search

sacloud / sakuracloud_exporter

Prometheus exporter for SakuraCloud metrics.
Apache License 2.0
7 stars 2 forks source link

The trace log contain database appliance password #45

Closed TakumaNakagame closed 2 years ago

TakumaNakagame commented 3 years ago

About

The TRACE log contains the database appliance password. This will appear if you enable --debug.

It is not appropriate for the log to contain the password. Delete this.

Log(JSON)

{
    "Result": {
        "Total": 1,
        "Count": 1,
        "Databases": [
            {
                "ID":"${RESOURCE_ID}",
                "Class": "database",
                "Name": "test",
                "Description": "",
                "Tags": [
                    "handmade"
                ],
                "Availability": "migrating",
                "IconID": 0,
                "CreatedAt": "2020-10-14T02:35:24+09:00",
                "ModifiedAt": "0001-01-01T00:00:00Z",
                "CommonSetting": {
                    "WebUI": false,
                    "ServicePort": 0,
                    "SourceNetwork": null,
                    "DefaultUser": "takuma",
                    "UserPassword": "${DB_PASSWORD}",
                    "ReplicaUser": "",
                    "ReplicaPassword": ""
                },
                "BackupSetting": null,
                "ReplicationSetting": null,
                "SettingsHash": "c9fb49d4dfa21660bde36276d1627829",
                "InstanceHostName": "",
                "InstanceHostInfoURL": "",
                "InstanceStatus": "",
                "InstanceStatusChangedAt": "0001-01-01T00:00:00Z",
                "PlanID": 10,
                "SwitchID": 113201519726,
                "Conf": {
                    "DatabaseName": "postgres",
                    "DatabaseVersion": "12",
                    "DatabaseRevision": "12.1",
                    "DefaultUser": "takuma",
                    "UserPassword": "${DB_PASSWORD}"
                },
                "DefaultRoute": "192.168.100.254",
                "NetworkMaskLen": 24,
                "IPAddresses": [
                    "192.168.100.100"
                ],
                "ZoneID": 31002
            }
        ]
    },
    "Error": null
}
yamamoto-febc commented 3 years ago

Hi @TakumaNakagame, thank you for opening the issue.

This is a design issue with libsacloud. This issue will be discussed on libsacloud. https://github.com/sacloud/libsacloud/issues/612

We will feed back to sakuracloud_exporter once the issue is solved on libsacloud.

yamamoto-febc commented 2 years ago

(リポジトリの運用方針変更により日本語でコメントします) さくらのクラウドのAPI利用者側が対処すべき問題ではないと思いますのでここでは対応しません。 関連: https://github.com/sacloud/iaas-api-go/issues/26