[KYUUBI #7387] Fix the redaction of sensitive values

[LamiumAmplexicaule]

Why are the changes needed?

Fix the redaction of sensitive values when kyuubi.server.redaction.regex is configured.
Close #7387.

How was this patch tested?

Unit tests.

$ ./build/mvn clean install -Dtest=none -DwildcardSuites=org.apache.kyuubi.BatchTestHelper,org.apache.kyuubi.engine.EngineRefTests,org.apache.kyuubi.engine.EngineRefWithZookeeperSuite,org.apache.kyuubi.engine.JpsApplicationOperationSuite,org.apache.kyuubi.engine.dataagent.DataAgentProcessBuilderSuite,org.apache.kyuubi.engine.flink.FlinkProcessBuilderSuite,org.apache.kyuubi.engine.hive.HiveProcessBuilderSuite,org.apache.kyuubi.engine.hive.HiveYarnModeProcessBuilderSuite,org.apache.kyuubi.engine.jdbc.JdbcProcessBuilderSuite,org.apache.kyuubi.engine.jdbc.JdbcYarnModeProcessBuilderSuite,org.apache.kyuubi.engine.spark.SparkBatchProcessBuilderSuite,org.apache.kyuubi.engine.spark.SparkProcessBuilderSuite,org.apache.kyuubi.engine.trino.TrinoProcessBuilderSuite,org.apache.kyuubi.server.api.v1.AdminResourceSuite,org.apache.kyuubi.server.api.v1.BatchesResourceSuite,org.apache.kyuubi.server.rest.client.AdminCtlSuite,org.apache.kyuubi.server.rest.client.AdminRestApiSuite,org.apache.kyuubi.server.rest.client.PySparkBatchRestApiSuite,org.apache.kyuubi.UtilsSuite

Was this patch authored or co-authored using generative AI tooling?

No.

[LamiumAmplexicaule]

In the test that checks whether the logs in FlinkProcessBuilder are redacted, I noticed that values in the -D format don’t get redacted, so I removed this filter.

[wangzhigang1999]

I don't think adding an extra serverConf parameter is a good idea. This would result in two configurations that appear identical except for their names, which could cause significant confusion during usage—users might wonder, "Which configuration should I actually use?"

[LamiumAmplexicaule]

Thank you for your comments.

My understanding is that the reason redaction no longer happens after #7054 is that, in

kyuubi/kyuubi-server/src/main/scala/org/apache/kyuubi/session/KyuubiSessionManager.scala

Line 95 in e769f42

val userConf = this.getConf.getUserDefaults(user)

, the sessionConf passed in has the serverOnly configs stripped out.

If we want to obtain kyuubi.server.redaction.regex from ProcessBuilder without passing serverConf, we need to explicitly set it somewhere.
However, it feels wrong to propagate server-side config into the session/engine configs, so I chose the approach of passing serverConf instead.

When passing conf as serverConf, if we strip out everything except serverOnly, we might avoid accidentally referencing serverConf.

[LamiumAmplexicaule]

I am planning to update this PR to pass Option[Regex] instead of serverConf.