commit 1cc559fa23f02b80f57788c670a4882685b9663f Author: Andrew Sherman Date: Tue Dec 5 17:35:31 2017 -0800 HIVE-18228: Azure credential properties should be added to the HiveConf hidden list Change testHiddenConfig() so that it iterates over a list of hidden properties. diff --git common/src/java/org/apache/hadoop/hive/conf/HiveConf.java common/src/java/org/apache/hadoop/hive/conf/HiveConf.java index a0b163d19c381a20df28188ca678a19785e4e112..1c4cdd30bbb8eb24eccbec2447b8474f6c368d0f 100644 --- common/src/java/org/apache/hadoop/hive/conf/HiveConf.java +++ common/src/java/org/apache/hadoop/hive/conf/HiveConf.java @@ -3617,7 +3617,9 @@ private static void populateLlapDaemonVarsSet(Set llapDaemonVarsSetLocal + ",fs.s3n.awsSecretAccessKey" + ",fs.s3a.access.key" + ",fs.s3a.secret.key" - + ",fs.s3a.proxy.password", + + ",fs.s3a.proxy.password" + + ",dfs.adls.oauth2.credential" + + ",fs.adl.oauth2.credential", "Comma separated list of configuration options which should not be read by normal user like passwords"), HIVE_CONF_INTERNAL_VARIABLE_LIST("hive.conf.internal.variable.list", "hive.added.files.path,hive.added.jars.path,hive.added.archives.path", diff --git common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java index d24668f3aea7e915f94726fb48711d98dcaeffc4..6a6780984d2941cd68bc94517fde1e9dbf15419b 100644 --- common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java +++ common/src/test/org/apache/hadoop/hive/conf/TestHiveConf.java @@ -17,6 +17,7 @@ */ package org.apache.hadoop.hive.conf; +import com.google.common.collect.Lists; import org.apache.hadoop.mapred.JobConf; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hive.conf.HiveConf.ConfVars; @@ -27,6 +28,7 @@ import java.io.UnsupportedEncodingException; import java.net.URLEncoder; +import java.util.ArrayList; import java.util.concurrent.TimeUnit; @@ -130,11 +132,8 @@ public void testToSizeBytes() throws Exception { @Test public void testHiddenConfig() throws Exception { HiveConf conf = new HiveConf(); - // check password configs are hidden - Assert.assertTrue(conf.isHiddenConfig(HiveConf.ConfVars.METASTOREPWD.varname)); - Assert.assertTrue(conf.isHiddenConfig( - HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname)); - // check change hidden list should fail + + // check that a change to the hidden list should fail try { final String name = HiveConf.ConfVars.HIVE_CONF_HIDDEN_LIST.varname; conf.verifyAndSet(name, ""); @@ -143,16 +142,30 @@ public void testHiddenConfig() throws Exception { } catch (IllegalArgumentException e) { // the verifyAndSet in this case is expected to fail with the IllegalArgumentException } - // check stripHiddenConfigurations - Configuration conf2 = new Configuration(conf); - conf2.set(HiveConf.ConfVars.METASTOREPWD.varname, "password"); - conf2.set(HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname, "password"); - conf.stripHiddenConfigurations(conf2); - Assert.assertTrue(conf.isHiddenConfig(HiveConf.ConfVars.METASTOREPWD.varname + "postfix")); - Assert.assertTrue( - conf.isHiddenConfig(HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname + "postfix")); - Assert.assertEquals("", conf2.get(HiveConf.ConfVars.METASTOREPWD.varname)); - Assert.assertEquals("", conf2.get(HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname)); + + ArrayList hiddenList = Lists.newArrayList( + HiveConf.ConfVars.METASTOREPWD.varname, + HiveConf.ConfVars.HIVE_SERVER2_SSL_KEYSTORE_PASSWORD.varname, + "fs.s3.awsSecretAccessKey", + "fs.s3n.awsSecretAccessKey", + "dfs.adls.oauth2.credential", + "fs.adl.oauth2.credential" + ); + + for (String hiddenConfig : hiddenList) { + // check configs are hidden + Assert.assertTrue("config " + hiddenConfig + " should be hidden", + conf.isHiddenConfig(hiddenConfig)); + // check stripHiddenConfigurations removes the property + Configuration conf2 = new Configuration(conf); + conf2.set(hiddenConfig, "password"); + conf.stripHiddenConfigurations(conf2); + // check that a property that begins the same is also hidden + Assert.assertTrue(conf.isHiddenConfig( + hiddenConfig + "postfix")); + // Check the stripped property is the empty string + Assert.assertEquals("", conf2.get(hiddenConfig)); + } } @Test