Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
yiicenne
DolphinScheduler
提交
38b87673
DolphinScheduler
项目概览
yiicenne
/
DolphinScheduler
与 Fork 源项目一致
Fork自
apache / DolphinScheduler
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
DolphinScheduler
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
38b87673
编写于
11月 24, 2022
作者:
R
rickchengx
提交者:
GitHub
11月 24, 2022
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[Feature-10498] Mask the password in the log of sqoop task (#11589)
上级
db615ba2
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
70 addition
and
56 deletion
+70
-56
docs/docs/en/architecture/design.md
docs/docs/en/architecture/design.md
+1
-1
docs/docs/zh/architecture/design.md
docs/docs/zh/architecture/design.md
+1
-1
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverter.java
...e/dolphinscheduler/common/log/SensitiveDataConverter.java
+17
-30
dolphinscheduler-common/src/test/java/org/apache/dolphinscheduler/common/log/SensitiveDataConverterTest.java
...lphinscheduler/common/log/SensitiveDataConverterTest.java
+6
-21
dolphinscheduler-master/src/main/resources/logback-spring.xml
...hinscheduler-master/src/main/resources/logback-spring.xml
+1
-1
dolphinscheduler-standalone-server/src/main/resources/logback-spring.xml
...r-standalone-server/src/main/resources/logback-spring.xml
+1
-1
dolphinscheduler-task-plugin/dolphinscheduler-task-sqoop/src/main/java/org/apache/dolphinscheduler/plugin/task/sqoop/SqoopConstants.java
...he/dolphinscheduler/plugin/task/sqoop/SqoopConstants.java
+1
-0
dolphinscheduler-task-plugin/dolphinscheduler-task-sqoop/src/main/java/org/apache/dolphinscheduler/plugin/task/sqoop/SqoopTask.java
.../apache/dolphinscheduler/plugin/task/sqoop/SqoopTask.java
+3
-0
dolphinscheduler-task-plugin/dolphinscheduler-task-sqoop/src/test/java/org/apache/dolphinscheduler/plugin/task/sqoop/SqoopTaskTest.java
...che/dolphinscheduler/plugin/task/sqoop/SqoopTaskTest.java
+38
-0
dolphinscheduler-worker/src/main/resources/logback-spring.xml
...hinscheduler-worker/src/main/resources/logback-spring.xml
+1
-1
未找到文件。
docs/docs/en/architecture/design.md
浏览文件 @
38b87673
...
...
@@ -197,7 +197,7 @@ In the early schedule design, if there is no priority design and use the fair sc
-
For details, please refer to the logback configuration of Master and Worker, as shown in the following example:
```
xml
<conversionRule
conversionWord=
"message"
converterClass=
"org.apache.dolphinscheduler.
service
.log.SensitiveDataConverter"
/>
<conversionRule
conversionWord=
"message"
converterClass=
"org.apache.dolphinscheduler.
common
.log.SensitiveDataConverter"
/>
<appender
name=
"TASKLOGFILE"
class=
"ch.qos.logback.classic.sift.SiftingAppender"
>
<filter
class=
"org.apache.dolphinscheduler.service.log.TaskLogFilter"
/>
<Discriminator
class=
"org.apache.dolphinscheduler.service.log.TaskLogDiscriminator"
>
...
...
docs/docs/zh/architecture/design.md
浏览文件 @
38b87673
...
...
@@ -195,7 +195,7 @@
-
详情可参考Master和Worker的logback配置,如下示例:
```
xml
<conversionRule
conversionWord=
"message"
converterClass=
"org.apache.dolphinscheduler.
service
.log.SensitiveDataConverter"
/>
<conversionRule
conversionWord=
"message"
converterClass=
"org.apache.dolphinscheduler.
common
.log.SensitiveDataConverter"
/>
<appender
name=
"TASKLOGFILE"
class=
"ch.qos.logback.classic.sift.SiftingAppender"
>
<filter
class=
"org.apache.dolphinscheduler.service.log.TaskLogFilter"
/>
<Discriminator
class=
"org.apache.dolphinscheduler.service.log.TaskLogDiscriminator"
>
...
