Fix peek instrumentation for Redis to not mutate auth commands (!144388) · Merge requests · GitLab.org / GitLab

Sylvester Chin requested to merge sc1-fix-peek-command-mutation into master Feb 11, 2024

What does this MR do and why?

This MR fixes a bug in the redis v5 gem rollout. It performs a deep_dup of the auth command to prevent mutation to external states containing the actual password as it could lead to auth failure in subsequent attempts to create new connections.

See detailed explanation on why peek instrumentation could lead to NOAUTH errors: gitlab-com/gl-infra/scalability#2826 (comment 1766687372)

Note: as this does not cause any issues with redis v4.8.0 gem, I'm not labelling this MR as a bug fix but a maintenance change. This will reduce the actual changes in !144300 (merged).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited Feb 11, 2024 by Sylvester Chin

Fix peek instrumentation for Redis to not mutate auth commands

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports