You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by am...@apache.org on 2019/05/22 06:47:36 UTC
[ambari] branch branch-2.6 updated: AMBARI-25281. Hive View API
response contains plain-text password (amagyar) (#2979)
This is an automated email from the ASF dual-hosted git repository.
amagyar pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.6 by this push:
new 5bc0b54 AMBARI-25281. Hive View API response contains plain-text password (amagyar) (#2979)
5bc0b54 is described below
commit 5bc0b540c1ac5be65f63d315799dce6fec552670
Author: Attila Magyar <am...@hortonworks.com>
AuthorDate: Wed May 22 08:47:29 2019 +0200
AMBARI-25281. Hive View API response contains plain-text password (amagyar) (#2979)
* AMBARI-25281. Hive View API response contains plain-text password (amagyar)
* AMBARI-25281. Hive View API response contains plain-text password (amagyar)
---
.../internal/ViewInstanceResourceProvider.java | 4 +-
.../ambari/server/orm/entities/ViewEntity.java | 46 +++++++++++++++-------
.../server/orm/entities/ViewInstanceEntity.java | 28 ++++++++++---
.../apache/ambari/server/view/ViewRegistry.java | 2 +-
.../internal/ViewInstanceResourceProviderTest.java | 36 +++++++++++------
.../main/java/org/apache/ambari/view/Masker.java | 12 ++++++
.../apache/ambari/view/ViewInstanceDefinition.java | 7 ++++
7 files changed, 99 insertions(+), 36 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProvider.java
index 5cdc9c0..75132d8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProvider.java
@@ -48,6 +48,7 @@ import org.apache.ambari.server.view.validation.InstanceValidationResultImpl;
import org.apache.ambari.server.view.validation.ValidationException;
import org.apache.ambari.server.view.validation.ValidationResultImpl;
import org.apache.ambari.view.ClusterType;
+import org.apache.ambari.view.Masker;
import org.apache.ambari.view.validation.Validator;
import com.google.inject.Inject;
@@ -259,8 +260,9 @@ public class ViewInstanceResourceProvider extends AbstractAuthorizedResourceProv
// only allow an admin to access the view properties
if (ViewRegistry.getInstance().checkAdmin()) {
+ Masker masker = ViewRegistry.getInstance().getMasker(viewEntity.getMaskerClass());
setResourceProperty(resource, PROPERTIES_PROPERTY_ID,
- viewInstanceEntity.getPropertyMap(), requestedIds);
+ viewInstanceEntity.getPropertyMap(masker), requestedIds);
}
Map<String, String> applicationData = new HashMap<>();
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java
index 0d119df..e26e67d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java
@@ -18,16 +18,11 @@
package org.apache.ambari.server.orm.entities;
-import org.apache.ambari.server.configuration.Configuration;
-import org.apache.ambari.server.controller.spi.Resource;
-import org.apache.ambari.server.controller.spi.ResourceProvider;
-import org.apache.ambari.server.view.ViewSubResourceDefinition;
-import org.apache.ambari.server.view.configuration.ParameterConfig;
-import org.apache.ambari.server.view.configuration.ResourceConfig;
-import org.apache.ambari.server.view.configuration.ViewConfig;
-import org.apache.ambari.view.validation.Validator;
-import org.apache.ambari.view.View;
-import org.apache.ambari.view.ViewDefinition;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
import javax.persistence.Basic;
import javax.persistence.CascadeType;
@@ -42,11 +37,17 @@ import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.Transient;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.view.ViewSubResourceDefinition;
+import org.apache.ambari.server.view.configuration.ParameterConfig;
+import org.apache.ambari.server.view.configuration.ResourceConfig;
+import org.apache.ambari.server.view.configuration.ViewConfig;
+import org.apache.ambari.view.Masker;
+import org.apache.ambari.view.View;
+import org.apache.ambari.view.ViewDefinition;
+import org.apache.ambari.view.validation.Validator;
/**
* Entity representing a View.
@@ -895,6 +896,21 @@ public class ViewEntity implements ViewDefinition {
return name + "{" + version + "}";
}
+ /**
+ * Get the masker class.
+ *
+ * @return the masker class
+ *
+ * @throws RuntimeException if the class can not be loaded
+ */
+ public Class<? extends Masker> getMaskerClass() {
+ try {
+ return getConfiguration().getMaskerClass(getClassLoader());
+ } catch (ClassNotFoundException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
@Override
public String toString() {
return "ViewEntity{" +
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewInstanceEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewInstanceEntity.java
index c37b5e2..25c7d8f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewInstanceEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewInstanceEntity.java
@@ -45,9 +45,6 @@ import javax.persistence.TableGenerator;
import javax.persistence.Transient;
import javax.persistence.UniqueConstraint;
-import com.google.inject.AbstractModule;
-import com.google.inject.Guice;
-import com.google.inject.Injector;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.security.SecurityHelper;
import org.apache.ambari.server.security.SecurityHelperImpl;
@@ -58,11 +55,21 @@ import org.apache.ambari.server.view.configuration.InstanceConfig;
import org.apache.ambari.server.view.validation.InstanceValidationResultImpl;
import org.apache.ambari.server.view.validation.ValidationException;
import org.apache.ambari.server.view.validation.ValidationResultImpl;
-import org.apache.ambari.view.*;
+import org.apache.ambari.view.ClusterType;
+import org.apache.ambari.view.MaskException;
+import org.apache.ambari.view.Masker;
+import org.apache.ambari.view.ResourceProvider;
+import org.apache.ambari.view.ViewContext;
+import org.apache.ambari.view.ViewDefinition;
+import org.apache.ambari.view.ViewInstanceDefinition;
import org.apache.ambari.view.migration.ViewDataMigrationContext;
import org.apache.ambari.view.migration.ViewDataMigrator;
-import org.apache.ambari.view.validation.Validator;
import org.apache.ambari.view.validation.ValidationResult;
+import org.apache.ambari.view.validation.Validator;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
/**
* Represents an instance of a View.
