ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Nettleton (JIRA)" <>
Subject [jira] [Resolved] (AMBARI-7630) Oozie Metastore password not properly exported by Blueprint processor
Date Mon, 06 Oct 2014 14:56:34 GMT


Robert Nettleton resolved AMBARI-7630.
    Resolution: Not a Problem

Further investigation during the review for this patch determined that this fix was not needed.
 The original test case for this bug was incorrectly adding this property to the "oozie-env"
namespace, and this property does not belong to this namespace.  This caused the Blueprint
processor to leave this property as-is, which is the desired behavior for custom properties.

The patch for this issue has been abandoned.  

> Oozie Metastore password not properly exported by Blueprint processor
> ---------------------------------------------------------------------
>                 Key: AMBARI-7630
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 1.6.0
>            Reporter: Robert Nettleton
>            Assignee: Robert Nettleton
>            Priority: Critical
>             Fix For: 1.7.0
>   Original Estimate: 24h
>  Remaining Estimate: 24h
> If a user sets the following Oozie property when creating a cluster:
> oozie_metastore_user_passwd
> This password field, including the password text, will be included in an exported Blueprint,
should the user export a Blueprint from the running cluster.  This will occur in any cluster
creation scenario (using the UI vs. using a Blueprint). 
> Password data should not be included in an exported Blueprint, as this represents a security
concern.  A more minor problem is that the password used in this cluster may not be useful
in the next cluster created with the exported Blueprint. 
> The Blueprint configuration processor should be modified to remove this property from
an exported Blueprint.  
> This Oozie configuration property appears to be from older versions of HDP.  As such,
the stack metadata information for this property is not available, which is why the Blueprint
processor does not currently remove this password from the stack. 
> In the short term (1.7.0), the BlueprintConfigurationProcessor should be modified to
properly handle this property.  Going forward, the stack definitions should be modified such
that this property includes the password metadata. 
> I'm working on a fix for this, and will be submitting a patch shortly.  

This message was sent by Atlassian JIRA

View raw message