From b6b94370e2060e5283b5652914693afea624d88c Mon Sep 17 00:00:00 2001
From: jzjsnow <snow.jiangzj@gmail.com>
Date: Fri, 17 Jan 2025 18:21:21 +0800
Subject: [PATCH] fixup! [AMORO-3335] Add interface ConfigShade to support
 encryption of sensitive configuration items and provide a base64 encoding
 implementation

---
 charts/amoro/templates/amoro-configmap.yaml  | 13 ++++++++-
 charts/amoro/tests/amoro-configmap_test.yaml | 28 ++++++++++++++++++++
 charts/amoro/values.yaml                     |  6 +++++
 3 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/charts/amoro/templates/amoro-configmap.yaml b/charts/amoro/templates/amoro-configmap.yaml
index bf06c40389..ec4cb9c83d 100644
--- a/charts/amoro/templates/amoro-configmap.yaml
+++ b/charts/amoro/templates/amoro-configmap.yaml
@@ -40,7 +40,18 @@ data:
     ams:
       server-bind-host: "0.0.0.0"
       server-expose-host: "127.0.0.1"
-
+    
+    {{- if or .Values.amoroConf.shade.identifier .Values.amoroConf.shade.sensitiveKeywords}}
+      
+      shade:
+        {{- if .Values.amoroConf.shade.identifier }}
+        identifier: {{ .Values.amoroConf.shade.identifier }}
+        {{- end }}
+        {{- if .Values.amoroConf.shade.sensitiveKeywords }}
+        sensitive-keywords: {{ .Values.amoroConf.shade.sensitiveKeywords }}
+        {{- end }}
+    {{- end }}
+    
       thrift-server:
         max-message-size: 104857600 # 100MB
         selector-thread-count: 2
diff --git a/charts/amoro/tests/amoro-configmap_test.yaml b/charts/amoro/tests/amoro-configmap_test.yaml
index 73a5fe97ce..66d674fc8f 100644
--- a/charts/amoro/tests/amoro-configmap_test.yaml
+++ b/charts/amoro/tests/amoro-configmap_test.yaml
@@ -73,6 +73,34 @@ tests:
           pattern:
             |
             kyuubi.jdbc.url: "jdbc:hive2://127.0.0.1:10009/"
+  - it: Amoro configMap should show shade configs if shade.identifier is set
+    set:
+      amoroConf:
+        shade:
+          identifier: base64
+    asserts:
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: "shade:\\s*identifier: base64"
+  - it: Amoro configMap should show shade configs if shade.sensitiveKeywords is set
+    set:
+      amoroConf:
+        shade:
+          sensitiveKeywords: admin-password;database.password
+    asserts:
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: "shade:\\s*sensitive-keywords: admin-password;database.password"
+  - it: Amoro configMap should show shade configs if both shade.identifier and shade.sensitiveKeywords are set
+    set:
+      amoroConf:
+        shade:
+          identifier: base64
+          sensitiveKeywords: admin-password;database.password
+    asserts:
+      - matchRegex:
+          path: data["config.yaml"]
+          pattern: "shade:\\s*identifier: base64\\s*sensitive-keywords: admin-password;database.password"
   - it: Amoro configMap should show flink if flink optimizer enabled is set true
     set:
       optimizer:
diff --git a/charts/amoro/values.yaml b/charts/amoro/values.yaml
index bcb058565b..312fefaea0 100644
--- a/charts/amoro/values.yaml
+++ b/charts/amoro/values.yaml
@@ -144,6 +144,12 @@ amoroConf:
     adminUsername: admin
     adminPassword: admin
 
+  ## AMS config shade properties
+  ##
+  shade:
+    identifier: ~
+    sensitiveKeywords: ~
+
   ## AMS database properties, default value is derby. For production environment, suggest to use mysql
   ##
   database: