hadoop ConfigRedactor 源码

  • 2022-10-20
  • 浏览 (460)

haddop ConfigRedactor 代码

文件路径:/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/ConfigRedactor.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.hadoop.conf;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;

import static org.apache.hadoop.fs.CommonConfigurationKeys.*;

import org.apache.hadoop.util.StringUtils;

/**
 * Tool for redacting sensitive information when displaying config parameters.
 *
 * <p>Some config parameters contain sensitive information (for example, cloud
 * storage keys). When these properties are displayed in plaintext, we should
 * redactor their values as appropriate.
 */
public class ConfigRedactor {

  private static final String REDACTED_TEXT = "<redacted>";
  private static final String REDACTED_XML = "******";

  private List<Pattern> compiledPatterns;

  public ConfigRedactor(Configuration conf) {
    String sensitiveRegexList = conf.get(
        HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS,
        HADOOP_SECURITY_SENSITIVE_CONFIG_KEYS_DEFAULT);
    List<String> sensitiveRegexes =
        Arrays.asList(StringUtils.getTrimmedStrings(sensitiveRegexList));
    compiledPatterns = new ArrayList<Pattern>();
    for (String regex : sensitiveRegexes) {
      Pattern p = Pattern.compile(regex);
      compiledPatterns.add(p);
    }
  }

  /**
   * Given a key / value pair, decides whether or not to redact and returns
   * either the original value or text indicating it has been redacted.
   *
   * @param key param key.
   * @param value param value, will return if conditions permit.
   * @return Original value, or text indicating it has been redacted
   */
  public String redact(String key, String value) {
    if (configIsSensitive(key)) {
      return REDACTED_TEXT;
    }
    return value;
  }

  /**
   * Matches given config key against patterns and determines whether or not
   * it should be considered sensitive enough to redact in logs and other
   * plaintext displays.
   *
   * @param key
   * @return True if parameter is considered sensitive
   */
  private boolean configIsSensitive(String key) {
    for (Pattern regex : compiledPatterns) {
      if (regex.matcher(key).find()) {
        return true;
      }
    }
    return false;
  }

  /**
   * Given a key / value pair, decides whether or not to redact and returns
   * either the original value or text indicating it has been redacted.
   *
   * @param key param key.
   * @param value param value, will return if conditions permit.
   * @return Original value, or text indicating it has been redacted
   */
  public String redactXml(String key, String value) {
    if (configIsSensitive(key)) {
      return REDACTED_XML;
    }
    return value;
  }
}

相关信息

hadoop 源码目录

相关文章

hadoop ConfServlet 源码

hadoop Configurable 源码

hadoop Configuration 源码

hadoop ConfigurationWithLogging 源码

hadoop Configured 源码

hadoop Reconfigurable 源码

hadoop ReconfigurableBase 源码

hadoop ReconfigurationException 源码

hadoop ReconfigurationServlet 源码

hadoop ReconfigurationTaskStatus 源码

0  赞