Commit 37738e4f authored by Matthieu Muffato's avatar Matthieu Muffato
Browse files

Hide passwords when using DatabaseDumper and MySQLTransfer

parent f66a8e1d
......@@ -82,7 +82,7 @@ package Bio::EnsEMBL::Hive::RunnableDB::DatabaseDumper;
use strict;
use warnings;
use Bio::EnsEMBL::Hive::Utils ('go_figure_dbc');
use Bio::EnsEMBL::Hive::Utils ('go_figure_dbc', 'dbc_to_cmd');
use base ('Bio::EnsEMBL::Hive::Process');
......@@ -181,12 +181,12 @@ sub run {
$output = sprintf('> %s', $self->param('output_file'));
}
} else {
$output = sprintf(' | mysql %s', $self->mysql_conn_from_dbc($self->param('real_output_db')));
$output = join(' ', '|', @{ dbc_to_cmd($self->param('real_output_db'), undef, undef, undef, undef, 1) } );
};
# Must be joined because of the redirection / the pipe
my $cmd = join(' ',
'mysqldump',
$self->mysql_conn_from_dbc($src_dbc),
@{ dbc_to_cmd($src_dbc, 'mysqldump', undef, undef, undef, 1) },
'--skip-lock-tables',
@$tables,
(map {sprintf('--ignore-table=%s.%s', $src_dbc->dbname, $_)} @$ignores),
......@@ -217,11 +217,4 @@ sub run {
}
sub mysql_conn_from_dbc {
my ($self, $dbc) = @_;
return '--host='.$dbc->host.' --port='.$dbc->port." --user='".$dbc->username."' --password='".$dbc->password."' ".$dbc->dbname;
}
1;
......@@ -141,6 +141,9 @@ sub fetch_input {
[grep {defined $_} @{$self->param('prepend')}],
[grep {defined $_} @{$self->param('append')}],
$self->param('input_query'),
# If there is any of those, system() will need a shell to deal with
# the pipes / redirections, and we need to hide the passwords
($self->param('input_file') or $self->param('command_in') or $self->param('output_file') or $self->param('command_out')),
) };
# Add the input data
......
......@@ -41,7 +41,7 @@ package Bio::EnsEMBL::Hive::RunnableDB::MySQLTransfer;
use strict;
use warnings;
use Bio::EnsEMBL::Hive::Utils ('go_figure_dbc');
use Bio::EnsEMBL::Hive::Utils ('go_figure_dbc', 'dbc_to_cmd');
use base ('Bio::EnsEMBL::Hive::Process');
......@@ -120,16 +120,19 @@ sub run {
my $where = $self->param('where');
my $filter_cmd = $self->param('filter_cmd');
my $cmd = 'mysqldump '
. { 'overwrite' => '', 'topup' => '--no-create-info ', 'insertignore' => '--no-create-info --insert-ignore ' }->{$mode}
. $self->mysql_conn_from_dbc($src_dbc)
. " $table "
. (defined($where) ? "--where '$where' " : '')
. '| '
. ($filter_cmd ? "$filter_cmd | " : '')
. 'mysql '
. $self->mysql_conn_from_dbc($dest_dbc);
my $mode_options = { 'overwrite' => [], 'topup' => ['--no-create-info'], 'insertignore' => [qw(--no-create-info --insert-ignore)] }->{$mode};
# Must be joined because of the pipe
my $cmd = join(' ',
@{dbc_to_cmd($src_dbc, 'mysqldump', $mode_options, undef, undef, 1)},
$table,
(defined($where) ? "--where '$where' " : ''),
'|',
($filter_cmd ? "$filter_cmd | " : ''),
@{dbc_to_cmd($dest_dbc, undef, undef, undef, undef, 1)}
);
print "$cmd\n" if $self->debug;
if(my $return_value = system($cmd)) { # NB: unfortunately, this code won't catch many errors because of the pipe
$return_value >>= 8;
die "system( $cmd ) failed: $return_value";
......@@ -193,11 +196,5 @@ sub get_row_count {
return $row_count;
}
sub mysql_conn_from_dbc {
my ($self, $dbc) = @_;
return '--host='.$dbc->host.' --port='.$dbc->port." --user='".$dbc->username."' --password='".$dbc->password."' ".$dbc->dbname;
}
1;
......@@ -354,8 +354,9 @@ sub throw {
}
our $pass_internal_counter = 0;
sub dbc_to_cmd {
my ($dbc, $executable, $prepend, $append, $sqlcmd) = @_;
my ($dbc, $executable, $prepend, $append, $sqlcmd, $hide_password_in_env) = @_;
my $driver = $dbc->driver || 'mysql';
......@@ -388,6 +389,18 @@ sub dbc_to_cmd {
my @cmd;
my $hidden_password;
if ($dbc->password) {
if ($hide_password_in_env) {
my $pass_variable = "EHIVE_TMP_PASSWORD_${pass_internal_counter}";
$pass_internal_counter++;
$ENV{$pass_variable} = $dbc->password;
$hidden_password = '$'.$pass_variable;
} else {
$hidden_password = $dbc->password;
}
}
if($driver eq 'mysql') {
$executable ||= 'mysql';
......@@ -396,16 +409,15 @@ sub dbc_to_cmd {
push @cmd, '-h'.$dbc->host if $dbc->host;
push @cmd, '-P'.$dbc->port if $dbc->port;
push @cmd, '-u'.$dbc->username if $dbc->username;
push @cmd, '-p'.$dbc->password if $dbc->password;
push @cmd, '-p'.$hidden_password if $dbc->password;
push @cmd, ('-e', $sqlcmd) if $sqlcmd;
push @cmd, $dbname if $dbname;
push @cmd, @$append if ($append && @$append);
} elsif($driver eq 'pgsql') {
$executable ||= 'psql';
my $pgpass = $dbc->pass;
push @cmd, ('env', "PGPASSWORD=$pgpass") if ($pgpass);
push @cmd, ('env', 'PGPASSWORD='.$hidden_password) if ($dbc->password);
push @cmd, $executable;
push @cmd, @$prepend if ($prepend && @$prepend);
push @cmd, ('-h', $dbc->host) if defined($dbc->host);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment