[SPARK-36400][SPARK-36398][SQL][WEBUI] Make ThriftServer recognize spark.sql.redaction.string.regex #33743
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sarutak
changed the title
|
Test build #142467 has finished for PR 33743 at commit
|
|
Kubernetes integration test unable to build dist. exiting with code: 1 |
|
Hi @sarutak, |
Member
|
Yeah looks like it. |
Member
|
cc @juliuszsompolski and @wangyum FYI |
sarutak
changed the title
sarutak
changed the title
Member
Author
|
@dnskr Thank you for letting me know. Yes, SPARK-36398 seems to be resolved by this change too. |
Member
|
Looks ok to me. Could we add a test for this change? |
Member
Author
|
@wangyum Yeah it's better to have, but |
wangyum
approved these changes
Aug 17, 2021
Member
Author
|
Merging to |
sarutak
added a commit
that referenced
this pull request
Aug 18, 2021
…ark.sql.redaction.string.regex ### What changes were proposed in this pull request? This PR fixes an issue that ThriftServer doesn't recognize `spark.sql.redaction.string.regex`. The problem is that sensitive information included in queries can be exposed.   ### Why are the changes needed? Bug fix. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Ran ThriftServer, connect to it and execute `CREATE TABLE mytbl2(a int) OPTIONS(url="jdbc:mysql//example.com:3306", driver="com.mysql.jdbc.Driver", dbtable="test_tbl", user="test_usr", password="abcde");` with `spark.sql.redaction.string.regex=((?i)(?<=password=))(".*")|('.*')` Then, confirmed UI.   Closes #33743 from sarutak/thrift-redact. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com> (cherry picked from commit b914ff7) Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com>
sarutak
added a commit
that referenced
this pull request
Aug 18, 2021
…ark.sql.redaction.string.regex ### What changes were proposed in this pull request? This PR fixes an issue that ThriftServer doesn't recognize `spark.sql.redaction.string.regex`. The problem is that sensitive information included in queries can be exposed.   ### Why are the changes needed? Bug fix. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Ran ThriftServer, connect to it and execute `CREATE TABLE mytbl2(a int) OPTIONS(url="jdbc:mysql//example.com:3306", driver="com.mysql.jdbc.Driver", dbtable="test_tbl", user="test_usr", password="abcde");` with `spark.sql.redaction.string.regex=((?i)(?<=password=))(".*")|('.*')` Then, confirmed UI.   Closes #33743 from sarutak/thrift-redact. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com> (cherry picked from commit b914ff7) Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com>
Comment on lines
188
to
+189
| logInfo(s"Submitting query '$statement' with $statementId") | ||
| val redactedStatement = SparkUtils.redact(sqlContext.conf.stringRedactionPattern, statement) |
Contributor
There was a problem hiding this comment.
@sarutak it would be great to also log the redactedStatement in the logInfo one line above, otherwise the credentials needlessly leak to log4j logs.
Member
Author
There was a problem hiding this comment.
Oh, let me open a followup PR. Thanks.
sarutak
added a commit
that referenced
this pull request
Sep 2, 2021
…ation in UI by config ### What changes were proposed in this pull request? This PR adds a test for SPARK-36400 (#33743). ### Why are the changes needed? SPARK-36512 (#33741) was fixed so we can add this test now. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? New test. Closes #33885 from sarutak/add-reduction-test. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com>
flyrain
pushed a commit
to flyrain/spark
that referenced
this pull request
Sep 21, 2021
…ark.sql.redaction.string.regex ### What changes were proposed in this pull request? This PR fixes an issue that ThriftServer doesn't recognize `spark.sql.redaction.string.regex`. The problem is that sensitive information included in queries can be exposed.   ### Why are the changes needed? Bug fix. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? Ran ThriftServer, connect to it and execute `CREATE TABLE mytbl2(a int) OPTIONS(url="jdbc:mysql//example.com:3306", driver="com.mysql.jdbc.Driver", dbtable="test_tbl", user="test_usr", password="abcde");` with `spark.sql.redaction.string.regex=((?i)(?<=password=))(".*")|('.*')` Then, confirmed UI.   Closes apache#33743 from sarutak/thrift-redact. Authored-by: Kousuke Saruta <sarutak@oss.nttdata.com> Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com> (cherry picked from commit b914ff7) Signed-off-by: Kousuke Saruta <sarutak@oss.nttdata.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
This PR fixes an issue that ThriftServer doesn't recognize
spark.sql.redaction.string.regex.The problem is that sensitive information included in queries can be exposed.
Why are the changes needed?
Bug fix.
Does this PR introduce any user-facing change?
No.
How was this patch tested?
Ran ThriftServer, connect to it and execute
CREATE TABLE mytbl2(a int) OPTIONS(url="jdbc:mysql//example.com:3306", driver="com.mysql.jdbc.Driver", dbtable="test_tbl", user="test_usr", password="abcde");withspark.sql.redaction.string.regex=((?i)(?<=password=))(".*")|('.*')Then, confirmed UI.