You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ma...@apache.org on 2021/09/18 14:02:31 UTC
[pinot] branch master updated: Mask credentials in debug endpoint
/appconfigs (#7452)
This is an automated email from the ASF dual-hosted git repository.
mayanks pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 9c2a333 Mask credentials in debug endpoint /appconfigs (#7452)
9c2a333 is described below
commit 9c2a333f3cc943e350ccbea8c95b804819009e20
Author: Ramakrishna Baratam <ra...@gmail.com>
AuthorDate: Sat Sep 18 07:01:47 2021 -0700
Mask credentials in debug endpoint /appconfigs (#7452)
---
.../apache/pinot/common/utils/PinotAppConfigs.java | 3 ++-
.../apache/pinot/controller/ControllerTestUtils.java | 19 +++++++++++--------
.../controller/api/PinotControllerAppConfigsTest.java | 12 +++++++++---
.../pinot/server/api/PinotServerAppConfigsTest.java | 12 +++++++++---
4 files changed, 31 insertions(+), 15 deletions(-)
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java
index 986f482..254d2a8 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java
@@ -38,6 +38,7 @@ import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.commons.io.FileUtils;
import org.apache.pinot.spi.env.PinotConfiguration;
+import org.apache.pinot.spi.utils.Obfuscator;
/**
@@ -341,7 +342,7 @@ public class PinotAppConfigs {
public String toJSONString() {
try {
- return OBJECT_MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(this);
+ return OBJECT_MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(new Obfuscator().toJson(this));
} catch (JsonProcessingException e) {
return e.getMessage();
}
diff --git a/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java b/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
index 170bea8..1e38de7 100644
--- a/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
+++ b/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
@@ -233,9 +233,8 @@ public abstract class ControllerTestUtils {
public static void addFakeBrokerInstanceToAutoJoinHelixCluster(String instanceId, boolean isSingleTenant)
throws Exception {
- HelixManager helixManager =
- HelixManagerFactory.getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT,
- _zookeeperInstance.getZkUrl());
+ HelixManager helixManager = HelixManagerFactory
+ .getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT, _zookeeperInstance.getZkUrl());
helixManager.getStateMachineEngine()
.registerStateModelFactory(FakeBrokerResourceOnlineOfflineStateModelFactory.STATE_MODEL_DEF,
FakeBrokerResourceOnlineOfflineStateModelFactory.FACTORY_INSTANCE);
@@ -334,9 +333,8 @@ public abstract class ControllerTestUtils {
protected static void addFakeServerInstanceToAutoJoinHelixCluster(String instanceId, boolean isSingleTenant,
int adminPort)
throws Exception {
- HelixManager helixManager =
- HelixManagerFactory.getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT,
- _zookeeperInstance.getZkUrl());
+ HelixManager helixManager = HelixManagerFactory
+ .getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT, _zookeeperInstance.getZkUrl());
helixManager.getStateMachineEngine()
.registerStateModelFactory(FakeSegmentOnlineOfflineStateModelFactory.STATE_MODEL_DEF,
FakeSegmentOnlineOfflineStateModelFactory.FACTORY_INSTANCE);
@@ -348,8 +346,9 @@ public abstract class ControllerTestUtils {
} else {
helixAdmin.addInstanceTag(getHelixClusterName(), instanceId, UNTAGGED_SERVER_INSTANCE);
}
- HelixConfigScope configScope = new HelixConfigScopeBuilder(HelixConfigScope.ConfigScopeProperty.PARTICIPANT,
- getHelixClusterName()).forParticipant(instanceId).build();
+ HelixConfigScope configScope =
+ new HelixConfigScopeBuilder(HelixConfigScope.ConfigScopeProperty.PARTICIPANT, getHelixClusterName())
+ .forParticipant(instanceId).build();
helixAdmin.setConfig(configScope, Collections.singletonMap(ADMIN_PORT_KEY, Integer.toString(adminPort)));
FAKE_INSTANCE_HELIX_MANAGERS.add(helixManager);
}
@@ -686,6 +685,10 @@ public abstract class ControllerTestUtils {
// Used in PinotTableRestletResourceTest
properties.put(ControllerConf.TABLE_MIN_REPLICAS, MIN_NUM_REPLICAS);
+ // Used in PinotControllerAppConfigsTest to test obfuscation
+ properties.put("controller.segment.fetcher.auth.token", "*personal*");
+ properties.put("controller.admin.access.control.principals.user.password", "*personal*");
+
return properties;
}
diff --git a/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java b/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
index 234aa63..902d432 100644
--- a/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
+++ b/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
@@ -23,6 +23,7 @@ import java.io.IOException;
import org.apache.pinot.common.utils.PinotAppConfigs;
import org.apache.pinot.controller.ControllerConf;
import org.apache.pinot.controller.ControllerTestUtils;
+import org.apache.pinot.spi.utils.Obfuscator;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
@@ -52,7 +53,8 @@ public class PinotControllerAppConfigsTest {
String configsJson =
ControllerTestUtils.sendGetRequest(ControllerTestUtils.getControllerRequestURLBuilder().forAppConfigs());
- PinotAppConfigs actual = new ObjectMapper().readValue(configsJson, PinotAppConfigs.class);
+ ObjectMapper mapper = new ObjectMapper();
+ PinotAppConfigs actual = mapper.readValue(configsJson, PinotAppConfigs.class);
// RuntimeConfig is not checked as it has information that can change during the test run.
