[flink] branch master updated: [FLINK-30443] [core] Ensuring more sensitive keys are masked in log output

[rm...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rmetzger pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/flink.git


The following commit(s) were added to refs/heads/master by this push:
     new d7b63aee3b0 [FLINK-30443] [core] Ensuring more sensitive keys are masked in log output
d7b63aee3b0 is described below

commit d7b63aee3b02e71f837e1f0b18f1b93790765d9f
Author: Gunnar Morling <gu...@googlemail.com>
AuthorDate: Thu Dec 22 14:32:06 2022 +0100

    [FLINK-30443] [core] Ensuring more sensitive keys are masked in log output
---
 .../org/apache/flink/configuration/GlobalConfiguration.java  | 12 +++++++++++-
 .../apache/flink/configuration/GlobalConfigurationTest.java  | 12 ++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java
index b3122ed146b..f12b648fac0 100644
--- a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java
+++ b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java
@@ -45,7 +45,17 @@ public final class GlobalConfiguration {
 
     // the keys whose values should be hidden
     private static final String[] SENSITIVE_KEYS =
-            new String[] {"password", "secret", "fs.azure.account.key", "apikey"};
+            new String[] {
+                "password",
+                "secret",
+                "fs.azure.account.key",
+                "apikey",
+                "auth-params",
+                "service-key",
+                "token",
+                "basic-auth",
+                "jaas.config"
+            };
 
     // the hidden content to be displayed
     public static final String HIDDEN_CONTENT = "******";
diff --git a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java
index 9a321e2840d..fab76caa175 100644
--- a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java
+++ b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java
@@ -129,6 +129,18 @@ public class GlobalConfigurationTest extends TestLogger {
         assertTrue(GlobalConfiguration.isSensitive("123pasSword"));
         assertTrue(GlobalConfiguration.isSensitive("PasSword"));
         assertTrue(GlobalConfiguration.isSensitive("Secret"));
+        assertTrue(GlobalConfiguration.isSensitive("polaris.client-secret"));
+        assertTrue(GlobalConfiguration.isSensitive("client-secret"));
+        assertTrue(GlobalConfiguration.isSensitive("service-key-json"));
+        assertTrue(GlobalConfiguration.isSensitive("auth.basic.password"));
+        assertTrue(GlobalConfiguration.isSensitive("auth.basic.token"));
+        assertTrue(GlobalConfiguration.isSensitive("avro-confluent.basic-auth.user-info"));
+        assertTrue(GlobalConfiguration.isSensitive("key.avro-confluent.basic-auth.user-info"));
+        assertTrue(GlobalConfiguration.isSensitive("value.avro-confluent.basic-auth.user-info"));
+        assertTrue(GlobalConfiguration.isSensitive("kafka.jaas.config"));
+        assertTrue(GlobalConfiguration.isSensitive("properties.ssl.truststore.password"));
+        assertTrue(GlobalConfiguration.isSensitive("properties.ssl.keystore.password"));
+
         assertTrue(
                 GlobalConfiguration.isSensitive(
                         "fs.azure.account.key.storageaccount123456.core.windows.net"));