[pinot] branch master updated: Mask credentials in debug endpoint /appconfigs (#7452)

mayanks Sat, 18 Sep 2021 07:04:20 -0700

This is an automated email from the ASF dual-hosted git repository.

mayanks pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git



The following commit(s) were added to refs/heads/master by this push:
     new 9c2a333  Mask credentials in debug endpoint /appconfigs (#7452)
9c2a333 is described below

commit 9c2a333f3cc943e350ccbea8c95b804819009e20
Author: Ramakrishna Baratam <ramabara...@gmail.com>
AuthorDate: Sat Sep 18 07:01:47 2021 -0700

    Mask credentials in debug endpoint /appconfigs (#7452)
---
 .../apache/pinot/common/utils/PinotAppConfigs.java    |  3 ++-
 .../apache/pinot/controller/ControllerTestUtils.java  | 19 +++++++++++--------
 .../controller/api/PinotControllerAppConfigsTest.java | 12 +++++++++---
 .../pinot/server/api/PinotServerAppConfigsTest.java   | 12 +++++++++---
 4 files changed, 31 insertions(+), 15 deletions(-)

diff --git 
a/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java 
b/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java
index 986f482..254d2a8 100644
--- 
a/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java
+++ 
b/pinot-common/src/main/java/org/apache/pinot/common/utils/PinotAppConfigs.java
@@ -38,6 +38,7 @@ import java.util.Objects;
 import java.util.stream.Collectors;
 import org.apache.commons.io.FileUtils;
 import org.apache.pinot.spi.env.PinotConfiguration;
+import org.apache.pinot.spi.utils.Obfuscator;
 
 
 /**
@@ -341,7 +342,7 @@ public class PinotAppConfigs {
 
   public String toJSONString() {
     try {
-      return 
OBJECT_MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(this);
+      return 
OBJECT_MAPPER.writerWithDefaultPrettyPrinter().writeValueAsString(new 
Obfuscator().toJson(this));
     } catch (JsonProcessingException e) {
       return e.getMessage();
     }
diff --git 
a/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
 
b/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
index 170bea8..1e38de7 100644
--- 
a/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
+++ 
b/pinot-controller/src/test/java/org/apache/pinot/controller/ControllerTestUtils.java
@@ -233,9 +233,8 @@ public abstract class ControllerTestUtils {
 
   public static void addFakeBrokerInstanceToAutoJoinHelixCluster(String 
instanceId, boolean isSingleTenant)
       throws Exception {
-    HelixManager helixManager =
-        HelixManagerFactory.getZKHelixManager(getHelixClusterName(), 
instanceId, InstanceType.PARTICIPANT,
-            _zookeeperInstance.getZkUrl());
+    HelixManager helixManager = HelixManagerFactory
+        .getZKHelixManager(getHelixClusterName(), instanceId, 
InstanceType.PARTICIPANT, _zookeeperInstance.getZkUrl());
     helixManager.getStateMachineEngine()
         
.registerStateModelFactory(FakeBrokerResourceOnlineOfflineStateModelFactory.STATE_MODEL_DEF,
             FakeBrokerResourceOnlineOfflineStateModelFactory.FACTORY_INSTANCE);
@@ -334,9 +333,8 @@ public abstract class ControllerTestUtils {
   protected static void addFakeServerInstanceToAutoJoinHelixCluster(String 
instanceId, boolean isSingleTenant,
       int adminPort)
       throws Exception {
-    HelixManager helixManager =
-        HelixManagerFactory.getZKHelixManager(getHelixClusterName(), 
instanceId, InstanceType.PARTICIPANT,
-            _zookeeperInstance.getZkUrl());
+    HelixManager helixManager = HelixManagerFactory
+        .getZKHelixManager(getHelixClusterName(), instanceId, 
InstanceType.PARTICIPANT, _zookeeperInstance.getZkUrl());
     helixManager.getStateMachineEngine()
         
.registerStateModelFactory(FakeSegmentOnlineOfflineStateModelFactory.STATE_MODEL_DEF,
             FakeSegmentOnlineOfflineStateModelFactory.FACTORY_INSTANCE);
@@ -348,8 +346,9 @@ public abstract class ControllerTestUtils {
     } else {
       helixAdmin.addInstanceTag(getHelixClusterName(), instanceId, 
UNTAGGED_SERVER_INSTANCE);
     }
-    HelixConfigScope configScope = new 
HelixConfigScopeBuilder(HelixConfigScope.ConfigScopeProperty.PARTICIPANT,
-        getHelixClusterName()).forParticipant(instanceId).build();
+    HelixConfigScope configScope =
+        new 
HelixConfigScopeBuilder(HelixConfigScope.ConfigScopeProperty.PARTICIPANT, 
getHelixClusterName())
+            .forParticipant(instanceId).build();
     helixAdmin.setConfig(configScope, Collections.singletonMap(ADMIN_PORT_KEY, 
Integer.toString(adminPort)));
     FAKE_INSTANCE_HELIX_MANAGERS.add(helixManager);
   }
@@ -686,6 +685,10 @@ public abstract class ControllerTestUtils {
     // Used in PinotTableRestletResourceTest
     properties.put(ControllerConf.TABLE_MIN_REPLICAS, MIN_NUM_REPLICAS);
 
