Hide sensitive and long columns from inspect output #770
Conversation
Eventhough they are encrypted, it is better to not print some columns such as superuser_password or root_cert_key1. Apart from that, there are some columns with very long text without human readable info such as root_cert_1. With this commit, we are excluding them them from inspect output to improve overall development and operations experience.
| @@ -68,4 +68,9 @@ def hostname | |||
| def connection_string | |||
| URI::Generic.build2(scheme: "postgres", userinfo: "postgres:#{URI.encode_uri_component(superuser_password)}", host: hostname).to_s | |||
| end | |||
|
|
|||
| def inspect_values | |||
| hidden_columns = [:superuser_password, :root_cert_1, :root_cert_key_1, :root_cert_2, :root_cert_key_2, :server_cert, :server_cert_key] | |||
There was a problem hiding this comment.
I'm brainstorming a similar concept for Clog. In the future, we might consider moving this variable to the class level.
#766
There was a problem hiding this comment.
Encrypted columns can be accessed with column_encryption_metadata.keys and we may hide them in the inspect output of all models.
There was a problem hiding this comment.
Let's do this. We used to have our own Model class (perhaps it should be named CloverModel) that all models inherited from, and then switched to Sequel::Model because we were doing nothing interesting in there, and then now may be good occasion to switch back again.
There was a problem hiding this comment.
Also let's improve the rendering of NetAddr columns, for the love of all that is holy (yes, we could also fork netaddr, and probably should at some point)
|
Closing in favor of this #854 |
Eventhough they are encrypted, it is better to not print some columns such as superuser_password or root_cert_key1. Apart from that, there are some columns with very long text without human readable info such as root_cert_1. With this commit, we are excluding them them from inspect output to improve overall development and operations experience.