You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Robert Nettleton (JIRA)" <ji...@apache.org> on 2014/10/03 14:42:33 UTC
[jira] [Created] (AMBARI-7630) Oozie Metastore password not
properly exported by Blueprint processor
Robert Nettleton created AMBARI-7630:
----------------------------------------
Summary: Oozie Metastore password not properly exported by Blueprint processor
Key: AMBARI-7630
URL: https://issues.apache.org/jira/browse/AMBARI-7630
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 1.6.0
Reporter: Robert Nettleton
Assignee: Robert Nettleton
Priority: Critical
Fix For: 1.7.0
If a user sets the following Oozie property when creating a cluster:
oozie_metastore_user_passwd
This password field, including the password text, will be included in an exported Blueprint, should the user export a Blueprint from the running cluster. This will occur in any cluster creation scenario (using the UI vs. using a Blueprint).
Password data should not be included in an exported Blueprint, as this represents a security concern. A more minor problem is that the password used in this cluster may not be useful in the next cluster created with the exported Blueprint.
The Blueprint configuration processor should be modified to remove this property from an exported Blueprint.
This Oozie configuration property appears to be from older versions of HDP. As such, the stack metadata information for this property is not available, which is why the Blueprint processor does not currently remove this password from the stack.
In the short term (1.7.0), the BlueprintConfigurationProcessor should be modified to properly handle this property. Going forward, the stack definitions should be modified such that this property includes the password metadata.
I'm working on a fix for this, and will be submitting a patch shortly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)