fix: Prevent redis password from being logged (#3031) (#3165)

Co-authored-by: Gyubong Lee <[email protected]>
lablup · Nov 29, 2024 · 3eb2c04 · 3eb2c04
1 parent cf661b0
commit 3eb2c04
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 4 deletions.
diff --git a/changes/3031.fix.md b/changes/3031.fix.md
@@ -0,0 +1 @@
+Prevent redis password from being logged.
diff --git a/src/ai/backend/common/types.py b/src/ai/backend/common/types.py
@@ -1117,6 +1117,13 @@ class EtcdRedisConfig(TypedDict, total=False):
     redis_helper_config: RedisHelperConfig
 
 
+def safe_print_redis_config(config: EtcdRedisConfig) -> str:
+    safe_config = config.copy()
+    if "password" in safe_config:
+        safe_config["password"] = "********"
+    return str(safe_config)
+
+
 class RedisHelperConfig(TypedDict, total=False):
     socket_timeout: float
     socket_connect_timeout: float

diff --git a/src/ai/backend/storage/server.py b/src/ai/backend/storage/server.py
@@ -26,7 +26,7 @@
 from ai.backend.common.defs import REDIS_STREAM_DB
 from ai.backend.common.events import EventDispatcher, EventProducer
 from ai.backend.common.logging import BraceStyleAdapter, Logger
-from ai.backend.common.types import LogSeverity
+from ai.backend.common.types import LogSeverity, safe_print_redis_config
 from ai.backend.common.utils import env_info
 
 from . import __version__ as VERSION
@@ -95,7 +95,11 @@ async def server_main(
             redis_config = redis_config_iv.check(
                 await etcd.get_prefix("config/redis"),
             )
-            log.info("PID: {0} - configured redis_config: {1}", pidx, redis_config)
+            log.info(
+                "PID: {0} - configured redis_config: {1}",
+                pidx,
+                safe_print_redis_config(redis_config),
+            )
         except Exception as e:
             log.exception("Unable to read config from etcd")
             raise e
@@ -105,15 +109,23 @@ async def server_main(
             db=REDIS_STREAM_DB,
             log_events=local_config["debug"]["log-events"],
         )
-        log.info("PID: {0} - Event producer created. (redis_config: {1})", pidx, redis_config)
+        log.info(
+            "PID: {0} - Event producer created. (redis_config: {1})",
+            pidx,
+            safe_print_redis_config(redis_config),
+        )
         event_dispatcher = await EventDispatcher.new(
             redis_config,
             db=REDIS_STREAM_DB,
             log_events=local_config["debug"]["log-events"],
             node_id=local_config["storage-proxy"]["node-id"],
             consumer_group=EVENT_DISPATCHER_CONSUMER_GROUP,
         )
-        log.info("PID: {0} - Event dispatcher created. (redis_config: {1})", pidx, redis_config)
+        log.info(
+            "PID: {0} - Event dispatcher created. (redis_config: {1})",
+            pidx,
+            safe_print_redis_config(redis_config),
+        )
         if local_config["storage-proxy"]["use-watcher"]:
             if not _is_root():
                 raise ValueError(