You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by ahgittin <gi...@git.apache.org> on 2015/01/28 17:06:06 UTC
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
GitHub user ahgittin opened a pull request:
https://github.com/apache/incubator-brooklyn/pull/484
obfuscate passwords and credentials in the gui (literal "shadow passwords")
applies text shadowing to blur keys that say obvious things like "password" and "credential",
to config table and sensors table. clears up when you click it.
this prevents people looking over your shoulder from seeing things they shouldn't,
but it doesn't block REST access, and if you click on it you can still see it.
(this is a common trick done at AWS & SL, btw.)
a separate feature is to enforce visibility of sensors; this can be done with entitlements on a per-sensor basis
but it might be nice to have an easy entitlements mode where "sensitive" info is not available,
and options on config keys (similar to how i just did it with ConfigInheritance,
in https://github.com/apache/incubator-brooklyn/pull/483) to allow ConfigSensitivity.
an easy way to test is:
curl -v -X POST -H "Content-Type: application/json" --data \"foo\" http://127.0.0.1:8082/v1/applications/YKH2Dp3E/entities/NN0BJzNA/sensors/my_secret
here's what it looks like:
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ahgittin/incubator-brooklyn jsgui-hide-passwords
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-brooklyn/pull/484.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #484
----
commit 851f91ac3df97fe82ab5ece2aca7ce70456b8ccc
Author: Alex Heneveld <al...@cloudsoftcorp.com>
Date: 2015-01-28T15:54:26Z
obfuscate passwords and credentials in the gui (literal "shadow passwords!")
applies text shadowing to blur keys that say obvious things like "password" and "credential",
to config table and sensors table. clears up when you click it.
this prevents people looking over your shoulder from seeing things they shouldn't,
but it doesn't block REST access, and if you click on it you can still see it.
(this is a common trick done at AWS & SL, btw.)
a separate feature is to enforce visibility of sensors; this can be done with entitlements on a per-sensor basis
but it might be nice to have an easy entitlements mode where "sensitive" info is not available,
and options on config keys (similar to how i just did it with ConfigInheritance,
in https://github.com/apache/incubator-brooklyn/pull/483) to allow ConfigSensitivity.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72200206
also note `RendererHints.censoredValue()`
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72451798
@neykov can you try again - there was a bug where sometimes it would not apply the `secret-info` class
@neykov what do you mean you can reverse-engineer the text? placeholder text `(hidden)` is all you'd glean from a picture. NB the real data is on the web page, and a click will reveal it, so this is only meant as security from the person looking over your shoulder.
i much prefer the blur to anything grayed out, but let's see what people say
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by neykov <gi...@git.apache.org>.
Github user neykov commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72213597
Doesn't work for me:
Not supported on IE9-.
Also if I take a picture I can reverse-engineer the text :wink:
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72208415
if you need to control entitlements see `EntitlementManagerAdapter`. this could be easily extended to allow fine-grained access to config keys, following the pattern used for sensors.
btw the text which is blurred out is the word `[hidden]`, it is not the actual value. but the general principle of the brooklyn console is that you either have root access -- in which case all data is accessible -- or you are coming in with a specific entitlement scheme which would among other things block access to the groovy console.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by neykov <gi...@git.apache.org>.
Github user neykov commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72463541
Still something weird going on:
* Creating an app with `my_secret` config, there is some unexplained delay while loading:
* Once loaded the value part of the screen is missing:
* After clicking around the entities and going back, the value is visible:
* After adding a secret sensor (which displays fine), all config values are blurred:
As for reverse-engineering, I didn't realized the text is a static "(hidden)", consider it a try for a paranoia joke.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by alasdairhodge <gi...@git.apache.org>.
Github user alasdairhodge commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72219704
(@ahgittin: Thanks for clarifying that it's just the placeholder value that's blurred! I originally assumed it was the actual config value.)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-71861055
@alasdairhodge @bernd-clemenz one of you care to review?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by alasdairhodge <gi...@git.apache.org>.
Github user alasdairhodge commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72219184
Suggest **not** blurring the placeholder text, but definitely style it so it won't be mistaken for the actual value. Perhaps greyed-out and italicised?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72468226
aha, i've found one thing which might have caused this; could you try again? sorry + thanks
btw if anything funny does happen, can you check the errors in the JS console?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
GitHub user ahgittin reopened a pull request:
https://github.com/apache/incubator-brooklyn/pull/484
obfuscate passwords and credentials in the gui (literal "shadow passwords")
applies text shadowing to blur keys that say obvious things like "password" and "credential",
to config table and sensors table. clears up when you click it.
this prevents people looking over your shoulder from seeing things they shouldn't,
but it doesn't block REST access, and if you click on it you can still see it.
