Skip to content

TNZ-97928 Redact galera-agent password from bootstrap failure logs#119

Merged
abg merged 1 commit into
mainfrom
TNZ-97928/clean-bootstrap-failure-output
Jun 24, 2026
Merged

TNZ-97928 Redact galera-agent password from bootstrap failure logs#119
abg merged 1 commit into
mainfrom
TNZ-97928/clean-bootstrap-failure-output

Conversation

@kimago

@kimago kimago commented Jun 23, 2026

Copy link
Copy Markdown
Member

Summary

  • Fixes credential leak where the full rootConfig (including plaintext Password) was passed to logger.Error on bootstrap/rejoin-unsafe failure, causing the galera-agent password to appear in BOSH errand output
  • Replaces lager.Data{"config": rootConfig} with only non-sensitive fields (repair_mode, healthcheck_urls)
  • Adds json:"-" to Config.Password and BackendTLS.CA as defense-in-depth, preventing future log statements from accidentally re-introducing the leak

Jira: https://vmw-jira.broadcom.net/browse/TNZ-97928

Test plan

  • New integration test in main_test.go: builds binary, runs it against an unreachable galera-agent URL to trigger the failure path, asserts the password string is absent from all output
  • Two new unit tests in config/config_test.go: marshal a Config to JSON and verify neither Password nor BackendTLS.CA content appears in the output
  • All existing tests pass (go test ./...)

🤖 Generated with Claude Code

@kimago
TNZ-97928 Redact galera-agent password from bootstrap failure logs
63059ee 
Replaces the full rootConfig passed to logger.Error with only
non-sensitive fields (repair_mode, healthcheck_urls), preventing the
galera-agent password from appearing in BOSH errand output on failure.

Adds json:"-" to Config.Password and BackendTLS.CA as defense-in-depth
so future log statements cannot accidentally re-introduce the leak.

ai-assisted=yes

[TNZ-97928](https://vmw-jira.broadcom.net/browse/TNZ-97928)

Authored-by: Kim Bassett <[email protected]>

Made-with: Claude Code
abg
abg approved these changes Jun 24, 2026
View reviewed changes

@abg abg left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-project-automation github-project-automation Bot moved this from Inbox to Pending Merge | Prioritized in Foundational Infrastructure Working Group Jun 24, 2026
@abg abg merged commit 724fc90 into main Jun 24, 2026
5 checks passed
@github-project-automation github-project-automation Bot moved this from Pending Merge | Prioritized to Done in Foundational Infrastructure Working Group Jun 24, 2026
@abg abg deleted the TNZ-97928/clean-bootstrap-failure-output branch June 24, 2026 01:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abg abg abg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Foundational Infrastructure Working Group
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kimago @abg