You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Nettleton <rn...@hortonworks.com> on 2015/02/04 22:05:14 UTC
Review Request 30639: Remove Ranger security properties from an
exported Blueprint
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30639/
-----------------------------------------------------------
Review request for Ambari, John Speidel, Robert Levas, and Yusaku Sako.
Bugs: AMBARI-9480
https://issues.apache.org/jira/browse/AMBARI-9480
Repository: ambari
Description
-------
This patch resolves AMBARI-9480.
The Ranger-related properties that have recently been added to the
stack definitions did not include all the required metadata for
the Blueprint processor to function correctly. In particular,
password properties must be annotated with the correct metadata,
so that the Blueprint processor can remove these properties
from a Blueprint that is exported from a running cluster.
This patch resolves the problem by adding the correct
"PASSWORD" type to the Ranger properties that represent
passwords. This patch also marks these properties as
requiring user input, and removes the default passwords
that were previously included in the stack. This metadata
is required so that the Blueprint processor can detect
the case of a property that is a password.
Diffs
-----
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b744658
ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml fdc2c7c
ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml 7bb6a8a
ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml 3ee693e
ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml 1c28f03
Diff: https://reviews.apache.org/r/30639/diff/
Testing
-------
1. Ran the ambari-server unit-test suite (all tests passing)
2. Manually verified that a cluster with the updated stack definition changes will deploy properly, and also verified that a Blueprint exported from this running cluster will not include the password properties related to Ranger.
Thanks,
Robert Nettleton
Re: Review Request 30639: Remove Ranger security properties from an
exported Blueprint
Posted by Robert Nettleton <rn...@hortonworks.com>.
> On Feb. 5, 2015, 1:11 a.m., Robert Levas wrote:
> > Other than some formatting issues, looks good to me.
Thanks for the review, and for catching the formatting issues. I'll fix these and resubmit the patch.
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30639/#review71112
-----------------------------------------------------------
On Feb. 4, 2015, 9:05 p.m., Robert Nettleton wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30639/
> -----------------------------------------------------------
>
> (Updated Feb. 4, 2015, 9:05 p.m.)
>
>
> Review request for Ambari, John Speidel, Robert Levas, and Yusaku Sako.
>
>
> Bugs: AMBARI-9480
> https://issues.apache.org/jira/browse/AMBARI-9480
>
>
> Repository: ambari
>
>
> Description
> -------
>
> This patch resolves AMBARI-9480.
>
> The Ranger-related properties that have recently been added to the
> stack definitions did not include all the required metadata for
> the Blueprint processor to function correctly. In particular,
> password properties must be annotated with the correct metadata,
> so that the Blueprint processor can remove these properties
> from a Blueprint that is exported from a running cluster.
>
> This patch resolves the problem by adding the correct
> "PASSWORD" type to the Ranger properties that represent
> passwords. This patch also marks these properties as
> requiring user input, and removes the default passwords
> that were previously included in the stack. This metadata
> is required so that the Blueprint processor can detect
> the case of a property that is a password.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b744658
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml fdc2c7c
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml 7bb6a8a
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml 3ee693e
> ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml 1c28f03
>
> Diff: https://reviews.apache.org/r/30639/diff/
>
>
> Testing
> -------
>
> 1. Ran the ambari-server unit-test suite (all tests passing)
> 2. Manually verified that a cluster with the updated stack definition changes will deploy properly, and also verified that a Blueprint exported from this running cluster will not include the password properties related to Ranger.
>
>
> Thanks,
>
> Robert Nettleton
>
>
Re: Review Request 30639: Remove Ranger security properties from an
exported Blueprint
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30639/#review71112
-----------------------------------------------------------
Ship it!
Other than some formatting issues, looks good to me.
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116711>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116710>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116712>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116714>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116716>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116717>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116719>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116720>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116723>
Formatting issue may make scaning the XML file difficult.
ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml
<https://reviews.apache.org/r/30639/#comment116722>
Formatting issue may make scaning the XML file difficult.
- Robert Levas
On Feb. 4, 2015, 4:05 p.m., Robert Nettleton wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30639/
> -----------------------------------------------------------
>
> (Updated Feb. 4, 2015, 4:05 p.m.)
>
>
> Review request for Ambari, John Speidel, Robert Levas, and Yusaku Sako.
>
>
> Bugs: AMBARI-9480
> https://issues.apache.org/jira/browse/AMBARI-9480
>
>
> Repository: ambari
>
>
> Description
> -------
>
> This patch resolves AMBARI-9480.
>
> The Ranger-related properties that have recently been added to the
> stack definitions did not include all the required metadata for
> the Blueprint processor to function correctly. In particular,
> password properties must be annotated with the correct metadata,
> so that the Blueprint processor can remove these properties
> from a Blueprint that is exported from a running cluster.
