Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mask properties from logging (#3332) 

* Mask properties from logging

* mask "password" by default
This commit is contained in:
Navis Ryu 2016-08-09 01:06:10 +09:00 committed by Nishant
parent ed5b92d612
commit 39351fb8d2
3 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/content/configuration/index.md
View File

@ -82,6 +82,7 @@ All nodes can log debugging information on startup.
|Property|Description|Default| |Property|Description|Default|
|--------|-----------|-------| |--------|-----------|-------|
|`druid.startup.logging.logProperties`|Log all properties on startup (from common.runtime.properties, runtime.properties, and the JVM command line).|false| |`druid.startup.logging.logProperties`|Log all properties on startup (from common.runtime.properties, runtime.properties, and the JVM command line).|false|
|`druid.startup.logging.maskProperties`|Masks sensitive properties (passwords, for example) containing theses words.|["password"]|
Note that some sensitive information may be logged if these settings are enabled. Note that some sensitive information may be logged if these settings are enabled.

11
server/src/main/java/io/druid/server/log/StartupLoggingConfig.java
View File

@ -20,14 +20,25 @@
package io.druid.server.log; package io.druid.server.log;
import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.collect.ImmutableList;
import java.util.List;
public class StartupLoggingConfig public class StartupLoggingConfig
{ {
@JsonProperty @JsonProperty
private boolean logProperties = false; private boolean logProperties = false;
@JsonProperty
private List<String> maskProperties = ImmutableList.of("password");
public boolean isLogProperties() public boolean isLogProperties()
{ {
return logProperties; return logProperties;
} }
public List<String> getMaskProperties()
{
return maskProperties;
}
} }

12
services/src/main/java/io/druid/cli/GuiceRunnable.java
View File

@ -21,6 +21,7 @@ package io.druid.cli;
import com.google.common.base.Throwables; import com.google.common.base.Throwables;
import com.google.common.collect.Ordering; import com.google.common.collect.Ordering;
import com.google.common.collect.Sets;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Injector; import com.google.inject.Injector;
import com.google.inject.Module; import com.google.inject.Module;
@ -32,6 +33,7 @@ import io.druid.server.log.StartupLoggingConfig;
import java.util.List; import java.util.List;
import java.util.Properties; import java.util.Properties;
import java.util.Set;
/** /**
*/ */
@ -80,10 +82,18 @@ public abstract class GuiceRunnable implements Runnable
); );
if (startupLoggingConfig.isLogProperties()) { if (startupLoggingConfig.isLogProperties()) {
final Set<String> maskProperties = Sets.newHashSet(startupLoggingConfig.getMaskProperties());
final Properties props = injector.getInstance(Properties.class); final Properties props = injector.getInstance(Properties.class);
for (String propertyName : Ordering.natural().sortedCopy(props.stringPropertyNames())) { for (String propertyName : Ordering.natural().sortedCopy(props.stringPropertyNames())) {
log.info("* %s: %s", propertyName, props.getProperty(propertyName)); String property = props.getProperty(propertyName);
for (String masked : maskProperties) {
if (propertyName.contains(masked)) {
property = "<masked>";
break;
}
}
log.info("* %s: %s", propertyName, property);
} }
} }