From reviews-return-26640-archive-asf-public=cust-asf.ponee.io@impala.apache.org Thu Jan 4 01:43:24 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id B716018077A for ; Thu, 4 Jan 2018 01:43:24 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id A729A160C39; Thu, 4 Jan 2018 00:43:24 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id ED03A160C1B for ; Thu, 4 Jan 2018 01:43:23 +0100 (CET) Received: (qmail 8522 invoked by uid 500); 4 Jan 2018 00:43:23 -0000 Mailing-List: contact reviews-help@impala.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list reviews@impala.apache.org Received: (qmail 8510 invoked by uid 99); 4 Jan 2018 00:43:22 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2018 00:43:22 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 82A791A08D3 for ; Thu, 4 Jan 2018 00:43:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.362 X-Spam-Level: ** X-Spam-Status: No, score=2.362 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, RDNS_DYNAMIC=0.363, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id l2xBHHJJfYv1 for ; Thu, 4 Jan 2018 00:43:21 +0000 (UTC) Received: from ip-10-146-233-104.ec2.internal (ec2-75-101-130-251.compute-1.amazonaws.com [75.101.130.251]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 369F85F3B6 for ; Thu, 4 Jan 2018 00:43:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by ip-10-146-233-104.ec2.internal (8.14.4/8.14.4) with ESMTP id w040hKno025114; Thu, 4 Jan 2018 00:43:20 GMT X-Gerrit-PatchSet: 2 Date: Thu, 4 Jan 2018 00:43:20 +0000 From: "Bharath Vissapragada (Code Review)" To: Marcel Kornacker , impala-cr@cloudera.com, reviews@impala.incubator.apache.org Message-ID: X-Gerrit-MessageType: newchange Subject: =?UTF-8?Q?=5BImpala-ASF-CR=5D_IMPALA-6348=3A_Redact_only_sensitive_fields_in_runtime_profiles=0A?= X-Gerrit-Change-Id: Iae3b6726009bf458a7ec73131e5d659b12ab73cf X-Gerrit-Change-Number: 8934 X-Gerrit-ChangeURL: X-Gerrit-Commit: b68ab0724e5fdafa0d34d9b4c48a8a03acbbe432 Reply-To: bharathv@cloudera.com, impala-cr@cloudera.com, marcelk@gmail.com, reviews@impala.incubator.apache.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Disposition: inline User-Agent: Gerrit/2.14.2 Content-Type: multipart/alternative; boundary="3fd34xTqmFo="; charset=UTF-8 --3fd34xTqmFo= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Bharath Vissapragada has uploaded this change for review=2E ( http://gerrit= =2Ecloudera=2Eorg:8080/8934 Change subject: IMPALA-6348: Redact only sens= itive fields in runtime profiles =2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E= =2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E= =2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E= =2E=2E=2E=2E=2E=2E IMPALA-6348: Redact only sensitive fields in runtime pr= ofiles Without this patch, redaction is applied to every field in the runt= ime profile=2E This approach has an undesired side effect when Kerberos aut= h + email redaction is in place=2E Since the redaction applies to every fi= eld, even principals (from Connected/Delegated User fields) are redacted, a= s the Kerberos principal format generally pattern matches with an email red= actor template=2E This is particularly problematic for monitoring tools th= at consume runtime profiles and use these fields to group the queries by us= er=2E This patch fixes the problem by redacting only the following sensiti= ve fields=2E - Query Statement - Error logs (since they can contain column= references etc=2E) - Query Status - Query Plan Other fields in the runtim= e profile are left unredacted=2E Change-Id: Iae3b6726009bf458a7ec73131e5d6= 59b12ab73cf --- M be/src/service/client-request-state=2Ecc M be/src/service= /impala-server=2Ecc M be/src/util/runtime-profile=2Ecc M be/src/util/runtim= e-profile=2Eh M tests/custom_cluster/test_redaction=2Epy 5 files changed, 4= 7 insertions(+), 12 deletions(-) git pull ssh://gerrit=2Ecloudera=2Eor= g:29418/Impala-ASF refs/changes/34/8934/2 -- To view, visit http://gerrit= =2Ecloudera=2Eorg:8080/8934 To unsubscribe, visit http://gerrit=2Ecloudera= =2Eorg:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerr= it-MessageType: newchange Gerrit-Change-Id: Iae3b6726009bf458a7ec73131e5d65= 9b12ab73cf Gerrit-Change-Number: 8934 Gerrit-PatchSet: 2 Gerrit-Owner: Bhar= ath Vissapragada --3fd34xTqmFo=--