>
> This patch resolves the problem by adding the correct
> "PASSWORD" type to the Ranger properties that represent
> passwords. This patch also marks these properties as
> requiring user input, and removes the default passwords
> that were previously included in the stack. This metadata
> is required so that the Blueprint processor can detect
> the case of a property that is a password.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b744658
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml fdc2c7c
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml 7bb6a8a
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml 3ee693e
> ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml 1c28f03
>
> Diff: https://reviews.apache.org/r/30639/diff/
>
>
> Testing
> -------
>
> 1. Ran the ambari-server unit-test suite (all tests passing)
> 2. Manually verified that a cluster with the updated stack definition changes will deploy properly, and also verified that a Blueprint exported from this running cluster will not include the password properties related to Ranger.
>
>
> Thanks,
>
> Robert Nettleton
>
>
Re: Review Request 30639: Remove Ranger security properties from an
exported Blueprint
Posted by Robert Nettleton <rn...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30639/
-----------------------------------------------------------
(Updated Feb. 5, 2015, 7:05 p.m.)
Review request for Ambari, John Speidel, Robert Levas, and Yusaku Sako.
Changes
-------
Uploaded version 2 of this patch, which includes the fixes to the formatting issues found. Unfortunately, these files were checked in originally using actual tab characters, instead of spaces, which throws off the formatting used by most Java IDEs (which we typically configure to use spaces instead of tabs). To fix this issue in the short term, I've added the tab characters to my patch changes, so that the diff formatting looks correct. In the future a separate JIRA should address that these files are incorrectly including tab characters.
Bugs: AMBARI-9480
https://issues.apache.org/jira/browse/AMBARI-9480
Repository: ambari
Description
-------
This patch resolves AMBARI-9480.
The Ranger-related properties that have recently been added to the
stack definitions did not include all the required metadata for
the Blueprint processor to function correctly. In particular,
password properties must be annotated with the correct metadata,
so that the Blueprint processor can remove these properties
from a Blueprint that is exported from a running cluster.
This patch resolves the problem by adding the correct
"PASSWORD" type to the Ranger properties that represent
passwords. This patch also marks these properties as
requiring user input, and removes the default passwords
that were previously included in the stack. This metadata
is required so that the Blueprint processor can detect
the case of a property that is a password.
Diffs (updated)
-----
ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b744658
ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml fdc2c7c
ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml 7bb6a8a
ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml 3ee693e
ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml 1c28f03
Diff: https://reviews.apache.org/r/30639/diff/
Testing
-------
1. Ran the ambari-server unit-test suite (all tests passing)
2. Manually verified that a cluster with the updated stack definition changes will deploy properly, and also verified that a Blueprint exported from this running cluster will not include the password properties related to Ranger.
Thanks,
Robert Nettleton
Re: Review Request 30639: Remove Ranger security properties from an
exported Blueprint
Posted by John Speidel <js...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30639/#review71220
-----------------------------------------------------------
Ship it!
Ship It!
- John Speidel
On Feb. 4, 2015, 9:05 p.m., Robert Nettleton wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30639/
> -----------------------------------------------------------
>
> (Updated Feb. 4, 2015, 9:05 p.m.)
>
>
> Review request for Ambari, John Speidel, Robert Levas, and Yusaku Sako.
>
>
> Bugs: AMBARI-9480
> https://issues.apache.org/jira/browse/AMBARI-9480
>
>
> Repository: ambari
>
>
> Description
> -------
>
> This patch resolves AMBARI-9480.
>
> The Ranger-related properties that have recently been added to the
> stack definitions did not include all the required metadata for
> the Blueprint processor to function correctly. In particular,
> password properties must be annotated with the correct metadata,
> so that the Blueprint processor can remove these properties
> from a Blueprint that is exported from a running cluster.
>
> This patch resolves the problem by adding the correct
> "PASSWORD" type to the Ranger properties that represent
> passwords. This patch also marks these properties as
> requiring user input, and removes the default passwords
> that were previously included in the stack. This metadata
> is required so that the Blueprint processor can detect
> the case of a property that is a password.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b744658
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml fdc2c7c
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml 7bb6a8a
> ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml 3ee693e
> ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml 1c28f03
>
> Diff: https://reviews.apache.org/r/30639/diff/
>
>
> Testing
> -------
>
> 1. Ran the ambari-server unit-test suite (all tests passing)
> 2. Manually verified that a cluster with the updated stack definition changes will deploy properly, and also verified that a Blueprint exported from this running cluster will not include the password properties related to Ranger.
>
>
> Thanks,
>
> Robert Nettleton
>
>