// Also, some of the system configs can change, so compare the ones that don't.
@@ -65,8 +67,12 @@ public class PinotControllerAppConfigsTest {
Assert.assertEquals(actualSystemConfig.getTotalPhysicalMemory(), expectedSystemConfig.getTotalPhysicalMemory());
Assert.assertEquals(actualSystemConfig.getTotalSwapSpace(), expectedSystemConfig.getTotalSwapSpace());
- Assert.assertEquals(actual.getJvmConfig(), expected.getJvmConfig());
- Assert.assertEquals(actual.getPinotConfig(), expectedControllerConf.toMap());
+ // tests Equals on obfuscated expected and actual
+ Obfuscator obfuscator = new Obfuscator();
+ String obfuscatedExpectedJson = obfuscator.toJsonString(expected);
+ PinotAppConfigs obfuscatedExpected = mapper.readValue(obfuscatedExpectedJson, PinotAppConfigs.class);
+ Assert.assertEquals(actual.getJvmConfig(), obfuscatedExpected.getJvmConfig());
+ Assert.assertEquals(actual.getPinotConfig(), obfuscatedExpected.getPinotConfig());
}
@AfterClass
diff --git a/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java b/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
index 23428ac..978bd2a 100644
--- a/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
+++ b/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
@@ -24,6 +24,7 @@ import javax.ws.rs.core.Response;
import org.apache.pinot.common.utils.PinotAppConfigs;
import org.apache.pinot.server.starter.helix.DefaultHelixStarterServerConfig;
import org.apache.pinot.spi.env.PinotConfiguration;
+import org.apache.pinot.spi.utils.Obfuscator;
import org.testng.Assert;
import org.testng.annotations.Test;
@@ -46,7 +47,8 @@ public class PinotServerAppConfigsTest extends BaseResourceTest {
Response response = _webTarget.path("/appconfigs").request().get(Response.class);
String configsJson = response.readEntity(String.class);
- PinotAppConfigs actual = new ObjectMapper().readValue(configsJson, PinotAppConfigs.class);
+ ObjectMapper mapper = new ObjectMapper();
+ PinotAppConfigs actual = mapper.readValue(configsJson, PinotAppConfigs.class);
// RuntimeConfig is not checked as it has information that can change during the test run.
// Also, some of the system configs can change, so compare the ones that don't.
@@ -59,7 +61,11 @@ public class PinotServerAppConfigsTest extends BaseResourceTest {
Assert.assertEquals(actualSystemConfig.getTotalPhysicalMemory(), expectedSystemConfig.getTotalPhysicalMemory());
Assert.assertEquals(actualSystemConfig.getTotalSwapSpace(), expectedSystemConfig.getTotalSwapSpace());
- Assert.assertEquals(actual.getJvmConfig(), expected.getJvmConfig());
- Assert.assertEquals(actual.getPinotConfig(), expectedServerConf.toMap());
+ // tests Equals on obfuscated expected and actual
+ Obfuscator obfuscator = new Obfuscator();
+ String obfuscatedExpectedJson = obfuscator.toJsonString(expected);
+ PinotAppConfigs obfuscatedExpected = mapper.readValue(obfuscatedExpectedJson, PinotAppConfigs.class);
+ Assert.assertEquals(actual.getJvmConfig(), obfuscatedExpected.getJvmConfig());
+ Assert.assertEquals(actual.getPinotConfig(), obfuscatedExpected.getPinotConfig());
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org