You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Alejandro Fernandez <af...@hortonworks.com> on 2016/04/07 22:26:51 UTC
Review Request 45893: Password must not by displayed by UpgradeItem
and Stage resources in the API
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45893/
-----------------------------------------------------------
Review request for Ambari, Andrew Onischuk, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
Bugs: AMBARI-15773
https://issues.apache.org/jira/browse/AMBARI-15773
Repository: ambari
Description
-------
STR:
Install ambari-server-2.2.2.0-391 (ambari-server --hash: 8b49b71d5ef602e1252049fbc970958fbe05806e)
Install HDP 2.3 or 2.4
Install another version in order to perform RU or EU
Use the API to navigate to http://server:8080/api/v1/clusters/cl1/upgrades/##/upgrade_groups/1/upgrade_items/1
Notice that the output contains the ambari_db_rca_password in plaintext,
```
"host_params" : "{\"agent_stack_retry_count\":\"5\",\"agent_stack_retry_on_unavailability\":\"false\",\"ambari_db_rca_driver\":\"org.postgresql.Driver\",\"ambari_db_rca_password\":\"bigdatacustom\",\"ambari_db_rca_url\":\"jdbc:postgresql://172.22.117.211:5432/ambaricustom\",\"ambari_db_rca_username\":\"ambaricustomuser\",\"current_version\":\"2.4.0.0-169\",\"db_driver_filename\":\"mysql-connector-java.jar\",\"db_name\":\"ambaricustom\",\"host_sys_prepped\":\"false\",\"java_home\":\"/usr/jdk64/jdk1.8.0_60\",\"java_version\":\"8\",\"jdk_location\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources/\",\"mysql_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//mysql-connector-java.jar\",\"not_managed_hdfs_path_list\":\"[\\"/apps/hive/warehouse\\",\\"/apps/falcon\\",\\"/mr-history/done\\",\\"/app-logs\\",\\"/tmp\\"]\",\"oracle_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//ojdbc6.jar\",\"stack_name\":\"HDP\",\"sta
ck_version\":\"2.4\"}",
```
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java 4723d2a
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StageResourceProvider.java 8ebcd7b
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeItemResourceProvider.java a45b1ac
ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java 6cfe53c
Diff: https://reviews.apache.org/r/45893/diff/
Testing
-------
Verified on life cluster,
http://server:8080/api/v1/clusters/cl1/upgrades/19/upgrade_groups/1/upgrade_items/1
http://server:8080/api/v1/clusters/cl1/requests/19/stages/1
Ran unit tests: UpgradeItemServiceTest.java, StageResourceProviderTest.java
Thanks,
Alejandro Fernandez
Re: Review Request 45893: Password must not by displayed by
UpgradeItem and Stage resources in the API
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45893/
-----------------------------------------------------------
(Updated April 7, 2016, 9:11 p.m.)
Review request for Ambari, Andrew Onischuk, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
Bugs: AMBARI-15773
https://issues.apache.org/jira/browse/AMBARI-15773
Repository: ambari
Description
-------
STR:
Install ambari-server-2.2.2.0-391 (ambari-server --hash: 8b49b71d5ef602e1252049fbc970958fbe05806e)
Install HDP 2.3 or 2.4
Install another version in order to perform RU or EU
Use the API to navigate to http://server:8080/api/v1/clusters/cl1/upgrades/##/upgrade_groups/1/upgrade_items/1
Notice that the output contains the ambari_db_rca_password in plaintext,
```
"host_params" : "{\"agent_stack_retry_count\":\"5\",\"agent_stack_retry_on_unavailability\":\"false\",\"ambari_db_rca_driver\":\"org.postgresql.Driver\",\"ambari_db_rca_password\":\"bigdatacustom\",\"ambari_db_rca_url\":\"jdbc:postgresql://172.22.117.211:5432/ambaricustom\",\"ambari_db_rca_username\":\"ambaricustomuser\",\"current_version\":\"2.4.0.0-169\",\"db_driver_filename\":\"mysql-connector-java.jar\",\"db_name\":\"ambaricustom\",\"host_sys_prepped\":\"false\",\"java_home\":\"/usr/jdk64/jdk1.8.0_60\",\"java_version\":\"8\",\"jdk_location\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources/\",\"mysql_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//mysql-connector-java.jar\",\"not_managed_hdfs_path_list\":\"[\\"/apps/hive/warehouse\\",\\"/apps/falcon\\",\\"/mr-history/done\\",\\"/app-logs\\",\\"/tmp\\"]\",\"oracle_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//ojdbc6.jar\",\"stack_name\":\"HDP\",\"sta
ck_version\":\"2.4\"}",
```
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java 4723d2a
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StageResourceProvider.java 8ebcd7b
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeItemResourceProvider.java a45b1ac
ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java 6cfe53c
Diff: https://reviews.apache.org/r/45893/diff/
Testing
-------
Verified on life cluster,
http://server:8080/api/v1/clusters/cl1/upgrades/19/upgrade_groups/1/upgrade_items/1
http://server:8080/api/v1/clusters/cl1/requests/19/stages/1
Ran unit tests: UpgradeItemServiceTest.java, StageResourceProviderTest.java
Thanks,
Alejandro Fernandez
Re: Review Request 45893: Password must not by displayed by
UpgradeItem and Stage resources in the API
Posted by Ajit Kumar <aj...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45893/#review127654
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StageResourceProvider.java (line 137)
<https://reviews.apache.org/r/45893/#comment191040>
I like guava collection libraries for these usecases.
