Skip to content

Fix GCS google_application_credentials raw value in model regression #8372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lovincyrus merged 6 commits into from
Nov 21, 2025
Merged

Fix GCS google_application_credentials raw value in model regression #8372

lovincyrus merged 6 commits into from
Nov 21, 2025

Conversation

@lovincyrus
Copy link
Contributor

@lovincyrus lovincyrus commented Nov 20, 2025
edited
Loading

This PR strips the connector config from model YAML in multi-step flow (prevent GCS creds leak).

Root cause: Connector step values (e.g., google_application_credentials) were carried into the model step and used for model YAML generation; preview filtered them, but submission did not.

Closes https://linear.app/rilldata/issue/APP-587/regression-model-includes-plaintext-credentials-introduced-in-8142

Checklist:

  • Covered by tests
  • Ran it and it works as intended
  • Reviewed the diff before requesting a review
  • Checked for unhandled edge cases
  • Linked the issues it closes
  • Checked if the docs need to be updated. If so, create a separate Linear DOCS issue
  • Intend to cherry-pick into the release branch
  • I'm proud of this work!
@lovincyrus
Copy link
Contributor Author

lovincyrus commented Nov 20, 2025

https://linear.app/rilldata/issue/APP-587/regression-model-includes-plaintext-credentials-introduced-in-8142#comment-25a3688a
@lovincyrus lovincyrus self-assigned this Nov 20, 2025
@lovincyrus lovincyrus marked this pull request as ready for review November 20, 2025 16:55
@lovincyrus lovincyrus requested a review from royendo November 20, 2025 16:56
@lovincyrus lovincyrus force-pushed the cyrus/gcs-model-regression-fix branch from 47e29cb to c85a62e Compare November 20, 2025 17:05
royendo
royendo approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@royendo royendo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UX pass good, adding EricG for code review (seems he's back soon based on Slack)
@royendo royendo requested a review from ericpgreen2 November 20, 2025 17:11
ericpgreen2
ericpgreen2 approved these changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@ericpgreen2 ericpgreen2 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll approve so we can cherry-pick this ASAP, but we need to add tests for critical bugs like this that make it to production. Here's a Linear ticket.
@lovincyrus lovincyrus merged commit 6c98de4 into main Nov 21, 2025
15 checks passed
@lovincyrus lovincyrus deleted the cyrus/gcs-model-regression-fix branch November 21, 2025 04:23
lovincyrus added a commit that referenced this pull request Nov 21, 2025
@lovincyrus
Fix GCS google_application_credentials raw value in model regression (#…
1a80710 
…8372)

* inital

* strip connector values when transitioning to the model form

* wip

* exclude connector config in prepareSourceFormData to avoid secret leakage

* revert

* clean up
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

4 participants

@lovincyrus @ericpgreen2 @royendo