You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by wl...@apache.org on 2017/06/15 06:30:28 UTC
incubator-hawq git commit: HAWQ-1485. fix exception of
decryptPassword twice in lookupResource()
Repository: incubator-hawq
Updated Branches:
refs/heads/master 0580d0902 -> ee200369c
HAWQ-1485. fix exception of decryptPassword twice in lookupResource()
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/ee200369
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/ee200369
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/ee200369
Branch: refs/heads/master
Commit: ee200369c80df50947571fb04b51684ec19f02be
Parents: 0580d09
Author: interma <in...@outlook.com>
Authored: Wed Jun 14 18:22:50 2017 +0800
Committer: interma <in...@outlook.com>
Committed: Thu Jun 15 10:34:32 2017 +0800
----------------------------------------------------------------------
.../apache/hawq/ranger/service/HawqClient.java | 23 ++++++++++++++------
.../hawq/ranger/service/RangerServiceHawq.java | 9 +++++++-
2 files changed, 24 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/ee200369/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
index bae2d2d..a8ab4c7 100644
--- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
+++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
@@ -94,19 +94,25 @@ public class HawqClient extends BaseClient {
/**
* clone a new Properties for debug logging:
- * 1. remove password field for preventing plain password leak in log
- * 2. add a _password_length field for debug
+ * 1. remove all password fields for preventing plain password leak in log
+ * 2. add _password_length fields for debug
*
* @param connectionProperties
* @return a new cloned Map for debug logging
*/
private Map<String, String> removePassword(Map<String, String> connectionProperties) {
Map<String, String> new_property = new HashMap<String, String>(connectionProperties);
- if (new_property.containsKey("password")) {
- String password = new_property.get("password");
- new_property.remove("password");
- new_property.put("_password_length", Integer.toString(password.length()));
+
+ String pass_fields[] = {"password", "password_jdbc"};
+ for (int i = 0; i < pass_fields.length; i++) {
+ String field = pass_fields[i];
+ if (new_property.containsKey(field)) {
+ String password = new_property.get(field);
+ new_property.remove(field);
+ new_property.put("_"+field+"_length", Integer.toString(password.length()));
+ }
}
+
return new_property;
}
@@ -130,10 +136,13 @@ public class HawqClient extends BaseClient {
props.setProperty("jaasApplicationName", "pgjdbc");
}
+ String password = connectionProperties.get("password");
+ if (connectionProperties.containsKey("password_jdbc"))
+ password = connectionProperties.get("password_jdbc");
String url = String.format("jdbc:postgresql://%s:%s/%s", connectionProperties.get("hostname"), connectionProperties.get("port"), db);
props.setProperty("user", connectionProperties.get("username"));
- props.setProperty("password", connectionProperties.get("password"));
+ props.setProperty("password", password);
if (LOG.isDebugEnabled()) {
LOG.debug("<== HawqClient.checkConnection Connecting to: (" + url + ") with user: " + connectionProperties.get("username"));
http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/ee200369/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
----------------------------------------------------------------------
diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
index 967924a..8915bc6 100644
--- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
+++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
@@ -102,6 +102,13 @@ public class RangerServiceHawq extends RangerBaseService {
return result;
}
+ /**
+ * decrypt password field of configs
+ * Note:
+ * the decrypted password is set in a new password_jdbc field
+ * @param configs
+ * @throws Exception
+ */
private void decryptPassword(Map<String, String> configs) throws Exception {
if (configs.containsKey("password")) {
String normal_password = configs.get("password");
@@ -112,7 +119,7 @@ public class RangerServiceHawq extends RangerBaseService {
// when decrypt failed do nothing
LOG.warn("decrypt_password failed: " + e);
}
- configs.put("password", normal_password);
+ configs.put("password_jdbc", normal_password);
}
}