You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by zj...@apache.org on 2018/04/10 07:51:58 UTC
zeppelin git commit: [ZEPPELIN-3350] Don't allow set cronExecutionUser
Repository: zeppelin
Updated Branches:
refs/heads/master 36a5a9173 -> 08c9ad9a6
[ZEPPELIN-3350] Don't allow set cronExecutionUser
### What is this PR for?
This PR just does a quick fix this security issue.
1. Remove the setting cron user in frontend
2. Run the note via owner.
### What type of PR is it?
[Bug Fix ]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-3350
### How should this be tested?
* Manually tested
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang <zj...@apache.org>
Closes #2914 from zjffdu/ZEPPELIN-3350 and squashes the following commits:
63325d0 [Jeff Zhang] [ZEPPELIN-3350] Don't allow set cronExecutionUser
Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/08c9ad9a
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/08c9ad9a
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/08c9ad9a
Branch: refs/heads/master
Commit: 08c9ad9a6692405884ae2b2f730868030247762f
Parents: 36a5a91
Author: Jeff Zhang <zj...@apache.org>
Authored: Wed Apr 4 18:13:06 2018 +0800
Committer: Jeff Zhang <zj...@apache.org>
Committed: Tue Apr 10 15:51:53 2018 +0800
----------------------------------------------------------------------
docs/usage/other_features/cron_scheduler.md | 2 +-
zeppelin-web/src/app/notebook/notebook-actionBar.html | 7 -------
.../main/java/org/apache/zeppelin/notebook/Note.java | 14 +++++---------
3 files changed, 6 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/docs/usage/other_features/cron_scheduler.md
----------------------------------------------------------------------
diff --git a/docs/usage/other_features/cron_scheduler.md b/docs/usage/other_features/cron_scheduler.md
index c7fc284..7223045 100644
--- a/docs/usage/other_features/cron_scheduler.md
+++ b/docs/usage/other_features/cron_scheduler.md
@@ -41,7 +41,7 @@ You can set a cron schedule easily by clicking each option such as `1m` and `5m`
You can set the cron schedule by filling in this form. Please see [Cron Trigger Tutorial](http://www.quartz-scheduler.org/documentation/quartz-2.2.x/tutorials/crontrigger) for the available cron syntax.
-### Cron executing user
+### Cron executing user (It is removed from 0.8 where it enforces the cron execution user to be the note owner for security purpose)
You can set the cron executing user by filling in this form and press the enter key.
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/zeppelin-web/src/app/notebook/notebook-actionBar.html
----------------------------------------------------------------------
diff --git a/zeppelin-web/src/app/notebook/notebook-actionBar.html b/zeppelin-web/src/app/notebook/notebook-actionBar.html
index 7559a87..78ca77e 100644
--- a/zeppelin-web/src/app/notebook/notebook-actionBar.html
+++ b/zeppelin-web/src/app/notebook/notebook-actionBar.html
@@ -281,13 +281,6 @@ limitations under the License.
</p>
</div>
<div>
- <span>- Cron executing user (click enter in field to submit)</span>
- <input type="text"
- ng-model="note.config.cronExecutingUser"
- ng-enter="setCronExecutingUser(note.config.cronExecutingUser)"
- dropdown-input />
- </div>
- <div>
<span>- auto-restart interpreter on cron execution </span>
<input type="checkbox"
ng-model="note.config.releaseresource"
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
----------------------------------------------------------------------
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
index 3728cd3..664e986 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
@@ -642,16 +642,10 @@ public class Note implements ParagraphJobListener, JsonSerializable {
}
/**
- * Run all paragraphs sequentially.
+ * Run all paragraphs sequentially. Only used for CronJob
*/
public synchronized void runAll() {
- String cronExecutingUser = (String) getConfig().get("cronExecutingUser");
- if (null == cronExecutingUser) {
- cronExecutingUser = "anonymous";
- }
- AuthenticationInfo authenticationInfo = new AuthenticationInfo();
- authenticationInfo.setUser(cronExecutingUser);
- runAll(authenticationInfo, true);
+ runAll(null, true);
}
public void runAll(AuthenticationInfo authenticationInfo, boolean blocking) {
@@ -659,7 +653,9 @@ public class Note implements ParagraphJobListener, JsonSerializable {
if (!p.isEnabled()) {
continue;
}
- p.setAuthenticationInfo(authenticationInfo);
+ if (authenticationInfo != null) {
+ p.setAuthenticationInfo(authenticationInfo);
+ }
if (!run(p.getId(), blocking)) {
logger.warn("Skip running the remain notes because paragraph {} fails", p.getId());
break;