You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by he...@apache.org on 2021/10/04 09:49:23 UTC

[brooklyn-docs] branch master updated (1128aed -> 51d66c4)

This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git.


    from 1128aed  bump brooklyn version to 1.1.0-SNAPSHOT to match other projects
     new 3656238  Merge pull request #11 from apache/master
     new 5f58484  Merge branch 'apache:master' into master
     new 465dae3  Merge remote-tracking branch 'origin/master'
     new 51d66c4  update for sensitive fields excluded phrases

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 guide/ops/security-guidelines.md | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

[brooklyn-docs] 02/04: Merge branch 'apache:master' into master

Posted by he...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git

commit 5f58484fed82b7d5c602284e1d9139a50d98c330
Merge: 3656238 b64b091
Author: Duncan Grant <du...@gmail.com>
AuthorDate: Fri Sep 17 04:37:09 2021 -0400

    Merge branch 'apache:master' into master

 guide/ops/security-guidelines.md                | 128 +++++++++++++++++++++---
 guide/ops/troubleshooting/index.md              |   1 +
 guide/ops/troubleshooting/installation.md       |  11 ++
 guide/ops/troubleshooting/web-console-issues.md |  16 +++
 4 files changed, 142 insertions(+), 14 deletions(-)

[brooklyn-docs] 01/04: Merge pull request #11 from apache/master

Posted by he...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git

commit 36562383474679d13c6ecd2a4a9994b37b10dd06
Merge: 73bd8b9 db6087d
Author: Duncan Grant <du...@gmail.com>
AuthorDate: Fri Sep 10 09:35:59 2021 -0400

    Merge pull request #11 from apache/master
    
    Add LDAP_DOMAIN and fix brooklyn-* replacements

 guide/blueprints/catalog/versioning.md  |  2 +-
 guide/ops/configuration/brooklyn_cfg.md | 14 ++++++++++----
 guide/start/concept-quickstart.md       |  2 +-
 3 files changed, 12 insertions(+), 6 deletions(-)

[brooklyn-docs] 04/04: update for sensitive fields excluded phrases

Posted by he...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git

commit 51d66c475767424a41648f964d1492f052b3701d
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Fri Oct 1 21:42:43 2021 +0100

    update for sensitive fields excluded phrases
---
 guide/ops/security-guidelines.md | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/guide/ops/security-guidelines.md b/guide/ops/security-guidelines.md
index d37e793..b55d857 100644
--- a/guide/ops/security-guidelines.md
+++ b/guide/ops/security-guidelines.md
@@ -157,15 +157,23 @@ with the following `/etc/brooklyn.cfg` property:
 brooklyn.security.sensitive.fields.plaintext.blocked=true
 ```
 
-With this set, Apache Brooklyn will prevent deployment of blueprints that do not use externalized configuration
-in these places, forcing users to follow security best practice.  This will apply to potentially sensitive
-values embedded in a blueprint being deployed or in a blueprint from the catalog referenced by a blueprint
-being deployed.  This will also block some additions to the catalog where secrets are set as plaintext config
+With this set, Apache Brooklyn will prevent deployment of blueprints that provide plaintext values in these places, 
+forcing users to follow security best practice.  This will apply to potentially sensitive values embedded in a blueprint 
+being deployed or in a blueprint from the catalog referenced by a blueprint being deployed.  
+This will also block some additions to the catalog where secrets are set as plaintext config
 values (including types from the Composer, except in some cases where it is explicitly marked as a "template").
 
 This does not apply to default values specified for parameters or to values supplied via Java,
 as it is expected in these contexts that users are less likely to accidentally supply sensitive values in plaintext.
 
+All functions and complex objects, including mechanisms such as `$brooklyn:literal("value")` (to escape at design-time
+and evaluate as `value` at runtime). It can optionally be further restricted to exclude DSL values and complex objects
+whose string representation (unresolved) contains selected tokens or phrases. For example to prevent the usage of
+the `literal` DSL function anywhere in a supplied expression, the following setting can be used: 
+
+```
+brooklyn.security.sensitive.fields.ext.blocked.phrases = [ "$brooklyn:literal" ]
+```
 
 ### Scripts, Sensors, and other Blueprint Execution Considerations

[brooklyn-docs] 03/04: Merge remote-tracking branch 'origin/master'

Posted by he...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git

commit 465dae3942da58567f5b958f93ec4628b6cefae2
Merge: 1128aed 5f58484
Author: Alex Heneveld <al...@cloudsoftcorp.com>
AuthorDate: Fri Sep 17 14:43:46 2021 +0100

    Merge remote-tracking branch 'origin/master'