You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Pradeep Agrawal <pr...@freestoneinfotech.com> on 2017/02/02 18:45:20 UTC
Review Request 56163: RANGER-1341 : Use credential provider files to
store
passwords rather storing them in config file in clear text format
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-1341
https://issues.apache.org/jira/browse/RANGER-1341
Repository: ranger
Description
-------
**Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
ranger.service.https.attrib.keystore.pass
ranger.truststore.password
ranger.usersync.keystore.password
ranger.usersync.truststore.password
**Proposed Solution :** Use Credential provider api to store password in jceks file.
Diffs
-----
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 54c190d
kms/config/webserver/ranger-kms-site.xml 81f3f17
kms/scripts/install.properties 473d3cf
kms/scripts/setup.sh f31e0e2
security-admin/scripts/install.properties 34dec22
security-admin/scripts/setup.sh f7e02d9
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java a485d38
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 8cd26a6
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
src/main/assembly/admin-web.xml 4779071
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java 3b8b0f6
unixauthservice/scripts/install.properties a23a9aa
unixauthservice/scripts/setup.py d5aaf80
unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
Diff: https://reviews.apache.org/r/56163/diff/
Testing
-------
1. Tested Ranger on SSL enabled MySQL.
2. Tested Ranger with and without SSL.
3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
5. Tested LDAP and UNIX UserSync.
6. Tested LDAP and UNIX Authentication.
7. Tested Knox Test connection.
Thanks,
Pradeep Agrawal
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Gautam Borad <gb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/#review165716
-----------------------------------------------------------
Ship it!
Ship It!
- Gautam Borad
On Feb. 15, 2017, 10:38 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56163/
> -----------------------------------------------------------
>
> (Updated Feb. 15, 2017, 10:38 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1341
> https://issues.apache.org/jira/browse/RANGER-1341
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
> ranger.service.https.attrib.keystore.pass
> ranger.truststore.password
> ranger.usersync.keystore.password
> ranger.usersync.truststore.password
>
> **Proposed Solution :** Use Credential provider api to store password in jceks file.
>
>
> Diffs
> -----
>
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
> kms/config/webserver/ranger-kms-site.xml 81f3f17
> kms/scripts/install.properties 473d3cf
> kms/scripts/setup.sh f31e0e2
> security-admin/scripts/install.properties 34dec22
> security-admin/scripts/setup.sh f7e02d9
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
> security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
> src/main/assembly/admin-web.xml 966033f
> tagsync/scripts/setup.py 88b10cc
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
> unixauthservice/scripts/install.properties 50e8487
> unixauthservice/scripts/setup.py b773e95
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
> unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
>
> Diff: https://reviews.apache.org/r/56163/diff/
>
>
> Testing
> -------
>
> 1. Tested Ranger on SSL enabled MySQL.
> 2. Tested Ranger with and without SSL.
> 3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
> 4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
> 5. Tested LDAP and UNIX UserSync.
> 6. Tested LDAP and UNIX Authentication.
> 7. Tested Knox Test connection.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Gautam Borad <gb...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/#review165836
-----------------------------------------------------------
Ship it!
Ship It!
- Gautam Borad
On Feb. 16, 2017, 9:08 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56163/
> -----------------------------------------------------------
>
> (Updated Feb. 16, 2017, 9:08 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1341
> https://issues.apache.org/jira/browse/RANGER-1341
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
> ranger.service.https.attrib.keystore.pass
> ranger.truststore.password
> ranger.usersync.keystore.password
> ranger.usersync.truststore.password
>
> **Proposed Solution :** Use Credential provider api to store password in jceks file.
>
>
> Diffs
> -----
>
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
> kms/config/webserver/ranger-kms-site.xml 81f3f17
> kms/scripts/install.properties 473d3cf
> kms/scripts/setup.sh f31e0e2
> security-admin/scripts/install.properties 34dec22
> security-admin/scripts/setup.sh f7e02d9
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
> security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
> src/main/assembly/admin-web.xml 966033f
> tagsync/scripts/setup.py 88b10cc
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
> unixauthservice/scripts/install.properties 50e8487
> unixauthservice/scripts/setup.py b773e95
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
> unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
>
> Diff: https://reviews.apache.org/r/56163/diff/
>
>
> Testing
> -------
>
> 1. Tested Ranger on SSL enabled MySQL.
> 2. Tested Ranger with and without SSL.
> 3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
> 4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
> 5. Tested LDAP and UNIX UserSync.
> 6. Tested LDAP and UNIX Authentication.
> 7. Tested Knox Test connection.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/#review165821
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Feb. 16, 2017, 9:08 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56163/
> -----------------------------------------------------------
>
> (Updated Feb. 16, 2017, 9:08 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1341
> https://issues.apache.org/jira/browse/RANGER-1341
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
> ranger.service.https.attrib.keystore.pass
> ranger.truststore.password
> ranger.usersync.keystore.password
> ranger.usersync.truststore.password
>
> **Proposed Solution :** Use Credential provider api to store password in jceks file.
