You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by al...@apache.org on 2016/04/21 22:29:31 UTC
ambari git commit: AMBARI-15496.
/var/lib/ambari-agent/cache/cluster_configuration/configurations.json file
contains various passwords in plain text in world readable file (Shantanu
Mundkur via alejandro)
Repository: ambari
Updated Branches:
refs/heads/trunk 04f7d5c3e -> 360fcfeb8
AMBARI-15496. /var/lib/ambari-agent/cache/cluster_configuration/configurations.json file contains various passwords in plain text in world readable file (Shantanu Mundkur via alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/360fcfeb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/360fcfeb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/360fcfeb
Branch: refs/heads/trunk
Commit: 360fcfeb82d45cb0db0ce3e857ab2ac327d7ca99
Parents: 04f7d5c
Author: Alejandro Fernandez <af...@hortonworks.com>
Authored: Thu Apr 21 13:29:12 2016 -0700
Committer: Alejandro Fernandez <af...@hortonworks.com>
Committed: Thu Apr 21 13:29:12 2016 -0700
----------------------------------------------------------------------
.../python/ambari_agent/ClusterConfiguration.py | 2 +-
.../src/test/python/ambari_agent/TestAlerts.py | 17 +++++++++++----
.../TestClusterConfigurationCache.py | 22 +++++++++++++-------
3 files changed, 28 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/360fcfeb/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py b/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
index 8d3b6f0..72b87be 100644
--- a/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
+++ b/ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py
@@ -129,7 +129,7 @@ class ClusterConfiguration():
self.__file_lock.acquire()
try:
- with open(self.__config_json_file, 'w') as f:
+ with os.fdopen(os.open(self.__config_json_file, os.O_WRONLY | os.O_CREAT, 0o600), "w") as f:
json.dump(self.__configurations, f, indent=2)
except Exception, exception :
logger.exception("Unable to update configurations for cluster {0}".format(cluster_name))
http://git-wip-us.apache.org/repos/asf/ambari/blob/360fcfeb/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestAlerts.py b/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
index cdc960b..e114daa 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestAlerts.py
@@ -49,6 +49,7 @@ class TestAlerts(TestCase):
def setUp(self):
# save original open() method for later use
self.original_open = open
+ self.original_osfdopen = os.fdopen
self.config = AmbariConfig()
def tearDown(self):
@@ -1280,15 +1281,16 @@ class TestAlerts(TestCase):
return cluster_configuration
- def __update_cluster_configuration(self, cluster_configuration, configuration):
+ @patch("os.open")
+ @patch("os.fdopen")
+ def __update_cluster_configuration(self, cluster_configuration, configuration, osfdopen_mock, osopen_mock):
"""
Updates the configuration cache, using as mock file as the disk based
cache so that a file is not created during tests
:return:
"""
- with patch("__builtin__.open") as open_mock:
- open_mock.side_effect = self.open_side_effect
- cluster_configuration._update_configurations("c1", configuration)
+ osfdopen_mock.side_effect = self.osfdopen_side_effect
+ cluster_configuration._update_configurations("c1", configuration)
def open_side_effect(self, file, mode):
@@ -1298,6 +1300,13 @@ class TestAlerts(TestCase):
else:
return self.original_open(file, mode)
+ def osfdopen_side_effect(self, fd, mode):
+ if mode == 'w':
+ file_mock = MagicMock()
+ return file_mock
+ else:
+ return self.original_open(file, mode)
+
def _get_script_alert_definition(self):
return {
http://git-wip-us.apache.org/repos/asf/ambari/blob/360fcfeb/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py b/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
index e82fca2..a418f6d 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py
@@ -28,6 +28,9 @@ from unittest import TestCase
class TestClusterConfigurationCache(TestCase):
+ o_flags = os.O_WRONLY | os.O_CREAT
+ perms = 0o600
+
def setUp(self):
# save original open() method for later use
self.original_open = open
@@ -64,8 +67,11 @@ class TestClusterConfigurationCache(TestCase):
{ 'bar': 'rendered-bar', 'baz' : 'rendered-baz' }
}
- file_mock = self.__update_cluster_configuration(cluster_configuration, configuration)
- file_mock.assert_called_with(os.sep + "foo" + os.sep + "bar" + os.sep + "baz" + os.sep + "configurations.json", 'w')
+ osopen_mock, osfdopen_mock = self.__update_cluster_configuration(cluster_configuration, configuration)
+ osopen_mock.assert_called_with(os.sep + "foo" + os.sep + "bar" + os.sep + "baz" + os.sep + "configurations.json",
+ TestClusterConfigurationCache.o_flags,
+ TestClusterConfigurationCache.perms);
+ osfdopen_mock.assert_called_with(11, "w")
json_dump_mock.assert_called_with({'c1': {'foo-site': {'baz': 'rendered-baz', 'bar': 'rendered-bar'}}}, ANY, indent=2)
pass
@@ -82,18 +88,18 @@ class TestClusterConfigurationCache(TestCase):
return cluster_configuration
- def __update_cluster_configuration(self, cluster_configuration, configuration):
+ @patch("os.open")
+ @patch("os.fdopen")
+ def __update_cluster_configuration(self, cluster_configuration, configuration, osfdopen_mock, osopen_mock):
"""
Updates the configuration cache, using as mock file as the disk based
cache so that a file is not created during tests
:return:
"""
- with patch("__builtin__.open") as open_mock:
- open_mock.side_effect = self.open_side_effect
- cluster_configuration._update_configurations("c1", configuration)
-
- return open_mock
+ osopen_mock.return_value = 11
+ cluster_configuration._update_configurations("c1", configuration)
+ return osopen_mock, osfdopen_mock
def open_side_effect(self, file, mode):
if mode == 'w':