You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by fb...@apache.org on 2015/05/27 23:51:48 UTC

ambari git commit: AMBARI-11403 [WinTP2] ServiceConfig should not log password in plaintext

Repository: ambari
Updated Branches:
  refs/heads/trunk 8deabc2cb -> 8419e55bf


AMBARI-11403 [WinTP2] ServiceConfig should not log password in plaintext

Fixed logged string generation


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8419e55b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8419e55b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8419e55b

Branch: refs/heads/trunk
Commit: 8419e55bf2a4484c651cfe4b476d7c34b05301d9
Parents: 8deabc2
Author: Florian Barca <fb...@hortonworks.com>
Authored: Wed May 27 14:51:33 2015 -0700
Committer: Florian Barca <fb...@hortonworks.com>
Committed: Wed May 27 14:51:33 2015 -0700

----------------------------------------------------------------------
 .../python/resource_management/core/base.py     | 28 ++++++++
 .../python/resource_management/core/logger.py   | 68 ++++++++++----------
 .../core/resources/service.py                   |  4 +-
 3 files changed, 63 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/8419e55b/ambari-common/src/main/python/resource_management/core/base.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/core/base.py b/ambari-common/src/main/python/resource_management/core/base.py
index 67634cd..b291769 100644
--- a/ambari-common/src/main/python/resource_management/core/base.py
+++ b/ambari-common/src/main/python/resource_management/core/base.py
@@ -41,6 +41,9 @@ class ResourceArgument(object):
       raise InvalidArgument("Required argument %s missing" % self.name)
     return value
 
+  def log_str(self, key, value):
+    return Logger.get_arg_repr(key, value)
+
 
 class ForcedListArgument(ResourceArgument):
   def validate(self, value):
@@ -59,6 +62,12 @@ class BooleanArgument(ResourceArgument):
     return value
 
 
+class PasswordArgument(ResourceArgument):
+  def log_str(self, key, value):
+    # Hide the passwords from text representations
+    return "********"
+
+
 class Accessor(object):
   def __init__(self, name):
     self.name = name
@@ -150,6 +159,25 @@ class Resource(object):
   def validate(self):
     pass
 
+  def get_function_repr(self):
+    name = repr(self)
+
+    arguments_str = ""
+    for x, y in self.arguments.iteritems():
+      try:
+        arg = self._arguments[x]
+      except KeyError:
+        raise Fail("%s received unsupported argument %s" % (self, x))
+
+      val = arg.log_str(x, y)
+
+      arguments_str += "'{0}': {1}, ".format(x, val)
+
+    if arguments_str:
+      arguments_str = arguments_str[:-2]
+
+    return unicode("{0} {{{1}}}").format(name, arguments_str)
+
   def __repr__(self):
     return unicode(self)
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/8419e55b/ambari-common/src/main/python/resource_management/core/logger.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/core/logger.py b/ambari-common/src/main/python/resource_management/core/logger.py
index 74e88e8..c741327 100644
--- a/ambari-common/src/main/python/resource_management/core/logger.py
+++ b/ambari-common/src/main/python/resource_management/core/logger.py
@@ -70,19 +70,19 @@ class Logger:
 
   @staticmethod
   def error_resource(resource):
-    Logger.error(Logger.filter_text(Logger._get_resource_repr(resource)))
+    Logger.error(Logger.filter_text(resource.get_function_repr()))
 
   @staticmethod
   def warning_resource(resource):
-    Logger.warning(Logger.filter_text(Logger._get_resource_repr(resource)))
+    Logger.warning(Logger.filter_text(resource.get_function_repr()))
 
   @staticmethod
   def info_resource(resource):
-    Logger.info(Logger.filter_text(Logger._get_resource_repr(resource)))
+    Logger.info(Logger.filter_text(resource.get_function_repr()))
 
   @staticmethod
   def debug_resource(resource):
-    Logger.debug(Logger.filter_text(Logger._get_resource_repr(resource)))
+    Logger.debug(Logger.filter_text(resource.get_function_repr()))
     
   @staticmethod    
   def filter_text(text):
@@ -98,10 +98,6 @@ class Logger:
       text = text.replace(placeholder, '')
 
     return text
-  
-  @staticmethod
-  def _get_resource_repr(resource):
-    return Logger.get_function_repr(repr(resource), resource.arguments)
 
   @staticmethod
   def get_function_repr(name, arguments):
@@ -109,33 +105,7 @@ class Logger:
 
     arguments_str = ""
     for x,y in arguments.iteritems():
-
-      # strip unicode 'u' sign
-      if isinstance(y, unicode):
-        # don't show long messages
-        if len(y) > MESSAGE_MAX_LEN:
-          y = '...'
-        val = repr(y).lstrip('u')
-      # don't show dicts of configurations
-      # usually too long
-      elif isinstance(y, dict) and len(y) > DICTIONARY_MAX_LEN:
-        val = "..."
-      # for configs which didn't come
-      elif isinstance(y, UnknownConfiguration):
-        val = "[EMPTY]"
-      # correctly output 'mode' (as they are octal values like 0755)
-      elif y and x == 'mode':
-        try:
-          val = oct(y)
-        except:
-          val = repr(y)
-      # for functions show only function name
-      elif hasattr(y, '__call__') and hasattr(y, '__name__'):
-        val = y.__name__
-      else:
-        val = repr(y)
-        
-
+      val = Logger.get_arg_repr(x, y)
 
       arguments_str += "'{0}': {1}, ".format(x, val)
 
@@ -143,3 +113,31 @@ class Logger:
       arguments_str = arguments_str[:-2]
 
     return unicode("{0} {{{1}}}").format(name, arguments_str)
+
+  @staticmethod
+  def get_arg_repr(x, y):
+    # strip unicode 'u' sign
+    if isinstance(y, unicode):
+      # don't show long messages
+      if len(y) > MESSAGE_MAX_LEN:
+        y = '...'
+      val = repr(y).lstrip('u')
+    # don't show dicts of configurations
+    # usually too long
+    elif isinstance(y, dict) and len(y) > DICTIONARY_MAX_LEN:
+      val = "..."
+    # for configs which didn't come
+    elif isinstance(y, UnknownConfiguration):
+      val = "[EMPTY]"
+    # correctly output 'mode' (as they are octal values like 0755)
+    elif y and x == 'mode':
+      try:
+        val = oct(y)
+      except:
+        val = repr(y)
+    # for functions show only function name
+    elif hasattr(y, '__call__') and hasattr(y, '__name__'):
+      val = y.__name__
+    else:
+      val = repr(y)
+    return val

http://git-wip-us.apache.org/repos/asf/ambari/blob/8419e55b/ambari-common/src/main/python/resource_management/core/resources/service.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/core/resources/service.py b/ambari-common/src/main/python/resource_management/core/resources/service.py
index cb202cf..9f963fb 100644
--- a/ambari-common/src/main/python/resource_management/core/resources/service.py
+++ b/ambari-common/src/main/python/resource_management/core/resources/service.py
@@ -22,7 +22,7 @@ Ambari Agent
 
 __all__ = ["Service", "ServiceConfig"]
 
-from resource_management.core.base import Resource, ResourceArgument, ForcedListArgument
+from resource_management.core.base import Resource, ResourceArgument, ForcedListArgument, PasswordArgument
 
 
 class Service(Resource):
@@ -46,6 +46,6 @@ class ServiceConfig(Resource):
   #exe_path = ResourceArgument()
   #arguments = ResourceArgument()
   username = ResourceArgument()
-  password = ResourceArgument()
+  password = PasswordArgument()
 
   actions = ["nothing", "install", "configure", "change_user", "uninstall"]