Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EF393200CD1 for ; Wed, 26 Jul 2017 21:08:15 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id EDD771696D4; Wed, 26 Jul 2017 19:08:15 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 216C11696D2 for ; Wed, 26 Jul 2017 21:08:14 +0200 (CEST) Received: (qmail 52115 invoked by uid 500); 26 Jul 2017 19:08:14 -0000 Mailing-List: contact commits-help@kudu.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@kudu.apache.org Delivered-To: mailing list commits@kudu.apache.org Received: (qmail 52102 invoked by uid 99); 26 Jul 2017 19:08:14 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Jul 2017 19:08:14 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 37EE5E10AB; Wed, 26 Jul 2017 19:08:14 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: danburkert@apache.org To: commits@kudu.apache.org Date: Wed, 26 Jul 2017 19:08:14 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] kudu git commit: Add security dashboard to web UI archived-at: Wed, 26 Jul 2017 19:08:16 -0000 Repository: kudu Updated Branches: refs/heads/master cb9a6b84d -> 9285f2b44 Add security dashboard to web UI Adds a new "Configuration" page to the web UI that displays a list of security configuration options, their current values, whether or not they're the most secure settings, and explanations of what flags control them. Change-Id: I632c3b757386e0282000bcb9562b6dc3622dde93 Reviewed-on: http://gerrit.cloudera.org:8080/7505 Reviewed-by: Dan Burkert Tested-by: Kudu Jenkins Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/634e1cc6 Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/634e1cc6 Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/634e1cc6 Branch: refs/heads/master Commit: 634e1cc673e5cd5fd563ba526a0a655c5718e4e3 Parents: cb9a6b8 Author: Sam Okrent Authored: Mon Jul 24 11:10:29 2017 -0700 Committer: Dan Burkert Committed: Wed Jul 26 19:07:11 2017 +0000 ---------------------------------------------------------------------- src/kudu/server/default-path-handlers.cc | 44 +++++++++++++++++++++++++++ www/config.mustache | 37 ++++++++++++++++++++++ www/kudu.css | 4 +++ 3 files changed, 85 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/src/kudu/server/default-path-handlers.cc ---------------------------------------------------------------------- diff --git a/src/kudu/server/default-path-handlers.cc b/src/kudu/server/default-path-handlers.cc index 8b4e995..645b362 100644 --- a/src/kudu/server/default-path-handlers.cc +++ b/src/kudu/server/default-path-handlers.cc @@ -26,6 +26,7 @@ #include #include +#include #include #include @@ -54,6 +55,12 @@ DEFINE_int64(web_log_bytes, 1024 * 1024, TAG_FLAG(web_log_bytes, advanced); TAG_FLAG(web_log_bytes, runtime); +// For configuration dashboard +DECLARE_string(redact); +DECLARE_string(rpc_encryption); +DECLARE_string(rpc_authentication); +DECLARE_string(webserver_certificate_file); + namespace kudu { using std::shared_ptr; @@ -185,6 +192,41 @@ static void MemTrackersHandler(const Webserver::WebRequest& /*req*/, std::ostrin *output << "\n"; } +static void ConfigurationHandler(const Webserver::WebRequest& /* req */, EasyJson* output) { + EasyJson security_configs = output->Set("security_configs", EasyJson::kArray); + + EasyJson rpc_encryption = security_configs.PushBack(EasyJson::kObject); + rpc_encryption["name"] = "RPC Encryption"; + rpc_encryption["value"] = FLAGS_rpc_encryption; + rpc_encryption["secure"] = boost::iequals(FLAGS_rpc_encryption, "required"); + rpc_encryption["id"] = "rpc_encryption"; + rpc_encryption["explanation"] = "Configure with --rpc_encryption. Most secure value is " + "'required'."; + + EasyJson rpc_authentication = security_configs.PushBack(EasyJson::kObject); + rpc_authentication["name"] = "RPC Authentication"; + rpc_authentication["value"] = FLAGS_rpc_authentication; + rpc_authentication["secure"] = boost::iequals(FLAGS_rpc_authentication, "required"); + rpc_authentication["id"] = "rpc_authentication"; + rpc_authentication["explanation"] = "Configure with --rpc_authentication. Most secure value is " + "'required'."; + + EasyJson webserver_encryption = security_configs.PushBack(EasyJson::kObject); + webserver_encryption["name"] = "Webserver Encryption"; + webserver_encryption["value"] = FLAGS_webserver_certificate_file.empty() ? "off" : "on"; + webserver_encryption["secure"] = !FLAGS_webserver_certificate_file.empty(); + webserver_encryption["id"] = "webserver_encryption"; + webserver_encryption["explanation"] = "Configure with --webserver_certificate_file and " + "webserver_private_key_file."; + + EasyJson webserver_redaction = security_configs.PushBack(EasyJson::kObject); + webserver_redaction["name"] = "Webserver Redaction"; + webserver_redaction["value"] = FLAGS_redact; + webserver_redaction["secure"] = boost::iequals(FLAGS_redact, "all"); + webserver_redaction["id"] = "webserver_redaction"; + webserver_redaction["explanation"] = "Configure with --redact. Most secure value is 'all'."; +} + void AddDefaultPathHandlers(Webserver* webserver) { bool styled = true; bool on_nav_bar = true; @@ -194,6 +236,8 @@ void AddDefaultPathHandlers(Webserver* webserver) { styled, on_nav_bar); webserver->RegisterPrerenderedPathHandler("/mem-trackers", "Memory (detail)", MemTrackersHandler, styled, on_nav_bar); + webserver->RegisterPathHandler("/config", "Configuration", ConfigurationHandler, + styled, on_nav_bar); AddPprofPathHandlers(webserver); } http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/www/config.mustache ---------------------------------------------------------------------- diff --git a/www/config.mustache b/www/config.mustache new file mode 100644 index 0000000..7d80c12 --- /dev/null +++ b/www/config.mustache @@ -0,0 +1,37 @@ +{{! +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +}} + +

Configuration

+ +

Security

+ + {{name}}: {{value}} + (?) +
{{explanation}}
+

http://git-wip-us.apache.org/repos/asf/kudu/blob/634e1cc6/www/kudu.css ---------------------------------------------------------------------- diff --git a/www/kudu.css b/www/kudu.css index d08ac62..d44905f 100644 --- a/www/kudu.css +++ b/www/kudu.css @@ -49,3 +49,7 @@ body { .footer pre { border: none; } + +.glyphicon-hide { + color: transparent; +}