gaborgsomogyi commented on code in PR #26916:
URL: https://github.com/apache/flink/pull/26916#discussion_r2281433108
##########
flink-table/flink-table-planner/src/test/scala/org/apache/flink/table/planner/catalog/CatalogTableITCase.scala:
##########
@@ -1375,6 +1375,101 @@ class CatalogTableITCase(isStreamingMode: Boolean)
extends TableITCaseBase {
"+I[bob]",
tableEnv.executeSql("select lowerUdf(a) from
t1").collect().next().toString)
}
+
+ @TestTemplate
+ def testSensitiveInfoMasking(): Unit = {
+ // Create tables with sensitive info
+ val tableDDL =
+ """
+ |create table t1(
+ | a bigint,
+ | b varchar,
+ | c int
+ |) with (
+ | 'connector' = 'values',
+ | 'password' = 'secret1',
+ | 'secret' = 'secret2',
+ | 'fs.azure.account.key' = 'secret3',
+ | 'apikey' = 'secret4',
+ | 'api-key' = 'secret5',
+ | 'auth-params' = 'secret6',
+ | 'service-key' = 'secret7',
+ | 'token' = 'secret8',
+ | 'basic-auth' = 'secret9',
+ | 'jaas.config' = 'secret10',
+ | 'http-headers' = '{"Authorization": "secret11"}'
+ |)
+ """.stripMargin
+
+ tableEnv.executeSql(tableDDL)
+
+ // Test source table validation
+ try {
+ tableEnv.executeSql("select * from t1")
+ fail("Expected ValidationException for source table")
+ } catch {
+ case e: ValidationException =>
+ val errorMsg = e.getMessage
+ // Verify source table sensitive info is masked
+ assert(!errorMsg.contains("secret1"))
+ assert(!errorMsg.contains("secret2"))
+ assert(!errorMsg.contains("secret3"))
+ assert(!errorMsg.contains("secret4"))
+ assert(!errorMsg.contains("secret5"))
+ assert(!errorMsg.contains("secret6"))
+ assert(!errorMsg.contains("secret7"))
+ assert(!errorMsg.contains("secret8"))
+ assert(!errorMsg.contains("secret9"))
+ assert(!errorMsg.contains("secret10"))
+ assert(!errorMsg.contains("{\"Authorization\": \"secret11\"}"))
+
+ assert(errorMsg.contains("'password'='******'"))
+ assert(errorMsg.contains("'secret'='******'"))
+ assert(errorMsg.contains("'fs.azure.account.key'='******'"))
+ assert(errorMsg.contains("'apikey'='******'"))
+ assert(errorMsg.contains("'api-key'='******'"))
+ assert(errorMsg.contains("'auth-params'='******'"))
+ assert(errorMsg.contains("'service-key'='******'"))
+ assert(errorMsg.contains("'token'='******'"))
+ assert(errorMsg.contains("'basic-auth'='******'"))
+ assert(errorMsg.contains("'jaas.config'='******'"))
+ assert(errorMsg.contains("'http-headers'='******'"))
+ }
+
+ // Test sink table validation
+ try {
+ tableEnv.executeSql("insert into t1 select 1, 'test', 1")
+ fail("Expected ValidationException for sink table")
+ } catch {
+ case e: ValidationException =>
+ val errorMsg = e.getMessage
+ // Verify sink table sensitive info is masked
+ assert(!errorMsg.contains("secret1"))
Review Comment:
Same here
##########
flink-table/flink-table-planner/src/test/scala/org/apache/flink/table/planner/catalog/CatalogTableITCase.scala:
##########
@@ -1375,6 +1375,101 @@ class CatalogTableITCase(isStreamingMode: Boolean)
extends TableITCaseBase {
"+I[bob]",
tableEnv.executeSql("select lowerUdf(a) from
t1").collect().next().toString)
}
+
+ @TestTemplate
+ def testSensitiveInfoMasking(): Unit = {
+ // Create tables with sensitive info
+ val tableDDL =
+ """
+ |create table t1(
+ | a bigint,
+ | b varchar,
+ | c int
+ |) with (
+ | 'connector' = 'values',
+ | 'password' = 'secret1',
+ | 'secret' = 'secret2',
+ | 'fs.azure.account.key' = 'secret3',
+ | 'apikey' = 'secret4',
+ | 'api-key' = 'secret5',
+ | 'auth-params' = 'secret6',
+ | 'service-key' = 'secret7',
+ | 'token' = 'secret8',
+ | 'basic-auth' = 'secret9',
+ | 'jaas.config' = 'secret10',
+ | 'http-headers' = '{"Authorization": "secret11"}'
+ |)
+ """.stripMargin
+
+ tableEnv.executeSql(tableDDL)
+
+ // Test source table validation
+ try {
+ tableEnv.executeSql("select * from t1")
+ fail("Expected ValidationException for source table")
+ } catch {
+ case e: ValidationException =>
+ val errorMsg = e.getMessage
+ // Verify source table sensitive info is masked
+ assert(!errorMsg.contains("secret1"))
+ assert(!errorMsg.contains("secret2"))
+ assert(!errorMsg.contains("secret3"))
+ assert(!errorMsg.contains("secret4"))
+ assert(!errorMsg.contains("secret5"))
+ assert(!errorMsg.contains("secret6"))
+ assert(!errorMsg.contains("secret7"))
+ assert(!errorMsg.contains("secret8"))
+ assert(!errorMsg.contains("secret9"))
+ assert(!errorMsg.contains("secret10"))
+ assert(!errorMsg.contains("{\"Authorization\": \"secret11\"}"))
Review Comment:
Maybe `assert(!errorMsg.contains("secret"))`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