(this is a common trick done at AWS & SL, btw.)
a separate feature is to enforce visibility of sensors; this can be done with entitlements on a per-sensor basis
but it might be nice to have an easy entitlements mode where "sensitive" info is not available,
and options on config keys (similar to how i just did it with ConfigInheritance,
in https://github.com/apache/incubator-brooklyn/pull/483) to allow ConfigSensitivity.
an easy way to test is:
curl -v -X POST -H "Content-Type: application/json" --data \"foo\" http://127.0.0.1:8082/v1/applications/YKH2Dp3E/entities/NN0BJzNA/sensors/my_secret
here's what it looks like:
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ahgittin/incubator-brooklyn jsgui-hide-passwords
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-brooklyn/pull/484.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #484
----
commit 851f91ac3df97fe82ab5ece2aca7ce70456b8ccc
Author: Alex Heneveld <al...@cloudsoftcorp.com>
Date: 2015-01-28T15:54:26Z
obfuscate passwords and credentials in the gui (literal "shadow passwords!")
applies text shadowing to blur keys that say obvious things like "password" and "credential",
to config table and sensors table. clears up when you click it.
this prevents people looking over your shoulder from seeing things they shouldn't,
but it doesn't block REST access, and if you click on it you can still see it.
(this is a common trick done at AWS & SL, btw.)
a separate feature is to enforce visibility of sensors; this can be done with entitlements on a per-sensor basis
but it might be nice to have an easy entitlements mode where "sensitive" info is not available,
and options on config keys (similar to how i just did it with ConfigInheritance,
in https://github.com/apache/incubator-brooklyn/pull/483) to allow ConfigSensitivity.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72200395
what is going on with this intermittent failure --
2015-01-28 16:18:45,480 INFO TESTNG FAILED: "Surefire test" - brooklyn.launcher.BrooklynWebServerTest.verifyHttps() finished in 10 ms
java.lang.IllegalArgumentException: Unable to access URL brooklyn.webconsole.security.keystore.url: /home/jenkins/jenkins-slave/workspace/incubator-brooklyn-pull-requests%402/usage/launcher/target/test-classes/server.ks
pretty sure it is unrelated to this, but is starting to happen more often. /cc @aledsage any ideas?
(close/reopen to kick off another test run)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72207047
@alasdairhodge RTFI (where I = issue). this addresses the real problem of passwords being blatantly obvious to the person walking past your desk, where you have entitlement and sometimes requirement to see the real information.
controlling people's entitlements to data is a totally separate problem for which the entitlement subsystem can be used currently. a good addition to this would be the ability to define sets of sensors where we might want to grant RO or RW or NO access (where NO is not an acronym :) ). however i think a single `@Hidden` annotation is too coarse as it assumes there is only ever one such set.
while the distinction you draw between "you can know it exists but you can't see the value" and "you can't even know it exists" is a valid one, is there really any use case? i'd drop it, in favour of only the latter.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by neykov <gi...@git.apache.org>.
Github user neykov commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-73037507
It's working fine now on modern browsers. On IE9- it's just hiding the value.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#discussion_r23843744
--- Diff: docs/_extra/deploying-yaml.md ---
@@ -27,6 +27,8 @@ you can:
$ curl -T ./blueprint.yaml -X POST http://localhost:8081/v1/applications
{% endhighlight %}
+You may also need a `-H "Content-Type: application/yaml"` depending on type configuration.
+(Not usually for this, but often for other calls.)
--- End diff --
i had to dig that out when testing this. it's in the unused `_extra` folder of docs which we want to fold in elsewhere.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-brooklyn/pull/484
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by alasdairhodge <gi...@git.apache.org>.
Github user alasdairhodge commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-72201844
Meh. It's a cute CSS trick, but I don't think it takes us any closer to correctly solving the problem.
IMO, each sensor / CK (regardless of its name) should be optionally annotable as `@Sensitive` (redacted with `*` chars) or `@Hidden` (not even shown). It's up for discussion what should be visible to other Brooklyn entities (esp. those in different apps within the same server session), and what should be presented over the REST interface.
Some might argue that it's unacceptable to be able to access certain values client-side, even if it involves javascript hackery or viewing the HTML/JSON sources.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin closed the pull request at:
https://github.com/apache/incubator-brooklyn/pull/484
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by ahgittin <gi...@git.apache.org>.
Github user ahgittin commented on the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#issuecomment-73034921
@neykov could you try this again, see if i've fixed the issue for you?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-brooklyn pull request: obfuscate passwords and credentia...
Posted by alasdairhodge <gi...@git.apache.org>.
Github user alasdairhodge commented on a diff in the pull request:
https://github.com/apache/incubator-brooklyn/pull/484#discussion_r23842120
--- Diff: docs/_extra/deploying-yaml.md ---
@@ -27,6 +27,8 @@ you can:
$ curl -T ./blueprint.yaml -X POST http://localhost:8081/v1/applications
{% endhighlight %}
+You may also need a `-H "Content-Type: application/yaml"` depending on type configuration.
+(Not usually for this, but often for other calls.)
--- End diff --
Spurious diff for this PR.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---