ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Nettleton" <rnettle...@hortonworks.com>
Subject Re: Review Request 39687: Allow use passwords references in custom actions
Date Mon, 02 Nov 2015 21:44:20 GMT


> On Nov. 2, 2015, 5:56 p.m., Robert Nettleton wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintResourceProvider.java,
line 24
> > <https://reviews.apache.org/r/39687/diff/3/?file=1114082#file1114082line24>
> >
> >     Can we get some more information on why this change is only applied to the Blueprint
resource provider, and not to the cluster's resource provider?
> >     
> >     It's important to note that the Cluster resource currently returns all passwords
in cleartext anyway, so any attempt to mask at the Blueprint level would also need to be accompanied
by some changes to at least the ClusterResourceProvider, in order to make sure that passwords
in this resource are masked as well.
> 
> Eugene Chekanskiy wrote:
>     Secret reference is a string like SECRET:configType:configVersion:propertyName.
>     Cluster-level replacing was implemented in previous patch, thats why in this patch
applied only to blueprint(eg blueprint changes is just a part of patch, where main task was
to allow using references in custom actions).
>     On every call to API all password properties replaced with references. In blueprints
used referecnes with config version -1(because we dont have nay configs yet).
>     When user send new configuration with secrete reference server automatically extracts
its value and writes it to database.
>     Communitation between server and agent unchanged, server send property values from
database without any references.

Thanks for clarifying.  I'll drop this issue now.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/39687/#review104742
-----------------------------------------------------------


On Nov. 2, 2015, 5:24 p.m., Vitalyi Brodetskyi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/39687/
> -----------------------------------------------------------
> 
> (Updated Nov. 2, 2015, 5:24 p.m.)
> 
> 
> Review request for Ambari, Dmitro Lisnichenko, Dmytro Sen, Robert Nettleton, and Sid
Wagle.
> 
> 
> Bugs: AMBARI-13582
>     https://issues.apache.org/jira/browse/AMBARI-13582
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Added ability to use secret references in custom actions; /api/v1/blueprints and /api/v1/clusters/cl?format=blueprint
returns masked passwords.
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariActionExecutionHelper.java
d834731 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
5f432ef 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 625ebc6

>   ambari-server/src/main/java/org/apache/ambari/server/controller/ConfigurationResponse.java
3ed9306 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintResourceProvider.java
fa355fa 
>   ambari-server/src/main/java/org/apache/ambari/server/stack/StackModule.java def33f0

>   ambari-server/src/main/java/org/apache/ambari/server/state/StackInfo.java e3ac3e0 
>   ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
279b31f 
>   ambari-server/src/main/java/org/apache/ambari/server/topology/BlueprintValidatorImpl.java
9e8f163 
>   ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java 2b1aeae

>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
c6170e4 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintResourceProviderTest.java
369bf02 
>   ambari-server/src/test/java/org/apache/ambari/server/topology/BlueprintImplTest.java
2199247 
>   ambari-server/src/test/resources/stacks/HDP/2.0.6/services/YARN/configuration/yarn-site.xml
1c02e86 
> 
> Diff: https://reviews.apache.org/r/39687/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Vitalyi Brodetskyi
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message