From 5441560db82b0d7f3b43180e522a3d5ebeef6625 Mon Sep 17 00:00:00 2001 From: Chunzhu Li Date: Wed, 13 Jan 2021 04:20:14 -0600 Subject: [PATCH] config: change redact log parameter name (#547) * change redact log parameter name * address comment * update lightning.toml --- lightning/config/config.go | 2 ++ lightning/config/global.go | 8 ++++---- lightning/lightning.go | 2 ++ lightning/log/log.go | 4 ---- tidb-lightning.toml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/lightning/config/config.go b/lightning/config/config.go index c8cf0234d..8e30659a5 100644 --- a/lightning/config/config.go +++ b/lightning/config/config.go @@ -280,6 +280,8 @@ type Security struct { CAPath string `toml:"ca-path" json:"ca-path"` CertPath string `toml:"cert-path" json:"cert-path"` KeyPath string `toml:"key-path" json:"key-path"` + // RedactInfoLog indicates that whether enabling redact log + RedactInfoLog bool `toml:"redact-info-log" json:"redact-info-log"` } // RegistersMySQL registers (or deregisters) the TLS config with name "cluster" diff --git a/lightning/config/global.go b/lightning/config/global.go index 6ec954cd1..60c3ed7b7 100644 --- a/lightning/config/global.go +++ b/lightning/config/global.go @@ -144,7 +144,6 @@ func LoadGlobalConfig(args []string, extraFlags func(*flag.FlagSet)) (*GlobalCon logLevel := flagext.ChoiceVar(fs, "L", "", `log level: info, debug, warn, error, fatal (default info)`, "", "info", "debug", "warn", "warning", "error", "fatal") logFilePath := fs.String("log-file", "", "log file path") - redactLog := fs.Bool("redact-log", false, "whether to redact sensitive info in log") tidbHost := fs.String("tidb-host", "", "TiDB server host") tidbPort := fs.Int("tidb-port", 0, "TiDB server port (default 4000)") tidbUser := fs.String("tidb-user", "", "TiDB user name to connect") @@ -163,6 +162,7 @@ func LoadGlobalConfig(args []string, extraFlags func(*flag.FlagSet)) (*GlobalCon tlsCAPath := fs.String("ca", "", "CA certificate path for TLS connection") tlsCertPath := fs.String("cert", "", "certificate path for TLS connection") tlsKeyPath := fs.String("key", "", "private key path for TLS connection") + redactInfoLog := fs.Bool("redact-info-log", false, "whether to redact sensitive info in log") statusAddr := fs.String("status-addr", "", "the Lightning server address") serverMode := fs.Bool("server-mode", false, "start Lightning in server mode, wait for multiple tasks instead of starting immediately") @@ -199,9 +199,6 @@ func LoadGlobalConfig(args []string, extraFlags func(*flag.FlagSet)) (*GlobalCon if *logFilePath != "" { cfg.App.Config.File = *logFilePath } - if *redactLog { - cfg.App.Config.RedactLog = *redactLog - } // "-" is a special config for log to stdout if cfg.App.Config.File == "-" { cfg.App.Config.File = "" @@ -271,6 +268,9 @@ func LoadGlobalConfig(args []string, extraFlags func(*flag.FlagSet)) (*GlobalCon if *tlsKeyPath != "" { cfg.Security.KeyPath = *tlsKeyPath } + if *redactInfoLog { + cfg.Security.RedactInfoLog = *redactInfoLog + } if len(filter) > 0 { cfg.Mydumper.Filter = filter } diff --git a/lightning/lightning.go b/lightning/lightning.go index ba26ce360..ebb76475c 100755 --- a/lightning/lightning.go +++ b/lightning/lightning.go @@ -81,6 +81,8 @@ func New(globalCfg *config.GlobalConfig) *Lightning { log.L().Fatal("failed to load TLS certificates", zap.Error(err)) } + log.InitRedact(globalCfg.Security.RedactInfoLog) + ctx, shutdown := context.WithCancel(context.Background()) return &Lightning{ globalCfg: globalCfg, diff --git a/lightning/log/log.go b/lightning/log/log.go index c597af477..e3b8f3328 100644 --- a/lightning/log/log.go +++ b/lightning/log/log.go @@ -44,8 +44,6 @@ type Config struct { FileMaxDays int `toml:"max-days" json:"max-days"` // Maximum number of old log files to retain. FileMaxBackups int `toml:"max-backups" json:"max-backups"` - // Redact sensitive logs during the whole process - RedactLog bool `toml:"redact-log" json:"redact-log"` } func (cfg *Config) Adjust() { @@ -100,8 +98,6 @@ func InitLogger(cfg *Config, tidbLoglevel string) error { appLogger = Logger{logger.WithOptions(zap.AddStacktrace(zap.DPanicLevel))} appLevel = props.Level - InitRedact(cfg.RedactLog) - return nil } diff --git a/tidb-lightning.toml b/tidb-lightning.toml index 791c698ad..a55daa48f 100644 --- a/tidb-lightning.toml +++ b/tidb-lightning.toml @@ -41,8 +41,6 @@ file = "tidb-lightning.log" max-size = 128 # MB max-days = 28 max-backups = 14 -# If set to true, lightning will redact sensitive infomation in log. -redact-log = false [security] # specifies certificates and keys for TLS connections within the cluster. @@ -52,6 +50,8 @@ redact-log = false # cert-path = "/path/to/lightning.pem" # private key of this service. # key-path = "/path/to/lightning.key" +# If set to true, lightning will redact sensitive infomation in log. +# redact-info-log = false [checkpoint] # Whether to enable checkpoints.