You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2021/02/23 17:14:13 UTC
[couchdb-config] branch main updated (4a307e2 -> 6937283)
This is an automated email from the ASF dual-hosted git repository.
jaydoane pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-config.git.
from 4a307e2 Add CouchDB matrix to and remove erlang 19 from CI (#34)
new ff74353 Enable eunit coverage
new 6937283 Implement is_sensitive/2 using configurable application env
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
rebar.config | 2 ++
src/{config.app.src => config.app.src.script} | 12 +++++++++++-
src/config.erl | 24 ++++++++++++++++++++++--
3 files changed, 35 insertions(+), 3 deletions(-)
create mode 100644 rebar.config
rename src/{config.app.src => config.app.src.script} (72%)
[couchdb-config] 01/02: Enable eunit coverage
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jaydoane pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-config.git
commit ff743536daf2ee71f9c378fe73205bd7456d47d5
Author: Jay Doane <ja...@apache.org>
AuthorDate: Fri Feb 19 22:40:02 2021 -0800
Enable eunit coverage
---
rebar.config | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rebar.config b/rebar.config
new file mode 100644
index 0000000..e0d1844
--- /dev/null
+++ b/rebar.config
@@ -0,0 +1,2 @@
+{cover_enabled, true}.
+{cover_print_enabled, true}.
[couchdb-config] 02/02: Implement is_sensitive/2 using configurable
application env
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jaydoane pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-config.git
commit 6937283083c6835339ce226b00d6ecee25a7f525
Author: Jay Doane <ja...@apache.org>
AuthorDate: Fri Feb 19 23:03:05 2021 -0800
Implement is_sensitive/2 using configurable application env
If it exists, consult a file to configure application env. If
`sensitive` env key is found therein, use it to determine which values
to redact from log entries. The value of the `sensitive` key should be
a dict of the form:
```
#{
Section1 => [Field1, Field2, ...],
Section2 => all
}
```
where `Section`s are strings that define sections which contain
sensitive fields, and `Field`s are strings. The atom `all` indicates
all fields for that section are sensitive. A typical configuration
might look like:
```
#{
"admins" => all,
"replicator" => ["password"]
}
```
meaning that all values in the `[admins]` section, and the `password`
value in the `[replicator]` section will be redacted from the logs.
---
src/{config.app.src => config.app.src.script} | 12 +++++++++++-
src/config.erl | 24 ++++++++++++++++++++++--
2 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/src/config.app.src b/src/config.app.src.script
similarity index 72%
rename from src/config.app.src
rename to src/config.app.src.script
index 7f8eef6..e4faf27 100644
--- a/src/config.app.src
+++ b/src/config.app.src.script
@@ -10,6 +10,15 @@
% License for the specific language governing permissions and limitations under
% the License.
+ConfigPath = filename:join([os:getenv("COUCHDB_APPS_CONFIG_DIR"), "config.config"]),
+AppEnv = case filelib:is_file(ConfigPath) of
+ true ->
+ {ok, Result} = file:consult(ConfigPath),
+ Result;
+ false ->
+ []
+end.
+
{application, config, [
{description, "INI file configuration system for Apache CouchDB"},
{vsn, git},
@@ -18,5 +27,6 @@
config_event
]},
{applications, [kernel, stdlib]},
- {mod, {config_app, []}}
+ {mod, {config_app, []}},
+ {env, AppEnv}
]}.
diff --git a/src/config.erl b/src/config.erl
index e8f7533..b87ff34 100644
--- a/src/config.erl
+++ b/src/config.erl
@@ -40,6 +40,8 @@
-export([init/1, terminate/2, code_change/3]).
-export([handle_call/3, handle_cast/2, handle_info/2]).
+-export([is_sensitive/2]).
+
-define(FEATURES, "features").
-define(TIMEOUT, 30000).
@@ -247,7 +249,7 @@ handle_call(all, _From, Config) ->
handle_call({set, Sec, Key, Val, Opts}, _From, Config) ->
Persist = maps:get(persist, Opts, true),
Reason = maps:get(reason, Opts, nil),
- IsSensitive = maps:get(sensitive, Opts, false),
+ IsSensitive = is_sensitive(Sec, Key),
case validate_config_update(Sec, Key, Val) of
{error, ValidationError} when IsSensitive ->
couch_log:error("~p: [~s] ~s = '****' rejected for reason ~p",
@@ -322,7 +324,16 @@ handle_call(reload, _From, Config) ->
true ->
ok;
false ->
- couch_log:notice("Reload detected config change ~s.~s = ~p", [Sec, Key, V]),
+ case is_sensitive(Sec, Key) of
+ false ->
+ couch_log:notice(
+ "Reload detected config change ~s.~s = ~p",
+ [Sec, Key, V]);
+ true ->
+ couch_log:notice(
+ "Reload detected config change ~s.~s = '****'",
+ [Sec, Key])
+ end,
Event = {config_change, Sec, Key, V, true},
gen_event:sync_notify(config_event, Event)
end
@@ -356,6 +367,15 @@ code_change(_OldVsn, State, _Extra) ->
{ok, State}.
+is_sensitive(Section, Key) ->
+ Sensitive = application:get_env(config, sensitive, #{}),
+ case maps:get(Section, Sensitive, false) of
+ all -> true;
+ Fields when is_list(Fields) -> lists:member(Key, Fields);
+ _ -> false
+ end.
+
+
parse_ini_file(IniFile) ->
IniFilename = config_util:abs_pathname(IniFile),
IniBin =