Skip to content

Commit 61502c1

Browse files
committed
mask answlogged secrets
commit_hash:2410713f037a9e1aec73931e26cb2c528e98c1e8
1 parent d31e64e commit 61502c1

13 files changed

Lines changed: 124 additions & 39 deletions

File tree

.mapping.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@
5656
"cli/expvar.go":"load/projects/pandora/cli/expvar.go",
5757
"components/answ/filter/const.go":"load/projects/pandora/components/answ/filter/const.go",
5858
"components/answ/filter/status_code_filter.go":"load/projects/pandora/components/answ/filter/status_code_filter.go",
59+
"components/answ/import.go":"load/projects/pandora/components/answ/import.go",
5960
"components/answ/sampler/config.go":"load/projects/pandora/components/answ/sampler/config.go",
6061
"components/answ/sampler/status_code_sampler.go":"load/projects/pandora/components/answ/sampler/status_code_sampler.go",
6162
"components/answ/utils.go":"load/projects/pandora/components/answ/utils.go",
@@ -485,6 +486,7 @@
485486
"lib/answlog/config.go":"load/projects/pandora/lib/answlog/config.go",
486487
"lib/answlog/filter.go":"load/projects/pandora/lib/answlog/filter.go",
487488
"lib/answlog/logger.go":"load/projects/pandora/lib/answlog/logger.go",
489+
"lib/answlog/masker.go":"load/projects/pandora/lib/answlog/masker.go",
488490
"lib/answlog/sampler.go":"load/projects/pandora/lib/answlog/sampler.go",
489491
"lib/confutil/chosen_cases_filter.go":"load/projects/pandora/lib/confutil/chosen_cases_filter.go",
490492
"lib/confutil/chosen_cases_filter_test.go":"load/projects/pandora/lib/confutil/chosen_cases_filter_test.go",

components/answ/import.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
package answ
2+
3+
import (
4+
"github.com/yandex/pandora/core/register"
5+
"github.com/yandex/pandora/lib/answlog"
6+
)
7+
8+
func Import() {
9+
register.Plugin[answlog.LogMasker]("pass", func() *answlog.PassAllMasker {
10+
return &answlog.PassAllMasker{}
11+
})
12+
}

components/grpc/import/import.go

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,9 @@ import (
1010
)
1111

1212
func Import(fs afero.Fs) {
13-
1413
register.Provider("grpc/json", func(conf grpcjson.Config) core.Provider {
1514
return grpcjson.NewProvider(fs, conf)
1615
})
17-
1816
register.Gun("grpc", grpc.NewGun, grpc.DefaultGunConfig)
1917
register.Gun("grpc/scenario", scenario.NewGun, scenario.DefaultGunConfig)
2018
}

components/guns/grpc/core.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,7 @@ func DefaultGunConfig() GunConfig {
8585
Factor: 10,
8686
},
8787
},
88+
Masking: &answlog.PassAllMasker{},
8889
},
8990
}
9091
}
@@ -162,7 +163,13 @@ func (g *Gun) prepareClientPool() (*clientpool.Pool[grpcdynamic.Stub], error) {
162163
}
163164

164165
func NewGun(conf GunConfig) *Gun {
165-
answLog := answlog.Init(conf.AnswLog.Path, conf.AnswLog.Enabled, answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)), answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 20), conf.AnswLog.Sampling.Enabled))
166+
answLog := answlog.Init(
167+
conf.AnswLog.Path,
168+
conf.AnswLog.Enabled,
169+
answlog.WithFilter(filter.NewGRPCStatusCodeFilter(conf.AnswLog.Filter)),
170+
answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 20), conf.AnswLog.Sampling.Enabled),
171+
answlog.WithMasker(conf.AnswLog.Masking),
172+
)
166173
return &Gun{Conf: conf, AnswLog: answLog}
167174
}
168175

components/guns/grpc/scenario/core.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,12 +50,19 @@ func DefaultGunConfig() GunConfig {
5050
Factor: 10,
5151
},
5252
},
53+
Masking: &answlog.PassAllMasker{},
5354
},
5455
}
5556
}
5657

5758
func NewGun(conf GunConfig) *Gun {
58-
answLog := answlog.Init(conf.AnswLog.Path, conf.AnswLog.Enabled, answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)), answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 20), conf.AnswLog.Sampling.Enabled))
59+
answLog := answlog.Init(
60+
conf.AnswLog.Path,
61+
conf.AnswLog.Enabled,
62+
answlog.WithFilter(filter.NewGRPCStatusCodeFilter(conf.AnswLog.Filter)),
63+
answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 20), conf.AnswLog.Sampling.Enabled),
64+
answlog.WithMasker(conf.AnswLog.Masking),
65+
)
5966
r := rand.New(rand.NewSource(0)) //TODO: use real random
6067
return &Gun{
6168
templ: NewTextTemplater(),
@@ -74,6 +81,7 @@ func NewGun(conf GunConfig) *Gun {
7481
Path: conf.AnswLog.Path,
7582
Filter: conf.AnswLog.Filter,
7683
Sampling: conf.AnswLog.Sampling,
84+
Masking: conf.AnswLog.Masking,
7785
},
7886
},
7987
AnswLog: answLog},

