qiuyanjun888 commented on code in PR #28441:
URL: https://github.com/apache/flink/pull/28441#discussion_r3424985231
##########
flink-python/src/main/java/org/apache/beam/runners/fnexecution/control/DefaultJobBundleFactory.java:
##########
@@ -712,13 +719,42 @@ private int unref() {
Preconditions.checkState(refCount >= 0, "Reference count must not
be negative.");
if (refCount == 0) {
// Close environment after it was removed from cache and all
bundles finished.
- LOG.info("Closing environment {}",
environment.getEnvironment());
Review Comment:
Addressed by wiring Flinkās existing
`SecurityOptions.ADDITIONAL_SENSITIVE_KEYS` through the Beam job bundle factory
environment logging path, so custom sensitive environment keys are redacted as
well.
I did not add an HTTP-connector-style plaintext/logging-level switch here
because this path logs process environment data from INFO/WARN
close/expiration/cleanup messages, which has a different leakage risk profile
from DEBUG request/response diagnostics.
Validation:
- `./mvnw -pl flink-python -Dtest=DefaultJobBundleFactoryTest
-DfailIfNoTests=false -Dsurefire.failIfNoSpecifiedTests=false -DskipITs test`
- `git diff --check`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
