Redact sensitive information in catalog queries #24563
Draft
+1,166
−14
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This a follow-up to #24562 that introduces redacting of security-sensitive information in statements containing connector properties, specifically:
CREATE CATALOG
EXPLAIN CREATE CATALOG
EXPLAIN ANALYZE CREATE CATALOG
The current approach is as follows:
Redacted queries are returned through the REST API, the
system.runtime.queries
table, and query events (QueryCreatedEvent
andQueryCompletedEvent
).Notice that currently this PR includes two commits from #24562.
Additional context and related issues
Release notes
( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
(x) Release notes are required, with the following suggested text: