[GitHub] [druid] LakshSingla opened a new pull request, #13231: Mask SQL in ExecutorLifecycle logs for AWS Credentials

Sun, 16 Oct 2022 23:09:28 -0700 


LakshSingla opened a new pull request, #13231:
URL: https://github.com/apache/druid/pull/13231

   ### Description
   With MSQ submitting the tasks containing SQL which might have sensitive keys 
like AWS's secrets in them, they can get logged in the file if the SQL contains 
them.
   While this is not a secure way to specify the credentials since they might 
get logged & reported at multiple places, this PR  aims to mask these sensitive 
keys in the log files using a simple regex search and replace.
   
   For GCS and Azure input sources, the credentials cannot be specified in the 
InputSource itself therefore we donot need to search and mask their keys in the 
SQL. 
   <hr>
   
   ##### Key changed/added classes in this PR
    * `ExecutorLifecycle`
   
   - [ ] been self-reviewed.
      - [ ] using the [concurrency 
checklist](https://github.com/apache/druid/blob/master/dev/code-review/concurrency.md)
 (Remove this item if the PR doesn't have any relation to concurrency.)
   - [ ] added documentation for new or modified features or behaviors.
   - [ ] a release note entry in the PR description.
   - [ ] added Javadocs for most classes and all non-trivial methods. Linked 
related entities via Javadoc links.
   - [ ] added or updated version, license, or notice information in 
[licenses.yaml](https://github.com/apache/druid/blob/master/dev/license.md)
   - [ ] added comments explaining the "why" and the intent of the code 
wherever would not be obvious for an unfamiliar reader.
   - [ ] added unit tests or modified existing tests to cover new code paths, 
ensuring the threshold for [code 
coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md)
 is met.
   - [ ] added integration tests.
   - [ ] been tested in a test Druid cluster.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to