[SPARK-22479][SQL] Exclude credentials from SaveintoDataSourceCommand.simpleString

[onursatici]

What changes were proposed in this pull request?

Do not include jdbc properties which may contain credentials in logging a logical plan with SaveIntoDataSourceCommand in it.

How was this patch tested?

building locally and trying to reproduce (per the steps in https://issues.apache.org/jira/browse/SPARK-22479):

== Parsed Logical Plan ==
SaveIntoDataSourceCommand org.apache.spark.sql.execution.datasources.jdbc.JdbcRelationProvider@570127fa, Map(dbtable -> test20, driver -> org.postgresql.Driver, url -> *********(redacted), password -> *********(redacted)), ErrorIfExists
   +- Range (0, 100, step=1, splits=Some(8))

== Analyzed Logical Plan ==
SaveIntoDataSourceCommand org.apache.spark.sql.execution.datasources.jdbc.JdbcRelationProvider@570127fa, Map(dbtable -> test20, driver -> org.postgresql.Driver, url -> *********(redacted), password -> *********(redacted)), ErrorIfExists
   +- Range (0, 100, step=1, splits=Some(8))

== Optimized Logical Plan ==
SaveIntoDataSourceCommand org.apache.spark.sql.execution.datasources.jdbc.JdbcRelationProvider@570127fa, Map(dbtable -> test20, driver -> org.postgresql.Driver, url -> *********(redacted), password -> *********(redacted)), ErrorIfExists
   +- Range (0, 100, step=1, splits=Some(8))

== Physical Plan ==
Execute SaveIntoDataSourceCommand
   +- SaveIntoDataSourceCommand org.apache.spark.sql.execution.datasources.jdbc.JdbcRelationProvider@570127fa, Map(dbtable -> test20, driver -> org.postgresql.Driver, url -> *********(redacted), password -> *********(redacted)), ErrorIfExists
         +- Range (0, 100, step=1, splits=Some(8))

[ash211]

Jenkins, this is ok to test

[SparkQA]

Test build #83652 has finished for PR 19708 at commit 04aa9f0.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gatorsmile]

https://github.com/apache/spark/blob/master/core/src/main/scala/org/apache/spark/util/Utils.scala#L2631-L2638

Reuse spark.redaction.regex?

[onursatici]

I can use that, but I would need to expand the default for spark.redaction.regex as the user and url (some drivers allow credentials passed in the connection url) fields might also contain sensitive data. We should also change JDBCRelation::toString to include the redaction regex to be consistent.

I would argue not showing the jdbc properties at all because they provide little value and wrong redaction regex configuration could cause leaks to downstream log collection systems.

let me know if that makes sense, and I can modify this accordingly

[gatorsmile]

SaveIntoDataSourceCommand is not being used for JDBC only.

JDBCRelation::toString was already fixed in #15975 ?

[SparkQA]

Test build #83799 has finished for PR 19708 at commit a0d15df.

• This patch fails to build.
• This patch merges cleanly.
• This patch adds no public classes.

[SparkQA]

Test build #83810 has finished for PR 19708 at commit ae091ec.

• This patch fails Scala style tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gatorsmile]

Just want to confirm whether the examples in the PR description are the ones based on the latest updates?

[gatorsmile]

Generally, this looks good to me.

cc @cloud-fan @hvanhovell

[hvanhovell]

This looks good. I was wondering if we shouldn't also take a look at data source operations like InsertIntoDataSourceCommand?

Could you also add a test?

[SparkQA]

Test build #83811 has finished for PR 19708 at commit 56f48f3.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[onursatici]

Yeah PR description reflects the latest changes.
InsertIntoDataSourceCommand could log credentials via the JDBCRelation it contains, but that class already properly redacts

[SparkQA]

Test build #83864 has finished for PR 19708 at commit db565f6.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds the following public classes (experimental):
• class SaveIntoDataSourceCommandSuite extends SharedSQLContext

[ash211]

old test name? we're not modifying the treeString anymore, it's just the SaveIntoDataSourceCommand

[onursatici]

I followed the naming convention here:

spark/sql/core/src/test/scala/org/apache/spark/sql/execution/DataSourceScanExecRedactionSuite.scala

Line 33 in e9f983d

test("treeString is redacted") {

we are essentially redacting SaveIntoDataSourceCommand::simpleString which is called in SaceIntoDataSourceCommand::treeString

[hvanhovell]

That is not really a convention. Can you just call it simpleString is redacted?

[jiangxb1987]

Shoundn't this be spark.redaction.regex instead of spark.redaction.string.regex?

[jiangxb1987]

LGTM pending jenkins

[gatorsmile]

Nit: indents.

[SparkQA]

Test build #83895 has finished for PR 19708 at commit 2a1204b.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gatorsmile]

LGTM

[SparkQA]

Test build #83896 has finished for PR 19708 at commit 2983bba.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[ash211]

LGTM

[SparkQA]

Test build #83901 has finished for PR 19708 at commit 2942477.

• This patch passes all tests.
• This patch merges cleanly.
• This patch adds no public classes.

[gatorsmile]

Thanks! Merged to master.

@onursatici Could you submit a separate PR for 2.2?