Mask credentials in debug endpoint /appconfigs (apache#7452)

kriti-sc · Dec 12, 2021 · 792ff25 · 792ff25
1 parent 57c5c75
commit 792ff25
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 15 deletions.
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java
@@ -38,6 +38,7 @@
 import java.util.stream.Collectors;
 import org.apache.commons.io.FileUtils;
 import org.apache.pinot.spi.env.PinotConfiguration;
+import org.apache.pinot.spi.utils.Obfuscator;
 
 
 /**
@@ -341,7 +342,7 @@ public List<String> getGarbageCollectors() {
 
   public String toJSONString() {
     try {
-      return OBJECT_MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(this);
+      return OBJECT_MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(new Obfuscator().toJson(this));
     } catch (JsonProcessingException e) {
       return e.getMessage();
     }

diff --git a/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java b/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
@@ -233,9 +233,8 @@ public static void addMoreFakeBrokerInstancesToAutoJoinHelixCluster(int maxCount
 
   public static void addFakeBrokerInstanceToAutoJoinHelixCluster(String instanceId, boolean isSingleTenant)
       throws Exception {
-    HelixManager helixManager =
-        HelixManagerFactory.getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT,
-            _zookeeperInstance.getZkUrl());
+    HelixManager helixManager = HelixManagerFactory
+        .getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT, _zookeeperInstance.getZkUrl());
     helixManager.getStateMachineEngine()
         .registerStateModelFactory(FakeBrokerResourceOnlineOfflineStateModelFactory.STATE_MODEL_DEF,
             FakeBrokerResourceOnlineOfflineStateModelFactory.FACTORY_INSTANCE);
@@ -334,9 +333,8 @@ public static void addMoreFakeServerInstancesToAutoJoinHelixCluster(int maxCount
   protected static void addFakeServerInstanceToAutoJoinHelixCluster(String instanceId, boolean isSingleTenant,
       int adminPort)
       throws Exception {
-    HelixManager helixManager =
-        HelixManagerFactory.getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT,
-            _zookeeperInstance.getZkUrl());
+    HelixManager helixManager = HelixManagerFactory
+        .getZKHelixManager(getHelixClusterName(), instanceId, InstanceType.PARTICIPANT, _zookeeperInstance.getZkUrl());
     helixManager.getStateMachineEngine()
         .registerStateModelFactory(FakeSegmentOnlineOfflineStateModelFactory.STATE_MODEL_DEF,
             FakeSegmentOnlineOfflineStateModelFactory.FACTORY_INSTANCE);
@@ -348,8 +346,9 @@ protected static void addFakeServerInstanceToAutoJoinHelixCluster(String instanc
     } else {
       helixAdmin.addInstanceTag(getHelixClusterName(), instanceId, UNTAGGED_SERVER_INSTANCE);
     }
-    HelixConfigScope configScope = new HelixConfigScopeBuilder(HelixConfigScope.ConfigScopeProperty.PARTICIPANT,
-        getHelixClusterName()).forParticipant(instanceId).build();
+    HelixConfigScope configScope =
+        new HelixConfigScopeBuilder(HelixConfigScope.ConfigScopeProperty.PARTICIPANT, getHelixClusterName())
+            .forParticipant(instanceId).build();
     helixAdmin.setConfig(configScope, Collections.singletonMap(ADMIN_PORT_KEY, Integer.toString(adminPort)));
     FAKE_INSTANCE_HELIX_MANAGERS.add(helixManager);
   }
@@ -686,6 +685,10 @@ public static Map<String, Object> getSuiteControllerConfiguration() {
     // Used in PinotTableRestletResourceTest
     properties.put(ControllerConf.TABLE_MIN_REPLICAS, MIN_NUM_REPLICAS);
 
+    // Used in PinotControllerAppConfigsTest to test obfuscation
+    properties.put("controller.segment.fetcher.auth.token", "*personal*");
+    properties.put("controller.admin.access.control.principals.user.password", "*personal*");
+
     return properties;
   }
 

diff --git a/...ntroller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java b/...ntroller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
@@ -23,6 +23,7 @@
 import org.apache.pinot.common.utils.PinotAppConfigs;
 import org.apache.pinot.controller.ControllerConf;
 import org.apache.pinot.controller.ControllerTestUtils;
+import org.apache.pinot.spi.utils.Obfuscator;
 import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
@@ -52,7 +53,8 @@ public void testControllerAppConfigs()
 
