HeartSaVioR commented on a change in pull request #27018: [SPARK-30361][REST]
Monitoring URL do not redact information about environment
URL: https://github.com/apache/spark/pull/27018#discussion_r361567478
##########
File path:
core/src/main/scala/org/apache/spark/status/api/v1/OneApplicationResource.scala
##########
@@ -97,7 +99,15 @@ private[v1] class AbstractApplicationResource extends
BaseAppResource {
@GET
@Path("environment")
- def environmentInfo(): ApplicationEnvironmentInfo =
withUI(_.store.environmentInfo())
+ def environmentInfo(): ApplicationEnvironmentInfo = withUI { ui =>
+ val envInfo = ui.store.environmentInfo()
+ new v1.ApplicationEnvironmentInfo(
+ envInfo.runtime,
+ Utils.redact(ui.conf, envInfo.sparkProperties),
+ Utils.redact(ui.conf, envInfo.hadoopProperties),
+ Utils.redact(ui.conf, envInfo.systemProperties),
+ Utils.redact(ui.conf, envInfo.classpathEntries))
Review comment:
+1. I'm not sure what's the point of applying redact to classpath entries,
and why exposing classpath entries without redacting is considered as security
issue. Moreover I'm not sure what would be matched to redact patterns from
classpath entries.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
