Wadimz opened a new pull request, #18349:
URL: https://github.com/apache/kafka/pull/18349
It was noticed that sensitive information is printed as clear text while
using default TopicBasedRemoteLogMetadataManagerConfig implementation. Example:
`
2024-12-20 14:52:56,805] INFO Successfully configured topic-based RLMM with
config:
TopicBasedRemoteLogMetadataManagerConfig{clientIdPrefix='__remote_log_metadata_client_6',
metadataTopicPartitionsCount=50, consumeWaitMs=120000,
metadataTopicRetentionMs=-1, metadataTopicReplicationFactor=3,
initializationRetryMaxTimeoutMs=120000, initializationRetryIntervalMs=100,
commonProps={request.timeout.ms=10000, ssl.client.auth=none,
ssl.keystore.location=/etc/kafka/ssl/keystore.p12,
bootstrap.servers=server1:9094, security.protocol=SASL_SSL, password=CLEARTEXT,
ssl.truststore.location=/etc/pki/java/cacerts, ssl.keystore.password=CLEARTEXT,
sasl.mechanism=SCRAM-SHA-512, ssl.key.password=CLEARTEXT,
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
required username="username" password="CLEARTEXT";,
ssl.truststore.password=CLEARTEXT, …
`
- updated toString method of TopicBasedRemoteLogMetadataManagerConfig to
check configuration keys for being sensitive
- Verified that produced logs has masking applied according to existing
rules.
### Committer Checklist (excluded from commit message)
- [ ] Verify design and implementation
- [ ] Verify test coverage and CI build status
- [ ] Verify documentation (including upgrade notes)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
