237c3b9642
## What changes were proposed in this pull request? This patch adds a new property called `spark.secret.redactionPattern` that allows users to specify a scala regex to decide which Spark configuration properties and environment variables in driver and executor environments contain sensitive information. When this regex matches the property or environment variable name, its value is redacted from the environment UI and various logs like YARN and event logs. This change uses this property to redact information from event logs and YARN logs. It also, updates the UI code to adhere to this property instead of hardcoding the logic to decipher which properties are sensitive. Here's an image of the UI post-redaction:  Here's the text in the YARN logs, post-redaction: ``HADOOP_CREDSTORE_PASSWORD -> *********(redacted)`` Here's the text in the event logs, post-redaction: ``...,"spark.executorEnv.HADOOP_CREDSTORE_PASSWORD":"*********(redacted)","spark.yarn.appMasterEnv.HADOOP_CREDSTORE_PASSWORD":"*********(redacted)",...`` ## How was this patch tested? 1. Unit tests are added to ensure that redaction works. 2. A YARN job reading data off of S3 with confidential information (hadoop credential provider password) being provided in the environment variables of driver and executor. And, afterwards, logs were grepped to make sure that no mention of secret password was present. It was also ensure that the job was able to read the data off of S3 correctly, thereby ensuring that the sensitive information was being trickled down to the right places to read the data. 3. The event logs were checked to make sure no mention of secret password was present. 4. UI environment tab was checked to make sure there was no secret information being displayed. Author: Mark Grover <mark@apache.org> Closes #15971 from markgrover/master_redaction. |
||
|---|---|---|
| .. | ||
| _data | ||
| _includes | ||
| _layouts | ||
| _plugins | ||
| css | ||
| img | ||
| js | ||
| _config.yml | ||
| api.md | ||
| building-spark.md | ||
| cluster-overview.md | ||
| configuration.md | ||
| contributing-to-spark.md | ||
| ec2-scripts.md | ||
| graphx-programming-guide.md | ||
| hadoop-provided.md | ||
| hardware-provisioning.md | ||
| index.md | ||
| java-programming-guide.md | ||
| job-scheduling.md | ||
| ml-advanced.md | ||
| ml-ann.md | ||
| ml-classification-regression.md | ||
| ml-clustering.md | ||
| ml-collaborative-filtering.md | ||
| ml-decision-tree.md | ||
| ml-ensembles.md | ||
| ml-features.md | ||
| ml-guide.md | ||
| ml-linear-methods.md | ||
| ml-migration-guides.md | ||
| ml-pipeline.md | ||
| ml-survival-regression.md | ||
| ml-tuning.md | ||
| mllib-classification-regression.md | ||
| mllib-clustering.md | ||
| mllib-collaborative-filtering.md | ||
| mllib-data-types.md | ||
| mllib-decision-tree.md | ||
| mllib-dimensionality-reduction.md | ||
| mllib-ensembles.md | ||
| mllib-evaluation-metrics.md | ||
| mllib-feature-extraction.md | ||
| mllib-frequent-pattern-mining.md | ||
| mllib-guide.md | ||
| mllib-isotonic-regression.md | ||
| mllib-linear-methods.md | ||
| mllib-migration-guides.md | ||
| mllib-naive-bayes.md | ||
| mllib-optimization.md | ||
| mllib-pmml-model-export.md | ||
| mllib-statistics.md | ||
| monitoring.md | ||
| programming-guide.md | ||
| python-programming-guide.md | ||
| quick-start.md | ||
| README.md | ||
| running-on-mesos.md | ||
| running-on-yarn.md | ||
| scala-programming-guide.md | ||
| security.md | ||
| spark-standalone.md | ||
| sparkr.md | ||
| sql-programming-guide.md | ||
| storage-openstack-swift.md | ||
| streaming-custom-receivers.md | ||
| streaming-flume-integration.md | ||
| streaming-kafka-0-8-integration.md | ||
| streaming-kafka-0-10-integration.md | ||
| streaming-kafka-integration.md | ||
| streaming-kinesis-integration.md | ||
| streaming-programming-guide.md | ||
| structured-streaming-kafka-integration.md | ||
| structured-streaming-programming-guide.md | ||
| submitting-applications.md | ||
| tuning.md | ||
Welcome to the Spark documentation!
This readme will walk you through navigating and building the Spark documentation, which is included here with the Spark source code. You can also find documentation specific to release versions of Spark at http://spark.apache.org/documentation.html.
Read on to learn more about viewing documentation in plain text (i.e., markdown) or building the documentation yourself. Why build it yourself? So that you have the docs that corresponds to whichever version of Spark you currently have checked out of revision control.
Prerequisites
The Spark documentation build uses a number of tools to build HTML docs and API docs in Scala, Python and R.
You need to have Ruby and Python installed. Also install the following libraries:
$ sudo gem install jekyll jekyll-redirect-from pygments.rb
$ sudo pip install Pygments
# Following is needed only for generating API docs
$ sudo pip install sphinx pypandoc
$ sudo Rscript -e 'install.packages(c("knitr", "devtools", "roxygen2", "testthat", "rmarkdown"), repos="http://cran.stat.ucla.edu/")'
(Note: If you are on a system with both Ruby 1.9 and Ruby 2.0 you may need to replace gem with gem2.0)
Generating the Documentation HTML
We include the Spark documentation as part of the source (as opposed to using a hosted wiki, such as the github wiki, as the definitive documentation) to enable the documentation to evolve along with the source code and be captured by revision control (currently git). This way the code automatically includes the version of the documentation that is relevant regardless of which version or release you have checked out or downloaded.
In this directory you will find textfiles formatted using Markdown, with an ".md" suffix. You can read those text files directly if you want. Start with index.md.
Execute jekyll build from the docs/ directory to compile the site. Compiling the site with
Jekyll will create a directory called _site containing index.html as well as the rest of the
compiled files.
$ cd docs
$ jekyll build
You can modify the default Jekyll build as follows:
# Skip generating API docs (which takes a while)
$ SKIP_API=1 jekyll build
# Serve content locally on port 4000
$ jekyll serve --watch
# Build the site with extra features used on the live page
$ PRODUCTION=1 jekyll build
API Docs (Scaladoc, Sphinx, roxygen2)
You can build just the Spark scaladoc by running build/sbt unidoc from the SPARK_PROJECT_ROOT directory.
Similarly, you can build just the PySpark docs by running make html from the
SPARK_PROJECT_ROOT/python/docs directory. Documentation is only generated for classes that are listed as
public in __init__.py. The SparkR docs can be built by running SPARK_PROJECT_ROOT/R/create-docs.sh.
When you run jekyll in the docs directory, it will also copy over the scaladoc for the various
Spark subprojects into the docs directory (and then also into the _site directory). We use a
jekyll plugin to run build/sbt unidoc before building the site so if you haven't run it (recently) it
may take some time as it generates all of the scaladoc. The jekyll plugin also generates the
PySpark docs using Sphinx.
NOTE: To skip the step of building and copying over the Scala, Python, R API docs, run SKIP_API=1 jekyll.