validator: Remove logging of database password (PROJQUAY-8059)

This removes the logging of database password when debugging is enabled. Also adds additional debug statements, particularly when accessing storage.
ibazulic · Oct 15, 2024 · 4763fde · 4763fde
1 parent a997789
commit 4763fde
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 7 deletions.
diff --git a/config-tool/pkg/lib/shared/storage_validators.go b/config-tool/pkg/lib/shared/storage_validators.go
@@ -34,9 +34,10 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 
 	switch storageType {
 	case "LocalStorage":
+		log.Debugf("Using local driver storage.")
 		return true, []ValidationError{}
 	case "RHOCSStorage", "RadosGWStorage", "IBMCloudStorage":
-
+		log.Debugf("Using IBM Cloud/ODF/RadosGW storage.")
 		// Check access key
 		if ok, err := ValidateRequiredString(args.AccessKey, "DISTRIBUTED_STORAGE_CONFIG."+storageName+".access_key", fgName); !ok {
 			errors = append(errors, err)
@@ -70,6 +71,9 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 			return false, errors
 		}
 
+		log.Debugf("Storage parameters: ")
+		log.Debugf("hostname: %s, bucket name: %s, TLS enabled: %t", endpoint, bucketName, isSecure)
+
 		if ok, err := validateMinioGateway(opts, storageName, endpoint, accessKey, secretKey, bucketName, token, isSecure, fgName); !ok {
 			errors = append(errors, err)
 		}
@@ -86,6 +90,8 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 		// }
 
 		// Check bucket name
+		log.Debugf("Using Amazon S3 Storage.")
+
 		if ok, err := ValidateRequiredString(args.S3Bucket, "DISTRIBUTED_STORAGE_CONFIG."+storageName+".s3_bucket", fgName); !ok {
 			errors = append(errors, err)
 		}
@@ -140,12 +146,16 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 			token = value.SessionToken
 
 		}
+
+		log.Debugf("S3 Storage parameters: ")
+		log.Debugf("hostname: %s, bucket name: %s, TLS enabled: %t", endpoint, bucketName, isSecure)
+
 		if ok, err := validateMinioGateway(opts, storageName, endpoint, accessKey, secretKey, bucketName, token, isSecure, fgName); !ok {
 			errors = append(errors, err)
 		}
 
 	case "STSS3Storage":
-
+		log.Debugf("Using STS S3 Storage.")
 		// Check bucket name
 		if ok, err := ValidateRequiredString(args.S3Bucket, "DISTRIBUTED_STORAGE_CONFIG."+storageName+".s3_bucket", fgName); !ok {
 			errors = append(errors, err)
@@ -192,12 +202,15 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 			return false, errors
 		}
 
+		log.Debugf("STS S3 Storage parameters: ")
+		log.Debugf("hostname: %s, bucket name: %s, TLS enabled: %t", endpoint, bucketName, isSecure)
+
 		if ok, err := validateMinioGateway(opts, storageName, endpoint, accessKey, secretKey, bucketName, token, isSecure, fgName); !ok {
 			errors = append(errors, err)
 		}
 
 	case "GoogleCloudStorage":
-
+		log.Debugf("Using Google Cloud Storage.")
 		// Check access key
 		if ok, err := ValidateRequiredString(args.AccessKey, "DISTRIBUTED_STORAGE_CONFIG."+storageName+".access_key", fgName); !ok {
 			errors = append(errors, err)
@@ -221,11 +234,15 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 			return false, errors
 		}
 
+		log.Debugf("GCS Storage parameters: ")
+		log.Debugf("hostname: %s, bucket name: %s, TLS enabled: %t", endpoint, bucketName, isSecure)
+
 		if ok, err := validateMinioGateway(opts, storageName, endpoint, accessKey, secretKey, bucketName, token, isSecure, fgName); !ok {
 			errors = append(errors, err)
 		}
 
 	case "AzureStorage":
+		log.Debugf("Using Azure storage.")
 
