You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by rk...@apache.org on 2015/07/10 02:26:48 UTC
oozie git commit: OOZIE-2272 Use Hadoop's CredentialProvider for
passwords in oozie-site (rkanter)
Repository: oozie
Updated Branches:
refs/heads/master 4d43fe8c4 -> 6a731f992
OOZIE-2272 Use Hadoop's CredentialProvider for passwords in oozie-site (rkanter)
Project: http://git-wip-us.apache.org/repos/asf/oozie/repo
Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/6a731f99
Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/6a731f99
Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/6a731f99
Branch: refs/heads/master
Commit: 6a731f9926158da38d1e3b518671ada95a544fe8
Parents: 4d43fe8
Author: Robert Kanter <rk...@cloudera.com>
Authored: Thu Jul 9 17:25:25 2015 -0700
Committer: Robert Kanter <rk...@cloudera.com>
Committed: Thu Jul 9 17:25:25 2015 -0700
----------------------------------------------------------------------
.../oozie/action/email/EmailActionExecutor.java | 2 +-
.../oozie/service/ConfigurationService.java | 33 ++++++++++++++++++++
.../org/apache/oozie/service/JPAService.java | 2 +-
.../sla/listener/SLAEmailEventListener.java | 2 +-
release-log.txt | 1 +
.../java/org/apache/oozie/tools/OozieDBCLI.java | 3 +-
6 files changed, 39 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java b/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java
index 1d260b4..dc58236 100644
--- a/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java
+++ b/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java
@@ -168,7 +168,7 @@ public class EmailActionExecutor extends ActionExecutor {
String smtpPort = getOozieConf().get(EMAIL_SMTP_PORT, "25");
Boolean smtpAuth = getOozieConf().getBoolean(EMAIL_SMTP_AUTH, false);
String smtpUser = getOozieConf().get(EMAIL_SMTP_USER, "");
- String smtpPassword = getOozieConf().get(EMAIL_SMTP_PASS, "");
+ String smtpPassword = ConfigurationService.getPassword(EMAIL_SMTP_PASS);
String fromAddr = getOozieConf().get(EMAIL_SMTP_FROM, "oozie@localhost");
Properties properties = new Properties();
http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/oozie/service/ConfigurationService.java b/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
index 93a7326..4fba996 100644
--- a/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
+++ b/core/src/main/java/org/apache/oozie/service/ConfigurationService.java
@@ -31,6 +31,8 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -95,6 +97,8 @@ public class ConfigurationService implements Service, Instrumentable {
private static final Set<String> MASK_PROPS = new HashSet<String>();
private static Map<String,String> defaultConfigs = new HashMap<String,String>();
+ private static Method getPasswordMethod;
+
static {
//all this properties are seeded as system properties, no need to log changes
@@ -114,6 +118,14 @@ public class ConfigurationService implements Service, Instrumentable {
// These properties should be masked when displayed because they contain sensitive info (e.g. password)
MASK_PROPS.add(JPAService.CONF_PASSWORD);
MASK_PROPS.add("oozie.authentication.signature.secret");
+
+ try {
+ // Only supported in Hadoop 2.6.0+
+ getPasswordMethod = Configuration.class.getMethod("getPassword", String.class);
+ } catch (NoSuchMethodException e) {
+ // Not supported
+ getPasswordMethod = null;
+ }
}
public static final String DEFAULT_CONFIG_FILE = "oozie-default.xml";
@@ -537,4 +549,25 @@ public class ConfigurationService implements Service, Instrumentable {
return conf.getClass(name, Object.class);
}
+ public static String getPassword(Configuration conf, String name) {
+ if (getPasswordMethod != null) {
+ try {
+ char[] pass = (char[]) getPasswordMethod.invoke(conf, name);
+ return new String(pass);
+ } catch (IllegalAccessException e) {
+ log.error(e);
+ throw new IllegalArgumentException("Could not load password for [" + name + "]", e);
+ } catch (InvocationTargetException e) {
+ log.error(e);
