From e8131107343a13ba059aab01214a3f68f363535a Mon Sep 17 00:00:00 2001
From: John Zhuge <jzhuge@apache.org>
Date: Wed, 19 Apr 2017 13:34:43 -0700
Subject: [PATCH] Revert "HADOOP-14241. Add ADLS sensitive config keys to
 default list. Contributed by John Zhuge."

This reverts commit 935ea448c1364befb58dd1ccedd4d7f736c8002a.
---
 .../org/apache/hadoop/conf/ConfigRedactor.java  |  3 +--
 .../fs/CommonConfigurationKeysPublic.java       | 16 +++++++---------
 .../src/main/resources/core-default.xml         | 15 +++------------
 .../apache/hadoop/conf/TestConfigRedactor.java  | 17 +----------------
 4 files changed, 12 insertions(+), 39 deletions(-)

diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfigRedactor.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfigRedactor.java
index 90b260e34fd..0ba756c7d4b 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfigRedactor.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfigRedactor.java
@@ -42,8 +42,7 @@ public class ConfigRedactor {
     String sensitiveRegexList = conf.get(
         HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS,
         HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS_DEFAULT);
-    List<String> sensitiveRegexes =
-        Arrays.asList(sensitiveRegexList.trim().split("[,\\s]+"));
+    List<String> sensitiveRegexes = Arrays.asList(sensitiveRegexList.split(","));
     compiledPatterns = new ArrayList<Pattern>();
     for (String regex : sensitiveRegexes) {
       Pattern p = Pattern.compile(regex);
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
index c2a7239abee..e55e08e39b6 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
@@ -737,14 +737,12 @@ public class CommonConfigurationKeysPublic {
   public static final String HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS =
       "hadoop.security.sensitive-config-keys";
   public static final String HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS_DEFAULT =
-      String.join(",",
-          "secret$",
-          "password$",
-          "ssl.keystore.pass$",
-          "fs.s3.*[Ss]ecret.?[Kk]ey",
-          "fs.azure\\.account.key.*",
-          "credential$",
-          "oauth.*token$",
-          HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS);
+      "secret$" + "," +
+      "password$" + "," +
+      "ssl.keystore.pass$" + "," +
+      "fs.s3.*[Ss]ecret.?[Kk]ey" + "," +
+      "fs.azure\\.account.key.*" + "," +
+      "dfs.webhdfs.oauth2.[a-z]+.token" + "," +
+      HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS;
 }
 
diff --git a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
index f31920522ee..2e2155ae3ae 100644
--- a/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
+++ b/hadoop-common-project/hadoop-common/src/main/resources/core-default.xml
@@ -432,18 +432,9 @@
 
 <property>
   <name>hadoop.security.sensitive-config-keys</name>
-  <value>
-      secret$
-      password$
-      ssl.keystore.pass$
-      fs.s3.*[Ss]ecret.?[Kk]ey
-      fs.azure.account.key.*
-      credential$
-      oauth.*token$
-      hadoop.security.sensitive-config-keys
-  </value>
-  <description>A comma-separated or multi-line list of regular expressions to
-      match configuration keys that should be redacted where appropriate, for
+  <value>secret$,password$,ssl.keystore.pass$,fs.s3.*[Ss]ecret.?[Kk]ey,fs.azure.account.key.*,dfs.webhdfs.oauth2.[a-z]+.token,hadoop.security.sensitive-config-keys</value>
+  <description>A comma-separated list of regular expressions to match against
+      configuration keys that should be redacted where appropriate, for
       example, when logging modified properties during a reconfiguration,
       private credentials should not be logged.
   </description>
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestConfigRedactor.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestConfigRedactor.java
index ba08de4bcc7..eedb9b2b7cd 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestConfigRedactor.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestConfigRedactor.java
@@ -34,30 +34,15 @@ public class TestConfigRedactor {
   private static final String ORIGINAL_VALUE = "Hello, World!";
 
   @Test
-  public void testRedactWithCoreDefault() throws Exception {
+  public void redact() throws Exception {
     Configuration conf = new Configuration();
-    testRedact(conf);
-  }
-
-  @Test
-  public void testRedactNoCoreDefault() throws Exception {
-    Configuration conf = new Configuration(false);
-    testRedact(conf);
-  }
-
-  private void testRedact(Configuration conf) throws Exception {
     ConfigRedactor redactor = new ConfigRedactor(conf);
     String processedText;
 
     List<String> sensitiveKeys = Arrays.asList(
         "fs.s3a.secret.key",
-        "fs.s3a.bucket.BUCKET.secret.key",
         "fs.s3n.awsSecretKey",
         "fs.azure.account.key.abcdefg.blob.core.windows.net",
-        "fs.adl.oauth2.refresh.token",
-        "fs.adl.oauth2.credential",
-        "dfs.adls.oauth2.refresh.token",
-        "dfs.adls.oauth2.credential",
         "dfs.webhdfs.oauth2.access.token",
         "dfs.webhdfs.oauth2.refresh.token",
         "ssl.server.keystore.keypassword",