From eb7fb4d5a1762e42cb38173982d297ff553f8bbb Mon Sep 17 00:00:00 2001 From: sihuazhou Date: Mon, 16 Apr 2018 19:39:25 +0800 Subject: [PATCH] hidden key containing "secret" in web interface. --- .../configuration/GlobalConfiguration.java | 24 ++++++++++++++++++- .../GlobalConfigurationTest.java | 10 ++++++++ .../handler/legacy/ClusterConfigHandler.java | 5 ++-- .../messages/ClusterConfigurationInfo.java | 5 ++-- 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java index 2f2a9cf6dc294..2c88ab93e819a 100644 --- a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java +++ b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java @@ -19,6 +19,7 @@ package org.apache.flink.configuration; import org.apache.flink.annotation.Internal; +import org.apache.flink.util.Preconditions; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -42,6 +43,11 @@ public final class GlobalConfiguration { public static final String FLINK_CONF_FILENAME = "flink-conf.yaml"; + // the keys to be hidden + private static final String[] KEYS_TO_HIDDEN = new String[] {"password", "secret"}; + + // the hidden content to be displayed + public static final String HIDDEN_CONTENT = "******"; // -------------------------------------------------------------------------------------------- @@ -183,7 +189,7 @@ private static Configuration loadYAMLResource(File file) { continue; } - LOG.info("Loading configuration property: {}, {}", key, value); + LOG.info("Loading configuration property: {}, {}", key, isHiddenKey(key) ? HIDDEN_CONTENT : value); config.setString(key, value); } } @@ -194,4 +200,20 @@ private static Configuration loadYAMLResource(File file) { return config; } + /** + * Check whether the key is a hidden key. + * + * @param key the config key + */ + public static boolean isHiddenKey(String key) { + Preconditions.checkNotNull(key, "key is null"); + final String keyInLower = key.toLowerCase(); + for (String hideKey : KEYS_TO_HIDDEN) { + if (keyInLower.length() >= hideKey.length() + && keyInLower.contains(hideKey)) { + return true; + } + } + return false; + } } diff --git a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java index c5d2e626f12be..78ea460b7ea81 100644 --- a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java +++ b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java @@ -31,7 +31,9 @@ import java.util.UUID; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; /** * This class contains tests for the global configuration (parsing configuration directory information). @@ -120,4 +122,12 @@ public void testInvalidYamlFile() throws IOException { assertNotNull(GlobalConfiguration.loadConfiguration(tempFolder.getRoot().getAbsolutePath())); } + @Test + public void testHiddenKey() { + assertTrue(GlobalConfiguration.isHiddenKey("password123")); + assertTrue(GlobalConfiguration.isHiddenKey("123pasSword")); + assertTrue(GlobalConfiguration.isHiddenKey("PasSword")); + assertTrue(GlobalConfiguration.isHiddenKey("Secret")); + assertFalse(GlobalConfiguration.isHiddenKey("Hello")); + } } diff --git a/flink-runtime/src/main/java/org/apache/flink/runtime/rest/handler/legacy/ClusterConfigHandler.java b/flink-runtime/src/main/java/org/apache/flink/runtime/rest/handler/legacy/ClusterConfigHandler.java index 76221b5bbdf53..08d5ad7b6b81e 100644 --- a/flink-runtime/src/main/java/org/apache/flink/runtime/rest/handler/legacy/ClusterConfigHandler.java +++ b/flink-runtime/src/main/java/org/apache/flink/runtime/rest/handler/legacy/ClusterConfigHandler.java @@ -19,6 +19,7 @@ package org.apache.flink.runtime.rest.handler.legacy; import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.GlobalConfiguration; import org.apache.flink.runtime.jobmaster.JobManagerGateway; import org.apache.flink.runtime.rest.messages.ClusterConfigurationInfoEntry; import org.apache.flink.runtime.rest.messages.ClusterConfigurationInfoHeaders; @@ -74,8 +75,8 @@ private static String createConfigJson(Configuration config) { String value = config.getString(key, null); // Mask key values which contain sensitive information - if (value != null && key.toLowerCase().contains("password")) { - value = "******"; + if (value != null && GlobalConfiguration.isHiddenKey(key)) { + value = GlobalConfiguration.HIDDEN_CONTENT; } gen.writeStringField(ClusterConfigurationInfoEntry.FIELD_NAME_CONFIG_VALUE, value); diff --git a/flink-runtime/src/main/java/org/apache/flink/runtime/rest/messages/ClusterConfigurationInfo.java b/flink-runtime/src/main/java/org/apache/flink/runtime/rest/messages/ClusterConfigurationInfo.java index 627dc4c41029b..550e5c282b6ce 100644 --- a/flink-runtime/src/main/java/org/apache/flink/runtime/rest/messages/ClusterConfigurationInfo.java +++ b/flink-runtime/src/main/java/org/apache/flink/runtime/rest/messages/ClusterConfigurationInfo.java @@ -19,6 +19,7 @@ package org.apache.flink.runtime.rest.messages; import org.apache.flink.configuration.Configuration; +import org.apache.flink.configuration.GlobalConfiguration; import org.apache.flink.runtime.rest.handler.legacy.ClusterConfigHandler; import java.util.ArrayList; @@ -45,8 +46,8 @@ public static ClusterConfigurationInfo from(Configuration config) { String value = config.getString(key, null); // Mask key values which contain sensitive information - if (value != null && key.toLowerCase().contains("password")) { - value = "******"; + if (value != null && GlobalConfiguration.isHiddenKey(key)) { + value = GlobalConfiguration.HIDDEN_CONTENT; } clusterConfig.add(new ClusterConfigurationInfoEntry(key, value));