Chris Nauroth updated YARN-3834:
    Attachment: YARN-3834.001.patch

The attached patch changes the code to use {{Token#toString}}.  The 
{{toString}} method is already coded to be safe for logging, because it does 
not include any representation of the secret.  Thanks also to [~vicaya] for the 
suggestion to add logging of a fingerprint of the full representation, which is 
a one-way hash (non-reversible, therefore safe).

> Scrub debug logging of tokens during resource localization.
> -----------------------------------------------------------
>                 Key: YARN-3834
>                 URL: https://issues.apache.org/jira/browse/YARN-3834
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: nodemanager
>    Affects Versions: 2.7.1
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: YARN-3834.001.patch
> During resource localization, the NodeManager logs tokens at debug level to 
> aid troubleshooting.  This includes the full token representation.  Best 
> practice is to avoid logging anything secret, even at debug level.  We can 
> improve on this by changing the logging to use a scrubbed representation of 
> the token.

This message was sent by Atlassian JIRA

Reply via email to