From 49bab4794e2999a1a3b7ff6aa6cf4f4ce2f4d3ee Mon Sep 17 00:00:00 2001 From: Marcel Moura <5615598+marcelstanley@users.noreply.github.com> Date: Tue, 6 Aug 2024 18:52:53 -0300 Subject: [PATCH] feat(config): redact redis endpoint on experimental mode --- CHANGELOG.md | 1 + internal/node/config/config.go | 4 ++-- internal/node/config/config_test.go | 8 ++++++++ internal/node/services.go | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 230fbc58b..1a5dbe634 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Disabled the `authority-claimer` when `CARTESI_EXPERIMENTAL_SUNODO_VALIDATOR_ENABLED` is set to true. +- Redacted the contents of `CARTESI_EXPERIMENTAL_SUNODO_VALIDATOR_REDIS_ENDPOINT`. ## [1.5.0] 2024-07-22 diff --git a/internal/node/config/config.go b/internal/node/config/config.go index f32a744b3..1331e8997 100644 --- a/internal/node/config/config.go +++ b/internal/node/config/config.go @@ -36,7 +36,7 @@ type NodeConfig struct { FeatureDisableMachineHashCheck bool ExperimentalServerManagerBypassLog bool ExperimentalSunodoValidatorEnabled bool - ExperimentalSunodoValidatorRedisEndpoint string + ExperimentalSunodoValidatorRedisEndpoint Redacted[string] Auth Auth } @@ -99,7 +99,7 @@ func FromEnv() NodeConfig { config.ExperimentalSunodoValidatorEnabled = getExperimentalSunodoValidatorEnabled() if config.ExperimentalSunodoValidatorEnabled { config.ExperimentalSunodoValidatorRedisEndpoint = - getExperimentalSunodoValidatorRedisEndpoint() + Redacted[string]{getExperimentalSunodoValidatorRedisEndpoint()} config.FeatureDisableClaimer = true } if !config.FeatureDisableClaimer && !getExperimentalSunodoValidatorEnabled() { diff --git a/internal/node/config/config_test.go b/internal/node/config/config_test.go index 186112b0b..205535dfd 100644 --- a/internal/node/config/config_test.go +++ b/internal/node/config/config_test.go @@ -40,3 +40,11 @@ func (s *ConfigTestSuite) TestAuthIsNotSetWhenClaimerIsDisabled() { c := FromEnv() assert.Nil(s.T(), c.Auth) } + +func (s *ConfigTestSuite) TestExperimentalSunodoValidatorRedisEndpointIsRedacted() { + os.Setenv("CARTESI_EXPERIMENTAL_SUNODO_VALIDATOR_ENABLED", "true") + os.Setenv("CARTESI_EXPERIMENTAL_SUNODO_VALIDATOR_REDIS_ENDPOINT", + "redis://default:VERY_SECRET_PASWORD@rollups-nodes-redis.internal:6379") + c := FromEnv() + assert.Equal(s.T(), "[REDACTED]", c.ExperimentalSunodoValidatorRedisEndpoint.String()) +} diff --git a/internal/node/services.go b/internal/node/services.go index 892c3db16..bf60efd51 100644 --- a/internal/node/services.go +++ b/internal/node/services.go @@ -45,7 +45,7 @@ func getPort(c config.NodeConfig, offset portOffset) int { // Get the redis endpoint based on whether the experimental sunodo validator mode is enabled. func getRedisEndpoint(c config.NodeConfig) string { if c.ExperimentalSunodoValidatorEnabled { - return c.ExperimentalSunodoValidatorRedisEndpoint + return c.ExperimentalSunodoValidatorRedisEndpoint.Value } else { return fmt.Sprintf("redis://%v:%v", localhost, getPort(c, portOffsetRedis)) }