You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Jan Hentschel <ja...@ultratendency.com> on 2016/10/16 06:34:27 UTC
Review Request 52918: RANGER-1044 : Removed Keystore/Truststore SSL
password configuration options
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/
-----------------------------------------------------------
Review request for ranger.
Bugs: RANGER-1044
https://issues.apache.org/jira/browse/RANGER-1044
Repository: ranger
Description
-------
Removed the following two fields from **RangerRESTClient**
public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
Diffs
-----
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624
Diff: https://reviews.apache.org/r/52918/diff/
Testing
-------
Thanks,
Jan Hentschel
Re: Review Request 52918: RANGER-1044 : Removed Keystore/Truststore
SSL password configuration options
Posted by Jan Hentschel <ja...@ultratendency.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/
-----------------------------------------------------------
(Updated Oct. 19, 2016, 5:31 p.m.)
Review request for ranger.
Changes
-------
Incorporated feedback and removed the constant values.
Bugs: RANGER-1044
https://issues.apache.org/jira/browse/RANGER-1044
Repository: ranger
Description
-------
Removed the following two fields from **RangerRESTClient**
public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
Diffs (updated)
-----
agents-common/scripts/upgrade-plugin.py 9c32dd1
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624
hbase-agent/conf/ranger-policymgr-ssl-changes.cfg 6bf4265
hbase-agent/conf/ranger-policymgr-ssl.xml 964aac7
hdfs-agent/conf/ranger-policymgr-ssl-changes.cfg 50915b2
hdfs-agent/conf/ranger-policymgr-ssl.xml cd4a580
hive-agent/conf/ranger-policymgr-ssl-changes.cfg 6bf4265
hive-agent/conf/ranger-policymgr-ssl.xml 964aac7
knox-agent/conf/ranger-policymgr-ssl-changes.cfg 50915b2
knox-agent/conf/ranger-policymgr-ssl.xml 1020ec4
migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py f2b70eb
migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py d9238a0
plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg 6bf4265
plugin-atlas/conf/ranger-policymgr-ssl.xml 964aac7
plugin-kafka/conf/ranger-policymgr-ssl-changes.cfg ec4eeab
plugin-kafka/conf/ranger-policymgr-ssl.xml e80f1c3
plugin-kms/conf/ranger-policymgr-ssl-changes.cfg 6bf4265
plugin-kms/conf/ranger-policymgr-ssl.xml 6a9593f
plugin-solr/conf/ranger-policymgr-ssl-changes.cfg ec4eeab
plugin-solr/conf/ranger-policymgr-ssl.xml dcadc52
plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg ec4eeab
plugin-yarn/conf/ranger-policymgr-ssl.xml 964aac7
ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml 964aac7
storm-agent/conf/ranger-policymgr-ssl-changes.cfg 6bf4265
storm-agent/conf/ranger-policymgr-ssl.xml 964aac7
Diff: https://reviews.apache.org/r/52918/diff/
Testing
-------
Thanks,
Jan Hentschel
Re: Review Request 52918: RANGER-1044 : Removed Keystore/Truststore
SSL password configuration options
Posted by Jan Hentschel <ja...@ultratendency.com>.
> On Oct. 17, 2016, 1:09 p.m., Colm O hEigeartaigh wrote:
> > You should also remove all constant values from the sample configuration. For example:
> >
> > grep -rl "xasecure.policymgr.clientssl.truststore.password" *
> > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
> > agents-common/target/classes/org/apache/ranger/plugin/util/RangerRESTClient.class
> > agents-common/scripts/upgrade-plugin.py
> > hbase-agent/conf/ranger-policymgr-ssl-changes.cfg
> > hbase-agent/conf/ranger-policymgr-ssl.xml
> > hdfs-agent/conf/ranger-policymgr-ssl-changes.cfg
> > hdfs-agent/conf/ranger-policymgr-ssl.xml
> > hive-agent/conf/ranger-policymgr-ssl-changes.cfg
> > hive-agent/conf/ranger-policymgr-ssl.xml
> > knox-agent/conf/ranger-policymgr-ssl-changes.cfg
> > knox-agent/conf/ranger-policymgr-ssl.xml
> > migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
> > migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
> > plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-atlas/conf/ranger-policymgr-ssl.xml
> > plugin-kafka/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-kafka/conf/ranger-policymgr-ssl.xml
> > plugin-kms/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-kms/conf/ranger-policymgr-ssl.xml
> > plugin-solr/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-solr/conf/ranger-policymgr-ssl.xml
> > plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg
> > plugin-yarn/conf/ranger-policymgr-ssl.xml
> > ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml
> > storm-agent/conf/ranger-policymgr-ssl-changes.cfg
> > storm-agent/conf/ranger-policymgr-ssl.xml
Thanks for the comment. Just a quick question: Should these values are also be deleted from the following files?
migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
Not sure about this, because it seems that these are migration scripts for older Ranger versions.
- Jan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/#review152849
-----------------------------------------------------------
On Oct. 16, 2016, 8:34 a.m., Jan Hentschel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52918/
> -----------------------------------------------------------
>
> (Updated Oct. 16, 2016, 8:34 a.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-1044
> https://issues.apache.org/jira/browse/RANGER-1044
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Removed the following two fields from **RangerRESTClient**
>
> public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
> public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624
>
> Diff: https://reviews.apache.org/r/52918/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Jan Hentschel
>
>
Re: Review Request 52918: RANGER-1044 : Removed Keystore/Truststore
SSL password configuration options
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52918/#review152849
-----------------------------------------------------------
You should also remove all constant values from the sample configuration. For example:
grep -rl "xasecure.policymgr.clientssl.truststore.password" *
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
agents-common/target/classes/org/apache/ranger/plugin/util/RangerRESTClient.class
agents-common/scripts/upgrade-plugin.py
hbase-agent/conf/ranger-policymgr-ssl-changes.cfg
hbase-agent/conf/ranger-policymgr-ssl.xml
hdfs-agent/conf/ranger-policymgr-ssl-changes.cfg
hdfs-agent/conf/ranger-policymgr-ssl.xml
hive-agent/conf/ranger-policymgr-ssl-changes.cfg
hive-agent/conf/ranger-policymgr-ssl.xml
knox-agent/conf/ranger-policymgr-ssl-changes.cfg
knox-agent/conf/ranger-policymgr-ssl.xml
migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py
migration-util/ambari2.1-hdp2.3-ranger0.50/bin/import_ranger_to_ambari.py
plugin-atlas/conf/ranger-policymgr-ssl-changes.cfg
plugin-atlas/conf/ranger-policymgr-ssl.xml
plugin-kafka/conf/ranger-policymgr-ssl-changes.cfg
plugin-kafka/conf/ranger-policymgr-ssl.xml
plugin-kms/conf/ranger-policymgr-ssl-changes.cfg
plugin-kms/conf/ranger-policymgr-ssl.xml
plugin-solr/conf/ranger-policymgr-ssl-changes.cfg
plugin-solr/conf/ranger-policymgr-ssl.xml
plugin-yarn/conf/ranger-policymgr-ssl-changes.cfg
plugin-yarn/conf/ranger-policymgr-ssl.xml
ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml
storm-agent/conf/ranger-policymgr-ssl-changes.cfg
storm-agent/conf/ranger-policymgr-ssl.xml
- Colm O hEigeartaigh
On Oct. 16, 2016, 6:34 a.m., Jan Hentschel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52918/
> -----------------------------------------------------------
>
> (Updated Oct. 16, 2016, 6:34 a.m.)
>
>
> Review request for ranger.
>
>
> Bugs: RANGER-1044
> https://issues.apache.org/jira/browse/RANGER-1044
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Removed the following two fields from **RangerRESTClient**
>
> public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_PASSWORD = "xasecure.policymgr.clientssl.keystore.password";
> public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_PASSWORD = "xasecure.policymgr.clientssl.truststore.password";
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java 5218624
>
> Diff: https://reviews.apache.org/r/52918/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Jan Hentschel
>
>