Skip to content

[SPARK-29247][SQL] Redact sensitive information in when construct HiveClientHive.state #25954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AngersZhuuuu wants to merge 3 commits into from
Closed

[SPARK-29247][SQL] Redact sensitive information in when construct HiveClientHive.state #25954

AngersZhuuuu wants to merge 3 commits into from

Conversation

@AngersZhuuuu
Copy link
Contributor

@AngersZhuuuu AngersZhuuuu commented Sep 28, 2019
edited by dongjoon-hyun
Loading

What changes were proposed in this pull request?

HiveClientImpl may be log sensitive information. e.g. url, secret and token:

      logDebug(
        s"""
           |Applying Hadoop/Hive/Spark and extra properties to Hive Conf:
           |$k=${if (k.toLowerCase(Locale.ROOT).contains("password")) "xxx" else v}
         """.stripMargin)

So redact it. Use SQLConf.get.redactOptions.

I add a new overloading function to fit this situation for one by one kv pair situation.

Why are the changes needed?

Redact sensitive information when construct HiveClientImpl

Does this PR introduce any user-facing change?

No

How was this patch tested?

MT

Run command
/sbin/start-thriftserver.sh

In log we can get

19/09/28 08:27:02 main DEBUG HiveClientImpl:
Applying Hadoop/Hive/Spark and extra properties to Hive Conf:
hive.druid.metadata.password=*********(redacted)

HyukjinKwon
HyukjinKwon reviewed Sep 28, 2019
View reviewed changes
sql/hive/src/main/scala/org/apache/spark/sql/hive/client/HiveClientImpl.scala Outdated
s"""
|Applying Hadoop/Hive/Spark and extra properties to Hive Conf:
|$k=${if (k.toLowerCase(Locale.ROOT).contains("password")) "xxx" else v}
|$k=${SQLConf.get.redactOptions(k.toLowerCase(Locale.ROOT) -> v)._2}
Copy link
Member

@HyukjinKwon HyukjinKwon Sep 28, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we just use Map here instead of adding the copies of redact for (K, V)?

Copy link
Contributor Author

@AngersZhuuuu AngersZhuuuu Sep 28, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we just use Map here instead of adding the copies of redact for (K, V)?

In that way we need to get conf map , put all of then to hiveConf then call SQLConf.get.redactOptions, and print out log.

If we don't want to overloading a new method, it's ok.

Copy link
Member

@srowen srowen Sep 28, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I don't think it's worth adding two more methods for this.

Copy link
Contributor Author

@AngersZhuuuu AngersZhuuuu Sep 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change back use origin method.

@AngersZhuuuu
Copy link
Contributor Author

AngersZhuuuu commented Sep 28, 2019

cc @wangyum

@HyukjinKwon
Copy link
Member

HyukjinKwon commented Sep 28, 2019

ok to test

@SparkQA
Copy link

SparkQA commented Sep 28, 2019

Test build #111538 has finished for PR 25954 at commit 6aa0819.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

@SparkQA
Copy link

SparkQA commented Sep 29, 2019

Test build #111549 has finished for PR 25954 at commit b056622.

  • This patch passes all tests.
  • This patch merges cleanly.
  • This patch adds no public classes.

dongjoon-hyun
dongjoon-hyun approved these changes Sep 29, 2019
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, LGTM. Merged to master/2.4. Thank you, @AngersZhuuuu , @HyukjinKwon , @srowen .

dongjoon-hyun pushed a commit that referenced this pull request Sep 29, 2019
@AngersZhuuuu @dongjoon-hyun
[SPARK-29247][SQL] Redact sensitive information in when construct Hiv…
e12398c 
…eClientHive.state

### What changes were proposed in this pull request?

HiveClientImpl may be log sensitive information. e.g. url, secret and token:
```scala
      logDebug(
        s"""
           |Applying Hadoop/Hive/Spark and extra properties to Hive Conf:
           |$k=${if (k.toLowerCase(Locale.ROOT).contains("password")) "xxx" else v}
         """.stripMargin)
```
So redact it.  Use SQLConf.get.redactOptions.

I add a new overloading function to fit this situation for one by one kv pair situation.

### Why are the changes needed?
Redact sensitive information when construct HiveClientImpl

### Does this PR introduce any user-facing change?
No

### How was this patch tested?
MT

Run command
` /sbin/start-thriftserver.sh`

In log we can get
```
19/09/28 08:27:02 main DEBUG HiveClientImpl:
Applying Hadoop/Hive/Spark and extra properties to Hive Conf:
hive.druid.metadata.password=*********(redacted)
```

Closes #25954 from AngersZhuuuu/SPARK-29247.

Authored-by: angerszhu <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
(cherry picked from commit 1d4b2f0)
Signed-off-by: Dongjoon Hyun <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HyukjinKwon HyukjinKwon HyukjinKwon left review comments

@srowen srowen srowen approved these changes

@dongjoon-hyun dongjoon-hyun dongjoon-hyun approved these changes

Assignees

No one assigned

Labels

SQL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@AngersZhuuuu @HyukjinKwon @SparkQA @srowen @dongjoon-hyun