You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2014/01/31 17:30:09 UTC

[jira] [Updated] (AMBARI-4487) When logging certain operations, need to mask sensitive properties

     [ https://issues.apache.org/jira/browse/AMBARI-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Onischuk updated AMBARI-4487:
------------------------------------

    Description: 
Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
{code}
cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
{code}
!p - which is a password flag.

Protect the passwords for hive, nagios and oozie.

  was:
Need a way to mask certain props or commands from the logs. Like below, the password i chose from nagios "asd" is plain text.

{code}
2014-01-31 03:21:40,082 - File['/usr/lib64/nagios/plugins/hdp_nagios_init.php'] {'content': StaticFile('hdp_nagios_init.php'), 'mode': 0755}
2014-01-31 03:21:40,083 - Execute['htpasswd -c -b  /etc/nagios/htpasswd.users nagiosadmin asd'] {'not_if': 'grep nagiosadmin /etc/nagios/htpasswd.users'}
2014-01-31 03:21:40,092 - Skipping Execute['htpasswd -c -b  /etc/nagios/htpasswd.users nagiosadmin asd'] due to not_if
2014-01-31 03:21:40,092 - File['/etc/nagios/htpasswd.users'] {'owner': 'nagios', 'group': 'nagios', 'mode': 0640}
2014-01-31 03:21:40,093 - Execute['usermod -a -G nagios apache'] {}
{code}


> When logging certain operations, need to mask sensitive properties
> ------------------------------------------------------------------
>
>                 Key: AMBARI-4487
>                 URL: https://issues.apache.org/jira/browse/AMBARI-4487
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 1.5.0
>
>         Attachments: AMBARI-4487.patch
>
>
> Add an ability to mark properties as sensitive during formatting to the resource_mangemenent, to the script writter this should look like this:
> {code}
> cmd = format("bash -x {mysql_adduser_path} {daemon_name} {hive_metastore_user_name} {hive_metastore_user_passwd!p} {mysql_host[0]}")
> {code}
> !p - which is a password flag.
> Protect the passwords for hive, nagios and oozie.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)