  • Community member? Grant edit access to maintainers (instructions)
  • Secrets in the connector's spec are annotated with airbyte_secret
  • Unit & integration tests added and passing. Community members, please provide proof of success locally e.g: screenshot or copy-paste unit, integration, and acceptance test output. To run acceptance tests for a Python connector, follow instructions in the README. For java connectors run ./gradlew :airbyte-integrations:connectors:<name>:integrationTest.
  • Code reviews completed
  • Documentation updated
    • Connector's README.md
    • Connector's bootstrap.md. See description and examples
    • docs/SUMMARY.md
    • docs/integrations/<source or destination>/<name>.md including changelog. See changelog example
    • docs/integrations/README.md
    • airbyte-integrations/builds.md
  • PR name follows PR naming conventions

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

  • Create a non-forked branch based on this PR and test the below items on it
  • Build is successful
  • Credentials added to Github CI. Instructions.
  • /test connector=connectors/<name> command is passing.
  • New Connector version released on Dockerhub by running the /publish command described here
  • After the connector is published, connector added to connector index as described here
  • Seed specs have been re-generated by building the platform and committing the changes to the seed spec files, as described here

Updating a connector

Community member or Airbyter

  • Grant edit access to maintainers (instructions)
  • Secrets in the connector's spec are annotated with airbyte_secret
  • Unit & integration tests added and passing. Community members, please provide proof of success locally e.g: screenshot or copy-paste unit, integration, and acceptance test output. To run acceptance tests for a Python connector, follow instructions in the README. For java connectors run ./gradlew :airbyte-integrations:connectors:<name>:integrationTest.
  • Code reviews completed
  • Documentation updated
    • Connector's README.md
    • Connector's bootstrap.md. See description and examples
    • Changelog updated in docs/integrations/<source or destination>/<name>.md including changelog. See changelog example
  • PR name follows PR naming conventions

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

  • Create a non-forked branch based on this PR and test the below items on it
  • Build is successful
  • Credentials added to Github CI. Instructions.
  • /test connector=connectors/<name> command is passing.
  • New Connector version released on Dockerhub by running the /publish command described here
  • After the new connector version is published, connector version bumped in the seed directory as described here
  • Seed specs have been re-generated by building the platform and committing the changes to the seed spec files, as described here

Connector Generator

  • Issue acceptance criteria met
  • PR name follows PR naming conventions
  • If adding a new generator, add it to the list of scaffold modules being tested
  • The generator test modules (all connectors with -scaffold in their name) have been updated with the latest scaffold by running ./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplates then checking in your changes
  • Documentation which references the generator is updated as needed.

@github-actions github-actions bot added the CDK Connector Development Kit label Nov 23, 2021
@eliziario eliziario changed the title Eliziario/3764 obfuscate secrets logging #3764 obfuscate secrets in logging Nov 23, 2021
@VasylLazebnyk VasylLazebnyk linked an issue Nov 24, 2021 that may be closed by this pull request
CDK: implement custom logging formatter to obfuscate secrets #3764
Closed
This was referenced Nov 25, 2021
Closed
Closed
@eliziario eliziario temporarily deployed to more-secrets December 2, 2021 11:40 Inactive
@eliziario eliziario requested a review from keu December 2, 2021 11:42
@eliziario
Copy link
Contributor Author

Eugene, could not find a way to capture all output that wouldn't interfere with our normal use of stdout. Added unhandled exception capturing

@eliziario eliziario temporarily deployed to more-secrets December 3, 2021 15:01 Inactive
@eliziario eliziario temporarily deployed to more-secrets December 3, 2021 15:06 Inactive
@eliziario eliziario temporarily deployed to more-secrets December 6, 2021 16:25 Inactive
keu
keu approved these changes Dec 6, 2021
View reviewed changes
Copy link
Contributor

@keu keu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor fixes left

@eliziario @keu
Update airbyte-cdk/python/airbyte_cdk/entrypoint.py
364787a 
Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com>
@eliziario eliziario temporarily deployed to more-secrets December 7, 2021 10:24 Inactive
@eliziario eliziario temporarily deployed to more-secrets December 7, 2021 11:29 Inactive
@eliziario eliziario requested a review from keu December 7, 2021 11:39
@eliziario eliziario temporarily deployed to more-secrets December 7, 2021 12:55 Inactive
@keu keu changed the title #3764 obfuscate secrets in logging CDK: #3764 obfuscate secrets in logging Dec 7, 2021
@eliziario eliziario temporarily deployed to more-secrets December 7, 2021 13:22 Inactive
@eliziario
Copy link
Contributor Author

eliziario commented Dec 7, 2021
edited by github-actions bot
Loading

/publish-cdk dry-run=false

https://github.com/airbytehq/airbyte/actions/runs/1549594723
https://github.com/airbytehq/airbyte/actions/runs/1549594723
https://github.com/airbytehq/airbyte/actions/runs/1549594723

@eliziario eliziario merged commit 1d493ec into master Dec 7, 2021
@eliziario eliziario deleted the eliziario/3764_obfuscate_secrets_logging branch December 7, 2021 13:45
@jrhizor jrhizor mentioned this pull request Dec 9, 2021
Merged
@keu keu mentioned this pull request Dec 10, 2021
Merged
schlattk pushed a commit to schlattk/airbyte that referenced this pull request Jan 4, 2022
@eliziario @keu @schlattk
CDK: airbytehq#3764 obfuscate secrets in logging (airbytehq#8211)
79674f9 
* Secure logger implementation minus still broken new tests

* Secure logger implementation and unit tests

* code review changes

* filter text on uncaught exceptions

* auto-formatting

* Mistaken change left in code

* filter text on uncaught exceptions

* Simplify code, remove LoggingFilter and move obfuscation functionality to Formatter

* Update airbyte-cdk/python/airbyte_cdk/entrypoint.py

Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com>

* Obfuscate Secrets in Logging, code review changes

* Obfuscate Secrets in Logging, code review changes, unit test fixes

* CHANGELOG.md

Co-authored-by: Eugene Kulak <widowmakerreborn@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keu keu keu approved these changes

@sergei-solonitcyn sergei-solonitcyn Awaiting requested review from sergei-solonitcyn

@vitaliizazmic vitaliizazmic Awaiting requested review from vitaliizazmic

@augan-rymkhan augan-rymkhan Awaiting requested review from augan-rymkhan

Assignees
No one assigned
Labels
CDK Connector Development Kit
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CDK: implement custom logging formatter to obfuscate secrets
2 participants
@eliziario @keu