ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nahappan Somasundaram (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-19427) Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are credential store aware properties
Date Tue, 10 Jan 2017 19:24:58 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-19427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nahappan Somasundaram updated AMBARI-19427:
-------------------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

> Ambari-server: Annotate PASSWORD properties with an attribute to indicate that they are
credential store aware properties
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-19427
>                 URL: https://issues.apache.org/jira/browse/AMBARI-19427
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.5.0
>            Reporter: Nahappan Somasundaram
>            Assignee: Nahappan Somasundaram
>             Fix For: 2.5.0
>
>         Attachments: rb55348.patch
>
>
> In service configuration files, password properties are of type PASSWORD. When credential
store usage is enabled for the feature, all such properties will be encrypted and placed in
the configuration's JCEKS provider and will not be available in plain text in the command
JSON. 
> However, there are situations where certain password properties should not be moved into
the configuration's JCEKS provider but left as plain text in the command JSON for clients
which are not credential store aware to consume.
> To take of this, password properties that are to be moved to JCEKS provider should be
annotated with a new attribute, "keystore" to explicitly indicate that these properties are
credential store aware.
> {code}
>  <property require-input="true">
>     <name>oozie.service.JPAService.jdbc.password</name>
>     <value/>
>     <display-name>Database Password</display-name>
>     <property-type>PASSWORD</property-type>
>     <description>
>       DB user password.
>       IMPORTANT: if password is emtpy leave a 1 space string, the service trims the value,
>       if empty Configuration assumes it is NULL.
>     </description>
>     <value-attributes>
>       <type>password</type>
>       <overridable>false</overridable>
>       *<keystore>true</keystore>*
>     </value-attributes>
>     <on-ambari-upgrade add="true"/>
>   </property>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message