...
dolphinscheduler-
service/src/main/java/org/apache/dolphinscheduler/service
/log/SensitiveDataConverter.java
→
dolphinscheduler-
common/src/main/java/org/apache/dolphinscheduler/common
/log/SensitiveDataConverter.java
浏览文件 @
38b87673
...
...
@@ -15,11 +15,15 @@
* limitations under the License.
*/
package
org.apache.dolphinscheduler.
service
.log
;
package
org.apache.dolphinscheduler.
common
.log
;
import
org.apache.dolphinscheduler.common.constants.Constants
;
import
org.apache.dolphinscheduler.common.constants.DataSourceConstants
;
import
org.apache.commons.lang3.StringUtils
;
import
java.util.Arrays
;
import
java.util.HashSet
;
import
java.util.regex.Matcher
;
import
java.util.regex.Pattern
;
...
...
@@ -33,10 +37,9 @@ import com.google.common.base.Strings;
*/
public
class
SensitiveDataConverter
extends
MessageConverter
{
/**
* password pattern
*/
private
final
Pattern
pwdPattern
=
Pattern
.
compile
(
DataSourceConstants
.
DATASOURCE_PASSWORD_REGEX
);
private
static
Pattern
multilinePattern
;
private
static
HashSet
<
String
>
maskPatterns
=
new
HashSet
<>(
Arrays
.
asList
(
DataSourceConstants
.
DATASOURCE_PASSWORD_REGEX
));
@Override
public
String
convert
(
ILoggingEvent
event
)
{
...
...
@@ -45,41 +48,25 @@ public class SensitiveDataConverter extends MessageConverter {
String
requestLogMsg
=
event
.
getFormattedMessage
();
// desensitization log
return
convertMsg
(
requestLogMsg
);
return
maskSensitiveData
(
requestLogMsg
);
}
/**
* deal with sensitive log
*
* @param oriLogMsg original log
*/
private
String
convertMsg
(
final
String
oriLogMsg
)
{
String
tempLogMsg
=
oriLogMsg
;
if
(!
Strings
.
isNullOrEmpty
(
tempLogMsg
))
{
tempLogMsg
=
passwordHandler
(
pwdPattern
,
tempLogMsg
);
}
return
tempLogMsg
;
public
static
void
addMaskPattern
(
String
maskPattern
)
{
maskPatterns
.
add
(
maskPattern
);
}
/**
* password regex
*
* @param logMsg original log
*/
static
String
passwordHandler
(
Pattern
pwdPattern
,
String
logMsg
)
{
Matcher
matcher
=
pwdPattern
.
matcher
(
logMsg
);
public
static
String
maskSensitiveData
(
final
String
logMsg
)
{
if
(
StringUtils
.
isEmpty
(
logMsg
))
{
return
logMsg
;
}
multilinePattern
=
Pattern
.
compile
(
String
.
join
(
"|"
,
maskPatterns
),
Pattern
.
MULTILINE
);
StringBuffer
sb
=
new
StringBuffer
(
logMsg
.
length
());
Matcher
matcher
=
multilinePattern
.
matcher
(
logMsg
);
while
(
matcher
.
find
())
{
String
password
=
matcher
.
group
();
String
maskPassword
=
Strings
.
repeat
(
Constants
.
STAR
,
password
.
length
());
matcher
.
appendReplacement
(
sb
,
maskPassword
);
}
matcher
.
appendTail
(
sb
);
...
...
dolphinscheduler-
service/src/test/java/org/apache/dolphinscheduler/service
/log/SensitiveDataConverterTest.java
→
dolphinscheduler-
common/src/test/java/org/apache/dolphinscheduler/common
/log/SensitiveDataConverterTest.java
浏览文件 @
38b87673
...
...
