Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: make hba_conf and id_map cluster settings sensitive #131150

Merged
merged 1 commit into from
Sep 26, 2024
Merged

sql: make hba_conf and id_map cluster settings sensitive #131150

merged 1 commit into from
Sep 26, 2024

Conversation

souravcrl
Copy link
Contributor

fixes #129126
fixes CRDB-41389
Epic CRDB-33829

Release note(security, ops): Cluster settings for host based authentication configuration (server.host_based_authentication.configuration) and identity map configuration(server.identity_map.configuration) need to be redacted as they can be configured to contain LDAP bind usernames, passwords and mapping of external identities to sql users which are sensitive and should be configurable for redaction via server.redact_sensitive_settings.enabled cluster setting.

@souravcrl
sql: make hba_conf and id_map cluster settings sensitive
3333abc 
fixes cockroachdb#129126
fixes CRDB-41389
Epic CRDB-33829

Release note(security, ops): Cluster settings for host based authentication
configuration (`server.host_based_authentication.configuration`) and identity
map configuration(`server.identity_map.configuration`) need to be redacted as
they can  be configured to contain LDAP bind usernames, passwords and mapping of
external identities to sql users which are sensitive and should be configurable
for redaction via `server.redact_sensitive_settings.enabled` cluster setting.
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@souravcrl souravcrl marked this pull request as ready for review September 21, 2024 12:40
@souravcrl souravcrl requested review from a team as code owners September 21, 2024 12:40
pritesh-lahoti
pritesh-lahoti approved these changes Sep 23, 2024
View reviewed changes
Copy link
Contributor

@pritesh-lahoti pritesh-lahoti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 5 of 5 files at r1, all commit messages.
Reviewable status: :shipit: complete! 0 of 0 LGTMs obtained (waiting on @rafiss)

@souravcrl
Copy link
Contributor Author

Thank you for the review!

bors r=pritesh-lahoti

@craig
Copy link
Contributor

craig bot commented Sep 26, 2024

Build succeeded:

@craig craig bot merged commit 3aa49f8 into cockroachdb:master Sep 26, 2024
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pritesh-lahoti pritesh-lahoti pritesh-lahoti approved these changes

@rafiss rafiss Awaiting requested review from rafiss

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

security/LDAP: SHOW CLUSTER SETTING needs to redact LDAP bind password
3 participants
@souravcrl @cockroach-teamcity @pritesh-lahoti