You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Jan Hentschel <ja...@ultratendency.com> on 2016/10/16 06:34:27 UTC

Review Request 52918: RANGER-1044 : Removed Keystore/Truststore SSL password configuration options

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/
-----------------------------------------------------------

Review request for ranger.


Bugs: RANGER-1044
    https://issues.apache.org/jira/browse/RANGER-1044


Repository: ranger


Description
-------

Removed the following two fields from **RangerRESTClient**

    public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
    public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624 

Diff: https://reviews.apache.org/r/52918/diff/


Testing
-------


Thanks,

Jan Hentschel

Re: Review Request 52918: RANGER-1044 : Removed Keystore/Truststore SSL password configuration options

Posted by Jan Hentschel <ja...@ultratendency.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/
-----------------------------------------------------------

(Updated Oct. 19, 2016, 5:31 p.m.)


Review request for ranger.


Changes
-------

Incorporated feedback and removed the constant values.


Bugs: RANGER-1044
    https://issues.apache.org/jira/browse/RANGER-1044


Repository: ranger


Description
-------

Removed the following two fields from **RangerRESTClient**

    public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
    public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";


Diffs (updated)
-----

  agents-common/scripts/upgrade-plugin.py 9c32dd1 
  agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624 
  hbase-agent/conf/ranger-policymgr-ssl-changes.cfg 6bf4265 
  hbase-agent/conf/ranger-policymgr-ssl.xml 964aac7 
  hdfs-agent/conf/ranger-policymgr-ssl-changes.cfg 50915b2 
  hdfs-agent/conf/ranger-policymgr-ssl.xml cd4a580 
  hive-agent/conf/ranger-policymgr-ssl-changes.cfg 6bf4265 
  hive-agent/conf/ranger-policymgr-ssl.xml 964aac7 
  knox-agent/conf/ranger-policymgr-ssl-changes.cfg 50915b2 
  knox-agent/conf/ranger-policymgr-ssl.xml 1020ec4 
  migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py f2b70eb 
  migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py d9238a0 
  plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg 6bf4265 
  plugin-atlas/conf/ranger-policymgr-ssl.xml 964aac7 
  plugin-kafka/conf/ranger-policymgr-ssl-changes.cfg ec4eeab 
  plugin-kafka/conf/ranger-policymgr-ssl.xml e80f1c3 
  plugin-kms/conf/ranger-policymgr-ssl-changes.cfg 6bf4265 
  plugin-kms/conf/ranger-policymgr-ssl.xml 6a9593f 
  plugin-solr/conf/ranger-policymgr-ssl-changes.cfg ec4eeab 
  plugin-solr/conf/ranger-policymgr-ssl.xml dcadc52 
  plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg ec4eeab 
  plugin-yarn/conf/ranger-policymgr-ssl.xml 964aac7 
  ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml 964aac7 
  storm-agent/conf/ranger-policymgr-ssl-changes.cfg 6bf4265 
  storm-agent/conf/ranger-policymgr-ssl.xml 964aac7 

Diff: https://reviews.apache.org/r/52918/diff/


Testing
-------


Thanks,

Jan Hentschel

Re: Review Request 52918: RANGER-1044 : Removed Keystore/Truststore SSL password configuration options

Posted by Jan Hentschel <ja...@ultratendency.com>.


