[kafka] branch 3.6 updated: KAFKA-15377: Don't expose externalized secret values in tasks-config API endpoint (#14244)

gharris Thu, 24 Aug 2023 22:04:45 -0700

This is an automated email from the ASF dual-hosted git repository.

gharris pushed a commit to branch 3.6
in repository https://gitbox.apache.org/repos/asf/kafka.git



The following commit(s) were added to refs/heads/3.6 by this push:
     new 0279c1be7ff KAFKA-15377: Don't expose externalized secret values in 
tasks-config API endpoint (#14244)
0279c1be7ff is described below

commit 0279c1be7ff46185f4ed8f55c063e046ab9e3468
Author: Yash Mayya <[email protected]>
AuthorDate: Thu Aug 24 23:44:53 2023 +0100

    KAFKA-15377: Don't expose externalized secret values in tasks-config API 
endpoint (#14244)
    
    Reviewers: Greg Harris <[email protected]>
---
 .../java/org/apache/kafka/connect/runtime/AbstractHerder.java    | 2 +-
 .../kafka/connect/runtime/standalone/StandaloneHerder.java       | 2 +-
 .../kafka/connect/runtime/distributed/DistributedHerderTest.java | 7 +++++++
 .../kafka/connect/runtime/standalone/StandaloneHerderTest.java   | 9 +++++++++
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git 
a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/AbstractHerder.java
 
b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/AbstractHerder.java
index 7f04914c8d1..7bbcf0f6861 100644
--- 
a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/AbstractHerder.java
+++ 
b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/AbstractHerder.java
@@ -311,7 +311,7 @@ public abstract class AbstractHerder implements Herder, 
TaskStatus.Listener, Con
 
         Map<ConnectorTaskId, Map<String, String>> configs = new HashMap<>();
         for (ConnectorTaskId cti : configState.tasks(connector)) {
-            configs.put(cti, configState.taskConfig(cti));
+            configs.put(cti, configState.rawTaskConfig(cti));
         }
 
         return configs;
diff --git 
a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerder.java
 
b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerder.java
index c7fee9e6715..babb157f772 100644
--- 
a/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerder.java
+++ 
b/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerder.java
@@ -579,7 +579,7 @@ public class StandaloneHerder extends AbstractHerder {
     public void tasksConfig(String connName, Callback<Map<ConnectorTaskId, 
Map<String, String>>> callback) {
         Map<ConnectorTaskId, Map<String, String>> tasksConfig = 
buildTasksConfig(connName);
         if (tasksConfig.isEmpty()) {
-            callback.onCompletion(new NotFoundException("Connector " + 
connName + " not found"), tasksConfig);
+            callback.onCompletion(new NotFoundException("Connector " + 
connName + " not found"), null);
             return;
         }
         callback.onCompletion(null, tasksConfig);
diff --git 
a/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/distributed/DistributedHerderTest.java
 
b/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/distributed/DistributedHerderTest.java
index bec8369a3b0..2b774133d36 100644
--- 
a/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/distributed/DistributedHerderTest.java
+++ 
b/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/distributed/DistributedHerderTest.java
@@ -2091,6 +2091,8 @@ public class DistributedHerderTest {
         herder.connectorConfig(CONN1, connectorConfigCb);
         FutureCallback<List<TaskInfo>> taskConfigsCb = new FutureCallback<>();
         herder.taskConfigs(CONN1, taskConfigsCb);
+        FutureCallback<Map<ConnectorTaskId, Map<String, String>>> 
tasksConfigCb = new FutureCallback<>();
+        herder.tasksConfig(CONN1, tasksConfigCb);
 
         herder.tick();
         assertTrue(listConnectorsCb.isDone());
@@ -2107,6 +2109,11 @@ public class DistributedHerderTest {
                         new TaskInfo(TASK1, TASK_CONFIG),
                         new TaskInfo(TASK2, TASK_CONFIG)),
                 taskConfigsCb.get());
+        Map<ConnectorTaskId, Map<String, String>> tasksConfig = new 
HashMap<>();
+        tasksConfig.put(TASK0, TASK_CONFIG);
+        tasksConfig.put(TASK1, TASK_CONFIG);
+        tasksConfig.put(TASK2, TASK_CONFIG);
+        assertEquals(tasksConfig, tasksConfigCb.get());
 
         // Config transformation should not occur when requesting connector or 
task info
         verify(configTransformer, never()).transform(eq(CONN1), any());
diff --git 
a/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerderTest.java
 
b/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerderTest.java
index 32c54f58035..500ce58b8c6 100644
--- 
a/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerderTest.java
+++ 
b/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/standalone/StandaloneHerderTest.java
@@ -765,6 +765,7 @@ public class StandaloneHerderTest {
         Callback<ConnectorInfo> connectorInfoCb = 
PowerMock.createMock(Callback.class);
         Callback<Map<String, String>> connectorConfigCb = 
PowerMock.createMock(Callback.class);
         Callback<List<TaskInfo>> taskConfigsCb = 
PowerMock.createMock(Callback.class);
+        Callback<Map<ConnectorTaskId, Map<String, String>>> tasksConfigCb = 
PowerMock.createMock(Callback.class);
 
         // Check accessors with empty worker
         listConnectorsCb.onCompletion(null, Collections.EMPTY_SET);
@@ -775,6 +776,8 @@ public class StandaloneHerderTest {
         EasyMock.expectLastCall();
         taskConfigsCb.onCompletion(EasyMock.<NotFoundException>anyObject(), 
EasyMock.isNull());
         EasyMock.expectLastCall();
+        tasksConfigCb.onCompletion(EasyMock.<NotFoundException>anyObject(), 
EasyMock.isNull());
+        EasyMock.expectLastCall();
 
         // Create connector
         connector = PowerMock.createMock(BogusSourceConnector.class);
@@ -795,6 +798,10 @@ public class StandaloneHerderTest {
         taskConfigsCb.onCompletion(null, Arrays.asList(taskInfo));
         EasyMock.expectLastCall();
 
+        Map<ConnectorTaskId, Map<String, String>> tasksConfig = 
Collections.singletonMap(new ConnectorTaskId(CONNECTOR_NAME, 0),
+            taskConfig(SourceSink.SOURCE));
+        tasksConfigCb.onCompletion(null, tasksConfig);
+        EasyMock.expectLastCall();
 
         PowerMock.replayAll();
 
@@ -803,6 +810,7 @@ public class StandaloneHerderTest {
         herder.connectorInfo(CONNECTOR_NAME, connectorInfoCb);
         herder.connectorConfig(CONNECTOR_NAME, connectorConfigCb);
         herder.taskConfigs(CONNECTOR_NAME, taskConfigsCb);
+        herder.tasksConfig(CONNECTOR_NAME, tasksConfigCb);
 
         herder.putConnectorConfig(CONNECTOR_NAME, connConfig, false, 
createCallback);
         Herder.Created<ConnectorInfo> connectorInfo = 
createCallback.get(1000L, TimeUnit.SECONDS);
@@ -818,6 +826,7 @@ public class StandaloneHerderTest {
         herder.connectorInfo(CONNECTOR_NAME, connectorInfoCb);
         herder.connectorConfig(CONNECTOR_NAME, connectorConfigCb);
         herder.taskConfigs(CONNECTOR_NAME, taskConfigsCb);
+        herder.tasksConfig(CONNECTOR_NAME, tasksConfigCb);
 
         PowerMock.verifyAll();
     }

[kafka] branch 3.6 updated: KAFKA-15377: Don't expose externalized secret values in tasks-config API endpoint (#14244)

Reply via email to