Repository: ambari Updated Branches: refs/heads/trunk 966f3031d -> 7d1ab29c5
AMBARI-14885: After exporting blueprint from existing cluster knox_master_secret is exported. (arborkar via dili) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7d1ab29c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7d1ab29c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7d1ab29c Branch: refs/heads/trunk Commit: 7d1ab29c5860a8cab6f19eb98c0a7bd25529ec5e Parents: 966f303 Author: Di Li <d...@apache.org> Authored: Thu Feb 11 13:54:01 2016 -0500 Committer: Di Li <d...@apache.org> Committed: Thu Feb 11 13:54:01 2016 -0500 ---------------------------------------------------------------------- .../BlueprintConfigurationProcessor.java | 2 +- .../BlueprintConfigurationProcessorTest.java | 19 +++++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/7d1ab29c/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java index de31a0d..7fb2592 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java @@ -2605,7 +2605,7 @@ public class BlueprintConfigurationProcessor { */ private static class PasswordPropertyFilter implements PropertyFilter { - private static final Pattern PASSWORD_NAME_REGEX = Pattern.compile("\\S+PASSWORD", Pattern.CASE_INSENSITIVE); + private static final Pattern PASSWORD_NAME_REGEX = Pattern.compile("\\S+(PASSWORD|SECRET)", Pattern.CASE_INSENSITIVE); /** * Query to determine if a given property should be included in a collection of http://git-wip-us.apache.org/repos/asf/ambari/blob/7d1ab29c/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java index 7a77a25..9c76e8a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java @@ -689,14 +689,21 @@ public class BlueprintConfigurationProcessorTest { typeProps.put("test.ssl.password", "test-password-five"); typeProps.put("test.password.should.be.included", "test-another-pwd"); + //Checking functionality for fields marked as SECRET + Map<String, String> secretProps = new HashMap<String, String>(); + secretProps.put("knox_master_secret", "test-secret-one"); + secretProps.put("test.secret.should.be.included", "test-another-secret"); // create a custom config type, to verify that the filters can // be applied across all config types Map<String, String> customProps = new HashMap<String, String>(); customProps.put("my_test_PASSWORD", "should be excluded"); customProps.put("PASSWORD_mytest", "should be included"); + customProps.put("my_test_SECRET", "should be excluded"); + customProps.put("SECRET_mytest", "should be included"); properties.put("ranger-yarn-plugin-properties", typeProps); properties.put("custom-test-properties", customProps); + properties.put("secret-test-properties", secretProps); Configuration clusterConfig = new Configuration(properties, Collections.<String, Map<String, Map<String, String>>>emptyMap()); @@ -721,10 +728,12 @@ public class BlueprintConfigurationProcessorTest { configProcessor.doUpdateForBlueprintExport(); - assertEquals("Exported properties map was not of the expected size", 1, + assertEquals("Exported properties map was not of the expected size", 2, properties.get("custom-test-properties").size()); assertEquals("ranger-yarn-plugin-properties config type was not properly exported", 1, properties.get("ranger-yarn-plugin-properties").size()); + assertEquals("Exported secret properties map was not of the expected size", 1, + properties.get("secret-test-properties").size()); // verify that the following password properties matching the "*_PASSWORD" rule have been excluded assertFalse("Password property should have been excluded", @@ -743,9 +752,15 @@ public class BlueprintConfigurationProcessorTest { assertTrue("Expected password property not found", properties.get("ranger-yarn-plugin-properties").containsKey("test.password.should.be.included")); + // verify that the following password properties matching the "*_SECRET" rule have been excluded + assertFalse("Secret property should have been excluded", + properties.get("secret-test-properties").containsKey("knox_master_secret")); + // verify that the property that does not match the "*_SECRET" rule is still included + assertTrue("Expected secret property not found", + properties.get("secret-test-properties").containsKey("test.secret.should.be.included")); // verify the custom properties map has been modified by the filters assertEquals("custom-test-properties type was not properly exported", - 1, properties.get("custom-test-properties").size()); + 2, properties.get("custom-test-properties").size()); // verify that the following password properties matching the "*_PASSWORD" rule have been excluded assertFalse("Password property should have been excluded",