Skip to content

Fix a series of secret logging leakage issues#585

Merged
YiDing-Duke merged 8 commits into
confluentinc:2.5from
YiDing-Duke:yi-2.5
Jun 7, 2021
Merged

Fix a series of secret logging leakage issues#585
YiDing-Duke merged 8 commits into
confluentinc:2.5from
YiDing-Duke:yi-2.5

Conversation

@YiDing-Duke

@YiDing-Duke YiDing-Duke commented Jun 7, 2021

Copy link
Copy Markdown

This is a backport of #584

In addition, for baseline compatibility it partially backports 7e2fb89 to only include

  1. clients/src/main/java/org/apache/kafka/common/utils/ConfigUtils.java
  2. clients/src/test/java/org/apache/kafka/common/utils/ConfigUtilsTest.java

Manikumar Reddy (omkreddy) and others added 8 commits June 7, 2021 13:45
@omkreddy @YiDing-Duke
MINOR: Update log statements in alterBrokerConfigs/alterTopicConfigs …
9674cee 
…methods

Current below log statements are not useful. This PR logs readable/masked configs during alterBrokerConfigs/alterTopicConfigs method call.

`[Admin Manager on Broker 1]: Updating topic test with new configuration kafka.server.KafkaConfigc9ba35e3`

Author: Manikumar Reddy <manikumar.reddy@gmail.com>

Reviewers: Rajini Sivaram <rajinisivaram@googlemail.com>, Chia-Ping Tsai <chia7712@gmail.com>

Closes apache#9824 from omkreddy/admin-logs
@YiDing-Duke
KC-1752 Fix potential alter/update config related secret logging leakage
d145f07
@YiDing-Duke
KC-1752 Remove public facing String redact API which is not currently…
6c19338 
… used
@xvrl @YiDing-Duke
KAFKA-10570; Rename JMXReporter configs for KIP-629
f137ed1 
* rename whitelist/blacklist to include/exclude
* add utility methods to translate deprecated configs

Author: Xavier Léauté <xvrl@apache.org>

Reviewers: Gwen Shapira

Closes apache#9367 from xvrl/kafka-10570
@YiDing-Duke
KC-1625: DynamicBrokerConfig must not log sensitive config values
fc1de8b
@YiDing-Duke
Hide secrets when logging during exception in DynamicBrokerConfig
62e2037
@ijuma @YiDing-Duke
KSTORAGE-1626: Do not log sensitive configs during topic creation (ap…
823b954 
…ache#3849)

This issue has been there for multiple years.

Also adjust the logging to only include overridden topic configs, I
_think_ this behavior changed unintentionally as part of the kraft work
(and made the original issue worse).

Unit test included and also tested manually.

Reviewer: Alok Nikhil <anikhil@confluent.io>, Kowshik Prakasam <kprakasam@confluent.io>
@ijuma @YiDing-Duke
MINOR: Fix spotBugs error when building with Scala 2.12
ffa8ef4
@YiDing-Duke YiDing-Duke merged commit ffa8ef4 into confluentinc:2.5 Jun 7, 2021
@YiDing-Duke YiDing-Duke deleted the yi-2.5 branch June 7, 2021 23:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ditac Aadithya Chandra (ditac) ditac approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@YiDing-Duke @ditac @omkreddy @xvrl @ijuma