ray icon indicating copy to clipboard operation
ray copied to clipboard
verified publisher icon ray-project

[Jobs] Redact any passwords in the Ray address url during job submission

Open darthhexx opened this issue 2 years ago • 1 comments

Why are these changes needed?

The job submission prints, and will also log, passwords when they are being used in the Ray address.

For example using https://my-user:secret-token@ray-address/ will be logged as:

Job submission server address: https://my-user:secret-token@ray-address/

When using a reverse proxy in front of the Ray dashboard to implement authentication having the token/password is unavoidable so it would be best if Ray does not log them.

This PR change will result in the above example being logged as:

Job submission server address: https://my-user:<redacted>@ray-address/

Related issue number

Checks

  • [x] I've signed off every commit(by using the -s flag, i.e., git commit -s) in this PR.
  • [x] I've run scripts/format.sh to lint the changes in this PR.
  • [ ] I've included any doc changes needed for https://docs.ray.io/en/master/.
    • [ ] I've added any new APIs to the API Reference. For example, if I added a method in Tune, I've added it in doc/source/tune/api/ under the corresponding .rst file.
  • [ ] I've made sure the tests are passing. Note that there might be a few flaky tests, see the recent failures at https://flakey-tests.ray.io/
  • Testing Strategy
    • [ ] Unit tests
    • [ ] Release tests
    • [ ] This PR is not tested :(

darthhexx avatar Jun 08 '23 06:06 darthhexx

I looked into the test failures and they aren't related to my change, which is only changing a single log line.

darthhexx avatar Jun 09 '23 02:06 darthhexx

Thanks for the contribution! I'll get someone to review this ASAP.

jjyao avatar Jun 30 '23 04:06 jjyao

Hi @darthhexx, thanks for contributing! Looks like test_cli is failing. It passes for me locally, so there's a chance that this PR's changes are causing the failure.

I'll retry the test on BuildKite. Could you run the test locally to make sure that it passes?

shrekris-anyscale avatar Jun 30 '23 17:06 shrekris-anyscale

@shrekris-anyscale you were correct, the tests were failing due to a mock object being returned for the get_address() call, instead of a string.

I've added a default string return for get_address in the Mock, as opposed to checking for a string type, which was my initial approach. Mocking the function makes more sense in my opinion and those tests are now passing.

darthhexx avatar Jul 03 '23 04:07 darthhexx

Failed test is unrelated.

jjyao avatar Jul 05 '23 15:07 jjyao