@@ -15,13 +15,7 @@
* limitations under the License.
*/
package
org.apache.dolphinscheduler.service.log
;
import
static
org
.
apache
.
dolphinscheduler
.
service
.
log
.
SensitiveDataConverter
.
passwordHandler
;
import
org.apache.dolphinscheduler.common.constants.DataSourceConstants
;
import
java.util.regex.Pattern
;
package
org.apache.dolphinscheduler.common.log
;
import
org.junit.jupiter.api.Assertions
;
import
org.junit.jupiter.api.Test
;
...
...
@@ -32,11 +26,6 @@ public class SensitiveDataConverterTest {
private
final
Logger
logger
=
LoggerFactory
.
getLogger
(
SensitiveDataConverterTest
.
class
);
/**
* password pattern
*/
private
final
Pattern
pwdPattern
=
Pattern
.
compile
(
DataSourceConstants
.
DATASOURCE_PASSWORD_REGEX
);
private
final
String
logMsg
=
"{\"address\":\"jdbc:mysql://192.168.xx.xx:3306\","
+
"\"database\":\"carbond\","
+
"\"jdbcUrl\":\"jdbc:mysql://192.168.xx.xx:3306/ods\","
...
...
@@ -49,21 +38,17 @@ public class SensitiveDataConverterTest {
+
"\"user\":\"view\","
+
"\"password\":\"*****\"}"
;
@Test
public
void
convert
()
{
Assertions
.
assertEquals
(
maskLogMsg
,
passwordHandler
(
pwdPattern
,
logMsg
));
}
/**
* mask sensitive logMsg - sql task datasource password
*/
@Test
public
void
testPwdLogMsgConverter
()
{
logger
.
info
(
"parameter : {}"
,
logMsg
);
logger
.
info
(
"parameter : {}"
,
passwordHandler
(
pwdPattern
,
logMsg
));
final
String
maskedLog
=
SensitiveDataConverter
.
maskSensitiveData
(
logMsg
);
logger
.
info
(
"original parameter : {}"
,
logMsg
);
logger
.
info
(
"masked parameter : {}"
,
maskedLog
);
Assertions
.
assertNotEquals
(
logMsg
,
passwordHandler
(
pwdPattern
,
logMsg
));
Assertions
.
assertEquals
(
maskLogMsg
,
passwordHandler
(
pwdPattern
,
logMsg
));
Assertions
.
assertEquals
(
maskLogMsg
,
maskedLog
);
}
...
...
dolphinscheduler-master/src/main/resources/logback-spring.xml
浏览文件 @
38b87673
...
...
@@ -28,7 +28,7 @@
</appender>
<conversionRule
conversionWord=
"message"
converterClass=
"org.apache.dolphinscheduler.
service
.log.SensitiveDataConverter"
/>
converterClass=
"org.apache.dolphinscheduler.
common
.log.SensitiveDataConverter"
/>
<appender
name=
"TASKLOGFILE"
class=
"ch.qos.logback.classic.sift.SiftingAppender"
>
<filter
class=
"org.apache.dolphinscheduler.service.log.TaskLogFilter"
/>
<Discriminator
class=
"org.apache.dolphinscheduler.service.log.TaskLogDiscriminator"
>
...
...
dolphinscheduler-standalone-server/src/main/resources/logback-spring.xml
浏览文件 @
38b87673
...
...
@@ -48,7 +48,7 @@
<logger
name=
"org.apache.hadoop"
level=
"WARN"
/>
<conversionRule
conversionWord=
"message"
converterClass=
"org.apache.dolphinscheduler.
service
.log.SensitiveDataConverter"
/>
converterClass=
"org.apache.dolphinscheduler.
common
.log.SensitiveDataConverter"
/>
<appender
name=
"TASKLOGFILE"
class=
"ch.qos.logback.classic.sift.SiftingAppender"
>
<filter
class=
"org.apache.dolphinscheduler.service.log.TaskLogFilter"
/>
<Discriminator
class=
"org.apache.dolphinscheduler.service.log.TaskLogDiscriminator"
>
...
