From 1baafe276bd499336d627177a6e92377b37e510f Mon Sep 17 00:00:00 2001 From: Suresh Prakash Date: Thu, 3 Aug 2023 17:51:57 +0530 Subject: [PATCH 1/3] Redact values of some key substrings --- .../serviceframework/config/ConfigUtils.java | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java index c092ad4..327c791 100644 --- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java +++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java @@ -3,6 +3,7 @@ import com.typesafe.config.Config; import com.typesafe.config.ConfigRenderOptions; import com.typesafe.config.ConfigValue; +import com.typesafe.config.ConfigValueType; import java.io.PrintWriter; import java.io.StringWriter; import java.util.HashMap; @@ -10,19 +11,32 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; +import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class ConfigUtils { - private static Logger LOGGER = LoggerFactory.getLogger(ConfigUtils.class); + private static final Logger LOGGER = LoggerFactory.getLogger(ConfigUtils.class); + private static final Set SECRET_KEYS = Set.of("password", "secret"); public static void logConfFile(Config configs) { for (Entry entry : configs.entrySet()) { - LOGGER.info("{} = {}", entry.getKey(), entry.getValue()); + LOGGER.info("{} = {}", entry.getKey(), redactValueIfRequired(entry)); } } + private static Object redactValueIfRequired(final Entry entry) { + final ConfigValue value = entry.getValue(); + + if (value.valueType() == ConfigValueType.STRING + && SECRET_KEYS.stream().anyMatch(keyName -> entry.getKey().contains(keyName))) { + return "*** REDACTED ***"; + } + + return value; + } + public static String getStringConfig(Config config, String path, String defaultVal) { if (config.hasPath(path)) { return config.getString(path); From d6aad6cc5d7ca793d7da12de7044efbb5807b75c Mon Sep 17 00:00:00 2001 From: Suresh Prakash Date: Thu, 3 Aug 2023 18:01:56 +0530 Subject: [PATCH 2/3] Move the private method at the end of the file --- .../serviceframework/config/ConfigUtils.java | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java index 327c791..6179b81 100644 --- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java +++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java @@ -26,17 +26,6 @@ public static void logConfFile(Config configs) { } } - private static Object redactValueIfRequired(final Entry entry) { - final ConfigValue value = entry.getValue(); - - if (value.valueType() == ConfigValueType.STRING - && SECRET_KEYS.stream().anyMatch(keyName -> entry.getKey().contains(keyName))) { - return "*** REDACTED ***"; - } - - return value; - } - public static String getStringConfig(Config config, String path, String defaultVal) { if (config.hasPath(path)) { return config.getString(path); @@ -142,4 +131,18 @@ public static String propertiesAsList(Properties properties) { } return writer.toString(); } + + private static Object redactValueIfRequired(final Entry entry) { + final ConfigValue value = entry.getValue(); + + if (value.valueType() == ConfigValueType.STRING && isSecretKey(entry.getKey())) { + return "*** REDACTED ***"; + } + + return value; + } + + private static boolean isSecretKey(final String key) { + return SECRET_KEYS.stream().anyMatch(key::contains); + } } From ebc59dd2571b647a04d18481d8f2abf80c54b8a2 Mon Sep 17 00:00:00 2001 From: Suresh Prakash Date: Fri, 4 Aug 2023 11:02:19 +0530 Subject: [PATCH 3/3] Log unresolved config instead of resolved config --- .../serviceframework/config/ConfigUtils.java | 21 ++----------------- .../config/DirectoryBasedConfigClient.java | 12 +++++------ 2 files changed, 8 insertions(+), 25 deletions(-) diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java index 6179b81..c092ad4 100644 --- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java +++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/ConfigUtils.java @@ -3,7 +3,6 @@ import com.typesafe.config.Config; import com.typesafe.config.ConfigRenderOptions; import com.typesafe.config.ConfigValue; -import com.typesafe.config.ConfigValueType; import java.io.PrintWriter; import java.io.StringWriter; import java.util.HashMap; @@ -11,18 +10,16 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; -import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class ConfigUtils { - private static final Logger LOGGER = LoggerFactory.getLogger(ConfigUtils.class); - private static final Set SECRET_KEYS = Set.of("password", "secret"); + private static Logger LOGGER = LoggerFactory.getLogger(ConfigUtils.class); public static void logConfFile(Config configs) { for (Entry entry : configs.entrySet()) { - LOGGER.info("{} = {}", entry.getKey(), redactValueIfRequired(entry)); + LOGGER.info("{} = {}", entry.getKey(), entry.getValue()); } } @@ -131,18 +128,4 @@ public static String propertiesAsList(Properties properties) { } return writer.toString(); } - - private static Object redactValueIfRequired(final Entry entry) { - final ConfigValue value = entry.getValue(); - - if (value.valueType() == ConfigValueType.STRING && isSecretKey(entry.getKey())) { - return "*** REDACTED ***"; - } - - return value; - } - - private static boolean isSecretKey(final String key) { - return SECRET_KEYS.stream().anyMatch(key::contains); - } } diff --git a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/DirectoryBasedConfigClient.java b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/DirectoryBasedConfigClient.java index 45b4706..614d2c1 100644 --- a/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/DirectoryBasedConfigClient.java +++ b/platform-service-framework/src/main/java/org/hypertrace/core/serviceframework/config/DirectoryBasedConfigClient.java @@ -59,13 +59,14 @@ public Config getConfig() { @Override public Config getConfig(String service, String cluster, String pod, String container) { - final Config resolvedConfig = loadConfigs(service, cluster, pod, container); + final Config unresolvedConfig = loadUnresolvedConfig(service, cluster, pod, container); LOGGER.info("Overrided Configs are listed below:"); - ConfigUtils.logConfFile(resolvedConfig); - return resolvedConfig; + ConfigUtils.logConfFile(unresolvedConfig); + return unresolvedConfig.resolve(); } - private Config loadConfigs(String service, String cluster, String pod, String container) { + private Config loadUnresolvedConfig( + String service, String cluster, String pod, String container) { LOGGER.info("Trying to compile configs under directory: {}", baseDir); Config serviceLevelConf = getConfigFromPath(String.format("%s/%s", baseDir, service)) @@ -89,8 +90,7 @@ private Config loadConfigs(String service, String cluster, String pod, String co return containerLevelConf .withFallback(podLevelConf) .withFallback(clusterLevelConf) - .withFallback(serviceLevelConf) - .resolve(); + .withFallback(serviceLevelConf); } private Config getConfigFromPath(String configDir) {