You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by sa...@apache.org on 2021/01/28 19:25:27 UTC

[atlas] branch master updated: ATLAS-4107: Atlas not picking the ldap bind password from the correct jceks file.

This is an automated email from the ASF dual-hosted git repository.

sarath pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/atlas.git


The following commit(s) were added to refs/heads/master by this push:
     new bb745b9  ATLAS-4107: Atlas not picking the ldap bind password from the correct jceks file.
bb745b9 is described below

commit bb745b9e90c517517f88cd66ccca845bf73dfeca
Author: nixonrodrigues <ni...@apache.org>
AuthorDate: Thu Jan 28 20:04:28 2021 +0530

    ATLAS-4107: Atlas not picking the ldap bind password from the correct jceks file.
    
    Change-Id: I8f457b63f3170c2b1313ab365223d18af6023f87
    Signed-off-by: Sarath Subramanian <sa...@apache.org>
---
 .../org/apache/atlas/ApplicationProperties.java     | 11 +++++++----
 .../apache/atlas/security/SecurityProperties.java   |  1 +
 .../org/apache/atlas/security/SecurityUtil.java     | 21 ++++++++++++++++++---
 3 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
index e662c8f..bf97ab1 100644
--- a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
+++ b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
@@ -34,6 +34,7 @@ import java.net.URL;
 import java.util.AbstractMap.SimpleEntry;
 import java.util.Iterator;
 import java.util.Properties;
+import static org.apache.atlas.security.SecurityProperties.HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH;
 
 /**
  * Application properties used by Atlas.
@@ -57,6 +58,8 @@ public final class ApplicationProperties extends PropertiesConfiguration {
     public static final String  STORAGE_BACKEND_HBASE2          = "hbase2";
     public static final String  INDEX_BACKEND_SOLR              = "solr";
     public static final String  LDAP_TYPE                       =  "atlas.authentication.method.ldap.type";
+    public static final String  LDAP                            =  "LDAP";
+    public static final String  AD                              =  "AD";
     public static final String  LDAP_AD_BIND_PASSWORD           =  "atlas.authentication.method.ldap.ad.bind.password";
     public static final String  LDAP_BIND_PASSWORD              =  "atlas.authentication.method.ldap.bind.password";
     public static final String  MASK_LDAP_PASSWORD              =  "********";
@@ -278,17 +281,17 @@ public final class ApplicationProperties extends PropertiesConfiguration {
 
         if (StringUtils.isNotEmpty(ldapType)) {
             try {
-                if (ldapType.equalsIgnoreCase("ldap")) {
+                if (ldapType.equalsIgnoreCase(LDAP)) {
                     String maskPasssword = configuration.getString(LDAP_BIND_PASSWORD);
                     if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
-                        String password = SecurityUtil.getPassword(configuration, LDAP_BIND_PASSWORD);
+                        String password = SecurityUtil.getPassword(configuration, LDAP_BIND_PASSWORD, HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH);
                         configuration.clearProperty(LDAP_BIND_PASSWORD);
                         configuration.addProperty(LDAP_BIND_PASSWORD, password);
                     }
-                } else if (ldapType.equalsIgnoreCase("ad")) {
+                } else if (ldapType.equalsIgnoreCase(AD)) {
                     String maskPasssword = configuration.getString(LDAP_AD_BIND_PASSWORD);
                     if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
-                        String password = SecurityUtil.getPassword(configuration, LDAP_AD_BIND_PASSWORD);
+                        String password = SecurityUtil.getPassword(configuration, LDAP_AD_BIND_PASSWORD, HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH);
                         configuration.clearProperty(LDAP_AD_BIND_PASSWORD);
                         configuration.addProperty(LDAP_AD_BIND_PASSWORD, password);
                     }
diff --git a/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java b/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
index 2147cd1..0d94986 100644
--- a/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
+++ b/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -40,6 +40,7 @@ public final class SecurityProperties {
     public static final String SERVER_CERT_PASSWORD_KEY = "password";
     public static final String CLIENT_AUTH_KEY = "client.auth.enabled";
     public static final String CERT_STORES_CREDENTIAL_PROVIDER_PATH = "cert.stores.credential.provider.path";
+    public static final String HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH = "hadoop.security.credential.provider.path";
     public static final String SSL_CLIENT_PROPERTIES = "ssl-client.xml";
     public static final String BIND_ADDRESS = "atlas.server.bind.address";
     public static final String ATLAS_SSL_EXCLUDE_CIPHER_SUITES = "atlas.ssl.exclude.cipher.suites";
diff --git a/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java b/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
index 082c637..cf426fd 100644
--- a/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
+++ b/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
@@ -40,12 +40,27 @@ public class SecurityUtil {
      * @throws IOException
      */
     public static String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {
+        return getPassword(config, key, CERT_STORES_CREDENTIAL_PROVIDER_PATH);
+    }
+
+
+    /**
+     * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
+     * configured credential provider.
+     *
+     * @param config           application configuration
+     * @param key              the key/alias for the password.
+     * @param pathPropertyName property of path
+     * @return the password.
+     * @throws IOException
+     */
+    public static String getPassword(org.apache.commons.configuration.Configuration config, String key, String pathPropertyName) throws IOException {
 
         String password;
 
-        String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
+        String provider = config.getString(pathPropertyName);
         if (provider != null) {
-            LOG.info("Attempting to retrieve password for key {} from configured credential provider path {}", key, provider);
+            LOG.info("Attempting to retrieve password for key {} from {} configured credential provider path {}", key, pathPropertyName, provider);
             Configuration c = new Configuration();
             c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
             CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
@@ -58,7 +73,7 @@ public class SecurityUtil {
             }
 
         } else {
-            throw new IOException("No credential provider path configured for storage of certificate store passwords");
+            throw new IOException("No credential provider path " + pathPropertyName + " configured for storage of certificate store passwords");
         }
 
         return password;