Skip to content

[AMORO-2897] Mask the sensitive info for the Terminal output logs#2899

Merged
zhoujinsong merged 12 commits intoapache:masterfrom
tcodehuber:issue-2897
Jun 7, 2024
Merged

[AMORO-2897] Mask the sensitive info for the Terminal output logs#2899
zhoujinsong merged 12 commits intoapache:masterfrom
tcodehuber:issue-2897

Conversation

@tcodehuber
Copy link
Copy Markdown
Contributor

@tcodehuber tcodehuber commented Jun 4, 2024

Why are the changes needed?

Close #2897.

Brief change log

How was this patch tested?

  • Add some test cases that check the changes thoroughly including negative and positive cases if possible

  • Add screenshots for manual tests if appropriate

  • Run test locally before making a pull request

Documentation

  • Does this pull request introduce a new feature? (yes / no)
  • If yes, how is the feature documented? (not applicable / docs / JavaDocs / not documented)

xleoken
xleoken reviewed Jun 4, 2024
View reviewed changes
...ro-ams-server/src/main/java/org/apache/amoro/server/dashboard/utils/DesensitizationUtil.java Outdated
return COMMON_SECRET_FORMAT.equals(data);
}

public static boolean containsSensitiveVal(String input) {
Copy link
Copy Markdown
Member

@xleoken xleoken Jun 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can define SENSITIVE_CONF_KEYWORDS as a list, then use contains method.

zhoujinsong
zhoujinsong reviewed Jun 4, 2024
View reviewed changes
...ro-ams-server/src/main/java/org/apache/amoro/server/dashboard/utils/DesensitizationUtil.java Outdated
public class DesensitizationUtil {
public static String COMMON_SECRET_FORMAT = "********";

private static final String[] SENSITIVE_CONF_KEYWORDS = {"secret", "token", "password"};
Copy link
Copy Markdown
Contributor

@zhoujinsong zhoujinsong Jun 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if we should desensitize all properties containing the keywords above.
Or we may better define specific properties we should desensitize on and open terminal configuration to allow user add more?

Copy link
Copy Markdown
Contributor Author

@tcodehuber tcodehuber Jun 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, i will try to do that.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Jun 5, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 27.47%. Comparing base (890640b) to head (987af27).
Report is 8 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #2899      +/-   ##
============================================
- Coverage     32.76%   27.47%   -5.29%     
+ Complexity     3821     2483    -1338     
============================================
  Files           558      360     -198     
  Lines         46295    37213    -9082     
  Branches       6175     5432     -743     
============================================
- Hits          15170    10226    -4944     
+ Misses        29931    26027    -3904     
+ Partials       1194      960     -234
Flag Coverage Δ
core ?
trino 27.47% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

zhoujinsong
zhoujinsong reviewed Jun 6, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@zhoujinsong zhoujinsong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tcodehuber I left some small suggestions. PTAL.

.../amoro-ams-server/src/main/java/org/apache/amoro/server/terminal/TerminalSessionContext.java Outdated
private final TerminalSessionFactory factory;
private final Configurations sessionConfiguration;

private final List sensitiveConfKeys;
Copy link
Copy Markdown
Contributor

@zhoujinsong zhoujinsong Jun 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
private final List sensitiveConfKeys;
private final List<String> sensitiveConfKeys;

...oro-ams-server/src/main/java/org/apache/amoro/server/terminal/local/LocalSessionFactory.java Outdated

SparkSession context = null;
Configurations conf;
List sensitiveConfKeys;
Copy link
Copy Markdown
Contributor

@zhoujinsong zhoujinsong Jun 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
List sensitiveConfKeys;
List<String> sensitiveConfKeys;

@tcodehuber
Copy link
Copy Markdown
Contributor Author

tcodehuber commented Jun 6, 2024

@tcodehuber I left some small suggestions. PTAL.

Done.

@tcodehuber tcodehuber requested a review from zhoujinsong June 7, 2024 01:44
zhoujinsong
zhoujinsong approved these changes Jun 7, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@zhoujinsong zhoujinsong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for the contribution!

@zhoujinsong zhoujinsong merged commit 6a677ff into apache:master Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhoujinsong zhoujinsong zhoujinsong approved these changes

+1 more reviewer

@xleoken xleoken xleoken left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Improvement]: Mask the sensitive info for the Terminal output logs

4 participants

@tcodehuber @codecov-commenter @zhoujinsong @xleoken