fix(sas): drop logger.info call leaking user password (#27786)

IceS2 · web-flow · commit 8343ef21076a · 2026-04-28T10:16:18.000+02:00
`SASClient.get_token` logged the cleartext password (and username + token
response body) at INFO level on every auth call. The line appears to be
debug spam left in by mistake.

Verified leak path (static + runtime):
  - `__init__` calls `get_token(serverHost, username, password.get_secret_value())`
  - `password.get_secret_value()` returns the raw user password (Pydantic
    SecretStr unwrap)
  - `get_token` interpolates that into an f-string at INFO
  - Triggered every time a SAS connector is instantiated
  - `ingestion_logger()` has no redaction filter, so the cleartext reaches
    whatever sink (stdout, file, airflow logs, CloudWatch, etc.) is configured
diff --git a/ingestion/src/metadata/ingestion/source/database/sas/client.py b/ingestion/src/metadata/ingestion/source/database/sas/client.py
@@ -168,6 +168,4 @@ def get_token(self, base_url, user, password):
         }
         url = base_url + endpoint
         response = requests.request("POST", url, headers=headers, data=payload, verify=False, timeout=10)
-        text_response = response.json()
-        logger.info(f"this is user: {user}, password: {password}, text: {text_response}")
         return response.json()["access_token"]

Original file line number	Diff line number	Diff line change
`@@ -168,6 +168,4 @@ def get_token(self, base_url, user, password):`
`168`	`168`	`}`
`169`	`169`	`url = base_url + endpoint`
`170`	`170`	`response = requests.request("POST", url, headers=headers, data=payload, verify=False, timeout=10)`
`171`		`- text_response = response.json()`
`172`		`- logger.info(f"this is user: {user}, password: {password}, text: {text_response}")`
`173`	`171`	`return response.json()["access_token"]`