(FORK COMMIT) Delete certain parameters when job is deleted

statgen · Jul 25, 2024 · 950b8b8 · 950b8b8
1 parent 50e0db6
commit 950b8b8
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 0 deletions.
diff --git a/src/main/java/cloudgene/mapred/api/v2/admin/ArchiveJob.java b/src/main/java/cloudgene/mapred/api/v2/admin/ArchiveJob.java
@@ -83,6 +83,10 @@ public Representation get() {
 				job.setState(AbstractJob.STATE_RETIRED);
 				dao.update(job);
 
+				// When an admin manually deletes a job, clear sensitive data immediately
+				ParameterDao parameterDao = new ParameterDao(getDatabase());
+				parameterDao.deleteSensitiveByJob(job);
+
 				if (externalWorkspace != null) {
 					try {
 						externalWorkspace.delete(job.getId());

diff --git a/src/main/java/cloudgene/mapred/api/v2/jobs/GetJobDetails.java b/src/main/java/cloudgene/mapred/api/v2/jobs/GetJobDetails.java
@@ -149,6 +149,10 @@ public Representation deleteJob(Representation entity) {
 		job.setState(AbstractJob.STATE_DELETED);
 		dao.update(job);
 
+		// When a user manually deletes a job, clear sensitive data immediately
+		ParameterDao parameterDao = new ParameterDao(getDatabase());
+		parameterDao.deleteSensitiveByJob(job);
+
 		Settings settings = getSettings();
 
 		IExternalWorkspace externalWorkspace = null;

diff --git a/src/main/java/cloudgene/mapred/cron/CleanUpTasks.java b/src/main/java/cloudgene/mapred/cron/CleanUpTasks.java
@@ -58,6 +58,10 @@ public static int executeRetire(Database database, Settings settings) {
 				log.info("Job " + job.getId() + " retired.");
 				deleted++;
 
+				// Clear sensitive data for all jobs that retire naturally due to age
+				ParameterDao parameterDao = new ParameterDao(database);
+				parameterDao.deleteSensitiveByJob(job);
+
 				if (externalWorkspace != null) {
 					try {
 						externalWorkspace.delete(job.getId());

diff --git a/src/main/java/cloudgene/mapred/database/ParameterDao.java b/src/main/java/cloudgene/mapred/database/ParameterDao.java
@@ -183,6 +183,35 @@ public CloudgeneParameterOutput findById(int id) {
 		}
 	}
 
+	public boolean deleteSensitiveByJob(AbstractJob job) {
+		// FIXME: Automate/generalize in the future
+		// Fully remove any parameters that may contain sensitive information, but only once job is completed.
+		// The existing workflow schema (yml file) does not have a flag for "sensitive" parameters. A future fix would
+		//   automate management of such data by understanding which workflow params are sensitive; this hardcoded list
+		//   is a temporary workaround based on existing workflows.
+		try {
+
+			StringBuilder sql = new StringBuilder();
+			sql.append("delete ");
+			sql.append("from parameter ");
+			sql.append("where job_id = ?");
+			sql.append("AND name LIKE '%password%'");
+
+			Object[] params = new Object[1];
+			params[0] = job.getId();
+
+			update(sql.toString(), params);
+
+			log.info("Job: Succesfully deleted sensitive parameters for job_id '" + job.getId());
+
+			return true;
+
+		} catch (SQLException e) {
+			log.error("Job: Error while deleting parameters for job_id '" + job.getId(), e);
+			return false;
+		}
+	}
+
     class ParameterInputMapper implements IRowMapper {
 
 		@Override