You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/11/20 09:56:01 UTC

[jira] [Commented] (AMBARI-24894) Sensitive service configuration values should be decrypted when processing the Ambari agent command script, if enabled

    [ https://issues.apache.org/jira/browse/AMBARI-24894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16692984#comment-16692984 ] 

Hudson commented on AMBARI-24894:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #10312 (See [https://builds.apache.org/job/Ambari-trunk-Commit/10312/])
AMBARI-24894. Sensitive service configuration values should be decrypted (github: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=f8a019926fdca0073f08de54c5e9720260beef52])
* (edit) ambari-server/pom.xml
* (edit) ambari-server/src/main/java/org/apache/ambari/server/state/ConfigImpl.java
* (add) ambari-common/src/main/python/ambari_pyaes/util.py
* (edit) ambari-server/src/test/java/org/apache/ambari/server/orm/InMemoryDefaultTestModule.java
* (edit) ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
* (add) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/AgentConfigUpdateEncryptor.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatMonitor.java
* (add) ambari-common/src/main/python/ambari_pyaes/LICENSE.txt
* (edit) ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/AgentDataHolder.java
* (edit) ambari-common/src/main/python/resource_management/core/utils.py
* (edit) ambari-agent/src/main/python/ambari_agent/HeartbeatThread.py
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/AESEncryptionService.java
* (add) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/PropertiesEncryptor.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/events/DefaultMessageEmitter.java
* (edit) start-build-env.sh
* (add) ambari-common/src/main/python/ambari_pbkdf2/README.txt
* (add) ambari-common/src/main/python/ambari_pyaes/README.md
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/EncryptionService.java
* (add) ambari-common/src/main/python/ambari_pyaes/__init__.py
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
* (add) ambari-agent/src/main/python/ambari_agent/listeners/EncryptionKeyListener.py
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java
* (edit) ambari-agent/src/packages/tarball/all.xml
* (add) ambari-server/src/main/java/org/apache/ambari/server/agent/AgentEncryptionKey.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatTestHelper.java
* (add) ambari-common/src/main/python/ambari_pyaes/blockfeeder.py
* (edit) ambari-agent/src/main/python/ambari_agent/listeners/__init__.py
* (add) ambari-common/src/main/python/ambari_pyaes/aes.py
* (add) ambari-common/src/main/python/resource_management/core/encryption.py
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PreUpgradeCheckResourceProviderTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
* (add) ambari-server/src/main/java/org/apache/ambari/server/events/EncryptionKeyUpdateEvent.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/events/STOMPEvent.java
* (add) ambari-common/src/main/python/ambari_pbkdf2/pbkdf2.py
* (edit) ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/agent/stomp/AgentDataHolderTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/AESEncryptor.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java
* (add) ambari-common/src/main/python/ambari_pbkdf2/__init__.py
* (edit) ambari-common/src/main/python/resource_management/libraries/script/config_dictionary.py
* (edit) ambari-server/src/test/java/org/apache/ambari/server/state/host/HostTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/testutils/PartialNiceMockBinder.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/ConfigPropertiesEncryptor.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
* (edit) ambari-agent/src/main/python/ambari_agent/Constants.py
* (edit) ambari-agent/pom.xml
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/Encryptor.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java
* (add) ambari-agent/src/test/python/resource_management/TestEncryption.py
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
* (edit) pom.xml
* (edit) ambari-server/src/main/assemblies/server.xml
* (edit) ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/AgentConfigsHolder.java


> Sensitive service configuration values should be decrypted when processing the Ambari agent command script, if enabled
> ----------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-24894
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24894
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-agent, ambari-server
>            Reporter: Attila Magyar
>            Assignee: Attila Magyar
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.8.0
>
>          Time Spent: 5h 20m
>  Remaining Estimate: 0h
>
> Sensitive service configuration values should be decrypted when processing the Ambari agent command script, if enabled.
> During the processing of resource_management.libraries.script.script.Script#execute, the command data file is to be read in and the encrypted values in the JSON document are to be decrypted before executing the command.
> Each encrypted value will be in the form of
> ${enc=<algorithm_encoding>, value=<value>}
> For example:
> ${enc=aes265_hex, value=5248...303d}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)