Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove password from log statement #1544

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Remove password from log statement #1544

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
da08840
safe logging: hide password if peer url uses basic auth in url
rdhaese May 4, 2024
2830652
code inspection suggestions
rdhaese May 4, 2024
a29695c
code inspection suggestions
rdhaese May 4, 2024
ba5ff9b
consistency
rdhaese May 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
112 changes: 63 additions & 49 deletions eureka-core/src/main/java/com/netflix/eureka/cluster/PeerEurekaNodes.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,5 @@
package com.netflix.eureka.cluster;

import javax.inject.Inject;
import javax.inject.Singleton;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;

import com.netflix.appinfo.ApplicationInfoManager;
import com.netflix.appinfo.InstanceInfo;
import com.netflix.discovery.EurekaClientConfig;
Expand All @@ -25,6 +11,16 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.inject.Inject;
import javax.inject.Singleton;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.*;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;

/**
* Helper class to manage lifecycle of a collection of {@link PeerEurekaNode}s.
*
Expand Down Expand Up @@ -67,34 +63,28 @@ public List<PeerEurekaNode> getPeerNodesView() {
public List<PeerEurekaNode> getPeerEurekaNodes() {
return peerEurekaNodes;
}

public int getMinNumberOfAvailablePeers() {
return serverConfig.getHealthStatusMinNumberOfAvailablePeers();
}

public void start() {
taskExecutor = Executors.newSingleThreadScheduledExecutor(
new ThreadFactory() {
@Override
public Thread newThread(Runnable r) {
Thread thread = new Thread(r, "Eureka-PeerNodesUpdater");
thread.setDaemon(true);
return thread;
}
r -> {
Thread thread = new Thread(r, "Eureka-PeerNodesUpdater");
thread.setDaemon(true);
return thread;
}
);
try {
updatePeerEurekaNodes(resolvePeerUrls());
Runnable peersUpdateTask = new Runnable() {
@Override
public void run() {
try {
updatePeerEurekaNodes(resolvePeerUrls());
} catch (Throwable e) {
logger.error("Cannot update the replica Nodes", e);
}

Runnable peersUpdateTask = () -> {
try {
updatePeerEurekaNodes(resolvePeerUrls());
} catch (Throwable e) {
logger.error("Cannot update the replica Nodes", e);
}

};
taskExecutor.scheduleWithFixedDelay(
peersUpdateTask,
Expand All @@ -117,9 +107,7 @@ public void shutdown() {
this.peerEurekaNodes = Collections.emptyList();
this.peerEurekaNodeUrls = Collections.emptySet();

for (PeerEurekaNode node : toRemove) {
node.shutDown();
}
toRemove.forEach(PeerEurekaNode::shutDown);
}

/**
Expand Down Expand Up @@ -157,9 +145,9 @@ protected void updatePeerEurekaNodes(List<String> newPeerUrls) {
}

Set<String> toShutdown = new HashSet<>(peerEurekaNodeUrls);
toShutdown.removeAll(newPeerUrls);
newPeerUrls.forEach(toShutdown::remove);
Set<String> toAdd = new HashSet<>(newPeerUrls);
toAdd.removeAll(peerEurekaNodeUrls);
peerEurekaNodeUrls.forEach(toAdd::remove);

if (toShutdown.isEmpty() && toAdd.isEmpty()) { // No change
return;
Expand All @@ -169,7 +157,10 @@ protected void updatePeerEurekaNodes(List<String> newPeerUrls) {
List<PeerEurekaNode> newNodeList = new ArrayList<>(peerEurekaNodes);

if (!toShutdown.isEmpty()) {
logger.info("Removing no longer available peer nodes {}", toShutdown);
logger.info(
"Removing no longer available peer nodes {}",
toShutdown.stream().map(this::removePasswordFromPeerUrl).collect(Collectors.toSet())
);
int i = 0;
while (i < newNodeList.size()) {
PeerEurekaNode eurekaNode = newNodeList.get(i);
Expand All @@ -184,16 +175,40 @@ protected void updatePeerEurekaNodes(List<String> newPeerUrls) {

// Add new peers
if (!toAdd.isEmpty()) {
logger.info("Adding new peer nodes {}", toAdd);
for (String peerUrl : toAdd) {
newNodeList.add(createPeerEurekaNode(peerUrl));
}
logger.info(
"Adding new peer nodes {}",
toAdd.stream().map(this::removePasswordFromPeerUrl).collect(Collectors.toSet())
);
toAdd.stream().map(this::createPeerEurekaNode).forEach(newNodeList::add);
}

this.peerEurekaNodes = newNodeList;
this.peerEurekaNodeUrls = new HashSet<>(newPeerUrls);
}

/**
* If basic http authorization is used in the url, replace the password with 'PASSWORD', making it safe to log.
*/
private String removePasswordFromPeerUrl(String url) {
URI uri;
try {
uri = new URI(url);
} catch (URISyntaxException e) {
logger.warn("Cannot parse peer URI {}", url, e);
return null;
}

String userInfo = uri.getUserInfo();
if (userInfo != null && userInfo.contains(":")) {
String[] userInfoParts = userInfo.split(":");
if (userInfoParts.length == 2) {
String sanitizedUserInfo = userInfoParts[0] + ":PASSWORD";
return url.replace(userInfo, sanitizedUserInfo);
}
}
return url;
}

protected PeerEurekaNode createPeerEurekaNode(String peerEurekaNodeUrl) {
HttpReplicationClient replicationClient = JerseyReplicationClient.createReplicationClient(serverConfig, serverCodecs, peerEurekaNodeUrl);
String targetHost = hostFromUrl(peerEurekaNodeUrl);
Expand All @@ -204,16 +219,15 @@ protected PeerEurekaNode createPeerEurekaNode(String peerEurekaNodeUrl) {
}

/**
* @param url the service url of the replica node that the check is made.
* @return true, if the url represents the current node which is trying to
* replicate, false otherwise.
* @deprecated 2016-06-27 use instance version of {@link #isThisMyUrl(String)}
*
* <p>
* Checks if the given service url contains the current host which is trying
* to replicate. Only after the EIP binding is done the host has a chance to
* identify itself in the list of replica nodes and needs to take itself out
* of replication traffic.
*
* @param url the service url of the replica node that the check is made.
* @return true, if the url represents the current node which is trying to
* replicate, false otherwise.
*/
public static boolean isThisMe(String url) {
InstanceInfo myInfo = ApplicationInfoManager.getInstance().getInfo();
Expand All @@ -229,7 +243,7 @@ public static boolean isThisMe(String url) {
*
* @param url the service url of the replica node that the check is made.
* @return true, if the url represents the current node which is trying to
* replicate, false otherwise.
* replicate, false otherwise.
*/
public boolean isThisMyUrl(String url) {
final String myUrlConfigured = serverConfig.getMyUrl();
Expand All @@ -238,11 +252,11 @@ public boolean isThisMyUrl(String url) {
}
return isInstanceURL(url, applicationInfoManager.getInfo());
}

/**
* Checks if the given service url matches the supplied instance
*
* @param url the service url of the replica node that the check is made.
* @param url the service url of the replica node that the check is made.
* @param instance the instance to check the service url against
* @return true, if the url represents the supplied instance, false otherwise.
*/
Expand Down