You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by GitBox <gi...@apache.org> on 2019/01/14 16:08:15 UTC
[ambari] Diff for: [GitHub] smolnar82 merged pull request #2763:
AMBARI-25043. Make sure we mask password properties when fetching sensitive
Ambari configuration via the API (just like we do it for service configs)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java
index 11e9da8a081..1c20bfd1f41 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java
@@ -40,6 +40,7 @@
import org.apache.ambari.server.controller.utilities.PredicateHelper;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
import org.apache.ambari.server.security.authorization.RoleAuthorization;
+import org.apache.ambari.server.utils.SecretReference;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
@@ -210,7 +211,7 @@ private Resource toResource(String serviceName, String componentName, String cat
setResourceProperty(resource, CONFIGURATION_SERVICE_NAME_PROPERTY_ID, serviceName, requestedIds);
setResourceProperty(resource, CONFIGURATION_COMPONENT_NAME_PROPERTY_ID, componentName, requestedIds);
setResourceProperty(resource, CONFIGURATION_CATEGORY_PROPERTY_ID, categoryName, requestedIds);
- setResourceProperty(resource, CONFIGURATION_PROPERTIES_PROPERTY_ID, properties, requestedIds);
+ setResourceProperty(resource, CONFIGURATION_PROPERTIES_PROPERTY_ID, SecretReference.maskPasswordInPropertyMap(properties), requestedIds);
setResourceProperty(resource, CONFIGURATION_PROPERTY_TYPES_PROPERTY_ID, propertyTypes, requestedIds);
return resource;
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java b/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java
index dfd925dd02a..7d556c11e45 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java
@@ -94,17 +94,32 @@ public static String generateStub(String configType, Long configVersion, String
* @return New string with the passwords masked, or null if the property map is null.
*/
public static String maskPasswordInPropertyMap(String propertyMap) {
- if (null == propertyMap) return null;
- Map<String, String> maskedMap = new HashMap<>();
- Map<String, String> map = gson.fromJson(propertyMap, new TypeToken<Map<String, String>>() {}.getType());
- for (Map.Entry<String, String> e : map.entrySet()) {
- String value = e.getValue();
- if (e.getKey().toLowerCase().contains(PASSWORD_TEXT) || e.getKey().toLowerCase().contains(PASSWD_TEXT)) {
- value = secretPrefix;
- }
- maskedMap.put(e.getKey(), value);
+ if (null == propertyMap) {
+ return null;
+ }
+ final Map<String, String> map = gson.fromJson(propertyMap, new TypeToken<Map<String, String>>() {}.getType());
+ return gson.toJson(maskPasswordInPropertyMap(map));
+ }
+
+ /**
+ * Helper function to mask a string of properties that may contain a property with a password.
+ * @param propertyMap Property map to mask by replacing any passwords with the text "SECRET"
+ * @return a new map with the passwords masked, or null if the <code>propertyMap</code> is null.
+ */
+ public static Map<String, String> maskPasswordInPropertyMap(Map<String, String> propertyMap) {
+ if (null == propertyMap) {
+ return null;
+ }
+ final Map<String, String> maskedMap = new HashMap<>();
+ for (Map.Entry<String, String> property : propertyMap.entrySet()) {
+ String value = isPassword(property.getKey()) ? secretPrefix : property.getValue();
+ maskedMap.put(property.getKey(), value);
}
- return gson.toJson(maskedMap);
+ return maskedMap;
+ }
+
+ private final static boolean isPassword(String propertyName) {
+ return propertyName.toLowerCase().contains(PASSWORD_TEXT) || propertyName.toLowerCase().contains(PASSWD_TEXT);
}
/**
With regards,
Apache Git Services