diff --git a/src/yb/yql/pgwrapper/libpq_utils.cc b/src/yb/yql/pgwrapper/libpq_utils.cc index 851a5ea27d8d..c64d638537ac 100644 --- a/src/yb/yql/pgwrapper/libpq_utils.cc +++ b/src/yb/yql/pgwrapper/libpq_utils.cc @@ -160,7 +160,8 @@ Result PGConn::Connect( Result PGConn::Connect(const std::string& conn_str, CoarseTimePoint deadline, - bool simple_query_protocol) { + bool simple_query_protocol, + const boost::optional& conn_str_for_log) { auto start = CoarseMonoClock::now(); for (;;) { PGConnPtr result(PQconnectdb(conn_str.c_str())); @@ -169,7 +170,9 @@ Result PGConn::Connect(const std::string& conn_str, } auto status = PQstatus(result.get()); if (status == ConnStatusType::CONNECTION_OK) { - LOG(INFO) << "Connected to PG (" << conn_str << "), time taken: " + LOG(INFO) << "Connected to PG (" + << (conn_str_for_log.has_value() ? conn_str_for_log.value() : conn_str) + << "), time taken: " << MonoDelta(CoarseMonoClock::Now() - start); return PGConn(std::move(result), simple_query_protocol); } diff --git a/src/yb/yql/pgwrapper/libpq_utils.h b/src/yb/yql/pgwrapper/libpq_utils.h index 01e3d50b5842..20892c946feb 100644 --- a/src/yb/yql/pgwrapper/libpq_utils.h +++ b/src/yb/yql/pgwrapper/libpq_utils.h @@ -26,6 +26,8 @@ #include "yb/util/net/net_fwd.h" #include "yb/util/result.h" +#include + namespace yb { namespace pgwrapper { @@ -97,17 +99,22 @@ class PGConn { const std::string& db_name, const std::string& user, bool simple_query_protocol = false); + // Pass in an optional conn_str_for_log for logging purposes. This is used in case + // conn_str contains sensitive information (e.g. password). static Result Connect( const std::string& conn_str, - bool simple_query_protocol = false) { + bool simple_query_protocol = false, + const boost::optional& conn_str_for_log = boost::none) { return Connect(conn_str, CoarseMonoClock::Now() + MonoDelta::FromSeconds(60) /* deadline */, - simple_query_protocol); + simple_query_protocol, + conn_str_for_log); } static Result Connect( const std::string& conn_str, CoarseTimePoint deadline, - bool simple_query_protocol = false); + bool simple_query_protocol = false, + const boost::optional& conn_str_for_log = boost::none); CHECKED_STATUS Execute(const std::string& command, bool show_query_in_error = true); diff --git a/src/yb/yql/pgwrapper/ysql_upgrade.cc b/src/yb/yql/pgwrapper/ysql_upgrade.cc index 70df352fd927..daed0e771615 100644 --- a/src/yb/yql/pgwrapper/ysql_upgrade.cc +++ b/src/yb/yql/pgwrapper/ysql_upgrade.cc @@ -236,8 +236,17 @@ Result YsqlUpgradeHelper::Connect(const std::string& database_name) { PgDeriveSocketDir(ysql_proxy_addr_.host()), ysql_proxy_addr_.port(), pgwrapper::PqEscapeLiteral(database_name)); + // Use the string with redacted password for logging purposes. + boost::optional conn_str_for_log(Format( + "user=$0 password=$1 host=$2 port=$3 dbname=$4", + "postgres", + "", + PgDeriveSocketDir(ysql_proxy_addr_.host()), + ysql_proxy_addr_.port(), + pgwrapper::PqEscapeLiteral(database_name))); - PGConn pgconn = VERIFY_RESULT(PGConn::Connect(conn_str)); + PGConn pgconn = VERIFY_RESULT( + PGConn::Connect(conn_str, false /* simple_query_protocol */, conn_str_for_log)); RETURN_NOT_OK(pgconn.Execute("SET ysql_upgrade_mode TO true;"));