     String configsJson =
         ControllerTestUtils.sendGetRequest(ControllerTestUtils.getControllerRequestURLBuilder().forAppConfigs());
-    PinotAppConfigs actual = new ObjectMapper().readValue(configsJson, PinotAppConfigs.class);
+    ObjectMapper mapper = new ObjectMapper();
+    PinotAppConfigs actual = mapper.readValue(configsJson, PinotAppConfigs.class);
 
     // RuntimeConfig is not checked as it has information that can change during the test run.
     // Also, some of the system configs can change, so compare the ones that don't.
@@ -65,8 +67,12 @@ public void testControllerAppConfigs()
     Assert.assertEquals(actualSystemConfig.getTotalPhysicalMemory(), expectedSystemConfig.getTotalPhysicalMemory());
     Assert.assertEquals(actualSystemConfig.getTotalSwapSpace(), expectedSystemConfig.getTotalSwapSpace());
 
-    Assert.assertEquals(actual.getJvmConfig(), expected.getJvmConfig());
-    Assert.assertEquals(actual.getPinotConfig(), expectedControllerConf.toMap());
+    // tests Equals on obfuscated expected and actual
+    Obfuscator obfuscator = new Obfuscator();
+    String obfuscatedExpectedJson = obfuscator.toJsonString(expected);
+    PinotAppConfigs obfuscatedExpected = mapper.readValue(obfuscatedExpectedJson, PinotAppConfigs.class);
+    Assert.assertEquals(actual.getJvmConfig(), obfuscatedExpected.getJvmConfig());
+    Assert.assertEquals(actual.getPinotConfig(), obfuscatedExpected.getPinotConfig());
   }
 
   @AfterClass

diff --git a/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java b/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
@@ -24,6 +24,7 @@
 import org.apache.pinot.common.utils.PinotAppConfigs;
 import org.apache.pinot.server.starter.helix.DefaultHelixStarterServerConfig;
 import org.apache.pinot.spi.env.PinotConfiguration;
+import org.apache.pinot.spi.utils.Obfuscator;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
@@ -46,7 +47,8 @@ public void testAppConfigs()
 
     Response response = _webTarget.path("/appconfigs").request().get(Response.class);
     String configsJson = response.readEntity(String.class);
-    PinotAppConfigs actual = new ObjectMapper().readValue(configsJson, PinotAppConfigs.class);
+    ObjectMapper mapper = new ObjectMapper();
+    PinotAppConfigs actual = mapper.readValue(configsJson, PinotAppConfigs.class);
 
     // RuntimeConfig is not checked as it has information that can change during the test run.
     // Also, some of the system configs can change, so compare the ones that don't.
@@ -59,7 +61,11 @@ public void testAppConfigs()
     Assert.assertEquals(actualSystemConfig.getTotalPhysicalMemory(), expectedSystemConfig.getTotalPhysicalMemory());
     Assert.assertEquals(actualSystemConfig.getTotalSwapSpace(), expectedSystemConfig.getTotalSwapSpace());
 
-    Assert.assertEquals(actual.getJvmConfig(), expected.getJvmConfig());
-    Assert.assertEquals(actual.getPinotConfig(), expectedServerConf.toMap());
+    // tests Equals on obfuscated expected and actual
+    Obfuscator obfuscator = new Obfuscator();
+    String obfuscatedExpectedJson = obfuscator.toJsonString(expected);
+    PinotAppConfigs obfuscatedExpected = mapper.readValue(obfuscatedExpectedJson, PinotAppConfigs.class);
+    Assert.assertEquals(actual.getJvmConfig(), obfuscatedExpected.getJvmConfig());
+    Assert.assertEquals(actual.getPinotConfig(), obfuscatedExpected.getPinotConfig());
   }
 }