>
>
> Diffs
> -----
>
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
> kms/config/webserver/ranger-kms-site.xml 81f3f17
> kms/scripts/install.properties 473d3cf
> kms/scripts/setup.sh f31e0e2
> security-admin/scripts/install.properties 34dec22
> security-admin/scripts/setup.sh f7e02d9
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
> security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
> src/main/assembly/admin-web.xml 966033f
> tagsync/scripts/setup.py 88b10cc
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
> unixauthservice/scripts/install.properties 50e8487
> unixauthservice/scripts/setup.py b773e95
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
> unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
>
> Diff: https://reviews.apache.org/r/56163/diff/
>
>
> Testing
> -------
>
> 1. Tested Ranger on SSL enabled MySQL.
> 2. Tested Ranger with and without SSL.
> 3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
> 4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
> 5. Tested LDAP and UNIX UserSync.
> 6. Tested LDAP and UNIX Authentication.
> 7. Tested Knox Test connection.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/
-----------------------------------------------------------
(Updated Feb. 16, 2017, 9:08 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Removed MySQLRunner.java changes as it need to be tracked with RANGER-1364
Bugs: RANGER-1341
https://issues.apache.org/jira/browse/RANGER-1341
Repository: ranger
Description
-------
**Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
ranger.service.https.attrib.keystore.pass
ranger.truststore.password
ranger.usersync.keystore.password
ranger.usersync.truststore.password
**Proposed Solution :** Use Credential provider api to store password in jceks file.
Diffs (updated)
-----
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
kms/config/webserver/ranger-kms-site.xml 81f3f17
kms/scripts/install.properties 473d3cf
kms/scripts/setup.sh f31e0e2
security-admin/scripts/install.properties 34dec22
security-admin/scripts/setup.sh f7e02d9
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
src/main/assembly/admin-web.xml 966033f
tagsync/scripts/setup.py 88b10cc
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
unixauthservice/scripts/install.properties 50e8487
unixauthservice/scripts/setup.py b773e95
unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
Diff: https://reviews.apache.org/r/56163/diff/
Testing
-------
1. Tested Ranger on SSL enabled MySQL.
2. Tested Ranger with and without SSL.
3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
5. Tested LDAP and UNIX UserSync.
6. Tested LDAP and UNIX Authentication.
7. Tested Knox Test connection.
Thanks,
Pradeep Agrawal
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/
-----------------------------------------------------------
(Updated Feb. 16, 2017, 8:49 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Addressed review comments
Bugs: RANGER-1341
https://issues.apache.org/jira/browse/RANGER-1341
Repository: ranger
Description
-------
**Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
ranger.service.https.attrib.keystore.pass
ranger.truststore.password
ranger.usersync.keystore.password
ranger.usersync.truststore.password
**Proposed Solution :** Use Credential provider api to store password in jceks file.
Diffs (updated)
-----
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
jisql/src/main/java/org/apache/util/sql/MySQLPLRunner.java 8b51972
kms/config/webserver/ranger-kms-site.xml 81f3f17
kms/scripts/install.properties 473d3cf
kms/scripts/setup.sh f31e0e2
security-admin/scripts/install.properties 34dec22
security-admin/scripts/setup.sh f7e02d9
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
src/main/assembly/admin-web.xml 966033f
tagsync/scripts/setup.py 88b10cc
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
unixauthservice/scripts/install.properties 50e8487
unixauthservice/scripts/setup.py b773e95
unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
Diff: https://reviews.apache.org/r/56163/diff/
Testing
-------
1. Tested Ranger on SSL enabled MySQL.
2. Tested Ranger with and without SSL.
3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
5. Tested LDAP and UNIX UserSync.
6. Tested LDAP and UNIX Authentication.
7. Tested Knox Test connection.
Thanks,
Pradeep Agrawal
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Ankita Sinha <an...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/#review165808
-----------------------------------------------------------
Ship it!
Ship It!
- Ankita Sinha
On Feb. 16, 2017, 4:43 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56163/
> -----------------------------------------------------------
>
> (Updated Feb. 16, 2017, 4:43 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1341
> https://issues.apache.org/jira/browse/RANGER-1341
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
> ranger.service.https.attrib.keystore.pass
> ranger.truststore.password
> ranger.usersync.keystore.password
> ranger.usersync.truststore.password
>
> **Proposed Solution :** Use Credential provider api to store password in jceks file.