+    // Used in PinotControllerAppConfigsTest to test obfuscation
+    properties.put("controller.segment.fetcher.auth.token", "*personal*");
+    properties.put("controller.admin.access.control.principals.user.password", 
"*personal*");
+
     return properties;
   }
 
diff --git 
a/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
 
b/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
index 234aa63..902d432 100644
--- 
a/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
+++ 
b/pinot-controller/src/test/java/org/apache/pinot/controller/api/PinotControllerAppConfigsTest.java
@@ -23,6 +23,7 @@ import java.io.IOException;
 import org.apache.pinot.common.utils.PinotAppConfigs;
 import org.apache.pinot.controller.ControllerConf;
 import org.apache.pinot.controller.ControllerTestUtils;
+import org.apache.pinot.spi.utils.Obfuscator;
 import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.BeforeClass;
@@ -52,7 +53,8 @@ public class PinotControllerAppConfigsTest {
 
     String configsJson =
         
ControllerTestUtils.sendGetRequest(ControllerTestUtils.getControllerRequestURLBuilder().forAppConfigs());
-    PinotAppConfigs actual = new ObjectMapper().readValue(configsJson, 
PinotAppConfigs.class);
+    ObjectMapper mapper = new ObjectMapper();
+    PinotAppConfigs actual = mapper.readValue(configsJson, 
PinotAppConfigs.class);
 
     // RuntimeConfig is not checked as it has information that can change 
during the test run.
     // Also, some of the system configs can change, so compare the ones that 
don't.
@@ -65,8 +67,12 @@ public class PinotControllerAppConfigsTest {
     Assert.assertEquals(actualSystemConfig.getTotalPhysicalMemory(), 
expectedSystemConfig.getTotalPhysicalMemory());
     Assert.assertEquals(actualSystemConfig.getTotalSwapSpace(), 
expectedSystemConfig.getTotalSwapSpace());
 
-    Assert.assertEquals(actual.getJvmConfig(), expected.getJvmConfig());
-    Assert.assertEquals(actual.getPinotConfig(), 
expectedControllerConf.toMap());
+    // tests Equals on obfuscated expected and actual
+    Obfuscator obfuscator = new Obfuscator();
+    String obfuscatedExpectedJson = obfuscator.toJsonString(expected);
+    PinotAppConfigs obfuscatedExpected = 
mapper.readValue(obfuscatedExpectedJson, PinotAppConfigs.class);
+    Assert.assertEquals(actual.getJvmConfig(), 
obfuscatedExpected.getJvmConfig());
+    Assert.assertEquals(actual.getPinotConfig(), 
obfuscatedExpected.getPinotConfig());
   }
 
   @AfterClass
diff --git 
a/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
 
b/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
index 23428ac..978bd2a 100644
--- 
a/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
+++ 
b/pinot-server/src/test/java/org/apache/pinot/server/api/PinotServerAppConfigsTest.java
@@ -24,6 +24,7 @@ import javax.ws.rs.core.Response;
 import org.apache.pinot.common.utils.PinotAppConfigs;
 import org.apache.pinot.server.starter.helix.DefaultHelixStarterServerConfig;
 import org.apache.pinot.spi.env.PinotConfiguration;
+import org.apache.pinot.spi.utils.Obfuscator;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
@@ -46,7 +47,8 @@ public class PinotServerAppConfigsTest extends 
BaseResourceTest {
 
     Response response = 
_webTarget.path("/appconfigs").request().get(Response.class);
     String configsJson = response.readEntity(String.class);
-    PinotAppConfigs actual = new ObjectMapper().readValue(configsJson, 
PinotAppConfigs.class);
+    ObjectMapper mapper = new ObjectMapper();
+    PinotAppConfigs actual = mapper.readValue(configsJson, 
PinotAppConfigs.class);
 
     // RuntimeConfig is not checked as it has information that can change 
during the test run.
     // Also, some of the system configs can change, so compare the ones that 
don't.
@@ -59,7 +61,11 @@ public class PinotServerAppConfigsTest extends 
BaseResourceTest {
     Assert.assertEquals(actualSystemConfig.getTotalPhysicalMemory(), 
expectedSystemConfig.getTotalPhysicalMemory());
     Assert.assertEquals(actualSystemConfig.getTotalSwapSpace(), 
expectedSystemConfig.getTotalSwapSpace());
 
-    Assert.assertEquals(actual.getJvmConfig(), expected.getJvmConfig());
-    Assert.assertEquals(actual.getPinotConfig(), expectedServerConf.toMap());
+    // tests Equals on obfuscated expected and actual
+    Obfuscator obfuscator = new Obfuscator();
+    String obfuscatedExpectedJson = obfuscator.toJsonString(expected);
+    PinotAppConfigs obfuscatedExpected = 
mapper.readValue(obfuscatedExpectedJson, PinotAppConfigs.class);
+    Assert.assertEquals(actual.getJvmConfig(), 
obfuscatedExpected.getJvmConfig());
+    Assert.assertEquals(actual.getPinotConfig(), 
obfuscatedExpected.getPinotConfig());
   }
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

[pinot] branch master updated: Mask credentials in debug endpoint /appconfigs (#7452)

Reply via email to