components/guns/http/connect.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212
"github.com/pkg/errors"
1313
"github.com/yandex/pandora/components/answ/filter"
1414
"github.com/yandex/pandora/components/answ/sampler"
15+
"github.com/yandex/pandora/core"
1516
"github.com/yandex/pandora/lib/answlog"
1617
"github.com/yandex/pandora/lib/netutil"
1718
)
@@ -24,6 +25,21 @@ func NewConnectGun(cfg GunConfig, answLog *answlog.Logger) *BaseGun {
2425
return NewBaseGun(newConnectClient, cfg, answLog)
2526
}
2627

28+
func NewConnectGunFactory(conf GunConfig) func() core.Gun {
29+
conf.Target, _ = PreResolveTargetAddr(&conf.Client, conf.Target)
30+
conf.TargetResolved = conf.Target
31+
answLog := answlog.Init(
32+
conf.AnswLog.Path,
33+
conf.AnswLog.Enabled,
34+
answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)),
35+
answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 600), conf.AnswLog.Sampling.Enabled),
36+
answlog.WithMasker(conf.AnswLog.Masking),
37+
)
38+
return func() core.Gun {
39+
return WrapGun(NewConnectGun(conf, answLog))
40+
}
41+
}
42+
2743
func DefaultConnectGunConfig() GunConfig {
2844
return GunConfig{
2945
SSL: false,
@@ -43,6 +59,7 @@ func DefaultConnectGunConfig() GunConfig {
4359
Factor: 10,
4460
},
4561
},
62+
Masking: &answlog.PassAllMasker{},
4663
},
4764
HTTPTrace: HTTPTraceConfig{
4865
DumpEnabled: false,

components/guns/http/http.go

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import (
44
"github.com/pkg/errors"
55
"github.com/yandex/pandora/components/answ/filter"
66
"github.com/yandex/pandora/components/answ/sampler"
7+
"github.com/yandex/pandora/core"
78
"github.com/yandex/pandora/lib/answlog"
89
)
910

@@ -26,6 +27,19 @@ func NewHTTP1Gun(cfg GunConfig, answLog *answlog.Logger) *BaseGun {
2627
return NewBaseGun(HTTP1ClientConstructor, cfg, answLog)
2728
}
2829

30+
func NewHTTP1GunFactory(conf GunConfig) func() core.Gun {
31+
targetResolved, _ := PreResolveTargetAddr(&conf.Client, conf.Target)
32+
conf.TargetResolved = targetResolved
33+
answLog := answlog.Init(
34+
conf.AnswLog.Path,
35+
conf.AnswLog.Enabled,
36+
answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)),
37+
answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 600), conf.AnswLog.Sampling.Enabled),
38+
answlog.WithMasker(conf.AnswLog.Masking),
39+
)
40+
return func() core.Gun { return WrapGun(NewHTTP1Gun(conf, answLog)) }
41+
}
42+
2943
func HTTP1ClientConstructor(clientConfig ClientConfig, target string) Client {
3044
transport := NewTransport(clientConfig.Transport, NewDialer(clientConfig.Dialer).DialContext, target)
3145
client := NewRedirectingClient(transport, clientConfig.Redirect)
@@ -43,6 +57,22 @@ func NewHTTP2Gun(cfg GunConfig, answLog *answlog.Logger) (*BaseGun, error) {
4357
return NewBaseGun(HTTP2ClientConstructor, cfg, answLog), nil
4458
}
4559

60+
func NewHTTP2GunFactory(conf GunConfig) func() (core.Gun, error) {
61+
targetResolved, _ := PreResolveTargetAddr(&conf.Client, conf.Target)
62+
conf.TargetResolved = targetResolved
63+
answLog := answlog.Init(
64+
conf.AnswLog.Path,
65+
conf.AnswLog.Enabled,
66+
answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)),
67+
answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 600), conf.AnswLog.Sampling.Enabled),
68+
answlog.WithMasker(conf.AnswLog.Masking),
69+
)
70+
return func() (core.Gun, error) {
71+
gun, err := NewHTTP2Gun(conf, answLog)
72+
return WrapGun(gun), err
73+
}
74+
}
75+
4676
func HTTP2ClientConstructor(clientConfig ClientConfig, target string) Client {
4777
transport := NewHTTP2Transport(clientConfig.Transport, NewDialer(clientConfig.Dialer).DialContext, target)
4878
client := NewRedirectingClient(transport, clientConfig.Redirect)
@@ -71,6 +101,7 @@ func DefaultHTTPGunConfig() GunConfig {
71101
Factor: 10,
72102
},
73103
},
104+
Masking: &answlog.PassAllMasker{},
74105
},
75106
HTTPTrace: HTTPTraceConfig{
76107
DumpEnabled: false,
@@ -97,6 +128,7 @@ func DefaultHTTP2GunConfig() GunConfig {
97128
Factor: 10,
98129
},
99130
},
131+
Masking: &answlog.PassAllMasker{},
100132
},
101133
HTTPTrace: HTTPTraceConfig{
102134
DumpEnabled: false,

components/phttp/import/import.go

Lines changed: 3 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -2,45 +2,19 @@ package phttp
22

