server: do not serialize env vars in logs or errors: PR II - Actions

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4486 Co-authored-by: Naveen Naidu <30195193+Naveenaidu@users.noreply.github.com> Co-authored-by: Brandon Simmons <210815+jberryman@users.noreply.github.com> GitOrigin-RevId: 35bb05f9a3c98689c05f2865e0923c00b46e5419
2024-09-20 23:17:30 +03:00 · 2022-05-23 16:42:45 +05:30 · 2022-05-23 16:42:45 +05:30 · d5e46b6041
commit d5e46b6041
parent ffe97bd0bb
8 changed files with 21 additions and 12 deletions
--- a/.circleci/test-server.sh
+++ b/.circleci/test-server.sh
@ -159,7 +159,7 @@ mkdir -p "$OUTPUT_FOLDER"

 cd $PYTEST_ROOT

-for port in 8080 8081 9876 5592 5000 5001 5594; do
+for port in 8080 8081 9876 5592 5000 5001 5593 5594; do
 	fail_if_port_busy $port
 done

@ -188,6 +188,7 @@ export WEBHOOK_FROM_ENV="http://127.0.0.1:5592"
 export SCHEDULED_TRIGGERS_WEBHOOK_DOMAIN="http://127.0.0.1:5594"
 export HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES=true
 export REMOTE_SCHEMAS_WEBHOOK_DOMAIN="http://127.0.0.1:5000"
+export ACTION_WEBHOOK_HANDLER="http://127.0.0.1:5593"

 HGE_PIDS=""
 WH_PID=""
--- a/server/src-lib/Hasura/GraphQL/Execute/Action.hs
+++ b/server/src-lib/Hasura/GraphQL/Execute/Action.hs
@ -447,7 +447,7 @@ callWebhook ::
  [HTTP.Header] ->
  [HeaderConf] ->
  Bool ->
-  ResolvedWebhook ->
+  EnvRecord ResolvedWebhook ->
  ActionWebhookPayload ->
  Timeout ->
  Maybe RequestTransform ->
@ -475,9 +475,11 @@ callWebhook
        requestBody = J.encode postPayload
        requestBodySize = BL.length requestBody
        responseTimeout = HTTP.responseTimeoutMicro $ (unTimeout timeoutSeconds) * 1000000
-        url = unResolvedWebhook resolvedWebhook
+        (EnvRecord webhookEnvName resolvedWebhookValue) = resolvedWebhook
+        webhookUrl = unResolvedWebhook resolvedWebhookValue
        sessionVars = Just $ _awpSessionVariables actionWebhookPayload
-    initReq <- liftIO $ HTTP.mkRequestThrow url
+
+    initReq <- liftIO $ HTTP.mkRequestThrow webhookUrl

    let req =
          initReq
@ -489,7 +491,7 @@ callWebhook
    (transformedReq, transformedReqSize, reqTransformCtx) <- case metadataRequestTransform of
      Nothing -> pure (Nothing, Nothing, Nothing)
      Just RequestTransform {..} ->
-        let reqTransformCtx = mkReqTransformCtx url sessionVars templateEngine
+        let reqTransformCtx = mkReqTransformCtx webhookUrl sessionVars templateEngine
         in case applyRequestTransform reqTransformCtx requestFields req of
              Left err -> do
                -- Log The Transformation Error
@ -508,7 +510,7 @@ callWebhook
      Tracing.tracedHttpRequest actualReq $ \request ->
        liftIO . try $ HTTP.performRequest request manager

-    let requestInfo = ActionRequestInfo url postPayload (confHeaders <> toHeadersConf clientHeaders) transformedReq
+    let requestInfo = ActionRequestInfo webhookEnvName postPayload (confHeaders <> toHeadersConf clientHeaders) transformedReq