> On Oct. 17, 2016, 1:09 p.m., Colm O hEigeartaigh wrote:
> > You should also remove all constant values from the sample configuration. For example:
> > 
> > grep -rl "xasecure.policymgr.clientssl.truststore.password" *
> > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
> > agents-common/target/classes/org/apache/ranger/plugin/util/RangerRESTClient.class
> > agents-common/scripts/upgrade-plugin.py
> > hbase-agent/conf/ranger-policymgr-ssl-changes.cfg
> > hbase-agent/conf/ranger-policymgr-ssl.xml
> > hdfs-agent/conf/ranger-policymgr-ssl-changes.cfg
> > hdfs-agent/conf/ranger-policymgr-ssl.xml
> > hive-agent/conf/ranger-policymgr-ssl-changes.cfg
> > hive-agent/conf/ranger-policymgr-ssl.xml
> > knox-agent/conf/ranger-policymgr-ssl-changes.cfg
> > knox-agent/conf/ranger-policymgr-ssl.xml
> > migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
> > migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
> > plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-atlas/conf/ranger-policymgr-ssl.xml
> > plugin-kafka/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-kafka/conf/ranger-policymgr-ssl.xml
> > plugin-kms/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-kms/conf/ranger-policymgr-ssl.xml
> > plugin-solr/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-solr/conf/ranger-policymgr-ssl.xml
> > plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-yarn/conf/ranger-policymgr-ssl.xml
> > ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml
> > storm-agent/conf/ranger-policymgr-ssl-changes.cfg
> > storm-agent/conf/ranger-policymgr-ssl.xml

Thanks for the comment. Just a quick question: Should these values are also be deleted from the following files?

    migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
    migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py

Not sure about this, because it seems that these are migration scripts for older Ranger versions.


- Jan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/#review152849
-----------------------------------------------------------


On Oct. 16, 2016, 8:34 a.m., Jan Hentschel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52918/
> -----------------------------------------------------------
> 
> (Updated Oct. 16, 2016, 8:34 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1044
>     https://issues.apache.org/jira/browse/RANGER-1044
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Removed the following two fields from **RangerRESTClient**
> 
>     public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
>     public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624 
> 
> Diff: https://reviews.apache.org/r/52918/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Jan Hentschel
> 
>

Re: Review Request 52918: RANGER-1044 : Removed Keystore/Truststore SSL password configuration options

Posted by Colm O hEigeartaigh <co...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/#review152849
-----------------------------------------------------------



You should also remove all constant values from the sample configuration. For example:

grep -rl "xasecure.policymgr.clientssl.truststore.password" *
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
agents-common/target/classes/org/apache/ranger/plugin/util/RangerRESTClient.class
agents-common/scripts/upgrade-plugin.py
hbase-agent/conf/ranger-policymgr-ssl-changes.cfg
hbase-agent/conf/ranger-policymgr-ssl.xml
hdfs-agent/conf/ranger-policymgr-ssl-changes.cfg
hdfs-agent/conf/ranger-policymgr-ssl.xml
hive-agent/conf/ranger-policymgr-ssl-changes.cfg
hive-agent/conf/ranger-policymgr-ssl.xml
knox-agent/conf/ranger-policymgr-ssl-changes.cfg
knox-agent/conf/ranger-policymgr-ssl.xml
migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg
plugin-atlas/conf/ranger-policymgr-ssl.xml
plugin-kafka/conf/ranger-policymgr-ssl-changes.cfg
plugin-kafka/conf/ranger-policymgr-ssl.xml
plugin-kms/conf/ranger-policymgr-ssl-changes.cfg
plugin-kms/conf/ranger-policymgr-ssl.xml
plugin-solr/conf/ranger-policymgr-ssl-changes.cfg
plugin-solr/conf/ranger-policymgr-ssl.xml
plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg
plugin-yarn/conf/ranger-policymgr-ssl.xml
ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml
storm-agent/conf/ranger-policymgr-ssl-changes.cfg
storm-agent/conf/ranger-policymgr-ssl.xml

- Colm O hEigeartaigh


On Oct. 16, 2016, 6:34 a.m., Jan Hentschel wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52918/
> -----------------------------------------------------------
> 
> (Updated Oct. 16, 2016, 6:34 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1044
>     https://issues.apache.org/jira/browse/RANGER-1044
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Removed the following two fields from **RangerRESTClient**
> 
>     public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
>     public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
> 
> 
> Diffs
> -----
> 
>   agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624 
> 
> Diff: https://reviews.apache.org/r/52918/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Jan Hentschel
> 
>