 		// Check access key
 		if ok, err := ValidateRequiredString(args.AzureContainer, "DISTRIBUTED_STORAGE_CONFIG."+storageName+".azure_container", fgName); !ok {
@@ -250,12 +267,15 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 			return false, errors
 		}
 
+		log.Debugf("Azure Storage parameters: ")
+		log.Debugf("hostname: %s, account name: %s, container name: %s.", endpoint, accountName, containerName)
+
 		if ok, err := validateAzureGateway(opts, endpoint, storageName, accountName, accountKey, containerName, token, fgName); !ok {
 			errors = append(errors, err)
 		}
 
 	case "CloudFrontedS3Storage":
-
+		log.Debugf("Using CloudFront S3 storage.")
 		// Check access key
 		if ok, err := ValidateRequiredString(args.S3AccessKey, "DISTRIBUTED_STORAGE_CONFIG."+storageName+".s3_access_key", fgName); !ok {
 			errors = append(errors, err)
@@ -295,6 +315,9 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 			return false, errors
 		}
 
+		log.Debugf("CloudFront S3 Storage parameters: ")
+		log.Debugf("hostname: %s, bucket name: %s, TLS enabled: %t", endpoint, bucketName, isSecure)
+
 		// Validate bucket settings
 		if ok, err := validateMinioGateway(opts, storageName, endpoint, accessKey, secretKey, bucketName, token, isSecure, fgName); !ok {
 			errors = append(errors, err)
@@ -314,6 +337,7 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 		}
 
 	case "SwiftStorage":
+		log.Debugf("Swift Storage setup.")
 
 		// Validate auth version
 		if args.SwiftAuthVersion != 1 && args.SwiftAuthVersion != 2 && args.SwiftAuthVersion != 3 {
@@ -345,6 +369,9 @@ func ValidateStorage(opts Options, storageName string, storageType string, args
 			return false, errors
 		}
 
+		log.Debugf("Swift Storage parameters: ")
+		log.Debugf("hostname: %s, container: %s, auth version: %d", args.SwiftAuthURL, args.SwiftContainer, args.SwiftAuthVersion)
+
 		if ok, err := validateSwift(opts, storageName, args.SwiftAuthVersion, args.SwiftUser, args.SwiftPassword, args.SwiftContainer, args.SwiftAuthURL, args.SwiftOsOptions, fgName); !ok {
 			errors = append(errors, err)
 		}

diff --git a/config-tool/pkg/lib/shared/validators.go b/config-tool/pkg/lib/shared/validators.go
@@ -477,7 +477,7 @@ func ValidateBitbucketOAuth(clientID, clientSecret string) bool {
 
 }
 
-// ValidateDatabaseConnection checks that the Bitbucker OAuth credentials are correct
+// ValidateDatabaseConnection checks whether database is available
 func ValidateDatabaseConnection(opts Options, rawURI, caCert string, threadlocals, autorollback bool, sslmode, sslrootcert, fgName string) error {
 
 	// Convert uri into correct format
@@ -552,12 +552,20 @@ func ValidateDatabaseConnection(opts Options, rawURI, caCert string, threadlocal
 		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 		defer cancel()
 
-		log.Debugf("Pinging database at %s dsn:", dsn)
+		log.Debugf("Pinging database at hostname: %s.", fullHostName)
 		err = db.PingContext(ctx)
 		if err != nil {
 			return err
 		}
 
+		var version string
+		row := db.QueryRow("SELECT version()")
+		err = row.Scan(&version)
+		if err != nil {
+			return err
+		}
+		log.Debugf("Database version: %s", version)
+
 		// Database is Postgres
 	} else if scheme == "postgresql" {
 
@@ -601,7 +609,7 @@ func ValidateDatabaseConnection(opts Options, rawURI, caCert string, threadlocal
 		}
 
 		// Connect and defer closing
-		log.Debugf("Pinging database at %s", dsn)
+		log.Debugf("Pinging database at hostname: %s.", fullHostName)
 		conn, err := pgx.Connect(ctx, dsn)
 		if err != nil {
 			return err
@@ -615,6 +623,7 @@ func ValidateDatabaseConnection(opts Options, rawURI, caCert string, threadlocal
 		if err != nil {
 			return err
 		}
+		log.Debugf("Database version: %s", version)
 
 		// Extract major version number using regex
 		var re = regexp.MustCompile(`^(\d+)`)