[FLINK-9100][core] Hide configured value for "password"/"secret"
This closes #9100. Project: http://git-wip-us.apache.org/repos/asf/flink/repo Commit: http://git-wip-us.apache.org/repos/asf/flink/commit/1a9675d5 Tree: http://git-wip-us.apache.org/repos/asf/flink/tree/1a9675d5 Diff: http://git-wip-us.apache.org/repos/asf/flink/diff/1a9675d5 Branch: refs/heads/master Commit: 1a9675d54fda7c6d7c519935dde05f47eb449401 Parents: aa4bdc0 Author: sihuazhou <summerle...@163.com> Authored: Tue Apr 24 13:39:11 2018 +0200 Committer: zentol <ches...@apache.org> Committed: Tue Apr 24 13:41:43 2018 +0200 ---------------------------------------------------------------------- .../configuration/GlobalConfiguration.java | 24 +++++++++++++++++++- .../configuration/GlobalConfigurationTest.java | 10 ++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/flink/blob/1a9675d5/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java ---------------------------------------------------------------------- diff --git a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java index 2f2a9cf..fd7d441 100644 --- a/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java +++ b/flink-core/src/main/java/org/apache/flink/configuration/GlobalConfiguration.java @@ -19,6 +19,7 @@ package org.apache.flink.configuration; import org.apache.flink.annotation.Internal; +import org.apache.flink.util.Preconditions; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -42,6 +43,11 @@ public final class GlobalConfiguration { public static final String FLINK_CONF_FILENAME = "flink-conf.yaml"; + // the keys whose values should be hidden + private static final String[] SENSITIVE_KEYS = new String[] {"password", "secret"}; + + // the hidden content to be displayed + public static final String HIDDEN_CONTENT = "******"; // -------------------------------------------------------------------------------------------- @@ -183,7 +189,7 @@ public final class GlobalConfiguration { continue; } - LOG.info("Loading configuration property: {}, {}", key, value); + LOG.info("Loading configuration property: {}, {}", key, isSensitive(key) ? HIDDEN_CONTENT : value); config.setString(key, value); } } @@ -194,4 +200,20 @@ public final class GlobalConfiguration { return config; } + /** + * Check whether the key is a hidden key. + * + * @param key the config key + */ + public static boolean isSensitive(String key) { + Preconditions.checkNotNull(key, "key is null"); + final String keyInLower = key.toLowerCase(); + for (String hideKey : SENSITIVE_KEYS) { + if (keyInLower.length() >= hideKey.length() + && keyInLower.contains(hideKey)) { + return true; + } + } + return false; + } } http://git-wip-us.apache.org/repos/asf/flink/blob/1a9675d5/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java ---------------------------------------------------------------------- diff --git a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java index c5d2e62..a42564d 100644 --- a/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java +++ b/flink-core/src/test/java/org/apache/flink/configuration/GlobalConfigurationTest.java @@ -31,7 +31,9 @@ import java.io.PrintWriter; import java.util.UUID; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; /** * This class contains tests for the global configuration (parsing configuration directory information). @@ -120,4 +122,12 @@ public class GlobalConfigurationTest extends TestLogger { assertNotNull(GlobalConfiguration.loadConfiguration(tempFolder.getRoot().getAbsolutePath())); } + @Test + public void testHiddenKey() { + assertTrue(GlobalConfiguration.isSensitive("password123")); + assertTrue(GlobalConfiguration.isSensitive("123pasSword")); + assertTrue(GlobalConfiguration.isSensitive("PasSword")); + assertTrue(GlobalConfiguration.isSensitive("Secret")); + assertFalse(GlobalConfiguration.isSensitive("Hello")); + } }
