You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flink.apache.org by rm...@apache.org on 2022/12/22 20:46:28 UTC
[flink] branch master updated: [FLINK-30443] [core] Ensuring more sensitive keys are masked in log output
This is an automated email from the ASF dual-hosted git repository.
rmetzger pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git
The following commit(s) were added to refs/heads/master by this push:
new d7b63aee3b0 [FLINK-30443] [core] Ensuring more sensitive keys are masked in log output
d7b63aee3b0 is described below
commit d7b63aee3b02e71f837e1f0b18f1b93790765d9f
Author: Gunnar Morling <gu...@googlemail.com>
AuthorDate: Thu Dec 22 14:32:06 2022 +0100
[FLINK-30443] [core] Ensuring more sensitive keys are masked in log output
---
.../org/apache/flink/configuration/GlobalConfiguration.java | 12 +++++++++++-
.../apache/flink/configuration/GlobalConfigurationTest.java | 12 ++++++++++++
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java
index b3122ed146b..f12b648fac0 100644
--- a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java
+++ b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java
@@ -45,7 +45,17 @@ public final class GlobalConfiguration {
// the keys whose values should be hidden
private static final String[] SENSITIVE_KEYS =
- new String[] {"password", "secret", "fs.azure.account.key", "apikey"};
+ new String[] {
+ "password",
+ "secret",
+ "fs.azure.account.key",
+ "apikey",
+ "auth-params",
+ "service-key",
+ "token",
+ "basic-auth",
+ "jaas.config"
+ };
// the hidden content to be displayed
public static final String HIDDEN_CONTENT = "******";
diff --git a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java
index 9a321e2840d..fab76caa175 100644
--- a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java
+++ b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java
@@ -129,6 +129,18 @@ public class GlobalConfigurationTest extends TestLogger {
assertTrue(GlobalConfiguration.isSensitive("123pasSword"));
assertTrue(GlobalConfiguration.isSensitive("PasSword"));
assertTrue(GlobalConfiguration.isSensitive("Secret"));
+ assertTrue(GlobalConfiguration.isSensitive("polaris.client-secret"));
+ assertTrue(GlobalConfiguration.isSensitive("client-secret"));
+ assertTrue(GlobalConfiguration.isSensitive("service-key-json"));
+ assertTrue(GlobalConfiguration.isSensitive("auth.basic.password"));
+ assertTrue(GlobalConfiguration.isSensitive("auth.basic.token"));
+ assertTrue(GlobalConfiguration.isSensitive("avro-confluent.basic-auth.user-info"));
+ assertTrue(GlobalConfiguration.isSensitive("key.avro-confluent.basic-auth.user-info"));
+ assertTrue(GlobalConfiguration.isSensitive("value.avro-confluent.basic-auth.user-info"));
+ assertTrue(GlobalConfiguration.isSensitive("kafka.jaas.config"));
+ assertTrue(GlobalConfiguration.isSensitive("properties.ssl.truststore.password"));
+ assertTrue(GlobalConfiguration.isSensitive("properties.ssl.keystore.password"));
+
assertTrue(
GlobalConfiguration.isSensitive(
"fs.azure.account.key.storageaccount123456.core.windows.net"));