enh(keeper): password information desensitization processing

[qevolg]

Description

enh(keeper): password information desensitization processing

Issue(s)

• close: https://project.feishu.cn/taosdata_td/feature/detail/6600039687

Checklist

Please check the items in the checklist if applicable.

• Is the user manual updated?
• Are the test cases passed and automated?
• Is there no significant decrease in test coverage?

[gemini-code-assist]

Summary of Changes

Hello @qevolg, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the security posture and testability of the keeper module. It centralizes the management of sensitive database credentials used in tests by leveraging environment variables, making the testing environment more robust and less prone to hardcoded secrets. Concurrently, it adds a critical security feature by redacting passwords when configuration objects are outputted, safeguarding sensitive information from being inadvertently exposed in logs or debugging outputs.

Highlights

• Centralized Test Credentials: Replaced hardcoded database usernames and passwords in numerous test files with dynamic values retrieved from environment variables via new utility functions. This enhances test flexibility and security by avoiding sensitive data directly in code.
• Password Redaction for Security: Implemented a String() method for the TDengineRestful configuration struct. This method ensures that when the configuration is printed or logged, the password field is redacted (replaced with '[REDACTED]'), preventing accidental exposure of sensitive information.
• New Test Utility Package: Introduced a new testutil package containing TestUsername() and TestPassword() functions. These functions abstract the retrieval of test credentials, promoting reusability and better security practices across tests.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is a solid security enhancement. It removes hardcoded credentials from test files, replacing them with values from environment variables via a new testutil package. Additionally, it introduces password redaction for the TDengineRestful configuration, preventing accidental password leakage in logs. The changes are well-executed across numerous files. I've included a couple of suggestions to enhance the robustness of the new testutil functions by incorporating default values and adding corresponding tests.

[Copilot]

Pull request overview

This PR enhances taosKeeper's security by implementing password desensitization to prevent credentials from being exposed in logs and test files. The changes introduce environment variable-based test credentials and add password redaction for the TDengineRestful configuration struct.

Changes:

• Adds a new testutil package with functions to retrieve test credentials from environment variables
• Implements a String() method for TDengineRestful to redact passwords when the struct is printed
• Updates all test files to use testutil.TestUsername() and testutil.TestPassword() instead of hardcoded credentials

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
tools/keeper/testutil/testutil.go	New utility package providing TestUsername() and TestPassword() functions that read from environment variables
tools/keeper/testutil/testutil_test.go	Tests for the testutil package functions
tools/keeper/infrastructure/config/tdengine.go	Adds String() method to TDengineRestful struct for password redaction in logs
tools/keeper/infrastructure/config/config.go	Updates GetCfg() to use testutil functions for test credentials
tools/keeper/infrastructure/config/metric_test.go	Updates test to use testutil functions instead of hardcoded credentials
tools/keeper/db/connector_test.go	Replaces hardcoded credentials with testutil function calls
tools/keeper/cmd/command_test.go	Replaces hardcoded credentials with testutil function calls
tools/keeper/api/tables_test.go	Replaces hardcoded credentials with testutil function calls
tools/keeper/api/gen_metric_test.go	Replaces hardcoded credentials with testutil function calls
tools/keeper/api/audit_test.go	Replaces hardcoded credentials with testutil function calls
tools/keeper/api/adapter2_test.go	Replaces hardcoded credentials with testutil function calls

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.