Use engine.url instead of connection string in log message to hide connection password (!886) · Merge requests · BuildGrid / buildgrid

Jeremiah Bonney requested to merge jbonney/dont-print-connection-string into master May 18, 2023

Description

Printing out connection_string directly will print out the password directly in the log, while engine.url sanitizes the string. Using docker-compose -f docker-compose.all-in-one.yml up to bring up a BuildGrid using a connection string with a secret:

Before this PR:

...
Validating !sql-connection...
2023-05-18 16:12:13,315:[       buildgrid.server.sql.provider][ INFO][MainThread]: Setting up SQL provider with: automigrate=True, connection_string='postgresql://bgd:insecure@database/bgd', connection_timeout=5
2023-05-18 16:12:13,315:[       buildgrid.server.sql.provider][DEBUG][MainThread]: Additional SQLAlchemy Engine args: [{'connect_args': {'connect_timeout': 5, 'options': '-c lock_timeout=5000'}, 'max_overflow': 10, 'pool_size': 5, 'pool_timeout': 30}]

After this PR:

...
Validating !sql-connection...
2023-05-18 16:09:46,505:[       buildgrid.server.sql.provider][DEBUG][MainThread]: Additional SQLAlchemy Engine args: [{'connect_args': {'connect_timeout': 5, 'options': '-c lock_timeout=5000'}, 'max_overflow': 10, 'pool_size': 5, 'pool_timeout': 30}]
2023-05-18 16:09:46,513:[       buildgrid.server.sql.provider][ INFO][MainThread]: Created SQL provider with: automigrate=True, connection='postgresql://bgd:***@database/bgd'
2023-05-18 16:09:46,513:[       buildgrid.server.sql.provider][WARNI][MainThread]: Will attempt migration to latest version if needed.
...

Use engine.url instead of connection string in log message to hide connection password

Description

Merge request reports