[jira] [Created] (AMBARI-7630) Oozie Metastore password not properly exported by Blueprint processor

["Robert Nettleton (JIRA)" <ji...@apache.org>]

Robert Nettleton created AMBARI-7630:
----------------------------------------

             Summary: Oozie Metastore password not properly exported by Blueprint processor
                 Key: AMBARI-7630
                 URL: https://issues.apache.org/jira/browse/AMBARI-7630
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 1.6.0
            Reporter: Robert Nettleton
            Assignee: Robert Nettleton
            Priority: Critical
             Fix For: 1.7.0


If a user sets the following Oozie property when creating a cluster:

oozie_metastore_user_passwd

This password field, including the password text, will be included in an exported Blueprint, should the user export a Blueprint from the running cluster.  This will occur in any cluster creation scenario (using the UI vs. using a Blueprint). 

Password data should not be included in an exported Blueprint, as this represents a security concern.  A more minor problem is that the password used in this cluster may not be useful in the next cluster created with the exported Blueprint. 

The Blueprint configuration processor should be modified to remove this property from an exported Blueprint.  

This Oozie configuration property appears to be from older versions of HDP.  As such, the stack metadata information for this property is not available, which is why the Blueprint processor does not currently remove this password from the stack. 

In the short term (1.7.0), the BlueprintConfigurationProcessor should be modified to properly handle this property.  Going forward, the stack definitions should be modified such that this property includes the password metadata. 

I'm working on a fix for this, and will be submitting a patch shortly.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)