@@ -319,6 +326,11 @@ public class ViewInstanceEntity implements ViewInstanceDefinition {
@Override
public Map<String, String> getPropertyMap() {
+ return getPropertyMap(Masker.NONE);
+ }
+
+ @Override
+ public Map<String, String> getPropertyMap(Masker masker) {
Map<String, String> propertyMap = new HashMap<String, String>();
for (ViewInstancePropertyEntity viewInstancePropertyEntity : getProperties()) {
@@ -327,7 +339,11 @@ public class ViewInstanceEntity implements ViewInstanceDefinition {
for (ViewParameterEntity viewParameterEntity : view.getParameters()) {
String parameterName = viewParameterEntity.getName();
if (!propertyMap.containsKey(parameterName)) {
- propertyMap.put(parameterName, viewParameterEntity.getDefaultValue());
+ try {
+ propertyMap.put(parameterName, viewParameterEntity.isMasked() ? masker.mask(viewParameterEntity.getDefaultValue()) : viewParameterEntity.getDefaultValue());
+ } catch (MaskException e) {
+ throw new RuntimeException(e);
+ }
}
}
return propertyMap;
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
index 7d23451..2062ac2 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
@@ -1451,7 +1451,7 @@ public class ViewRegistry {
}
// create masker from given class; probably replace with injector later
- private static Masker getMasker(Class<? extends Masker> clazz) {
+ public static Masker getMasker(Class<? extends Masker> clazz) {
try {
return clazz.newInstance();
} catch (Exception e) {
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProviderTest.java
index f6614dc..4cb86f4 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewInstanceResourceProviderTest.java
@@ -18,8 +18,28 @@
package org.apache.ambari.server.controller.internal;
-import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.DuplicateResourceException;
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.capture;
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.createNiceMock;
+import static org.easymock.EasyMock.eq;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.reset;
+import static org.easymock.EasyMock.verify;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
@@ -41,16 +61,6 @@ import org.junit.Test;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import static org.junit.Assert.*;
-import static org.easymock.EasyMock.*;
-import static org.junit.Assert.assertEquals;
-
public class ViewInstanceResourceProviderTest {
private static final ViewRegistry viewregistry = createMock(ViewRegistry.class);
@@ -84,7 +94,7 @@ public class ViewInstanceResourceProviderTest {
propertyMap.put("par1", "val1");
propertyMap.put("par2", "val2");
- expect(viewInstanceEntity.getPropertyMap()).andReturn(propertyMap);
+ expect(viewInstanceEntity.getPropertyMap(null)).andReturn(propertyMap);
expect(viewInstanceEntity.getData()).andReturn(Collections.<ViewInstanceDataEntity>emptyList()).anyTimes();
diff --git a/ambari-views/src/main/java/org/apache/ambari/view/Masker.java b/ambari-views/src/main/java/org/apache/ambari/view/Masker.java
index 31d22f1..d272cda 100644
--- a/ambari-views/src/main/java/org/apache/ambari/view/Masker.java
+++ b/ambari-views/src/main/java/org/apache/ambari/view/Masker.java
@@ -40,4 +40,16 @@ public interface Masker {
* @throws MaskException error happened during unmasking process
*/
public String unmask(String value) throws MaskException;
+
+ Masker NONE = new Masker() {
+ @Override
+ public String mask(String value) {
+ return value;
+ }
+
+ @Override
+ public String unmask(String value) {
+ return value;
+ }
+ };
}
diff --git a/ambari-views/src/main/java/org/apache/ambari/view/ViewInstanceDefinition.java b/ambari-views/src/main/java/org/apache/ambari/view/ViewInstanceDefinition.java
index 6f26cac..126689b 100644
--- a/ambari-views/src/main/java/org/apache/ambari/view/ViewInstanceDefinition.java
+++ b/ambari-views/src/main/java/org/apache/ambari/view/ViewInstanceDefinition.java
@@ -84,6 +84,13 @@ public interface ViewInstanceDefinition {
public Map<String, String> getPropertyMap();
/**
+ * Get property map, mask property values if needed
+ * @param masker
+ * @return
+ */
+ Map<String, String> getPropertyMap(Masker masker);
+
+ /**
* Get the view instance application data.
*
* @return the view instance application data map