For the last point you raised, can you come up with a unit test that shows what you observed ?
Cheers On Mon, Dec 18, 2017 at 11:14 AM, Vincent Meng <vm...@zefr.com> wrote: > Hi all, > > I've created KIP-242, a proposal to secure credentials in kafka connect > rest endpoint. > > https://cwiki.apache.org/confluence/display/KAFKA/KIP- > 242%3A+Mask+password+in+Kafka+Connect+Rest+API+response > > Here are something I'd like to discuss: > > - The "masked" value is set to "*********" (9 stars) currently. It's an > arbitrary value I picked. Are there any better options? > - The proposal change is in the > *org.apache.kafka.connect.runtime.rest.resources.ConnectorsResource* > class, where before the response is returned we go through config and > mask > the password. This has been proven to work. However I think it's > cleaner if > we do the masking in > *org.apache.kafka.connect.runtime.rest.entities.ConnectorInfo* where > config() method can return the masked config, so that we don't have to > mask > the value in each endpoint (and new endpoints if added in the future). I > ran into some issue with this. So after a while, I start seeing > incorrect > password being used for the connector. My conjecture is that the value > stored in kafka has been changed to the mask value. Can someone confirm > this might happen with kafka connect? Feel like *ConnectorInfo.Config()* > is used somewhere to update connect config storage topic. > > If there's any comments on the KIP let me know. Thank you very much. > > -Vincent >
