kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From danburk...@apache.org
Subject [1/2] kudu git commit: Add security dashboard to web UI
Date Wed, 26 Jul 2017 19:08:14 GMT
Repository: kudu
Updated Branches:
  refs/heads/master cb9a6b84d -> 9285f2b44


Add security dashboard to web UI

Adds a new "Configuration" page to the web UI
that displays a list of security configuration
options, their current values, whether or not
they're the most secure settings, and
explanations of what flags control them.

Change-Id: I632c3b757386e0282000bcb9562b6dc3622dde93
Reviewed-on: http://gerrit.cloudera.org:8080/7505
Reviewed-by: Dan Burkert <danburkert@apache.org>
Tested-by: Kudu Jenkins


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/634e1cc6
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/634e1cc6
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/634e1cc6

Branch: refs/heads/master
Commit: 634e1cc673e5cd5fd563ba526a0a655c5718e4e3
Parents: cb9a6b8
Author: Sam Okrent <samuel.okrent@cloudera.com>
Authored: Mon Jul 24 11:10:29 2017 -0700
Committer: Dan Burkert <danburkert@apache.org>
Committed: Wed Jul 26 19:07:11 2017 +0000

----------------------------------------------------------------------
 src/kudu/server/default-path-handlers.cc | 44 +++++++++++++++++++++++++++
 www/config.mustache                      | 37 ++++++++++++++++++++++
 www/kudu.css                             |  4 +++
 3 files changed, 85 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/src/kudu/server/default-path-handlers.cc
----------------------------------------------------------------------
diff --git a/src/kudu/server/default-path-handlers.cc b/src/kudu/server/default-path-handlers.cc
index 8b4e995..645b362 100644
--- a/src/kudu/server/default-path-handlers.cc
+++ b/src/kudu/server/default-path-handlers.cc
@@ -26,6 +26,7 @@
 #include <vector>
 
 #include <boost/algorithm/string.hpp>
+#include <boost/algorithm/string/predicate.hpp>
 #include <boost/bind.hpp>
 #include <gperftools/malloc_extension.h>
 
@@ -54,6 +55,12 @@ DEFINE_int64(web_log_bytes, 1024 * 1024,
 TAG_FLAG(web_log_bytes, advanced);
 TAG_FLAG(web_log_bytes, runtime);
 
+// For configuration dashboard
+DECLARE_string(redact);
+DECLARE_string(rpc_encryption);
+DECLARE_string(rpc_authentication);
+DECLARE_string(webserver_certificate_file);
+
 namespace kudu {
 
 using std::shared_ptr;
@@ -185,6 +192,41 @@ static void MemTrackersHandler(const Webserver::WebRequest& /*req*/,
std::ostrin
   *output << "</tbody></table>\n";
 }
 
+static void ConfigurationHandler(const Webserver::WebRequest& /* req */, EasyJson* output)
{
+  EasyJson security_configs = output->Set("security_configs", EasyJson::kArray);
+
+  EasyJson rpc_encryption = security_configs.PushBack(EasyJson::kObject);
+  rpc_encryption["name"] = "RPC Encryption";
+  rpc_encryption["value"] = FLAGS_rpc_encryption;
+  rpc_encryption["secure"] = boost::iequals(FLAGS_rpc_encryption, "required");
+  rpc_encryption["id"] = "rpc_encryption";
+  rpc_encryption["explanation"] = "Configure with --rpc_encryption. Most secure value is
"
+                                  "'required'.";
+
+  EasyJson rpc_authentication = security_configs.PushBack(EasyJson::kObject);
+  rpc_authentication["name"] = "RPC Authentication";
+  rpc_authentication["value"] = FLAGS_rpc_authentication;
+  rpc_authentication["secure"] = boost::iequals(FLAGS_rpc_authentication, "required");
+  rpc_authentication["id"] = "rpc_authentication";
+  rpc_authentication["explanation"] = "Configure with --rpc_authentication. Most secure value
is "
+                                      "'required'.";
+
+  EasyJson webserver_encryption = security_configs.PushBack(EasyJson::kObject);
+  webserver_encryption["name"] = "Webserver Encryption";
+  webserver_encryption["value"] = FLAGS_webserver_certificate_file.empty() ? "off" : "on";
+  webserver_encryption["secure"] = !FLAGS_webserver_certificate_file.empty();
+  webserver_encryption["id"] = "webserver_encryption";
+  webserver_encryption["explanation"] = "Configure with --webserver_certificate_file and
"
+                                        "webserver_private_key_file.";
+
+  EasyJson webserver_redaction = security_configs.PushBack(EasyJson::kObject);
+  webserver_redaction["name"] = "Webserver Redaction";
+  webserver_redaction["value"] = FLAGS_redact;
+  webserver_redaction["secure"] = boost::iequals(FLAGS_redact, "all");
+  webserver_redaction["id"] = "webserver_redaction";
+  webserver_redaction["explanation"] = "Configure with --redact. Most secure value is 'all'.";
+}
+
 void AddDefaultPathHandlers(Webserver* webserver) {
   bool styled = true;
   bool on_nav_bar = true;
@@ -194,6 +236,8 @@ void AddDefaultPathHandlers(Webserver* webserver) {
                                             styled, on_nav_bar);
   webserver->RegisterPrerenderedPathHandler("/mem-trackers", "Memory (detail)", MemTrackersHandler,
                                             styled, on_nav_bar);
+  webserver->RegisterPathHandler("/config", "Configuration", ConfigurationHandler,
+                                  styled, on_nav_bar);
 
   AddPprofPathHandlers(webserver);
 }

http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/www/config.mustache
----------------------------------------------------------------------
diff --git a/www/config.mustache b/www/config.mustache
new file mode 100644
index 0000000..7d80c12
--- /dev/null
+++ b/www/config.mustache
@@ -0,0 +1,37 @@
+{{!
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+}}
+
+<h2>Configuration</h2>
+
+<div class="panel panel-default">
+  <div class="panel-heading">
+    <h3 class="panel-title">Security</h3>
+  </div>
+  <ul class="list-group">
+   {{#security_configs}}
+    <li class="list-group-item">
+      <span class="glyphicon glyphicon-lock text-success
+          {{^secure}}glyphicon-hide{{/secure}}"></span>
+      {{name}}: {{value}}
+      <small>(<a href="#{{id}}" data-toggle="collapse">?</a>)</small>
+      <div id="{{id}}" class="collapse text-muted">{{explanation}}</div>
+    </li>
+   {{/security_configs}}
+  </ul>
+</div>

http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/www/kudu.css
----------------------------------------------------------------------
diff --git a/www/kudu.css b/www/kudu.css
index d08ac62..d44905f 100644
--- a/www/kudu.css
+++ b/www/kudu.css
@@ -49,3 +49,7 @@ body {
 .footer pre {
   border: none;
 }
+
+.glyphicon-hide {
+  color: transparent;
+}


Mime
View raw message