-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
datastore: Key.String() includes namespace #10684
Labels
Comments
sgp
added a commit
to pendo-io/google-cloud-go
that referenced
this issue
Aug 14, 2024
Datastore namespaces may be sensitive, and it's best not to emit them. Provide a `datastore.Key.StringWithNamespace()` as an alternative, and use this version internally, which preserves the fix from googleapis#7829.
product-auto-label
bot
added
the
api: datastore
Issues related to the Datastore API.
label
Aug 15, 2024
sgp
added a commit
to pendo-io/google-cloud-go
that referenced
this issue
Aug 27, 2024
sgp
added a commit
to pendo-io/google-cloud-go
that referenced
this issue
Aug 29, 2024
Datastore namespaces may be sensitive, and it's best not to emit them. Provide a `datastore.Key.StringWithNamespace()` as an alternative, and use this version internally, which preserves the fix from googleapis#7829.
sgp
added a commit
to pendo-io/google-cloud-go
that referenced
this issue
Aug 29, 2024
sgp
added a commit
to sgp/google-cloud-go
that referenced
this issue
Sep 5, 2024
Datastore namespaces may be sensitive, and it's best not to emit them. Provide a `datastore.Key.StringWithNamespace()` as an alternative, and use this version internally, which preserves the fix from googleapis#7829.
sgp
added a commit
to sgp/google-cloud-go
that referenced
this issue
Sep 5, 2024
…#10684) fix(datastore): remove namespace from Key.String() Fixes googleapis#10684. Datastore namespaces may be sensitive, and it's best not to emit them. Restores the behavior of `Key.String` prior to googleapis#8363, but maintains the fix for googleapis#7829 by providing an internal implementation that does provide the namespace.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Client
Datastore >= v1.14.0
Environment
Any
Go Environment
Any (but tested on
go version go1.21.11 darwin/arm64
)Code
Expected behavior
Calling
String()
on a*datastore.Key
functions the way it always did, keeping namespace opaque.Actual behavior
Namespace is leaked when calling
String()
.Additional context
I understand that the change was made in #8363 to fix a real bug. However, the fix changed a stable API to achieve its goals, making it difficult to consume the latest library if there are tests that check for logs or other things containing the string value of a key. Furthermore, as we use namespaces for multi-tenancy, it's important that we don't accidentally leak namespace values outside of logs (via API or some other means). While it's possible to audit our code to never use a
String()
representation of the key, or to ever present keys at all, it feels like the best course of action is to not include the namespace in the string representation at all.The text was updated successfully, but these errors were encountered: