[chore](key) Hide ak and encrypt sk

cloud/src/meta-service/meta_service_helper.h

@@ -91,6 +91,46 @@ inline std::string encryt_sk(std::string debug_string) {
         // Move the position to the end of the current "sk" field and continue searching
         pos = sk_value_end;
     }
+    // Iterate through the string and find all occurrences of ""sk": "
+    pos = 0;
+    while ((pos = debug_string.find("\"sk\": ", pos)) != std::string::npos) {
+        // Find the start of the "sk" value (position after ""sk": ")
+        size_t value_start_pos = pos + 6; // 6 is the length of "\"sk\": "
+
+        // Find the opening quote for the value
+        size_t quote_pos = debug_string.find('\"', value_start_pos);
+        if (quote_pos == std::string::npos) {
+            // No opening quote found, move to next occurrence
+            pos = value_start_pos;
+            continue;
+        }
+
+        // Start after the opening quote
+        size_t sk_value_start = quote_pos + 1;
+
+        // Find the closing quote
+        size_t sk_value_end = debug_string.find('\"', sk_value_start);
+        if (sk_value_end == std::string::npos) {
+            // No closing quote found, move to next occurrence
+            pos = sk_value_start;
+            continue;
+        }
+
+        // Extract the "sk" value
+        std::string sk_value = debug_string.substr(sk_value_start, sk_value_end - sk_value_start);
+
+        // Encrypt the "sk" value with MD5
+        std::string encrypted_sk = "md5: " + md5(sk_value);
+
+        // Calculate the length change after replacement
+        int length_diff = encrypted_sk.length() - (sk_value_end - sk_value_start);
+
+        // Replace the original "sk" value with the encrypted value
+        debug_string.replace(sk_value_start, sk_value_end - sk_value_start, encrypted_sk);
+
+        // Move the position past the replacement, adjusting for length change
+        pos = sk_value_end + length_diff;
+    }
     return debug_string;
 }
 
@@ -134,6 +174,12 @@ void begin_rpc(std::string_view func_name, brpc::Controller* ctrl, const Request
                   << " lock_id=" << req->lock_id() << " initiator=" << req->initiator()
                   << " expiration=" << req->expiration()
                   << " require_compaction_stats=" << req->require_compaction_stats();
+    } else if constexpr (std::is_same_v<Request, CreateInstanceRequest> ||
+                         std::is_same_v<Request, CreateStageRequest>) {
+        std::string debug_string = encryt_sk(res->DebugString());
+        TEST_SYNC_POINT_CALLBACK("ak_begin_rpc", &debug_string);
+        LOG(INFO) << "begin " << func_name << " remote_caller=" << ctrl->remote_side()
+                  << " original_client_ip=" << req->request_ip() << " request=" << debug_string;
     } else {
         LOG(INFO) << "begin " << func_name << " remote_caller=" << ctrl->remote_side()
                   << " original_client_ip=" << req->request_ip()
@@ -179,9 +225,10 @@ void finish_rpc(std::string_view func_name, brpc::Controller* ctrl, const Reques
                   << " original_client_ip=" << req->request_ip()
                   << " status=" << res->status().ShortDebugString();
     } else if constexpr (std::is_same_v<Response, GetObjStoreInfoResponse> ||
-                         std::is_same_v<Response, GetStageResponse>) {
+                         std::is_same_v<Response, GetStageResponse> ||
+                         std::is_same_v<Response, GetInstanceResponse>) {
         std::string debug_string = encryt_sk(res->DebugString());
-        TEST_SYNC_POINT_CALLBACK("sk_finish_rpc", &debug_string);
+        TEST_SYNC_POINT_CALLBACK("ak_sk_finish_rpc", &debug_string);
         LOG(INFO) << "finish " << func_name << " remote_caller=" << ctrl->remote_side()
                   << " original_client_ip=" << req->request_ip() << " response=" << debug_string;
     } else {

cloud/src/meta-service/meta_service_http.cpp

@@ -48,6 +48,7 @@
 #include "common/configbase.h"
 #include "common/logging.h"
 #include "common/string_util.h"
+#include "meta-service/meta_service_helper.h"
 #include "meta-store/keys.h"
 #include "meta-store/txn_kv.h"
 #include "meta-store/txn_kv_error.h"
@@ -63,18 +64,11 @@ namespace doris::cloud {
         auto st = parse_json_message(unresolved_path, body, &req);                              \
         if (!st.ok()) {                                                                         \
             std::string msg = "parse http request '" + unresolved_path + "': " + st.ToString(); \
-            LOG_WARNING(msg).tag("body", body);                                                 \
+            LOG_WARNING(msg).tag("body", encryt_sk(body));                                      \
             return http_json_reply(MetaServiceCode::PROTOBUF_PARSE_ERR, msg);                   \
         }                                                                                       \
     } while (0)
 
-extern std::string get_instance_id(const std::shared_ptr<ResourceManager>& rc_mgr,
-                                   const std::string& cloud_unique_id);
-
-extern int decrypt_instance_info(InstanceInfoPB& instance, const std::string& instance_id,
-                                 MetaServiceCode& code, std::string& msg,
-                                 std::shared_ptr<Transaction>& txn);
-
 extern void get_kv_range_boundaries_count(std::vector<std::string>& partition_boundaries,
                                           std::unordered_map<std::string, size_t>& partition_count);
 
@@ -86,7 +80,8 @@ static google::protobuf::util::Status parse_json_message(const std::string& unre
     if (!st.ok()) {
         std::string msg = "failed to strictly parse http request for '" + unresolved_path +
                           "' error: " + st.ToString();
-        LOG_WARNING(msg).tag("body", body);
+        std::string log_body = encryt_sk(body);
+        LOG_WARNING(msg).tag("body", log_body);
 
         // ignore unknown fields
         google::protobuf::util::JsonParseOptions json_parse_options;
@@ -773,6 +768,7 @@ void MetaServiceImpl::http(::google::protobuf::RpcController* controller,
     LOG(INFO) << "rpc from " << cntl->remote_side()
               << " request: " << cntl->http_request().uri().path();
     std::string http_request = format_http_request(cntl);
+    http_request = encryt_sk(http_request);
 
     // Auth
     auto token = http_query(cntl->http_request().uri(), "token");
@@ -783,7 +779,7 @@ void MetaServiceImpl::http(::google::protobuf::RpcController* controller,
         cntl->response_attachment().append(body);
         cntl->response_attachment().append("\n");
         LOG(WARNING) << "failed to handle http from " << cntl->remote_side()
-                     << " request: " << http_request << " msg: " << body;
+                     << " request: " << encryt_sk(http_request) << " msg: " << body;
         return;
     }
 
@@ -801,6 +797,7 @@ void MetaServiceImpl::http(::google::protobuf::RpcController* controller,
     cntl->response_attachment().append("\n");
 
     int ret = cntl->http_response().status_code();
+
     LOG(INFO) << (ret == 200 ? "succ to " : "failed to ") << __PRETTY_FUNCTION__ << " "
               << cntl->remote_side() << " request=\n"
               << http_request << "\n ret=" << ret << " msg=" << msg;