33
import (
44
"github.com/spf13/afero"
5-
"github.com/yandex/pandora/components/answ/filter"
6-
"github.com/yandex/pandora/components/answ/sampler"
75
phttp "github.com/yandex/pandora/components/guns/http"
86
scenarioGun "github.com/yandex/pandora/components/guns/http_scenario"
97
httpProvider "github.com/yandex/pandora/components/providers/http"
108
scenarioProvider "github.com/yandex/pandora/components/providers/scenario/import"
11-
"github.com/yandex/pandora/core"
129
"github.com/yandex/pandora/core/register"
13-
"github.com/yandex/pandora/lib/answlog"
1410
)
1511

1612
func Import(fs afero.Fs) {
1713
httpProvider.Import(fs)
1814
scenarioGun.Import(fs)
1915
scenarioProvider.Import(fs)
2016

21-
register.Gun("http", func(conf phttp.GunConfig) func() core.Gun {
22-
targetResolved, _ := phttp.PreResolveTargetAddr(&conf.Client, conf.Target)
23-
conf.TargetResolved = targetResolved
24-
answLog := answlog.Init(conf.AnswLog.Path, conf.AnswLog.Enabled, answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)), answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 600), conf.AnswLog.Sampling.Enabled))
25-
return func() core.Gun { return phttp.WrapGun(phttp.NewHTTP1Gun(conf, answLog)) }
26-
}, phttp.DefaultHTTPGunConfig)
27-
28-
register.Gun("http2", func(conf phttp.GunConfig) func() (core.Gun, error) {
29-
targetResolved, _ := phttp.PreResolveTargetAddr(&conf.Client, conf.Target)
30-
conf.TargetResolved = targetResolved
31-
answLog := answlog.Init(conf.AnswLog.Path, conf.AnswLog.Enabled, answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)), answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 600), conf.AnswLog.Sampling.Enabled))
32-
return func() (core.Gun, error) {
33-
gun, err := phttp.NewHTTP2Gun(conf, answLog)
34-
return phttp.WrapGun(gun), err
35-
}
36-
}, phttp.DefaultHTTP2GunConfig)
37-
38-
register.Gun("connect", func(conf phttp.GunConfig) func() core.Gun {
39-
conf.Target, _ = phttp.PreResolveTargetAddr(&conf.Client, conf.Target)
40-
conf.TargetResolved = conf.Target
41-
answLog := answlog.Init(conf.AnswLog.Path, conf.AnswLog.Enabled, answlog.WithFilter(filter.NewHTTPStatusCodeFilter(conf.AnswLog.Filter)), answlog.WithSampler(sampler.NewStatusCodeSampler(conf.AnswLog.Sampling.Pattern, 600), conf.AnswLog.Sampling.Enabled))
42-
return func() core.Gun {
43-
return phttp.WrapGun(phttp.NewConnectGun(conf, answLog))
44-
}
45-
}, phttp.DefaultConnectGunConfig)
17+
register.Gun("http", phttp.NewHTTP1GunFactory, phttp.DefaultHTTPGunConfig)
18+
register.Gun("http2", phttp.NewHTTP2GunFactory, phttp.DefaultHTTP2GunConfig)
19+
register.Gun("connect", phttp.NewConnectGunFactory, phttp.DefaultConnectGunConfig)
4620
}

core/register/register.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,8 @@ func DataSink(name string, newDataSink interface{}, defaultConfigOptional ...int
3838
var ptr *core.DataSink
3939
RegisterPtr(ptr, name, newDataSink, defaultConfigOptional...)
4040
}
41+
42+
func Plugin[T interface{}](name string, newPlugin interface{}, defaultConfigOptional ...interface{}) {
43+
var ptr *T
44+
RegisterPtr(ptr, name, newPlugin, defaultConfigOptional...)
45+
}

lib/answlog/config.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
11
package answlog
22

33
type Config struct {
4-
Enabled bool `config:"enabled"`
5-
Path string `config:"path"`
6-
Filter string `config:"filter" valid:"oneof=all warning error"`
7-
Sampling Sampling `config:"sampling"`
4+
Enabled bool `config:"enabled"`
5+
Path string `config:"path"`
6+
Filter string `config:"filter" valid:"oneof=all warning error"`
7+
Sampling Sampling `config:"sampling"`
8+
Masking LogMasker `config:"masking"`
89
}
910

1011
type Sampling struct {

0 commit comments

Comments
 (0)