Re: [PR] [#9643] improvement: Filter sensitive properties by privileges. [gravitino]

Tue, 10 Feb 2026 05:57:31 -0800 


FANNG1 commented on code in PR #9785:
URL: https://github.com/apache/gravitino/pull/9785#discussion_r2788081526


##########
core/src/main/java/org/apache/gravitino/Configs.java:
##########
@@ -288,6 +288,16 @@ private Configs() {}
           .booleanConf()
           .createWithDefault(false);
 
+  public static final ConfigEntry<Boolean> FILTER_SENSITIVE_PROPERTIES =
+      new ConfigBuilder("gravitino.authorization.filterSensitiveProperties")
+          .doc(
+              "Whether to filter sensitive properties in catalog responses. "
+                  + "When enabled, sensitive properties like passwords and 
secret keys will be "
+                  + "hidden from users without appropriate permissions")
+          .version(ConfigConstants.VERSION_1_1_0)

Review Comment:
   1.2.0?



##########
bundles/aws/src/main/java/org/apache/gravitino/s3/credential/S3TokenProvider.java:
##########
@@ -37,4 +40,11 @@ public String credentialType() {
   public String getGeneratorClassName() {
     return "org.apache.gravitino.s3.credential.S3TokenGenerator";
   }
+
+  @Override
+  public Set<String> sensitivePropertyKeys() {
+    return Sets.newHashSet(
+        S3CredentialConfig.S3_ACCESS_KEY_ID.getKey(),
+        S3CredentialConfig.S3_SECRET_ACCESS_KEY.getKey());

Review Comment:
   Why not adding token?



##########
common/src/main/java/org/apache/gravitino/credential/CredentialProvider.java:
##########
@@ -58,4 +60,14 @@ public interface CredentialProvider extends Closeable {
    */
   @Nullable
   Credential getCredential(CredentialContext context);
+
+  /**
+   * Returns the sensitive property keys used by this credential provider. 
These properties contain

Review Comment:
   could you add more description about the effect of this method?



##########
bundles/gcp/src/main/java/org/apache/gravitino/gcs/credential/GCSTokenProvider.java:
##########
@@ -37,4 +40,9 @@ public String credentialType() {
   public String getGeneratorClassName() {
     return "org.apache.gravitino.gcs.credential.GCSTokenGenerator";
   }
+
+  @Override
+  public Set<String> sensitivePropertyKeys() {
+    return 
Sets.newHashSet(GCSCredentialConfig.GCS_CREDENTIAL_FILE_PATH.getKey());

Review Comment:
   it should be token?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to