You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by al...@apache.org on 2016/04/21 22:29:31 UTC

ambari git commit: AMBARI-15496. /var/lib/ambari-agent/cache/cluster_configuration/configurations.json file contains various passwords in plain text in world readable file (Shantanu Mundkur via alejandro)

Repository: ambari
Updated Branches:
  refs/heads/trunk 04f7d5c3e -> 360fcfeb8


AMBARI-15496. /var/lib/ambari-agent/cache/cluster_configuration/configurations.json file contains various passwords in plain text in world readable file (Shantanu Mundkur via alejandro)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/360fcfeb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/360fcfeb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/360fcfeb

Branch: refs/heads/trunk
Commit: 360fcfeb82d45cb0db0ce3e857ab2ac327d7ca99
Parents: 04f7d5c
Author: Alejandro Fernandez <af...@hortonworks.com>
Authored: Thu Apr 21 13:29:12 2016 -0700
Committer: Alejandro Fernandez <af...@hortonworks.com>
Committed: Thu Apr 21 13:29:12 2016 -0700

----------------------------------------------------------------------
 .../python/ambari_agent/ClusterConfiguration.py |  2 +-
 .../src/test/python/ambari_agent/TestAlerts.py  | 17 +++++++++++----
 .../TestClusterConfigurationCache.py            | 22 +++++++++++++-------
 3 files changed, 28 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/360fcfeb/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py b/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
index 8d3b6f0..72b87be 100644
--- a/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
+++ b/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
@@ -129,7 +129,7 @@ class ClusterConfiguration():
 
     self.__file_lock.acquire()
     try:
-      with open(self.__config_json_file, 'w') as f:
+      with os.fdopen(os.open(self.__config_json_file, os.O_WRONLY | os.O_CREAT, 0o600), "w") as f:
         json.dump(self.__configurations, f, indent=2)
     except Exception, exception :
       logger.exception("Unable to update configurations for cluster {0}".format(cluster_name))

http://git-wip-us.apache.org/repos/asf/ambari/blob/360fcfeb/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestAlerts.py b/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
index cdc960b..e114daa 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
@@ -49,6 +49,7 @@ class TestAlerts(TestCase):
   def setUp(self):
     # save original open() method for later use
     self.original_open = open
+    self.original_osfdopen = os.fdopen
     self.config = AmbariConfig()
 
   def tearDown(self):
@@ -1280,15 +1281,16 @@ class TestAlerts(TestCase):
       return cluster_configuration
 
 
-  def __update_cluster_configuration(self, cluster_configuration, configuration):
+  @patch("os.open")
+  @patch("os.fdopen")
+  def __update_cluster_configuration(self, cluster_configuration, configuration, osfdopen_mock, osopen_mock):
     """
     Updates the configuration cache, using as mock file as the disk based
     cache so that a file is not created during tests
     :return:
     """
-    with patch("__builtin__.open") as open_mock:
-      open_mock.side_effect = self.open_side_effect
-      cluster_configuration._update_configurations("c1", configuration)
+    osfdopen_mock.side_effect = self.osfdopen_side_effect
+    cluster_configuration._update_configurations("c1", configuration)
 
 
   def open_side_effect(self, file, mode):
@@ -1298,6 +1300,13 @@ class TestAlerts(TestCase):
     else:
       return self.original_open(file, mode)
 
+  def osfdopen_side_effect(self, fd, mode):
+    if mode == 'w':
+      file_mock = MagicMock()
+      return file_mock
+    else:
+      return self.original_open(file, mode)
+
 
   def _get_script_alert_definition(self):
     return {

http://git-wip-us.apache.org/repos/asf/ambari/blob/360fcfeb/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py b/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
index e82fca2..a418f6d 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
@@ -28,6 +28,9 @@ from unittest import TestCase
 
 class TestClusterConfigurationCache(TestCase):
 
+  o_flags = os.O_WRONLY | os.O_CREAT
+  perms = 0o600
+
   def setUp(self):
     # save original open() method for later use
     self.original_open = open
@@ -64,8 +67,11 @@ class TestClusterConfigurationCache(TestCase):
       { 'bar': 'rendered-bar', 'baz' : 'rendered-baz' }
     }
 
-    file_mock = self.__update_cluster_configuration(cluster_configuration, configuration)
-    file_mock.assert_called_with(os.sep + "foo" + os.sep + "bar" + os.sep + "baz" + os.sep + "configurations.json", 'w')
+    osopen_mock, osfdopen_mock = self.__update_cluster_configuration(cluster_configuration, configuration)
+    osopen_mock.assert_called_with(os.sep + "foo" + os.sep + "bar" + os.sep + "baz" + os.sep + "configurations.json",
+                                   TestClusterConfigurationCache.o_flags,
+                                   TestClusterConfigurationCache.perms);
+    osfdopen_mock.assert_called_with(11, "w")
 
     json_dump_mock.assert_called_with({'c1': {'foo-site': {'baz': 'rendered-baz', 'bar': 'rendered-bar'}}}, ANY, indent=2)
     pass
@@ -82,18 +88,18 @@ class TestClusterConfigurationCache(TestCase):
       return cluster_configuration
 
 
-  def __update_cluster_configuration(self, cluster_configuration, configuration):
+  @patch("os.open")
+  @patch("os.fdopen")
+  def __update_cluster_configuration(self, cluster_configuration, configuration, osfdopen_mock, osopen_mock):
     """
     Updates the configuration cache, using as mock file as the disk based
     cache so that a file is not created during tests
     :return:
     """
-    with patch("__builtin__.open") as open_mock:
-      open_mock.side_effect = self.open_side_effect
-      cluster_configuration._update_configurations("c1", configuration)
-
-    return open_mock
+    osopen_mock.return_value = 11
+    cluster_configuration._update_configurations("c1", configuration)
 
+    return osopen_mock, osfdopen_mock
 
   def open_side_effect(self, file, mode):
     if mode == 'w':