HBASE-27320 hide some sensitive configuration information in the UI (#4723)

Co-authored-by: huiruan <huiruan@tencent.com> Signed-off-by: Tak Lon (Stephen) Wu <taklwu@apache.org> Signed-off-by: Duo Zhang <zhangduo@apache.org> (cherry picked from commit b4e5875dd9def78e242a66fdf785270dbc8c90f2)
2022-08-24 14:06:18 +08:00 · 2022-08-24 14:06:18 +08:00 · 98391a3c55
commit 98391a3c55
parent f1f79b9efe
2 changed files with 33 additions and 2 deletions
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/conf/ConfServlet.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/conf/ConfServlet.java
@ -19,6 +19,8 @@ package org.apache.hadoop.hbase.http.conf;
 import java.io.IOException;
 import java.io.Writer;
 import java.util.List;
 import java.util.Map;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@ -28,6 +30,8 @@ import org.apache.hadoop.hbase.http.HttpServer;
 import org.apache.yetus.audience.InterfaceAudience;
 import org.apache.yetus.audience.InterfaceStability;
 import org.apache.hbase.thirdparty.com.google.common.collect.ImmutableList;
 /**
 * A servlet to print out the running configuration data.
 */
@ -39,6 +43,9 @@ public class ConfServlet extends HttpServlet {
  private static final String FORMAT_JSON = "json";
  private static final String FORMAT_XML = "xml";
  private static final String FORMAT_PARAM = "format";
  private static final List<String> MASK_PROPERTIES =
    ImmutableList.of("password", "secret", "superuser");
  static final String MASKED = "<masked>";
  /**
   * Return the Configuration of the daemon hosting this servlet. This is populated when the
@ -83,15 +90,30 @@ public class ConfServlet extends HttpServlet {
   */
  static void writeResponse(Configuration conf, Writer out, String format)
    throws IOException, BadFormatException {
    Configuration maskedConf = mask(conf);
    if (FORMAT_JSON.equals(format)) {
-      Configuration.dumpConfiguration(conf, out);
+      Configuration.dumpConfiguration(maskedConf, out);
    } else if (FORMAT_XML.equals(format)) {
-      conf.writeXml(out);
+      maskedConf.writeXml(out);
    } else {
      throw new BadFormatException("Bad format: " + format);
    }
  }
  static Configuration mask(Configuration conf) {
    Configuration maskedConf = new Configuration(conf);
    for (Map.Entry<String, String> entry : maskedConf) {
      String key = entry.getKey();
      for (String maskProperty : MASK_PROPERTIES) {
        if (key.toLowerCase().contains(maskProperty)) {
          maskedConf.set(key, MASKED);
          break;
        }
      }
    }
    return maskedConf;
  }
  public static class BadFormatException extends Exception {
    private static final long serialVersionUID = 1L;
--- a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/conf/TestConfServlet.java
+++ b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/conf/TestConfServlet.java
@ -113,6 +113,15 @@ public class TestConfServlet {
    assertTrue(foundSetting);
  }
  @Test
  public void testMask() {
    final String passwordKey = "hbase.rpc.tls.keystore.password";
    Configuration conf = getTestConf();
    conf.set(passwordKey, "MyPassword");
    Configuration maskedConf = ConfServlet.mask(conf);
    assertEquals(ConfServlet.MASKED, maskedConf.get(passwordKey));
  }
  @Test
  public void testBadFormat() throws Exception {
    StringWriter sw = new StringWriter();