...
dolphinscheduler-task-plugin/dolphinscheduler-task-sqoop/src/main/java/org/apache/dolphinscheduler/plugin/task/sqoop/SqoopConstants.java
浏览文件 @
38b87673
...
...
@@ -72,4 +72,5 @@ public final class SqoopConstants {
public
static
final
String
UPDATE_KEY
=
"--update-key"
;
public
static
final
String
UPDATE_MODE
=
"--update-mode"
;
public
static
final
String
SQOOP_PASSWORD_REGEX
=
"(?<=(--password \")).+?(?=\")"
;
}
dolphinscheduler-task-plugin/dolphinscheduler-task-sqoop/src/main/java/org/apache/dolphinscheduler/plugin/task/sqoop/SqoopTask.java
浏览文件 @
38b87673
...
...
@@ -17,6 +17,7 @@
package
org.apache.dolphinscheduler.plugin.task.sqoop
;
import
org.apache.dolphinscheduler.common.log.SensitiveDataConverter
;
import
org.apache.dolphinscheduler.common.utils.JSONUtils
;
import
org.apache.dolphinscheduler.plugin.task.api.AbstractYarnTask
;
import
org.apache.dolphinscheduler.plugin.task.api.TaskExecutionContext
;
...
...
@@ -67,6 +68,8 @@ public class SqoopTask extends AbstractYarnTask {
sqoopTaskExecutionContext
=
sqoopParameters
.
generateExtendedContext
(
taskExecutionContext
.
getResourceParametersHelper
());
SensitiveDataConverter
.
addMaskPattern
(
SqoopConstants
.
SQOOP_PASSWORD_REGEX
);
}
@Override
...
...
dolphinscheduler-task-plugin/dolphinscheduler-task-sqoop/src/test/java/org/apache/dolphinscheduler/plugin/task/sqoop/SqoopTaskTest.java
0 → 100644
浏览文件 @
38b87673
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.apache.dolphinscheduler.plugin.task.sqoop
;
import
org.apache.dolphinscheduler.common.log.SensitiveDataConverter
;
import
org.junit.jupiter.api.Assertions
;
import
org.junit.jupiter.api.Test
;
public
class
SqoopTaskTest
{
@Test
public
void
testSqoopPasswordMask
()
{
final
String
originalScript
=
"sqoop import -D mapred.job.name=sqoop_task -m 1 --connect \"jdbc:mysql://localhost:3306/defuault\" --username root --password \"mypassword\" --table student --target-dir /sqoop_test --as-textfile"
;
final
String
maskScript
=
"sqoop import -D mapred.job.name=sqoop_task -m 1 --connect \"jdbc:mysql://localhost:3306/defuault\" --username root --password \"**********\" --table student --target-dir /sqoop_test --as-textfile"
;
SensitiveDataConverter
.
addMaskPattern
(
SqoopConstants
.
SQOOP_PASSWORD_REGEX
);
Assertions
.
assertEquals
(
maskScript
,
SensitiveDataConverter
.
maskSensitiveData
(
originalScript
));
}
}
dolphinscheduler-worker/src/main/resources/logback-spring.xml
浏览文件 @
38b87673
...
...
@@ -29,7 +29,7 @@
</appender>
<conversionRule
conversionWord=
"message"
converterClass=
"org.apache.dolphinscheduler.
service
.log.SensitiveDataConverter"
/>
converterClass=
"org.apache.dolphinscheduler.
common
.log.SensitiveDataConverter"
/>
<appender
name=
"TASKLOGFILE"
class=
"ch.qos.logback.classic.sift.SiftingAppender"
>
<filter
class=
"org.apache.dolphinscheduler.service.log.TaskLogFilter"
/>
<Discriminator
class=
"org.apache.dolphinscheduler.service.log.TaskLogDiscriminator"
>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录