gaborgsomogyi opened a new pull request, #28167:
URL: https://github.com/apache/flink/pull/28167
## What is the purpose of the change
Sensitive table/catalog/model options (e.g. password, api-key, token) were
exposed verbatim in the output of SHOW `CREATE TABLE`, `SHOW CREATE CATALOG`,
`SHOW CREATE MATERIALIZED TABLE`, `SHOW CREATE MODEL`, and `DESCRIBE CATALOG
EXTENDED`. Flink already had redaction infrastructure
(`GlobalConfiguration.isSensitive` / `HIDDEN_CONTENT`) used for Flink config
display and factory error messages, but it was not wired to SQL display
operations.
## Brief change log
- `ShowCreateUtil` - `extractFormattedOptions` now accepts `List<String>
additionalSensitiveKeys` and redacts matching values with `******`. The unused
2-arg and lowerCaseKeys overloads were removed (dead code).
- `ShowCreate*Operation` / `DescribeCatalogOperation` - each `execute()`
reads `SecurityOptions.ADDITIONAL_SENSITIVE_KEYS` from `TableConfig` and
threads it through to the rendering layer.
- `DefaultCatalogTable` / `DefaultCatalogModel` - `toString()` now uses
`ConfigurationUtils.hideSensitiveValues` to avoid leaking secrets in logs.
Built-in sensitive key patterns apply; user-configured additional keys cannot
be applied here (no config context in `toString()`).
## Verifying this change
- `ShowCreateUtilTest` - extended with redaction cases for table, catalog,
materialized table, and custom additionalSensitiveKeys.
- `DescribeCatalogOperationTest` - new; verifies extended output redacts
password/token, non-sensitive values are unchanged, and non-extended output
exposes no options at all.
- `DefaultCatalogTableTest` - new; verifies `toString()` redacts sensitive
keys and preserves safe ones.
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): no
- The public API, i.e., is any changed class annotated with
`@Public(Evolving)`: no
- The serializers: no
- The runtime per-record code paths (performance sensitive): no
- Anything that affects deployment or recovery: JobManager (and its
components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
- The S3 file system connector: no
## Documentation
- Does this pull request introduce a new feature? no
- If yes, how is the feature documented? not applicable
---
##### Was generative AI tooling used to co-author this PR?
- [x] Yes (please specify the tool below)
Generated-by: Claude code
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
