[incubator-kyuubi] branch master updated: [KYUUBI #2463] Redact `kyuubi.ha.zookeeper.auth.digest` in Spark engine

Sun, 24 Apr 2022 20:46:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

ulyssesyou pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-kyuubi.git


The following commit(s) were added to refs/heads/master by this push:
     new f13856aa9 [KYUUBI #2463] Redact `kyuubi.ha.zookeeper.auth.digest` in 
Spark engine
f13856aa9 is described below

commit f13856aa94951b78204724c58105261f9970766a
Author: sychen <[email protected]>
AuthorDate: Mon Apr 25 11:46:36 2022 +0800

    [KYUUBI #2463] Redact `kyuubi.ha.zookeeper.auth.digest` in Spark engine
    
    ### _Why are the changes needed?_
    close #2463
    
    `spark.kyuubi.ha.zookeeper.auth.digest` configuration item will see account 
and password in Spark UI.
    use `spark.redaction.regex`.
    
    ### _How was this patch tested?_
    - [ ] Add some test cases that check the changes thoroughly including 
negative and positive cases if possible
    
    - [x] Add screenshots for manual tests if appropriate
    
    - [x] [Run 
test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests)
 locally before make a pull request
    
    Closes #2464 from cxzl25/KYUUBI-2463.
    
    Closes #2463
    
    d394ff9c [sychen] redact
    
    Authored-by: sychen <[email protected]>
    Signed-off-by: ulysses-you <[email protected]>
---
 .../main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala    | 4 ++++
 1 file changed, 4 insertions(+)

diff --git 
a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
 
b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
index 191825f06..9b257575f 100644
--- 
a/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
+++ 
b/externals/kyuubi-spark-sql-engine/src/main/scala/org/apache/kyuubi/engine/spark/SparkSQLEngine.scala
@@ -153,6 +153,10 @@ object SparkSQLEngine extends Logging {
     
_sparkConf.setIfMissing("spark.sql.legacy.castComplexTypesToString.enabled", 
"true")
     _sparkConf.setIfMissing("spark.master", "local")
     _sparkConf.setIfMissing("spark.ui.port", "0")
+    _sparkConf.set(
+      "spark.redaction.regex",
+      _sparkConf.get("spark.redaction.regex", 
"(?i)secret|password|token|access[.]key")
+        + "|zookeeper.auth.digest")
     // register the repl's output dir with the file server.
     // see also `spark.repl.classdir`
     _sparkConf.set("spark.repl.class.outputDir", 
outputDir.toFile.getAbsolutePath)

Reply via email to