This is an automated email from the ASF dual-hosted git repository.
nixon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/master by this push:
new 2a9b1ff ATLAS-3667 : Option to store Ldap/AD bind password in jceks
keystore file
2a9b1ff is described below
commit 2a9b1ff1740ff18aa7dc53d434e5576ee8101d6c
Author: chaitali borole <chaitali.bor...@cloudera.com>
AuthorDate: Fri Mar 20 12:46:57 2020 +0530
ATLAS-3667 : Option to store Ldap/AD bind password in jceks keystore file
Signed-off-by: nixonrodrigues <ni...@apache.org>
---
.../org/apache/atlas/ApplicationProperties.java | 31 +++++++++++++++++++++-
.../atlas/util/CredentialProviderUtility.java | 28 ++++++++++++++++---
2 files changed, 54 insertions(+), 5 deletions(-)
diff --git a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
index d3afd53..e3d8b13 100644
--- a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
+++ b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
@@ -18,6 +18,7 @@
package org.apache.atlas;
import org.apache.atlas.security.InMemoryJAASConfiguration;
+import org.apache.atlas.security.SecurityUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationConverter;
import org.apache.commons.configuration.ConfigurationException;
@@ -56,6 +57,10 @@ public final class ApplicationProperties extends
PropertiesConfiguration {
public static final String STORAGE_BACKEND_HBASE = "hbase";
public static final String STORAGE_BACKEND_HBASE2 = "hbase2";
public static final String INDEX_BACKEND_SOLR = "solr";
+ public static final String LDAP_TYPE =
"atlas.authentication.method.ldap.type";
+ public static final String LDAP_AD_BIND_PASSWORD =
"atlas.authentication.method.ldap.ad.bind.password";
+ public static final String LDAP_BIND_PASSWORD =
"atlas.authentication.method.ldap.bind.password";
+ public static final String MASK_LDAP_PASSWORD = "*****";
public static final String DEFAULT_GRAPHDB_BACKEND =
GRAPHBD_BACKEND_JANUS;
public static final boolean DEFAULT_SOLR_WAIT_SEARCHER = true;
public static final boolean DEFAULT_INDEX_MAP_NAME = false;
@@ -135,6 +140,8 @@ public final class ApplicationProperties extends
PropertiesConfiguration {
appProperties.setDefaults();
+ setLdapPasswordFromKeystore(appProperties);
+
Configuration configuration =
appProperties.interpolatedConfiguration();
logConfiguration(configuration);
@@ -269,6 +276,28 @@ public final class ApplicationProperties extends
PropertiesConfiguration {
return inStr;
}
+ private static void setLdapPasswordFromKeystore(Configuration
configuration) {
+ try {
+ if (configuration.getString(LDAP_TYPE).equalsIgnoreCase("ldap")) {
+ String maskPasssword =
configuration.getString(LDAP_BIND_PASSWORD);
+ if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
+ String password = SecurityUtil.getPassword(configuration,
LDAP_BIND_PASSWORD);
+ configuration.clearProperty(LDAP_BIND_PASSWORD);
+ configuration.addProperty(LDAP_BIND_PASSWORD, password);
+ }
+ } else if
(configuration.getString(LDAP_TYPE).equalsIgnoreCase("ad")) {
+ String maskPasssword =
configuration.getString(LDAP_AD_BIND_PASSWORD);
+ if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
+ String password = SecurityUtil.getPassword(configuration,
LDAP_AD_BIND_PASSWORD);
+ configuration.clearProperty(LDAP_AD_BIND_PASSWORD);
+ configuration.addProperty(LDAP_AD_BIND_PASSWORD, password);
+ }
+ }
+ } catch (Exception e) {
+ LOG.info("Error in getting secure password : {} ", e);
+ }
+ }
+
private void setDefaults() {
AtlasRunMode runMode = AtlasRunMode.valueOf(getString(ATLAS_RUN_MODE,
DEFAULT_ATLAS_RUN_MODE.name()));
@@ -345,4 +374,4 @@ public final class ApplicationProperties extends
PropertiesConfiguration {
setDefault(kv, currentValue);
}
}
-}
+}
\ No newline at end of file
diff --git
a/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
b/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
index 871416b..51b5e6d 100755
--- a/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
+++ b/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
@@ -28,7 +28,6 @@ import
org.apache.hadoop.security.alias.CredentialProviderFactory;
import java.io.Console;
import java.io.IOException;
import java.util.Arrays;
-
import static
org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
import static
org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
import static
org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
@@ -40,7 +39,6 @@ import static
org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_K
*/
public class CredentialProviderUtility {
private static final String[] KEYS = new String[] { KEYSTORE_PASSWORD_KEY,
TRUSTSTORE_PASSWORD_KEY, SERVER_CERT_PASSWORD_KEY };
-
public static abstract class TextDevice {
public abstract void printf(String fmt, Object... params);
@@ -75,11 +73,17 @@ public class CredentialProviderUtility {
try {
CommandLine cmd = new
DefaultParser().parse(createOptions(), args);
boolean generatePasswordOption = cmd.hasOption("g");
+ String key = cmd.getOptionValue("k");
+ char[] cred = null;
+ String providerPath = cmd.getOptionValue("f");
+
+ if (cmd.hasOption("p")) {
+ cred = cmd.getOptionValue("p").toCharArray();
+ }
if (generatePasswordOption) {
String userName = cmd.getOptionValue("u");
String password = cmd.getOptionValue("p");
-
if (userName != null && password != null) {
String encryptedPassword = UserDao.encrypt(password);
boolean silentOption = cmd.hasOption("s");
@@ -95,6 +99,20 @@ public class CredentialProviderUtility {
return;
}
+
+ if (key != null && cred != null && providerPath != null) {
+ if (!StringUtils.isEmpty(String.valueOf(cred))) {
+ Configuration conf = new Configuration(false);
+
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
+ CredentialProvider provider =
CredentialProviderFactory.getProviders(conf).get(0);
+ provider.createCredentialEntry(key, cred);
+ provider.flush();
+ System.out.println("Password is stored in Credential
Provider");
+ } else {
+ System.out.println("Please enter a valid password");
+ }
+ return;
+ }
} catch (Exception e) {
System.out.println("Exception while generatePassword " +
e.getMessage());
return;
@@ -134,6 +152,8 @@ public class CredentialProviderUtility {
private static Options createOptions() {
Options options = new Options();
+ options.addOption("k", "ldapkey", true, "key");
+ options.addOption("f", "ldapPath", true, "path");
options.addOption("g", "generatePassword", false, "Generate Password");
options.addOption("s", "silent", false, "Silent");
options.addOption("u", "username", true, "UserName");
@@ -203,4 +223,4 @@ public class CredentialProviderUtility {
return null;
}
-}
+}
\ No newline at end of file
