From 3c12ec33a9269b5b8c352ddf9cba8cff83462a98 Mon Sep 17 00:00:00 2001 From: Ilnaz Nizametdinov Date: Thu, 21 Mar 2024 16:22:40 +0300 Subject: [PATCH] Clear sensitive data in replication's description --- .../schemeshard_path_describer.cpp | 22 +++++++++++++++++++ .../ut_replication/ut_replication.cpp | 14 ++++++++++++ .../tx/schemeshard/ut_replication/ya.make | 1 + 3 files changed, 37 insertions(+) diff --git a/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp b/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp index 234706bba62c..e24a1f59f8dd 100644 --- a/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp +++ b/ydb/core/tx/schemeshard/schemeshard_path_describer.cpp @@ -4,6 +4,7 @@ #include #include #include +#include #include @@ -1282,6 +1283,26 @@ void TSchemeShard::DescribeReplication(const TPathId& pathId, const TString& nam DescribeReplication(pathId, name, it->second, desc); } +static void ClearSensitiveFields(google::protobuf::Message* message) { + const auto* desc = message->GetDescriptor(); + const auto* self = message->GetReflection(); + + for (int i = 0; i < desc->field_count(); ++i) { + const auto* field = desc->field(i); + if (field->options().GetExtension(Ydb::sensitive)) { + self->ClearField(message, field); + } else if (field->message_type()) { + if (!field->is_repeated() && self->HasField(*message, field)) { + ClearSensitiveFields(self->MutableMessage(message, field)); + } else if (field->is_repeated()) { + for (int j = 0, size = self->FieldSize(*message, field); j < size; ++j) { + ClearSensitiveFields(self->MutableRepeatedMessage(message, field, j)); + } + } + } + } +} + void TSchemeShard::DescribeReplication(const TPathId& pathId, const TString& name, TReplicationInfo::TPtr info, NKikimrSchemeOp::TReplicationDescription& desc) { @@ -1290,6 +1311,7 @@ void TSchemeShard::DescribeReplication(const TPathId& pathId, const TString& nam << " name# " << name); desc = info->Description; + ClearSensitiveFields(&desc); desc.SetName(name); PathIdFromPathId(pathId, desc.MutablePathId()); diff --git a/ydb/core/tx/schemeshard/ut_replication/ut_replication.cpp b/ydb/core/tx/schemeshard/ut_replication/ut_replication.cpp index 36c76ad148c4..8399587a2f90 100644 --- a/ydb/core/tx/schemeshard/ut_replication/ut_replication.cpp +++ b/ydb/core/tx/schemeshard/ut_replication/ut_replication.cpp @@ -1,3 +1,4 @@ +#include #include using namespace NSchemeShardUT_Private; @@ -138,6 +139,19 @@ Y_UNIT_TEST_SUITE(TReplicationTests) { } } + Y_UNIT_TEST(Describe) { + TTestBasicRuntime runtime; + TTestEnv env(runtime, TTestEnvOptions().InitYdbDriver(true)); + ui64 txId = 100; + + TestCreateReplication(runtime, ++txId, "/MyRoot", DefaultScheme("Replication")); // default with user & password + env.TestWaitNotification(runtime, txId); + + const auto desc = DescribePath(runtime, "/MyRoot/Replication"); + const auto& params = desc.GetPathDescription().GetReplicationDescription().GetConfig().GetSrcConnectionParams(); + UNIT_ASSERT(!params.GetStaticCredentials().HasPassword()); + } + void CreateReplicatedTable(NKikimrSchemeOp::TTableReplicationConfig::EReplicationMode mode) { TTestBasicRuntime runtime; TTestEnv env(runtime); diff --git a/ydb/core/tx/schemeshard/ut_replication/ya.make b/ydb/core/tx/schemeshard/ut_replication/ya.make index de10a52ae927..dc73ed50d5d6 100644 --- a/ydb/core/tx/schemeshard/ut_replication/ya.make +++ b/ydb/core/tx/schemeshard/ut_replication/ya.make @@ -14,6 +14,7 @@ ELSE() ENDIF() PEERDIR( + ydb/core/protos ydb/core/tx/schemeshard/ut_helpers ydb/library/yql/sql/pg_dummy )