-
Notifications
You must be signed in to change notification settings - Fork 28.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SPARK-26625] Add oauthToken to spark.redaction.regex #23555
Conversation
ok to test |
@@ -435,7 +435,7 @@ package object config { | |||
"a property key or value, the value is redacted from the environment UI and various logs " + | |||
"like YARN and event logs.") | |||
.regexConf | |||
.createWithDefault("(?i)secret|password".r) | |||
.createWithDefault("(?i)secret|password|oauthToken".r) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we just have token
instead of oauthToken
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep, will update
Kubernetes integration test starting |
Kubernetes integration test status success |
Kubernetes integration test starting |
Kubernetes integration test status success |
Also think the PR title should reference the fact we're adding this to the redaction regex. cc @vanzin |
Test build #101274 has finished for PR 23555 at commit
|
Updated the title |
Test build #101279 has finished for PR 23555 at commit
|
+1 from me, will leave for a little bit of time but then merge to master. |
Thanks! merging to master. |
## What changes were proposed in this pull request? The regex (spark.redaction.regex) that is used to decide which config properties or environment settings are sensitive should also include oauthToken to match spark.kubernetes.authenticate.submission.oauthToken ## How was this patch tested? Simple regex addition - happy to add a test if needed. Author: Vinoo Ganesh <vganesh@palantir.com> Closes apache#23555 from vinooganesh/vinooganesh/SPARK-26625.
Hi, All. I'll backport this to branch-2.4 since this is a security patch. |
## What changes were proposed in this pull request? The regex (spark.redaction.regex) that is used to decide which config properties or environment settings are sensitive should also include oauthToken to match spark.kubernetes.authenticate.submission.oauthToken ## How was this patch tested? Simple regex addition - happy to add a test if needed. Author: Vinoo Ganesh <vganesh@palantir.com> Closes #23555 from vinooganesh/vinooganesh/SPARK-26625. (cherry picked from commit 01301d0) Signed-off-by: Dongjoon Hyun <dhyun@apple.com>
@dongjoon-hyun Thanks. Looks good to me. |
What changes were proposed in this pull request?
The regex (spark.redaction.regex) that is used to decide which config properties or environment settings are sensitive should also include oauthToken to match spark.kubernetes.authenticate.submission.oauthToken
How was this patch tested?
Simple regex addition - happy to add a test if needed.