search

canonical / mysql-operator

Machine charm for MySQL following the operator framework
https://charmhub.io/mysql
Apache License 2.0
7 stars 10 forks source link

[DPE-4266] Strip passwords from command execute output and tracebacks #499

Closed shayancanonical closed 1 month ago

shayancanonical commented 1 month ago

Issue

We are leaking passwords when there's an issue creating a backup Counterpart in K8s charm:

Solution

Modify code to avoid leaks of any passwords when _execute_command or _run_mysqlcli_script is called

Example traceback

unit-mysql-0: 20:16:52 INFO unit.mysql/0.juju-log A backup has been requested on unit
unit-mysql-0: 20:16:52 INFO unit.mysql/0.juju-log Checking if the unit is waiting to start or restart
unit-mysql-0: 20:16:52 INFO unit.mysql/0.juju-log Checking if backup already in progress
unit-mysql-0: 20:16:52 INFO unit.mysql/0.juju-log Checking state and role of unit
unit-mysql-0: 20:16:52 INFO unit.mysql/0.juju-log Uploading content to bucket=mysql-backups-development, path=mysql-test/2024-08-05T20:16:52Z.metadata
unit-mysql-0: 20:16:53 INFO unit.mysql/0.juju-log Running the xtrabackup commands
unit-mysql-0: 20:16:54 ERROR unit.mysql/0.juju-log Failed command: bash -c set -o pipefail; x/snap/bin/charmed-mysql.xtrabackup --defaults-file=/var/snap/charmed-mysql/current/etc/mysql/mysql.cnf --defaults-group=mysqld --no-version-check --parallel=12 --user=backups --password=xxxxxxxxxxxx --socket=/var/snap/charmed-mysql/common/var/run/mysqld/mysqld.sock --lock-ddl --backup --stream=xbstream --xtrabackup-plugin-dir=/snap/charmed-mysql/current/usr/lib/xtrabackup/plugin --target-dir=/var/snap/charmed-mysql/common/xtra_backup_6f8V --no-server-version-check | /snap/bin/charmed-mysql.xbcloud put --curl-retriable-errors=7 --insecure --parallel=10 --md5 --storage=S3 --s3-region=us-east-1 --s3-bucket=mysql-backups-development --s3-endpoint=https://s3.amazonaws.com --s3-api-version=auto --s3-bucket-lookup=auto mysql-test/2024-08-05T20:16:52Z; user='root'; group='root'
unit-mysql-0: 20:16:54 ERROR unit.mysql/0.juju-log Failed to execute backup commands
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-mysql-0/charm/lib/charms/mysql/v0/mysql.py", line 2452, in execute_backup_commands
    return self._execute_commands(
  File "/var/lib/juju/agents/unit-mysql-0/charm/lib/charms/tempo_k8s/v1/charm_tracing.py", line 647, in wrapped_function
    return callable(*args, **kwargs)  # type: ignore
  File "/var/lib/juju/agents/unit-mysql-0/charm/src/mysql_vm_helpers.py", line 571, in _execute_commands
    raise MySQLExecError from None
charms.mysql.v0.mysql.MySQLExecError
unit-mysql-0: 20:16:54 INFO unit.mysql/0.juju-log Uploading logs to S3 at bucket=mysql-backups-development, location=mysql-test/2024-08-05T20:16:52Z.backup.log
unit-mysql-0: 20:16:54 INFO unit.mysql/0.juju-log Uploading content to bucket=mysql-backups-development, path=mysql-test/2024-08-05T20:16:52Z.backup.log
unit-mysql-0: 20:16:54 ERROR unit.mysql/0.juju-log Backup failed: Error backing up the database
unit-mysql-0: 20:16:54 INFO unit.mysql/0.juju-log Deleting temp backup directory
unit-mysql-0: 20:16:54 INFO unit.mysql/0.juju-log Unsetting unit as offline after performing backup
unit-mysql-0: 20:16:54 INFO unit.mysql/0.juju-log Setting unit option tag:_hidden as false