close
Skip to content

remove sensitive catalog properties in getTable#1860

Merged
luoyuxia merged 1 commit into
apache:mainfrom
xx789633:remove_pwd
Nov 3, 2025
Merged

remove sensitive catalog properties in getTable#1860
luoyuxia merged 1 commit into
apache:mainfrom
xx789633:remove_pwd

Conversation

@xx789633
Copy link
Copy Markdown
Contributor

@xx789633 xx789633 commented Oct 24, 2025
edited by luoyuxia
Loading

Purpose

Linked issue: close #1904

Brief change log

Tests

API and Format

Documentation

luoyuxia
luoyuxia reviewed Nov 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@luoyuxia luoyuxia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left minor comments.

Comment thread fluss-server/src/main/java/org/apache/fluss/server/coordinator/MetadataManager.java Outdated
Comment thread fluss-server/src/main/java/org/apache/fluss/server/coordinator/MetadataManager.java Outdated
@luoyuxia luoyuxia requested a review from Copilot November 3, 2025 06:57
Copilot AI reviewed Nov 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds filtering of sensitive catalog properties (passwords, secrets, keys) from table metadata returned to clients. The implementation prevents exposure of sensitive configuration data when retrieving table information.

  • Added a removeSensitiveCatalogProperties method to filter out sensitive properties before returning table info
  • Defined a static set of sensitive property keywords ("password", "secret", "key")
  • Integrated the filtering into the getTable method to sanitize lake catalog options

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
fluss-server/src/main/java/org/apache/fluss/server/coordinator/MetadataManager.java Added sensitive property filtering logic and applied it to the getTable method
fluss-client/src/test/java/org/apache/fluss/client/admin/FlussAdminITCase.java Added test case to verify password property is filtered out while non-sensitive properties remain
fluss-client/src/test/java/org/apache/fluss/client/admin/ClientToServerITCaseBase.java Added test configuration with sensitive jdbc credentials for testing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread fluss-server/src/main/java/org/apache/fluss/server/coordinator/MetadataManager.java
Comment thread fluss-server/src/main/java/org/apache/fluss/server/coordinator/MetadataManager.java
Comment thread fluss-server/src/main/java/org/apache/fluss/server/coordinator/MetadataManager.java
private final int maxBucketNum;
private final LakeCatalogDynamicLoader lakeCatalogDynamicLoader;

public static final Set<String> SENSITIVE_TABLE_OPTIOINS = new HashSet<>();
Copy link

Copilot AI Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SENSITIVE_CATALOG_PROPERTIES set is not immutable despite being a public static final field. Consider using Collections.unmodifiableSet() or Java 9+ Set.of() to create a truly immutable set, preventing external modification.

Copilot uses AI. Check for mistakes.
@xx789633
Copy link
Copy Markdown
Contributor Author

xx789633 commented Nov 3, 2025

Hi @luoyuxia comments addresses. Please take a look.

luoyuxia
luoyuxia reviewed Nov 3, 2025
View reviewed changes
Comment thread fluss-server/src/main/java/org/apache/fluss/server/coordinator/MetadataManager.java
return;
}

Iterator<Map.Entry<String, String>> iterator = tableLakeOptions.entrySet().iterator();
Copy link
Copy Markdown
Contributor

@luoyuxia luoyuxia Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

for (String sensitiveKey : SENSITIVE_CATALOG_PROPERTIES) {
            tableLakeOptions.remove(sensitiveKey);
        }

Will it be more efficient or simple for iter table option consider table optio?

Copy link
Copy Markdown
Contributor Author

@xx789633 xx789633 Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a fuzzy string matching between tableLakeOptions's key and sensitiveKey. I'm afraid we are not able to do that.

@luoyuxia luoyuxia merged commit e402fbc into apache:main Nov 3, 2025
5 checks passed
@LiebingYu LiebingYu mentioned this pull request Jan 7, 2026
Closed
2 tasks
Ugbot pushed a commit to Ugbot/fluss that referenced this pull request Apr 26, 2026
@xx789633
[lake] Remove sensetive lake catalog properties in getTable (apache#1860
eb258ab 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luoyuxia luoyuxia luoyuxia left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Exclude sensitive details from the properties transferred by lake catalog

3 participants

@xx789633 @luoyuxia