You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2018/10/08 20:59:00 UTC

[jira] [Commented] (AMBARI-24742) Sensitive service configuration values should be encrypted in the Ambari server DB, if enabled

    [ https://issues.apache.org/jira/browse/AMBARI-24742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16642480#comment-16642480 ] 

Hudson commented on AMBARI-24742:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #10201 (See [https://builds.apache.org/job/Ambari-trunk-Commit/10201/])
AMBARI-24742. Implementing a new service to be used in case we want to (github: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=cf74bb1b22677bd4886748a75d003033b2cbcf74])
* (edit) ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/security/encryption/MasterKeyServiceTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
* (add) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/EncryptionService.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/MasterKeyServiceImpl.java
* (add) ambari-server/src/main/java/org/apache/ambari/server/security/encryption/AESEncryptionService.java
* (add) ambari-server/src/main/java/org/apache/ambari/server/utils/TextEncoding.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
* (add) ambari-server/src/test/java/org/apache/ambari/server/security/encryption/EncryptionServiceTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java


> Sensitive service configuration values should be encrypted in the Ambari server DB, if enabled
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-24742
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24742
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.8.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Blocker
>              Labels: pull-request-available
>             Fix For: 2.8.0
>
>          Time Spent: 4h 50m
>  Remaining Estimate: 0h
>
> Sensitive service configuration values should be encrypted in the Ambari server DB, if enabled.
> Sensitive service configuration values are defined by a service's configuration metadata. Properties are defined in XML files under the service's definition directory and contain attributes that Ambari may use to determine whether they should be encrypted or not.
> Currently, Ambari uses the {{property-type}} attribute to determine the type of property. If the value of this attribute is "PASSWORD", than the value is considered sensitive and should be encrypted.
> {code:java|title=Example: This password field is to be encrypted, implicitly}
>   <property>
>     <name>ssl.server.truststore.password</name>
>     <value>bigdata</value>
>     <property-type>PASSWORD</property-type>
>     <description>Password to open the trust store file.</description>
>     <value-attributes>
>       <type>password</type>
>     </value-attributes>
>     <on-ambari-upgrade add="false"/>
>   </property>
> {code}
> Using this information, _if this feature is enabled_, the Ambari server should encrypt sensitive values before storing them in the database. Values should be encrypted within the container they are stored. For example, Ambari stores configurations as JSON documents. Before writing these JSON documents to the database, the Ambari server should process each name/value pair and encrypt only those that are deemed sensitive.
> The Ambari server should encrypt sensitive configuration values if the following has been met:
>  * A master key has been setup using the "ambari-server setup-security" CLI (using option #2 - Encrypt passwords stored in ambari.properties file)
>  * The Ambari server configuration property named "{{server.security.encrypt_sensitive_data}}" is set to "true"
> If encrypting sensitive data:
>  * the value should be encrypted using a secure symmetric key encryption algorithm. For example AES - [https://aesencryption.net/].
>  * the encryption key should be the previously set master key, or some reproducible encoding of it.
>  * the encrypted bytes should be converted to a hex string
>  * the value should be stored in the relevant JSON document suck that that the value is declared as encrypted.
>  ** for example:
> {noformat}
> "password" : "${enc=aes265_hex, value=5248...303d}"{noformat}
>  ** this is needed in the event {{server.security.encrypt_sensitive_data}} is changed to false, but there are still encrypted values in the database.
> Encrypted data needs to be decrypted before being used or returned via the REST API. The data may be re-encrypted depending on use. For example, when being sent to an Ambari agent.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)