fixup! [AMORO-3335] Add interface ConfigShade to support encryption o…

…f sensitive configuration items and provide a base64 encoding implementation
apache · Jan 17, 2025 · b6b9437 · b6b9437
1 parent c389574
commit b6b9437
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 1 deletion.
diff --git a/charts/amoro/templates/amoro-configmap.yaml b/charts/amoro/templates/amoro-configmap.yaml
@@ -40,7 +40,18 @@ data:
     ams:
       server-bind-host: "0.0.0.0"
       server-expose-host: "127.0.0.1"
-
+    
+    {{- if or .Values.amoroConf.shade.identifier .Values.amoroConf.shade.sensitiveKeywords}}
+      
+      shade:
+        {{- if .Values.amoroConf.shade.identifier }}
+        identifier: {{ .Values.amoroConf.shade.identifier }}
+        {{- end }}
+        {{- if .Values.amoroConf.shade.sensitiveKeywords }}
+        sensitive-keywords: {{ .Values.amoroConf.shade.sensitiveKeywords }}
+        {{- end }}
+    {{- end }}
+    
       thrift-server:
         max-message-size: 104857600 # 100MB
         selector-thread-count: 2

diff --git a/charts/amoro/tests/amoro-configmap_test.yaml b/charts/amoro/tests/amoro-configmap_test.yaml
@@ -73,6 +73,34 @@ tests:
           pattern:
             |
             kyuubi.jdbc.url: "jdbc:hive2://127.0.0.1:10009/"
+  - it: Amoro configMap should show shade configs if shade.identifier is set
+    set:
+      amoroConf:
+        shade:
+          identifier: base64
+    asserts:
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: "shade:\\s*identifier: base64"
+  - it: Amoro configMap should show shade configs if shade.sensitiveKeywords is set
+    set:
+      amoroConf:
+        shade:
+          sensitiveKeywords: admin-password;database.password
+    asserts:
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: "shade:\\s*sensitive-keywords: admin-password;database.password"
+  - it: Amoro configMap should show shade configs if both shade.identifier and shade.sensitiveKeywords are set
+    set:
+      amoroConf:
+        shade:
+          identifier: base64
+          sensitiveKeywords: admin-password;database.password
+    asserts:
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: "shade:\\s*identifier: base64\\s*sensitive-keywords: admin-password;database.password"
   - it: Amoro configMap should show flink if flink optimizer enabled is set true
     set:
       optimizer:

diff --git a/charts/amoro/values.yaml b/charts/amoro/values.yaml
@@ -144,6 +144,12 @@ amoroConf:
     adminUsername: admin
     adminPassword: admin
 
+  ## AMS config shade properties
+  ##
+  shade:
+    identifier: ~
+    sensitiveKeywords: ~
+
   ## AMS database properties, default value is derby. For production environment, suggest to use mysql
   ##
   database: