This PR introduces more flexible sanitization rules for /env actuator endpoint.
Sanitization rules can be customized by registering one or more beans of type EnvironmentEndpoint.SanitizeFilter. Such filters decide whether to sanitize a given value basing on its property name and the property source it originates from. By default there is only one filter, KeyBlacklistSanitizeFilter, which contains the already existing logic of sanitizing based on the matching key names.
I made a couple of backwards-incompatible changes which I assumed are OK at this release stage. I pointed them in the PR comments. I also haven't wrote the docs for this feature assuming it won't be commonly used.
@philwebb @spencergibb you may be interested in this :)
Fixes gh-6587
Comment From: pbetkier
@philwebb can you have a look at this?
Comment From: pbetkier
@philwebb @spencergibb it's been 3 months, are you still interested in this feature? I won't bother resolving conflicts if you're not.
Comment From: philwebb
Hi @pbetkier,
Thanks for the PR and sorry I didn't get back to you earlier. We're planning to start the planning process for Spring Boot 2.1 soon and I'd like to review this at that point. There's no need to resolve conflicts now, we can deal with that when we merge.
FWIW I really like the idea of supporting more flexible sanitization rules, we just ran out of time to get this into 2.0.
Comment From: mbhave
@pbetkier Sorry for the delay in getting to this. Given that the code has moved on quite a bit since the original PR, we decided to approach this in a different manner. This commit adds a new method to the Sanitizer and leaves the existing API as is. Users can plug in a custom SanitizingFunction which can make use of the propertySource or key. Thanks again and sorry for the wasted time.