This is an automated email from the ASF dual-hosted git repository.
pchenxi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new e429792dd2 [#10223] Prevent sensitive Spark job environment values
from being logged in SparkProcessBuilder (#10450)
e429792dd2 is described below
commit e429792dd2bdb23a9f61bc6e318cd5a2cf867700
Author: Lucas <[email protected]>
AuthorDate: Wed Mar 18 17:34:10 2026 +0800
[#10223] Prevent sensitive Spark job environment values from being logged
in SparkProcessBuilder (#10450)
<!--
1. Title: [#<issue>] <type>(<scope>): <subject>
Examples:
- "[#123] feat(operator): Support xxx"
- "[#233] fix: Check null before access result in xxx"
- "[MINOR] refactor: Fix typo in variable name"
- "[MINOR] docs: Fix typo in README"
- "[#255] test: Fix flaky test NameOfTheTest"
Reference: https://www.conventionalcommits.org/en/v1.0.0/
2. If the PR is unfinished, please mark this PR as draft.
-->
### What changes were proposed in this pull request?
- Modified SparkProcessBuilder.start() method to log only environment
variable names instead of full key-value pairs
### Why are the changes needed?
Fix: #10223
### Does this PR introduce _any_ user-facing change?
### How was this patch tested?
---
.../gravitino/job/local/SparkProcessBuilder.java | 4 +-
.../job/local/TestSparkProcessBuilder.java | 62 ++++++++++++++++++++++
2 files changed, 64 insertions(+), 2 deletions(-)
diff --git
a/core/src/main/java/org/apache/gravitino/job/local/SparkProcessBuilder.java
b/core/src/main/java/org/apache/gravitino/job/local/SparkProcessBuilder.java
index d577c5af9f..918c48f564 100644
--- a/core/src/main/java/org/apache/gravitino/job/local/SparkProcessBuilder.java
+++ b/core/src/main/java/org/apache/gravitino/job/local/SparkProcessBuilder.java
@@ -125,9 +125,9 @@ public class SparkProcessBuilder extends
LocalProcessBuilder {
builder.redirectError(errorFile);
LOG.info(
- "Starting local Spark job with command: {}, environment variables: {}",
+ "Starting local Spark job with command: {}, environment variable
names: {}",
Joiner.on(" ").join(commandList),
- Joiner.on(", ").withKeyValueSeparator(":
").join(sparkJobTemplate.environments()));
+ Joiner.on(", ").join(sparkJobTemplate.environments().keySet()));
try {
return builder.start();
diff --git
a/core/src/test/java/org/apache/gravitino/job/local/TestSparkProcessBuilder.java
b/core/src/test/java/org/apache/gravitino/job/local/TestSparkProcessBuilder.java
index 930bf1a4e0..12c2a69325 100644
---
a/core/src/test/java/org/apache/gravitino/job/local/TestSparkProcessBuilder.java
+++
b/core/src/test/java/org/apache/gravitino/job/local/TestSparkProcessBuilder.java
@@ -19,9 +19,12 @@
package org.apache.gravitino.job.local;
+import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.util.List;
+import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
import org.apache.gravitino.job.SparkJobTemplate;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
@@ -140,4 +143,63 @@ public class TestSparkProcessBuilder {
Assertions.assertTrue(command4.contains("arg1"));
Assertions.assertTrue(command4.contains("arg2"));
}
+
+ @Test
+ public void testSparkEnvironmentInfoOutputWithoutValue() {
+ SparkJobTemplate template =
+ SparkJobTemplate.builder()
+ .withName("template4")
+ .withExecutable("/path/to/spark-demo.jar")
+ .withArguments(Lists.newArrayList("arg1", "arg2"))
+ .withClassName("com.example.MainClass")
+ .withConfigs(
+ ImmutableMap.of(
+ "spark.executor.memory", "2g",
+ "spark.executor.cores", "2"))
+ .withEnvironments(ImmutableMap.of("key1", "value1", "key2",
"value2"))
+ .build();
+ Map<String, String> environments = template.environments();
+ String environmentKeys = Joiner.on(", ").join(environments.keySet());
+ Assertions.assertEquals("key1, key2", environmentKeys);
+ }
+
+ @Test
+ public void testSparkEnvironmentInfoWithEmptyMap() {
+ SparkJobTemplate template =
+ SparkJobTemplate.builder()
+ .withName("template4")
+ .withExecutable("/path/to/spark-demo.jar")
+ .withArguments(Lists.newArrayList("arg1", "arg2"))
+ .withClassName("com.example.MainClass")
+ .withConfigs(
+ ImmutableMap.of(
+ "spark.executor.memory", "2g",
+ "spark.executor.cores", "2"))
+ .withEnvironments(ImmutableMap.of())
+ .build();
+ Map<String, String> environments = template.environments();
+ String environmentKeys = Joiner.on(", ").join(environments.keySet());
+ Assertions.assertTrue(StringUtils.isBlank(environmentKeys));
+ }
+
+ @Test
+ public void testSparkEnvironmentInfoWithNullMap() {
+ SparkJobTemplate template =
+ SparkJobTemplate.builder()
+ .withName("template4")
+ .withExecutable("/path/to/spark-demo.jar")
+ .withArguments(Lists.newArrayList("arg1", "arg2"))
+ .withClassName("com.example.MainClass")
+ .withConfigs(
+ ImmutableMap.of(
+ "spark.executor.memory", "2g",
+ "spark.executor.cores", "2"))
+ .withEnvironments(null)
+ .build();
+ Map<String, String> environments = template.environments();
+ Assertions.assertNotNull(environments);
+ Assertions.assertTrue(environments.isEmpty());
+ String environmentKeys = Joiner.on(", ").join(environments.keySet());
+ Assertions.assertTrue(StringUtils.isBlank(environmentKeys));
+ }
}
