suneet-s commented on a change in pull request #9432: Web console: expose props
for S3
URL: https://github.com/apache/druid/pull/9432#discussion_r394519549
##########
File path: web-console/src/views/load-data-view/load-data-view.tsx
##########
@@ -1076,11 +1076,21 @@ export class LoadDataView extends
React.PureComponent<LoadDataViewProps, LoadDat
<LearnMore href={getIngestionDocLink(spec)} />
</Callout>
{ingestionComboType ? (
- <AutoForm
- fields={getIoConfigFormFields(ingestionComboType)}
- model={ioConfig}
- onChange={c => this.updateSpecPreview(deepSet(spec,
'spec.ioConfig', c))}
- />
+ <>
+ <AutoForm
+ fields={getIoConfigFormFields(ingestionComboType)}
+ model={ioConfig}
+ onChange={c => this.updateSpecPreview(deepSet(spec,
'spec.ioConfig', c))}
+ />
+ {deepGet(spec,
'spec.ioConfig.inputSource.properties.secretAccessKey.password') && (
+ <FormGroup>
+ <Callout intent={Intent.WARNING}>
+ Inlining the access key into the ingestion spec is
dangerous as it might appear
+ in server log files and can be seen by anyone accessing
this console.
Review comment:
@jihoonson I don't know what the apache rules are on what qualifies for a
blocker. I think the UX isn't great if I see a big scary warning without a way
to remediate. I like @sthetland's suggestion above. If there are committers who
are ok with this, I'm not going to veto.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