    case httpResponse of
      Left e ->
--- a/server/src-lib/Hasura/RQL/DDL/Action.hs
+++ b/server/src-lib/Hasura/RQL/DDL/Action.hs
@ -32,6 +32,7 @@ import Data.HashMap.Strict qualified as Map
 import Data.HashMap.Strict.InsOrd qualified as OMap
 import Data.List.NonEmpty qualified as NEList
 import Data.Text.Extended
+import Data.URL.Template (printURLTemplate)
 import Hasura.Base.Error
 import Hasura.EncJSON
 import Hasura.Metadata.Class
@ -193,6 +194,7 @@ resolveAction env AnnotatedCustomTypes {..} ActionDefinition {..} allScalars = d
                "Async action relations cannot be used with object fields : " <> commaSeparated (dquote . _ofdName <$> nestedObjects)
    pure aot
  resolvedWebhook <- resolveWebhook env _adHandler
+  let webhookEnvRecord = EnvRecord (printURLTemplate $ unInputWebhook _adHandler) resolvedWebhook
  pure
    ( ActionDefinition
        resolvedArguments
@ -201,7 +203,7 @@ resolveAction env AnnotatedCustomTypes {..} ActionDefinition {..} allScalars = d
        _adHeaders
        _adForwardClientHeaders
        _adTimeout
-        resolvedWebhook
+        webhookEnvRecord
        _adRequestTransform
        _adResponseTransform,
      outputObject
--- a/server/src-lib/Hasura/RQL/IR/Action.hs
+++ b/server/src-lib/Hasura/RQL/IR/Action.hs
@ -53,7 +53,7 @@ import Hasura.RQL.DDL.Headers
 import Hasura.RQL.DDL.Webhook.Transform (MetadataResponseTransform, RequestTransform)
 import Hasura.RQL.Types.Action qualified as RQL
 import Hasura.RQL.Types.Backend
-import Hasura.RQL.Types.Common (FieldName, Fields, ResolvedWebhook, SourceName, StringifyNumbers, Timeout)
+import Hasura.RQL.Types.Common (EnvRecord, FieldName, Fields, ResolvedWebhook, SourceName, StringifyNumbers, Timeout)
 import Hasura.RQL.Types.CustomTypes
  ( AnnotatedObjectType (..),
    AnnotatedOutputType (..),
@ -108,7 +108,7 @@ data AnnActionExecution (r :: Type) = AnnActionExecution
    _aaePayload :: !J.Value,
    -- | to validate the response fields from webhook
    _aaeOutputFields :: !ActionOutputFields,
-    _aaeWebhook :: !ResolvedWebhook,
+    _aaeWebhook :: !(EnvRecord ResolvedWebhook),
    _aaeHeaders :: ![HeaderConf],
    _aaeForwardClientHeaders :: !Bool,
    _aaeTimeOut :: !Timeout,
--- a/server/src-lib/Hasura/RQL/Types/Action.hs
+++ b/server/src-lib/Hasura/RQL/Types/Action.hs
@ -220,7 +220,7 @@ instance (J.ToJSON a, J.ToJSON b) => J.ToJSON (ActionDefinition a b) where
            <> typeAndKind

 type ResolvedActionDefinition =
-  ActionDefinition (ArgumentDefinition (G.GType, NonObjectCustomType)) ResolvedWebhook
+  ActionDefinition (ArgumentDefinition (G.GType, NonObjectCustomType)) (EnvRecord ResolvedWebhook)

 data ActionPermissionInfo = ActionPermissionInfo
  { _apiRole :: !RoleName
--- a/server/src-lib/Hasura/RQL/Types/Common.hs
+++ b/server/src-lib/Hasura/RQL/Types/Common.hs
@ -539,7 +539,7 @@ commentFromMaybeText Nothing = Automatic
 commentFromMaybeText (Just val) = Explicit $ mkNonEmptyText val

 -- | We use the following type, after we resolve the env var.
-- | This will store both the env var name and the resolved datatype.
+-- | This will store both the env var name and the resolved value.
 data EnvRecord a = EnvRecord
  { _envVarName :: Text,
    _envVarValue :: a
--- a/server/tests-py/queries/actions/timeout/schema_setup.yaml
+++ b/server/tests-py/queries/actions/timeout/schema_setup.yaml
@ -42,4 +42,4 @@ args:
        type: String!
      output_type: UserId
      timeout: 2
-      handler: http://127.0.0.1:5593/create-user-timeout
+      handler: "{{ACTION_WEBHOOK_HANDLER}}/create-user-timeout"
--- a/server/tests-py/test_actions.py
+++ b/server/tests-py/test_actions.py
@ -873,5 +873,9 @@ class TestActionTimeout:
        # of the handler's execution. So, total time taken for this test will be 4 seconds.
        time.sleep(4)
        response, _ = check_query(hge_ctx, conf)
+                
        assert 'errors' in response['data']['create_user']
        assert 'Response timeout' == response['data']['create_user']['errors']['internal']['error']['message']
+        
+        # tests that actions webhook url environment variable template did not serialize in the error message
+        assert "{{ACTION_WEBHOOK_HANDLER}}/create-user-timeout" == response['data']['create_user']['errors']['internal']['request']['url']