Make it easier to add a SanitizingFunction to mask properties with specific names #39243

philwebb · 2024-01-19T03:09:14Z

We removed default sanitization in #33448 but didn't offer an easy way for those that were happy with that approach to apply it again. This means that a lot users will be copying similar code.

A couple of options that come to mind are:

A property that contains property names that should be sanitized
A factory method on SanitizingFunction that makes it easier to create a @Bean

The text was updated successfully, but these errors were encountered:

philwebb · 2024-02-14T16:33:48Z

We're going to start by investigating option 2 and making it easy to build a SanitizingFunction with specific rules.

guai · 2024-05-21T10:43:23Z

Hi, is there a workaround? I want 2.7's behavior with management.endpoint.env.keys-to-sanitize in 3.2 (at least for now, while we are migrating)

datagitlies · 2024-05-21T13:20:06Z

Hi, is there a workaround? I want 2.7's behavior with management.endpoint.env.keys-to-sanitize in 3.2 (at least for now, while we are migrating)

@guai you can implement your own SanitizingFunction - see the comment here: #32156 (comment)

That said, I'm still hoping for a spring provided solution that makes it easier to create a @Bean so that I don't have to copy all that code from 2.7

datagitlies · 2024-05-21T13:31:50Z

We're going to start by investigating option 2 and making it easy to build a SanitizingFunction with specific rules.

@philwebb is there any update on this? If there is a branch I could look at or contribute to I'd be happy to pitch in for functionality that improves my codebase(s).

philwebb · 2024-05-21T20:18:30Z

@datagitlies We haven't had the chance to look at this one in any detail yet. I'm afraid we're currently heads down on the 3.3 release. If you have a proposal, feel free to submit a pull-request.

…ith spring boot upgrade to 3.x While upgrading the spring boot to 3.0.13 and spring cloud 2022.0.5, encountered the below errors during build process of kork-actuator module: ``` > Task :kork-actuator:compileJava FAILED /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/ActuatorEndpointsConfiguration.java:26: error: cannot find symbol import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; ^ symbol: class WebSecurityConfigurerAdapter location: package org.springframework.security.config.annotation.web.configuration /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/ActuatorEndpointsConfiguration.java:30: error: cannot find symbol public class ActuatorEndpointsConfiguration extends WebSecurityConfigurerAdapter { ^ symbol: class WebSecurityConfigurerAdapter 2 errors ``` With spring boot upgrade, spring security also upgrades from 5.x to 6.x. As per the migration [steps](https://www.baeldung.com/spring-security-migrate-5-to-6), `WebSecurityConfigurerAdapter` has been removed. So, it is not required to be extended, instead bean can be registered. ``` > Task :kork-actuator:compileJava FAILED /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/endpoint/ResolvedEnvironmentEndpoint.java:45: error: invalid method reference .ifPresent(sanitizer::setKeysToSanitize); ^ cannot find symbol symbol: method setKeysToSanitize(T) location: class Sanitizer where T is a type-variable: T extends Object declared in class Optional /kork/kork-actuator/src/main/java/com/netflix/spinnaker/kork/actuator/endpoint/ResolvedEnvironmentEndpoint.java:56: error: incompatible types: String cannot be converted to SanitizableData return sanitizer.sanitize(property, environment.getProperty(property)); ^ Note: Some messages have been simplified; recompile with -Xdiags:verbose to get full output 2 errors ``` In spring boot 3, changes are introduced in sanitization of actuator [endpoints](https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-3.0-Migration-Guide#actuator-endpoints-sanitization). Default `Sanitizer` implementation has been removed and replaced with `SanitizingFunction`. spring-projects/spring-boot#33448 spring-projects/spring-boot#39243 spring-projects/spring-boot#32156 So, added the `ActuatorSanitizingFunction` class to provide the default implementation of `SanitizingFunction`.

philwebb added the type: enhancement A general enhancement label Jan 19, 2024

philwebb added this to the General Backlog milestone Jan 19, 2024

philwebb added the for: team-meeting An issue we'd like to discuss as a team to make progress label Jan 19, 2024

philwebb mentioned this issue Jan 19, 2024

Improve "Sanitize Sensitive Values" section in reference documentation #39094

Closed

philwebb removed the for: team-meeting An issue we'd like to discuss as a team to make progress label Feb 14, 2024

j-sandy mentioned this issue Dec 19, 2024

chore(dependency): upgrade spring boot from 2.7.x to 3.0.x and spring cloud from 2021.0.x to 2022.0.x spinnaker/kork#1216

Draft

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

philwebb commented Jan 19, 2024

philwebb commented Feb 14, 2024 •

edited

Loading

guai commented May 21, 2024

datagitlies commented May 21, 2024

datagitlies commented May 21, 2024

philwebb commented May 21, 2024

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

Make it easier to add a SanitizingFunction to mask properties with specific names #39243

Comments

philwebb commented Jan 19, 2024

philwebb commented Feb 14, 2024 • edited Loading

guai commented May 21, 2024

datagitlies commented May 21, 2024

datagitlies commented May 21, 2024

philwebb commented May 21, 2024

philwebb commented Feb 14, 2024 •

edited

Loading