+ throw new IllegalArgumentException("Could not load password for [" + name + "]", e);
+ }
+ } else {
+ return conf.get(name);
+ }
+ }
+
+ public static String getPassword(String name) {
+ Configuration conf = Services.get().getConf();
+ return getPassword(conf, name);
+ }
}
http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/service/JPAService.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/oozie/service/JPAService.java b/core/src/main/java/org/apache/oozie/service/JPAService.java
index 906cb0f..5d9da1a 100644
--- a/core/src/main/java/org/apache/oozie/service/JPAService.java
+++ b/core/src/main/java/org/apache/oozie/service/JPAService.java
@@ -141,7 +141,7 @@ public class JPAService implements Service, Instrumentable {
String url = ConfigurationService.get(conf, CONF_URL);
String driver = ConfigurationService.get(conf, CONF_DRIVER);
String user = ConfigurationService.get(conf, CONF_USERNAME);
- String password = ConfigurationService.get(conf, CONF_PASSWORD).trim();
+ String password = ConfigurationService.getPassword(conf, CONF_PASSWORD).trim();
String maxConn = ConfigurationService.get(conf, CONF_MAX_ACTIVE_CONN).trim();
String dataSource = ConfigurationService.get(conf, CONF_CONN_DATA_SOURCE);
String connPropsConfig = ConfigurationService.get(conf, CONF_CONN_PROPERTIES);
http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java b/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java
index 535859f..6076056 100644
--- a/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java
+++ b/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java
@@ -107,7 +107,7 @@ public class SLAEmailEventListener extends SLAEventListener {
String smtpPort = conf.get(EmailActionExecutor.EMAIL_SMTP_PORT, SMTP_PORT_DEFAULT);
Boolean smtpAuth = conf.getBoolean(EmailActionExecutor.EMAIL_SMTP_AUTH, SMTP_AUTH_DEFAULT);
String smtpUser = conf.get(EmailActionExecutor.EMAIL_SMTP_USER, "");
- String smtpPassword = conf.get(EmailActionExecutor.EMAIL_SMTP_PASS, "");
+ String smtpPassword = ConfigurationService.getPassword(EmailActionExecutor.EMAIL_SMTP_PASS);
String smtpConnectTimeout = conf.get(SMTP_CONNECTION_TIMEOUT, SMTP_CONNECTION_TIMEOUT_DEFAULT);
String smtpTimeout = conf.get(SMTP_TIMEOUT, SMTP_TIMEOUT_DEFAULT);
http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 3a990bb..b19a913 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 4.3.0 release (trunk - unreleased)
+OOZIE-2272 Use Hadoop's CredentialProvider for passwords in oozie-site (rkanter)
OOZIE-2287 Add support for deleting hcat partitions in fs action delete (kailongs via rohini)
OOZIE-2285 Change in concurrency should trigger coord action ready command (kailongs via rohini)
OOZIE-2284 HBaseCredentials should only add hbase-default.xml and hbase-site.xml to actionConf (rohini)
http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java
----------------------------------------------------------------------
diff --git a/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java b/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java
index a639f4a..080fc24 100644
--- a/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java
+++ b/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java
@@ -26,6 +26,7 @@ import org.apache.commons.io.IOUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.oozie.BuildInfo;
import org.apache.oozie.cli.CLIParser;
+import org.apache.oozie.service.ConfigurationService;
import org.apache.oozie.service.JPAService;
import org.apache.oozie.service.Services;
@@ -168,7 +169,7 @@ public class OozieDBCLI {
String url = conf.get(JPAService.CONF_URL);
jdbcConf.put("url", url);
jdbcConf.put("user", conf.get(JPAService.CONF_USERNAME));
- jdbcConf.put("password", conf.get(JPAService.CONF_PASSWORD));
+ jdbcConf.put("password", ConfigurationService.getPassword(conf, JPAService.CONF_PASSWORD));
String dbType = url.substring("jdbc:".length());
if (dbType.indexOf(":") <= 0) {
throw new RuntimeException("Invalid JDBC URL, missing vendor 'jdbc:[VENDOR]:...'");