You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Sangeeta Ravindran <sa...@gmail.com> on 2015/09/25 07:09:19 UTC
Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/
-----------------------------------------------------------
Review request for Ambari and Andrew Onischuk.
Bugs: AMBARI-11967
https://issues.apache.org/jira/browse/AMBARI-11967
Repository: ambari
Description
-------
When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
The password should not be included in the downloaded client config file.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java e3686ac
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
Diff: https://reviews.apache.org/r/38748/diff/
Testing
-------
Manual testing. Updated JUnit test case. Ran mvn clean test.
Thanks,
Sangeeta Ravindran
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On Sept. 25, 2015, 11:48 a.m., Andrew Onischuk wrote:
> >
Hi Andrew,
I have uploaded a new patch. With the changes, all config properties of type "PASSWORD" are excluded from the download client configs.
Thanks,
Sangeeta
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100573
-----------------------------------------------------------
On Sept. 27, 2015, 6:52 a.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:52 a.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100573
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java (line 243)
<https://reviews.apache.org/r/38748/#comment157812>
We shouldn't hardcode passwords in java code. This looks pretty hacky.
<property-type>PASSWORD</property-type>
The thing we should do is to grab all the properties with property-type password and exclude them.
If you got any questions on implementing it. Please ping me aonishuk@hortonworks.com
- Andrew Onischuk
On Sept. 25, 2015, 5:09 a.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 25, 2015, 5:09 a.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java e3686ac
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On Sept. 29, 2015, 7:42 a.m., Andrew Onischuk wrote:
> > The code LGTM. The only thing I want to ask is are you sure that oozie client works fine without password in configurations? Can you give some references or results of what you want tried?
>
> Sangeeta Ravindran wrote:
> Hi Andrew,
>
> Sorry for not getting back to you earlier. The Oozie client will work fine without db password as it depends mainly on RESTful APIs. Testcase org.apache.ooze.client.TestOozieCLI.
>
> Thanks,
> Sangeeta
Hi Andrew, Yusaku,
Can you please let me know if any further changes are needed in this jira?
Thanks,
Sangeeta
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100939
-----------------------------------------------------------
On Sept. 27, 2015, 6:08 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:08 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On Sept. 29, 2015, 7:42 a.m., Andrew Onischuk wrote:
> > The code LGTM. The only thing I want to ask is are you sure that oozie client works fine without password in configurations? Can you give some references or results of what you want tried?
Hi Andrew,
Sorry for not getting back to you earlier. The Oozie client will work fine without db password as it depends mainly on RESTful APIs. Testcase org.apache.ooze.client.TestOozieCLI.
Thanks,
Sangeeta
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100939
-----------------------------------------------------------
On Sept. 27, 2015, 6:08 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:08 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100939
-----------------------------------------------------------
The code LGTM. The only thing I want to ask is are you sure that oozie client works fine without password in configurations? Can you give some references or results of what you want tried?
- Andrew Onischuk
On Sept. 27, 2015, 6:08 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:08 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Andrew Onischuk <ao...@hortonworks.com>.
> On Nov. 13, 2015, 6:15 p.m., Andrew Onischuk wrote:
> > Ship It!
>
> Sangeeta Ravindran wrote:
> Thank you Andrew. Can you help push the fix?
Can you check the lastest comments on jira?
- Andrew
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review106469
-----------------------------------------------------------
On Sept. 27, 2015, 6:08 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:08 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On Nov. 13, 2015, 6:15 p.m., Andrew Onischuk wrote:
> > Ship It!
Thank you Andrew. Can you help push the fix?
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review106469
-----------------------------------------------------------
On Sept. 27, 2015, 6:08 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:08 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review106469
-----------------------------------------------------------
Ship it!
Ship It!
- Andrew Onischuk
On Sept. 27, 2015, 6:08 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:08 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/
-----------------------------------------------------------
(Updated Sept. 27, 2015, 6:08 p.m.)
Review request for Ambari and Andrew Onischuk.
Changes
-------
Fixed indentation. Removed try/catch block.
Bugs: AMBARI-11967
https://issues.apache.org/jira/browse/AMBARI-11967
Repository: ambari
Description
-------
When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
The password should not be included in the downloaded client config file.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
Diff: https://reviews.apache.org/r/38748/diff/
Testing
-------
Manual testing. Updated JUnit test case. Ran mvn clean test.
Thanks,
Sangeeta Ravindran
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/
-----------------------------------------------------------
(Updated Sept. 27, 2015, 5:44 p.m.)
Review request for Ambari and Andrew Onischuk.
Bugs: AMBARI-11967
https://issues.apache.org/jira/browse/AMBARI-11967
Repository: ambari
Description
-------
When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
The password should not be included in the downloaded client config file.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
Diff: https://reviews.apache.org/r/38748/diff/
Testing
-------
Manual testing. Updated JUnit test case. Ran mvn clean test.
Thanks,
Sangeeta Ravindran
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On Sept. 27, 2015, 10:11 a.m., Andrew Onischuk wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java, line 264
> > <https://reviews.apache.org/r/38748/diff/2/?file=1085346#file1085346line264>
> >
> > Let's use indent 2. Like in other places in project.
I've fixed the indentation and uploaded a new patch.
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100774
-----------------------------------------------------------
On Sept. 27, 2015, 5:44 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 5:44 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100774
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java (line 264)
<https://reviews.apache.org/r/38748/#comment158026>
Let's use indent 2. Like in other places in project.
- Andrew Onischuk
On Sept. 27, 2015, 6:52 a.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:52 a.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
> On Sept. 27, 2015, 10:12 a.m., Andrew Onischuk wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java, line 517
> > <https://reviews.apache.org/r/38748/diff/2/?file=1085347#file1085347line517>
> >
> > This a bad practice to just skip any exceptions. Can you tell what exactly you want to do here?
I've removed the catch block.
- Sangeeta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100775
-----------------------------------------------------------
On Sept. 27, 2015, 6:08 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:08 p.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/#review100775
-----------------------------------------------------------
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java (line 517)
<https://reviews.apache.org/r/38748/#comment158027>
This a bad practice to just skip any exceptions. Can you tell what exactly you want to do here?
- Andrew Onischuk
On Sept. 27, 2015, 6:52 a.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38748/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2015, 6:52 a.m.)
>
>
> Review request for Ambari and Andrew Onischuk.
>
>
> Bugs: AMBARI-11967
> https://issues.apache.org/jira/browse/AMBARI-11967
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
>
> The password should not be included in the downloaded client config file.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
> ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
>
> Diff: https://reviews.apache.org/r/38748/diff/
>
>
> Testing
> -------
>
> Manual testing. Updated JUnit test case. Ran mvn clean test.
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 38748: AMBARI-11967: Oozie db password appears in
clear text in client config downloaded from Ambari UI
Posted by Sangeeta Ravindran <sa...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38748/
-----------------------------------------------------------
(Updated Sept. 27, 2015, 6:52 a.m.)
Review request for Ambari and Andrew Onischuk.
Bugs: AMBARI-11967
https://issues.apache.org/jira/browse/AMBARI-11967
Repository: ambari
Description
-------
When Oozie Client Configs are downloaded from the Ambari UI, the oozie-site.xml included in the tar.gz file contains the value of the oozie.service.JPAService.jdbc.password field.
The password should not be included in the downloaded client config file.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProvider.java dea0362
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java 62c3b61
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClientConfigResourceProviderTest.java 7643abb
Diff: https://reviews.apache.org/r/38748/diff/
Testing
-------
Manual testing. Updated JUnit test case. Ran mvn clean test.
Thanks,
Sangeeta Ravindran