Hide secrets in settings and task queue

This commit is contained in:
Louis Dureuil 2024-03-26 10:36:24 +01:00
parent 817ccc089a
commit f82d056072
No known key found for this signature in database
5 changed files with 66 additions and 8 deletions

View File

@ -920,7 +920,11 @@ impl IndexScheduler {
} }
// 3.2. Dump the settings // 3.2. Dump the settings
let settings = meilisearch_types::settings::settings(index, &rtxn)?; let settings = meilisearch_types::settings::settings(
index,
&rtxn,
meilisearch_types::settings::SecretPolicy::RevealSecrets,
)?;
index_dumper.settings(&settings)?; index_dumper.settings(&settings)?;
Ok(()) Ok(())
})?; })?;

View File

@ -211,6 +211,43 @@ pub struct Settings<T> {
pub _kind: PhantomData<T>, pub _kind: PhantomData<T>,
} }
impl<T> Settings<T> {
pub fn hide_secrets(&mut self) {
let Setting::Set(embedders) = &mut self.embedders else {
return;
};
for mut embedder in embedders.values_mut() {
let Setting::Set(embedder) = &mut embedder else {
continue;
};
let Setting::Set(api_key) = &mut embedder.api_key else {
continue;
};
Self::hide_secret(api_key);
}
}
fn hide_secret(secret: &mut String) {
match secret.len() {
x if x < 10 => {
secret.replace_range(.., "XXX...");
}
x if x < 20 => {
secret.replace_range(2.., "XXXX...");
}
x if x < 30 => {
secret.replace_range(3.., "XXXXX...");
}
_x => {
secret.replace_range(5.., "XXXXXX...");
}
}
}
}
impl Settings<Checked> { impl Settings<Checked> {
pub fn cleared() -> Settings<Checked> { pub fn cleared() -> Settings<Checked> {
Settings { Settings {
@ -555,9 +592,15 @@ pub fn apply_settings_to_builder(
} }
} }
pub enum SecretPolicy {
RevealSecrets,
HideSecrets,
}
pub fn settings( pub fn settings(
index: &Index, index: &Index,
rtxn: &crate::heed::RoTxn, rtxn: &crate::heed::RoTxn,
secret_policy: SecretPolicy,
) -> Result<Settings<Checked>, milli::Error> { ) -> Result<Settings<Checked>, milli::Error> {
let displayed_attributes = let displayed_attributes =
index.displayed_fields(rtxn)?.map(|fields| fields.into_iter().map(String::from).collect()); index.displayed_fields(rtxn)?.map(|fields| fields.into_iter().map(String::from).collect());
@ -643,7 +686,7 @@ pub fn settings(
let search_cutoff_ms = index.search_cutoff(rtxn)?; let search_cutoff_ms = index.search_cutoff(rtxn)?;
Ok(Settings { let mut settings = Settings {
displayed_attributes: match displayed_attributes { displayed_attributes: match displayed_attributes {
Some(attrs) => Setting::Set(attrs), Some(attrs) => Setting::Set(attrs),
None => Setting::Reset, None => Setting::Reset,
@ -674,7 +717,13 @@ pub fn settings(
None => Setting::Reset, None => Setting::Reset,
}, },
_kind: PhantomData, _kind: PhantomData,
}) };
if let SecretPolicy::HideSecrets = secret_policy {
settings.hide_secrets()
}
Ok(settings)
} }
#[derive(Debug, Clone, PartialEq, Eq, Deserr)] #[derive(Debug, Clone, PartialEq, Eq, Deserr)]

View File

@ -86,7 +86,8 @@ impl From<Details> for DetailsView {
..DetailsView::default() ..DetailsView::default()
} }
} }
Details::SettingsUpdate { settings } => { Details::SettingsUpdate { mut settings } => {
settings.hide_secrets();
DetailsView { settings: Some(settings), ..DetailsView::default() } DetailsView { settings: Some(settings), ..DetailsView::default() }
} }
Details::IndexInfo { primary_key } => { Details::IndexInfo { primary_key } => {

View File

@ -7,7 +7,7 @@ use meilisearch_types::error::ResponseError;
use meilisearch_types::facet_values_sort::FacetValuesSort; use meilisearch_types::facet_values_sort::FacetValuesSort;
use meilisearch_types::index_uid::IndexUid; use meilisearch_types::index_uid::IndexUid;
use meilisearch_types::milli::update::Setting; use meilisearch_types::milli::update::Setting;
use meilisearch_types::settings::{settings, RankingRuleView, Settings, Unchecked}; use meilisearch_types::settings::{settings, RankingRuleView, SecretPolicy, Settings, Unchecked};
use meilisearch_types::tasks::KindWithContent; use meilisearch_types::tasks::KindWithContent;
use serde_json::json; use serde_json::json;
use tracing::debug; use tracing::debug;
@ -134,7 +134,7 @@ macro_rules! make_setting_route {
let index = index_scheduler.index(&index_uid)?; let index = index_scheduler.index(&index_uid)?;
let rtxn = index.read_txn()?; let rtxn = index.read_txn()?;
let settings = settings(&index, &rtxn)?; let settings = settings(&index, &rtxn, meilisearch_types::settings::SecretPolicy::HideSecrets)?;
debug!(returns = ?settings, "Update settings"); debug!(returns = ?settings, "Update settings");
let mut json = serde_json::json!(&settings); let mut json = serde_json::json!(&settings);
@ -819,7 +819,7 @@ pub async fn get_all(
let index = index_scheduler.index(&index_uid)?; let index = index_scheduler.index(&index_uid)?;
let rtxn = index.read_txn()?; let rtxn = index.read_txn()?;
let new_settings = settings(&index, &rtxn)?; let new_settings = settings(&index, &rtxn, SecretPolicy::HideSecrets)?;
debug!(returns = ?new_settings, "Get all settings"); debug!(returns = ?new_settings, "Get all settings");
Ok(HttpResponse::Ok().json(new_settings)) Ok(HttpResponse::Ok().json(new_settings))
} }

View File

@ -291,7 +291,11 @@ fn export_a_dump(
} }
// 4.2. Dump the settings // 4.2. Dump the settings
let settings = meilisearch_types::settings::settings(&index, &rtxn)?; let settings = meilisearch_types::settings::settings(
&index,
&rtxn,
meilisearch_types::settings::SecretPolicy::RevealSecrets,
)?;
index_dumper.settings(&settings)?; index_dumper.settings(&settings)?;
count += 1; count += 1;
} }