Skip to content

Commit 87e742e

Browse files
cwperkscwperks
authored
Declare credential and *.Authorization as sensitive param in create connector API (#4308)
* Declare credential.openai_key as sensitive param in create connector API Signed-off-by: Craig Perkins <cwperx@amazon.com> * Do the same for headers Signed-off-by: Craig Perkins <cwperx@amazon.com> * Revert actions.headers Signed-off-by: Craig Perkins <cwperx@amazon.com> * Use automaton syntax Signed-off-by: Craig Perkins <cwperx@amazon.com> * Apply the same to Register Model Action Signed-off-by: Craig Perkins <cwperx@amazon.com> * Apply on update endpoints Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>
1 parent c243f8a commit 87e742e

File tree

4 files changed

+32
-4
lines changed

4 files changed

+32
-4
lines changed

plugin/src/main/java/org/opensearch/ml/rest/RestMLCreateConnectorAction.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
import java.io.IOException;
1414
import java.util.List;
1515
import java.util.Locale;
16+
import java.util.Set;
1617

1718
import org.opensearch.core.xcontent.XContentParser;
1819
import org.opensearch.ml.common.settings.MLFeatureEnabledSetting;
@@ -21,13 +22,14 @@
2122
import org.opensearch.ml.common.transport.connector.MLCreateConnectorRequest;
2223
import org.opensearch.rest.BaseRestHandler;
2324
import org.opensearch.rest.RestRequest;
25+
import org.opensearch.rest.RestRequestFilter;
2426
import org.opensearch.rest.action.RestToXContentListener;
2527
import org.opensearch.transport.client.node.NodeClient;
2628

2729
import com.google.common.annotations.VisibleForTesting;
2830
import com.google.common.collect.ImmutableList;
2931

30-
public class RestMLCreateConnectorAction extends BaseRestHandler {
32+
public class RestMLCreateConnectorAction extends BaseRestHandler implements RestRequestFilter {
3133
private static final String ML_CREATE_CONNECTOR_ACTION = "ml_create_connector_action";
3234
private final MLFeatureEnabledSetting mlFeatureEnabledSetting;
3335

@@ -76,4 +78,9 @@ MLCreateConnectorRequest getRequest(RestRequest request) throws IOException {
7678
mlCreateConnectorInput.setTenantId(tenantId);
7779
return new MLCreateConnectorRequest(mlCreateConnectorInput);
7880
}
81+
82+
@Override
83+
public Set<String> getFilteredFields() {
84+
return Set.of("credential", "*.Authorization");
85+
}
7986
}

plugin/src/main/java/org/opensearch/ml/rest/RestMLRegisterModelAction.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
import java.io.IOException;
1818
import java.util.List;
1919
import java.util.Locale;
20+
import java.util.Set;
2021

2122
import org.opensearch.cluster.service.ClusterService;
2223
import org.opensearch.common.settings.Settings;
@@ -28,13 +29,14 @@
2829
import org.opensearch.ml.common.transport.register.MLRegisterModelRequest;
2930
import org.opensearch.rest.BaseRestHandler;
3031
import org.opensearch.rest.RestRequest;
32+
import org.opensearch.rest.RestRequestFilter;
3133
import org.opensearch.rest.action.RestToXContentListener;
3234
import org.opensearch.transport.client.node.NodeClient;
3335

3436
import com.google.common.annotations.VisibleForTesting;
3537
import com.google.common.collect.ImmutableList;
3638

37-
public class RestMLRegisterModelAction extends BaseRestHandler {
39+
public class RestMLRegisterModelAction extends BaseRestHandler implements RestRequestFilter {
3840
private static final String ML_REGISTER_MODEL_ACTION = "ml_register_model_action";
3941
private final MLFeatureEnabledSetting mlFeatureEnabledSetting;
4042

@@ -107,4 +109,9 @@ MLRegisterModelRequest getRequest(RestRequest request) throws IOException {
107109
}
108110
return new MLRegisterModelRequest(mlInput);
109111
}
112+
113+
@Override
114+
public Set<String> getFilteredFields() {
115+
return Set.of("connector.credential", "*.Authorization");
116+
}
110117
}

plugin/src/main/java/org/opensearch/ml/rest/RestMLUpdateConnectorAction.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
import java.io.IOException;
1616
import java.util.List;
1717
import java.util.Locale;
18+
import java.util.Set;
1819

1920
import org.opensearch.OpenSearchParseException;
2021
import org.opensearch.core.xcontent.XContentParser;
@@ -23,13 +24,14 @@
2324
import org.opensearch.ml.common.transport.connector.MLUpdateConnectorRequest;
2425
import org.opensearch.rest.BaseRestHandler;
2526
import org.opensearch.rest.RestRequest;
27+
import org.opensearch.rest.RestRequestFilter;
2628
import org.opensearch.rest.action.RestToXContentListener;
2729
import org.opensearch.transport.client.node.NodeClient;
2830

2931
import com.google.common.annotations.VisibleForTesting;
3032
import com.google.common.collect.ImmutableList;
3133

32-
public class RestMLUpdateConnectorAction extends BaseRestHandler {
34+
public class RestMLUpdateConnectorAction extends BaseRestHandler implements RestRequestFilter {
3335
private static final String ML_UPDATE_CONNECTOR_ACTION = "ml_update_connector_action";
3436
private MLFeatureEnabledSetting mlFeatureEnabledSetting;
3537

@@ -76,4 +78,9 @@ private MLUpdateConnectorRequest getRequest(RestRequest request) throws IOExcept
7678
throw new OpenSearchParseException(illegalStateException.getMessage());
7779
}
7880
}
81+
82+
@Override
83+
public Set<String> getFilteredFields() {
84+
return Set.of("credential", "*.Authorization");
85+
}
7986
}

plugin/src/main/java/org/opensearch/ml/rest/RestMLUpdateModelAction.java

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
import java.io.IOException;
1515
import java.util.List;
1616
import java.util.Locale;
17+
import java.util.Set;
1718

1819
import org.opensearch.OpenSearchParseException;
1920
import org.opensearch.OpenSearchStatusException;
@@ -25,12 +26,13 @@
2526
import org.opensearch.ml.common.transport.model.MLUpdateModelRequest;
2627
import org.opensearch.rest.BaseRestHandler;
2728
import org.opensearch.rest.RestRequest;
29+
import org.opensearch.rest.RestRequestFilter;
2830
import org.opensearch.rest.action.RestToXContentListener;
2931
import org.opensearch.transport.client.node.NodeClient;
3032

3133
import com.google.common.collect.ImmutableList;
3234

33-
public class RestMLUpdateModelAction extends BaseRestHandler {
35+
public class RestMLUpdateModelAction extends BaseRestHandler implements RestRequestFilter {
3436

3537
private static final String ML_UPDATE_MODEL_ACTION = "ml_update_model_action";
3638
private MLFeatureEnabledSetting mlFeatureEnabledSetting;
@@ -90,4 +92,9 @@ private MLUpdateModelRequest getRequest(RestRequest request) throws IOException
9092
throw new OpenSearchParseException(e.getMessage());
9193
}
9294
}
95+
96+
@Override
97+
public Set<String> getFilteredFields() {
98+
return Set.of("connector.credential", "*.Authorization");
99+
}
93100
}

0 commit comments

Comments
 (0)