OpenMetadata Fix: Avoid store sensitive info in created event if a Secrets Manager is configured

Fix: Avoid store sensitive info in created event if a Secrets Manager is configured

Open nahuelverdugo opened this issue 2 years ago • 5 comments

Describe your changes :

The connection and security config stored in IngestionPipeline and Services objects must be nullified when we save an entityCreated event.

Type of change :

[x] Improvement

Checklist:

[x] I have read the CONTRIBUTING document.
[ ] I have commented on my code, particularly in hard-to-understand areas.
[ ] I have added tests that prove my fix is effective or that my feature works.
[x] All new and existing tests passed.

Reviewers

Backend: @open-metadata/backend

Aug 09 '22 09:08 nahuelverdugo

Test summary

63 • 0 • 4 • 0

Run details


Project	openmetadata
Status	Passed
Commit	cb4f57d5ff
Started	Aug 12, 2022 10:28 AM
Ended	Aug 12, 2022 10:38 AM
Duration	10:36 💡
OS	Linux Ubuntu - 20.04
Browser	Chrome 104

View run in Cypress Dashboard ➡️

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

Aug 09 '22 09:08 cypress[bot]

@nahuelverdugo can we extend this irrespective if secrets manager configured or not. Even if the users are configuring a db we should avoid sending sensitive information into ChangeEvent. Given ChangeEvent can be published via web hook or slack

Aug 09 '22 14:08 harshach

@nahuelverdugo can we extend this irrespective if secrets manager configured or not. Even if the users are configuring a db we should avoid sending sensitive information into ChangeEvent. Given ChangeEvent can be published via web hook or slack

Should we do the same with entityUpdated events?

Aug 09 '22 14:08 nahuelverdugo

[open-metadata-ingestion] Kudos, SonarCloud Quality Gate passed!