Set<String> PROPERTIES_TO_MASK_PASSWORD_IN = Sets.newHashSet(STAGE_COMMAND_PARAMS, STAGE_HOST_PARAMS);
- Ajit Kumar
On April 7, 2016, 8:26 p.m., Alejandro Fernandez wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45893/
> -----------------------------------------------------------
>
> (Updated April 7, 2016, 8:26 p.m.)
>
>
> Review request for Ambari, Andrew Onischuk, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
>
>
> Bugs: AMBARI-15773
> https://issues.apache.org/jira/browse/AMBARI-15773
>
>
> Repository: ambari
>
>
> Description
> -------
>
> STR:
> Install ambari-server-2.2.2.0-391 (ambari-server --hash: 8b49b71d5ef602e1252049fbc970958fbe05806e)
> Install HDP 2.3 or 2.4
> Install another version in order to perform RU or EU
> Use the API to navigate to http://server:8080/api/v1/clusters/cl1/upgrades/##/upgrade_groups/1/upgrade_items/1
> Notice that the output contains the ambari_db_rca_password in plaintext,
>
> ```
> "host_params" : "{\"agent_stack_retry_count\":\"5\",\"agent_stack_retry_on_unavailability\":\"false\",\"ambari_db_rca_driver\":\"org.postgresql.Driver\",\"ambari_db_rca_password\":\"bigdatacustom\",\"ambari_db_rca_url\":\"jdbc:postgresql://172.22.117.211:5432/ambaricustom\",\"ambari_db_rca_username\":\"ambaricustomuser\",\"current_version\":\"2.4.0.0-169\",\"db_driver_filename\":\"mysql-connector-java.jar\",\"db_name\":\"ambaricustom\",\"host_sys_prepped\":\"false\",\"java_home\":\"/usr/jdk64/jdk1.8.0_60\",\"java_version\":\"8\",\"jdk_location\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources/\",\"mysql_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//mysql-connector-java.jar\",\"not_managed_hdfs_path_list\":\"[\\"/apps/hive/warehouse\\",\\"/apps/falcon\\",\\"/mr-history/done\\",\\"/app-logs\\",\\"/tmp\\"]\",\"oracle_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//ojdbc6.jar\",\"stack_name\":\"HDP\",\"s
tack_version\":\"2.4\"}",
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java 4723d2a
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StageResourceProvider.java 8ebcd7b
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeItemResourceProvider.java a45b1ac
> ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java 6cfe53c
>
> Diff: https://reviews.apache.org/r/45893/diff/
>
>
> Testing
> -------
>
> Verified on life cluster,
> http://server:8080/api/v1/clusters/cl1/upgrades/19/upgrade_groups/1/upgrade_items/1
> http://server:8080/api/v1/clusters/cl1/requests/19/stages/1
>
> Ran unit tests: UpgradeItemServiceTest.java, StageResourceProviderTest.java
>
>
> Thanks,
>
> Alejandro Fernandez
>
>
Re: Review Request 45893: Password must not by displayed by
UpgradeItem and Stage resources in the API
Posted by Sumit Mohanty <sm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45893/#review127659
-----------------------------------------------------------
Ship it!
Ship It!
ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java (line 88)
<https://reviews.apache.org/r/45893/#comment191044>
I do not think any one needs ambari_db_rca_password. We should go ahead with the changes in the patch but let me open a JIRA to remove this property from host level params.
- Sumit Mohanty
On April 7, 2016, 8:26 p.m., Alejandro Fernandez wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45893/
> -----------------------------------------------------------
>
> (Updated April 7, 2016, 8:26 p.m.)
