HBASE-27320 hide some sensitive configuration information in the UI (#4723)
Co-authored-by: huiruan <huiruan@tencent.com>
Signed-off-by: Tak Lon (Stephen) Wu <taklwu@apache.org>
Signed-off-by: Duo Zhang <zhangduo@apache.org>
(cherry picked from commit b4e5875dd9
)
This commit is contained in:
parent
f1f79b9efe
commit
98391a3c55
|
@ -19,6 +19,8 @@ package org.apache.hadoop.hbase.http.conf;
|
|||
|
||||
import java.io.IOException;
|
||||
import java.io.Writer;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
@ -28,6 +30,8 @@ import org.apache.hadoop.hbase.http.HttpServer;
|
|||
import org.apache.yetus.audience.InterfaceAudience;
|
||||
import org.apache.yetus.audience.InterfaceStability;
|
||||
|
||||
import org.apache.hbase.thirdparty.com.google.common.collect.ImmutableList;
|
||||
|
||||
/**
|
||||
* A servlet to print out the running configuration data.
|
||||
*/
|
||||
|
@ -39,6 +43,9 @@ public class ConfServlet extends HttpServlet {
|
|||
private static final String FORMAT_JSON = "json";
|
||||
private static final String FORMAT_XML = "xml";
|
||||
private static final String FORMAT_PARAM = "format";
|
||||
private static final List<String> MASK_PROPERTIES =
|
||||
ImmutableList.of("password", "secret", "superuser");
|
||||
static final String MASKED = "<masked>";
|
||||
|
||||
/**
|
||||
* Return the Configuration of the daemon hosting this servlet. This is populated when the
|
||||
|
@ -83,15 +90,30 @@ public class ConfServlet extends HttpServlet {
|
|||
*/
|
||||
static void writeResponse(Configuration conf, Writer out, String format)
|
||||
throws IOException, BadFormatException {
|
||||
Configuration maskedConf = mask(conf);
|
||||
if (FORMAT_JSON.equals(format)) {
|
||||
Configuration.dumpConfiguration(conf, out);
|
||||
Configuration.dumpConfiguration(maskedConf, out);
|
||||
} else if (FORMAT_XML.equals(format)) {
|
||||
conf.writeXml(out);
|
||||
maskedConf.writeXml(out);
|
||||
} else {
|
||||
throw new BadFormatException("Bad format: " + format);
|
||||
}
|
||||
}
|
||||
|
||||
static Configuration mask(Configuration conf) {
|
||||
Configuration maskedConf = new Configuration(conf);
|
||||
for (Map.Entry<String, String> entry : maskedConf) {
|
||||
String key = entry.getKey();
|
||||
for (String maskProperty : MASK_PROPERTIES) {
|
||||
if (key.toLowerCase().contains(maskProperty)) {
|
||||
maskedConf.set(key, MASKED);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return maskedConf;
|
||||
}
|
||||
|
||||
public static class BadFormatException extends Exception {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
|
|
|
@ -113,6 +113,15 @@ public class TestConfServlet {
|
|||
assertTrue(foundSetting);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMask() {
|
||||
final String passwordKey = "hbase.rpc.tls.keystore.password";
|
||||
Configuration conf = getTestConf();
|
||||
conf.set(passwordKey, "MyPassword");
|
||||
Configuration maskedConf = ConfServlet.mask(conf);
|
||||
assertEquals(ConfServlet.MASKED, maskedConf.get(passwordKey));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testBadFormat() throws Exception {
|
||||
StringWriter sw = new StringWriter();
|
||||
|
|
Loading…
Reference in New Issue