Skip to content

api,sink: mask sink uri secrets#12643

Open
asddongmen wants to merge 2 commits into
pingcap:masterfrom
asddongmen:fix/old-arch-mask-sink-uri-secrets
Open

api,sink: mask sink uri secrets#12643
asddongmen wants to merge 2 commits into
pingcap:masterfrom
asddongmen:fix/old-arch-mask-sink-uri-secrets

Conversation

@asddongmen
Copy link
Copy Markdown
Contributor

@asddongmen asddongmen commented May 19, 2026

What problem does this PR solve?

Issue Number: close #12642

What is changed and how it works?

Check List

Tests

  • Unit test
  • Manual test (add detailed scripts or steps below)

Questions

Will it cause performance regression or break compatibility?
Do you need to update user documentation, design documentation or monitoring documentation?

Release note 

Mask sink uri secrets in OpenAPI.

@ti-chi-bot ti-chi-bot Bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. affect-ticdc-config-docs Pull requests that affect TiCDC configuration docs. labels May 19, 2026
@asddongmen asddongmen force-pushed the fix/old-arch-mask-sink-uri-secrets branch from 54be364 to 4a80a01 Compare May 19, 2026 05:56
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces comprehensive masking of sensitive data in sink URIs across various modules, including API validation, sink factories, and logging, to prevent credential leakage. It adds utility functions MaskSensitiveDataInURIForError and MaskSensitiveDataInURLError for consistent error handling. The review feedback identifies a missed masking instance in cdc/model/changefeed.go and a minor formatting error in a concatenated string in cdc/sink/validator/validator.go.

Comment thread cdc/model/changefeed.go
Comment thread cdc/sink/validator/validator.go Outdated
@ti-chi-bot ti-chi-bot Bot added the needs-1-more-lgtm Indicates a PR needs 1 more LGTM. label May 19, 2026
@ti-chi-bot
Copy link
Copy Markdown
Contributor

ti-chi-bot Bot commented May 19, 2026

@asddongmen: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-verify 7b3e452 link true /test pull-verify
pull-unit-test-cdc 7b3e452 link true /test pull-unit-test-cdc
pull-dm-integration-test-next-gen 7b3e452 link false /test pull-dm-integration-test-next-gen
pull-dm-integration-test 7b3e452 link true /test pull-dm-integration-test

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ti-chi-bot
Copy link
Copy Markdown
Contributor

ti-chi-bot Bot commented May 19, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: 3AceShowHand, wk989898
Once this PR has been reviewed and has the lgtm label, please assign yudongusa for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot Bot added lgtm and removed needs-1-more-lgtm Indicates a PR needs 1 more LGTM. labels May 19, 2026
@ti-chi-bot
Copy link
Copy Markdown
Contributor

ti-chi-bot Bot commented May 19, 2026

[LGTM Timeline notifier]

Timeline:

  • 2026-05-19 06:25:14.461334981 +0000 UTC m=+245443.965465647: ☑️ agreed by 3AceShowHand.
  • 2026-05-19 06:51:04.08261961 +0000 UTC m=+246993.586750276: ☑️ agreed by wk989898.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@3AceShowHand 3AceShowHand 3AceShowHand approved these changes

+2 more reviewers

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

@wk989898 wk989898 wk989898 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

affect-ticdc-config-docs Pull requests that affect TiCDC configuration docs. lgtm release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Mask sink URI secrets in OpenAPI error logs

3 participants

@asddongmen @3AceShowHand @wk989898