>
>
> Review request for Ambari, Andrew Onischuk, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
>
>
> Bugs: AMBARI-15773
> https://issues.apache.org/jira/browse/AMBARI-15773
>
>
> Repository: ambari
>
>
> Description
> -------
>
> STR:
> Install ambari-server-2.2.2.0-391 (ambari-server --hash: 8b49b71d5ef602e1252049fbc970958fbe05806e)
> Install HDP 2.3 or 2.4
> Install another version in order to perform RU or EU
> Use the API to navigate to http://server:8080/api/v1/clusters/cl1/upgrades/##/upgrade_groups/1/upgrade_items/1
> Notice that the output contains the ambari_db_rca_password in plaintext,
>
> ```
> "host_params" : "{\"agent_stack_retry_count\":\"5\",\"agent_stack_retry_on_unavailability\":\"false\",\"ambari_db_rca_driver\":\"org.postgresql.Driver\",\"ambari_db_rca_password\":\"bigdatacustom\",\"ambari_db_rca_url\":\"jdbc:postgresql://172.22.117.211:5432/ambaricustom\",\"ambari_db_rca_username\":\"ambaricustomuser\",\"current_version\":\"2.4.0.0-169\",\"db_driver_filename\":\"mysql-connector-java.jar\",\"db_name\":\"ambaricustom\",\"host_sys_prepped\":\"false\",\"java_home\":\"/usr/jdk64/jdk1.8.0_60\",\"java_version\":\"8\",\"jdk_location\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources/\",\"mysql_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//mysql-connector-java.jar\",\"not_managed_hdfs_path_list\":\"[\\"/apps/hive/warehouse\\",\\"/apps/falcon\\",\\"/mr-history/done\\",\\"/app-logs\\",\\"/tmp\\"]\",\"oracle_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//ojdbc6.jar\",\"stack_name\":\"HDP\",\"s
tack_version\":\"2.4\"}",
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java 4723d2a
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StageResourceProvider.java 8ebcd7b
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeItemResourceProvider.java a45b1ac
> ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java 6cfe53c
>
> Diff: https://reviews.apache.org/r/45893/diff/
>
>
> Testing
> -------
>
> Verified on life cluster,
> http://server:8080/api/v1/clusters/cl1/upgrades/19/upgrade_groups/1/upgrade_items/1
> http://server:8080/api/v1/clusters/cl1/requests/19/stages/1
>
> Ran unit tests: UpgradeItemServiceTest.java, StageResourceProviderTest.java
>
>
> Thanks,
>
> Alejandro Fernandez
>
>
Re: Review Request 45893: Password must not by displayed by
UpgradeItem and Stage resources in the API
Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45893/#review127653
-----------------------------------------------------------
Fix it, then Ship it!
No way to intercept these at the level in which they are taken from the DB? That way, the responsibility isn't on the providers.
ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java (line 91)
<https://reviews.apache.org/r/45893/#comment191038>
Do not construct a new Gson; they are heavy. Instead, inject it.
ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java (line 99)
<https://reviews.apache.org/r/45893/#comment191039>
Same as above; inject.
- Jonathan Hurley
On April 7, 2016, 4:26 p.m., Alejandro Fernandez wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45893/
> -----------------------------------------------------------
>
> (Updated April 7, 2016, 4:26 p.m.)
>
>
> Review request for Ambari, Andrew Onischuk, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
>
>
> Bugs: AMBARI-15773
> https://issues.apache.org/jira/browse/AMBARI-15773
>
>
> Repository: ambari
>
>
> Description
> -------
>
> STR:
> Install ambari-server-2.2.2.0-391 (ambari-server --hash: 8b49b71d5ef602e1252049fbc970958fbe05806e)
> Install HDP 2.3 or 2.4
> Install another version in order to perform RU or EU
> Use the API to navigate to http://server:8080/api/v1/clusters/cl1/upgrades/##/upgrade_groups/1/upgrade_items/1
> Notice that the output contains the ambari_db_rca_password in plaintext,
>
> ```
> "host_params" : "{\"agent_stack_retry_count\":\"5\",\"agent_stack_retry_on_unavailability\":\"false\",\"ambari_db_rca_driver\":\"org.postgresql.Driver\",\"ambari_db_rca_password\":\"bigdatacustom\",\"ambari_db_rca_url\":\"jdbc:postgresql://172.22.117.211:5432/ambaricustom\",\"ambari_db_rca_username\":\"ambaricustomuser\",\"current_version\":\"2.4.0.0-169\",\"db_driver_filename\":\"mysql-connector-java.jar\",\"db_name\":\"ambaricustom\",\"host_sys_prepped\":\"false\",\"java_home\":\"/usr/jdk64/jdk1.8.0_60\",\"java_version\":\"8\",\"jdk_location\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources/\",\"mysql_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//mysql-connector-java.jar\",\"not_managed_hdfs_path_list\":\"[\\"/apps/hive/warehouse\\",\\"/apps/falcon\\",\\"/mr-history/done\\",\\"/app-logs\\",\\"/tmp\\"]\",\"oracle_jdbc_url\":\"http://os-s11-4-snjlmu-ambari-se-eu-3-5.novalocal:8080/resources//ojdbc6.jar\",\"stack_name\":\"HDP\",\"s
tack_version\":\"2.4\"}",
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java 4723d2a
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StageResourceProvider.java 8ebcd7b
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeItemResourceProvider.java a45b1ac
> ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java 6cfe53c
>
> Diff: https://reviews.apache.org/r/45893/diff/
>
>
> Testing
> -------
>
> Verified on life cluster,
> http://server:8080/api/v1/clusters/cl1/upgrades/19/upgrade_groups/1/upgrade_items/1
> http://server:8080/api/v1/clusters/cl1/requests/19/stages/1
>
> Ran unit tests: UpgradeItemServiceTest.java, StageResourceProviderTest.java
>
>
> Thanks,
>
> Alejandro Fernandez
>
>