>
>
> Diffs
> -----
>
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
> jisql/src/main/java/org/apache/util/sql/MySQLPLRunner.java 8b51972
> kms/config/webserver/ranger-kms-site.xml 81f3f17
> kms/scripts/install.properties 473d3cf
> kms/scripts/setup.sh f31e0e2
> security-admin/scripts/install.properties 34dec22
> security-admin/scripts/setup.sh f7e02d9
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
> security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
> src/main/assembly/admin-web.xml 966033f
> tagsync/scripts/setup.py 88b10cc
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
> unixauthservice/scripts/install.properties 50e8487
> unixauthservice/scripts/setup.py b773e95
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
> unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
>
> Diff: https://reviews.apache.org/r/56163/diff/
>
>
> Testing
> -------
>
> 1. Tested Ranger on SSL enabled MySQL.
> 2. Tested Ranger with and without SSL.
> 3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
> 4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
> 5. Tested LDAP and UNIX UserSync.
> 6. Tested LDAP and UNIX Authentication.
> 7. Tested Knox Test connection.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/#review165813
-----------------------------------------------------------
unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java (line 116)
<https://reviews.apache.org/r/56163/#comment237660>
Reduce the sleep to something reasonable. Ideal solution is to refactor and avoid UnixAuth and UnixSync threads to safely use jceks file.
- Velmurugan Periasamy
On Feb. 16, 2017, 4:43 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56163/
> -----------------------------------------------------------
>
> (Updated Feb. 16, 2017, 4:43 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1341
> https://issues.apache.org/jira/browse/RANGER-1341
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
> ranger.service.https.attrib.keystore.pass
> ranger.truststore.password
> ranger.usersync.keystore.password
> ranger.usersync.truststore.password
>
> **Proposed Solution :** Use Credential provider api to store password in jceks file.
>
>
> Diffs
> -----
>
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
> jisql/src/main/java/org/apache/util/sql/MySQLPLRunner.java 8b51972
> kms/config/webserver/ranger-kms-site.xml 81f3f17
> kms/scripts/install.properties 473d3cf
> kms/scripts/setup.sh f31e0e2
> security-admin/scripts/install.properties 34dec22
> security-admin/scripts/setup.sh f7e02d9
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
> security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
> src/main/assembly/admin-web.xml 966033f
> tagsync/scripts/setup.py 88b10cc
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
> unixauthservice/scripts/install.properties 50e8487
> unixauthservice/scripts/setup.py b773e95
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
> unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
>
> Diff: https://reviews.apache.org/r/56163/diff/
>
>
> Testing
> -------
>
> 1. Tested Ranger on SSL enabled MySQL.
> 2. Tested Ranger with and without SSL.
> 3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
> 4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
> 5. Tested LDAP and UNIX UserSync.
> 6. Tested LDAP and UNIX Authentication.
> 7. Tested Knox Test connection.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/
-----------------------------------------------------------
(Updated Feb. 16, 2017, 4:43 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
removed default values of keystore file paths and passwords.
Bugs: RANGER-1341
https://issues.apache.org/jira/browse/RANGER-1341
Repository: ranger
Description
-------
**Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
ranger.service.https.attrib.keystore.pass
ranger.truststore.password
ranger.usersync.keystore.password
ranger.usersync.truststore.password
**Proposed Solution :** Use Credential provider api to store password in jceks file.
Diffs (updated)
-----
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
jisql/src/main/java/org/apache/util/sql/MySQLPLRunner.java 8b51972
kms/config/webserver/ranger-kms-site.xml 81f3f17
kms/scripts/install.properties 473d3cf
kms/scripts/setup.sh f31e0e2
security-admin/scripts/install.properties 34dec22
security-admin/scripts/setup.sh f7e02d9
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
src/main/assembly/admin-web.xml 966033f
tagsync/scripts/setup.py 88b10cc
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
unixauthservice/scripts/install.properties 50e8487
unixauthservice/scripts/setup.py b773e95
unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
Diff: https://reviews.apache.org/r/56163/diff/
Testing
-------
1. Tested Ranger on SSL enabled MySQL.
2. Tested Ranger with and without SSL.
3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
5. Tested LDAP and UNIX UserSync.
6. Tested LDAP and UNIX Authentication.
7. Tested Knox Test connection.
Thanks,
Pradeep Agrawal
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/
-----------------------------------------------------------
(Updated Feb. 15, 2017, 10:38 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Addressed review comments
