logs with redacted password in URL #379
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Fixes #360 and also configuration dump on boot stage is also redacted.
Verification steps for starting with a wrong password
The verification steps will be using existing sandbox with limitador configured to connect to redis using pass.
then prepare and boot the environment
The logs will show some loglines from limitador with the configuration redacted
And the error is also redacted
Verification steps for re-connections with a wrong password
The verification steps will be using existing sandbox with limitador configured to connect to redis using pass. The main idea is that, initially, limitador connects correctly with the right password. Then, Redis changes it's own password, so limitador no longer can access redis. The limitador logs should never show the password being used.
It should return 200 OK, and after few more request, it should return
429 Too Many Requests
. That would mean that limitador can connect to redis successfully.then restart only the redis service
The logs will show some loglines from limitador reporting about connection errors
Logs should not reveal any URL or password.