Bugs: RANGER-1341
https://issues.apache.org/jira/browse/RANGER-1341
Repository: ranger
Description
-------
**Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
ranger.service.https.attrib.keystore.pass
ranger.truststore.password
ranger.usersync.keystore.password
ranger.usersync.truststore.password
**Proposed Solution :** Use Credential provider api to store password in jceks file.
Diffs (updated)
-----
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
kms/config/webserver/ranger-kms-site.xml 81f3f17
kms/scripts/install.properties 473d3cf
kms/scripts/setup.sh f31e0e2
security-admin/scripts/install.properties 34dec22
security-admin/scripts/setup.sh f7e02d9
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 830a049
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 08ed436
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
src/main/assembly/admin-web.xml 966033f
tagsync/scripts/setup.py 88b10cc
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
unixauthservice/scripts/install.properties 50e8487
unixauthservice/scripts/setup.py b773e95
unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java 175307f
Diff: https://reviews.apache.org/r/56163/diff/
Testing
-------
1. Tested Ranger on SSL enabled MySQL.
2. Tested Ranger with and without SSL.
3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
5. Tested LDAP and UNIX UserSync.
6. Tested LDAP and UNIX Authentication.
7. Tested Knox Test connection.
Thanks,
Pradeep Agrawal
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/#review165108
-----------------------------------------------------------
Fix it, then Ship it!
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java (line 509)
<https://reviews.apache.org/r/56163/#comment236922>
Logging this message would be helpful
security-admin/scripts/install.properties (line 59)
<https://reviews.apache.org/r/56163/#comment236923>
Putting keystores and truststores in conf folder ==> will this affect upgrades? Consider alternate location.
- Velmurugan Periasamy
On Feb. 10, 2017, 8:28 a.m., Pradeep Agrawal wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56163/
> -----------------------------------------------------------
>
> (Updated Feb. 10, 2017, 8:28 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1341
> https://issues.apache.org/jira/browse/RANGER-1341
>
>
> Repository: ranger
>
>
> Description
> -------
>
> **Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
> ranger.service.https.attrib.keystore.pass
> ranger.truststore.password
> ranger.usersync.keystore.password
> ranger.usersync.truststore.password
>
> **Proposed Solution :** Use Credential provider api to store password in jceks file.
>
>
> Diffs
> -----
>
> embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
> kms/config/webserver/ranger-kms-site.xml 81f3f17
> kms/scripts/install.properties 473d3cf
> kms/scripts/setup.sh f31e0e2
> security-admin/scripts/install.properties 34dec22
> security-admin/scripts/setup.sh f7e02d9
> security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java a0f83c7
> security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 8cd26a6
> security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
> src/main/assembly/admin-web.xml 966033f
> tagsync/scripts/setup.py 88b10cc
> ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
> unixauthservice/scripts/install.properties 50e8487
> unixauthservice/scripts/setup.py b773e95
> unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
>
> Diff: https://reviews.apache.org/r/56163/diff/
>
>
> Testing
> -------
>
> 1. Tested Ranger on SSL enabled MySQL.
> 2. Tested Ranger with and without SSL.
> 3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
> 4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
> 5. Tested LDAP and UNIX UserSync.
> 6. Tested LDAP and UNIX Authentication.
> 7. Tested Knox Test connection.
>
>
> Thanks,
>
> Pradeep Agrawal
>
>
Re: Review Request 56163: RANGER-1341 : Use credential provider files
to
store passwords rather storing them in config file in clear text format
Posted by Pradeep Agrawal <pr...@freestoneinfotech.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/
-----------------------------------------------------------
(Updated Feb. 10, 2017, 8:28 a.m.)
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.
Changes
-------
Updated patch based on latest commit.
Bugs: RANGER-1341
https://issues.apache.org/jira/browse/RANGER-1341
Repository: ranger
Description
-------
**Problem Statement :** Below mentioned passwords properties in Ranger Admin and usersync contains password in clear text. password should not be stored in clear text format rather it should be stored in jceks file.
ranger.service.https.attrib.keystore.pass
ranger.truststore.password
ranger.usersync.keystore.password
ranger.usersync.truststore.password
**Proposed Solution :** Use Credential provider api to store password in jceks file.
Diffs (updated)
-----
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java 9668e47
kms/config/webserver/ranger-kms-site.xml 81f3f17
kms/scripts/install.properties 473d3cf
kms/scripts/setup.sh f31e0e2
security-admin/scripts/install.properties 34dec22
security-admin/scripts/setup.sh f7e02d9
security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java a0f83c7
security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 8cd26a6
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa
src/main/assembly/admin-web.xml 966033f
tagsync/scripts/setup.py 88b10cc
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java a4b12b2
unixauthservice/scripts/install.properties 50e8487
unixauthservice/scripts/setup.py b773e95
unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a
Diff: https://reviews.apache.org/r/56163/diff/
Testing
-------
1. Tested Ranger on SSL enabled MySQL.
2. Tested Ranger with and without SSL.
3. Tested HDFS plugin enforecement using SSL enabled Ranger admin.
4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
5. Tested LDAP and UNIX UserSync.
6. Tested LDAP and UNIX Authentication.
7. Tested Knox Test connection.
Thanks,
Pradeep Agrawal