This is an automated email from the ASF dual-hosted git repository.
jiafengzheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris-manager.git
The following commit(s) were added to refs/heads/master by this push:
new 3b32660 encrypt doris password (#41)
3b32660 is described below
commit 3b32660f4f53fb06ddcd50f3f8b36db687c61592
Author: LiRui <[email protected]>
AuthorDate: Tue Apr 12 21:15:08 2022 +0800
encrypt doris password (#41)
---
.../component/DorisManagerUserSpaceComponent.java | 8 ++++++--
.../handler/DorisClusterTakeOverRequestHandler.java | 3 ++-
.../java/org/apache/doris/stack/util/CredsUtil.java | 19 ++++++++++++++++---
.../doris/stack/connector/DorisNodesClient.java | 3 ++-
.../doris/stack/connector/PaloFileUploadClient.java | 9 +++++----
.../stack/connector/PaloForwardManagerClient.java | 9 +++++----
.../apache/doris/stack/connector/PaloLoginClient.java | 3 ++-
.../doris/stack/connector/PaloMetaInfoClient.java | 9 +++++----
.../apache/doris/stack/connector/PaloQueryClient.java | 3 ++-
.../doris/stack/connector/PaloStatisticClient.java | 3 ++-
.../apache/doris/stack/entity/ClusterInfoEntity.java | 1 -
11 files changed, 47 insertions(+), 23 deletions(-)
diff --git
a/manager/dm-server/src/main/java/org/apache/doris/stack/component/DorisManagerUserSpaceComponent.java
b/manager/dm-server/src/main/java/org/apache/doris/stack/component/DorisManagerUserSpaceComponent.java
index 8d75065..68f548d 100644
---
a/manager/dm-server/src/main/java/org/apache/doris/stack/component/DorisManagerUserSpaceComponent.java
+++
b/manager/dm-server/src/main/java/org/apache/doris/stack/component/DorisManagerUserSpaceComponent.java
@@ -59,6 +59,7 @@ import
org.apache.doris.stack.model.response.space.NewUserSpaceInfo;
import org.apache.doris.stack.service.BaseService;
import org.apache.doris.stack.service.config.ConfigConstant;
import org.apache.doris.stack.service.construct.MetadataService;
+import org.apache.doris.stack.util.CredsUtil;
import org.apache.doris.stack.util.ListUtil;
import org.apache.doris.stack.util.UuidUtil;
@@ -201,6 +202,8 @@ public class DorisManagerUserSpaceComponent extends
BaseService {
log.info("Verify that the Palo cluster is available");
ClusterInfoEntity entity = new ClusterInfoEntity();
entity.updateByClusterInfo(createReq);
+ // encrypt passwd
+ entity.setPasswd(CredsUtil.aesEncrypt(entity.getPasswd()));
// Just verify whether the Doris HTTP interface can be accessed
try {
paloLoginClient.loginPalo(entity);
@@ -349,6 +352,7 @@ public class DorisManagerUserSpaceComponent extends
BaseService {
validateCluster(clusterAccessInfo);
clusterInfo.updateByClusterInfo(clusterAccessInfo);
+ clusterInfo.setPasswd(CredsUtil.aesEncrypt(clusterInfo.getPasswd()));
clusterInfo.setStatus(ClusterInfoEntity.AppClusterStatus.NORMAL.name());
// Initialize the correspondence between permission group and Doris
virtual user
@@ -429,7 +433,7 @@ public class DorisManagerUserSpaceComponent extends
BaseService {
private void setClusterStatus(ClusterInfoEntity clusterInfo) {
try {
jdbcClient.testConnetion(clusterInfo.getAddress(),
clusterInfo.getQueryPort(),
- ConstantDef.MYSQL_DEFAULT_SCHEMA, clusterInfo.getUser(),
clusterInfo.getPasswd());
+ ConstantDef.MYSQL_DEFAULT_SCHEMA, clusterInfo.getUser(),
CredsUtil.tryAesDecrypt(clusterInfo.getPasswd()));
clusterInfo.setStatus(ClusterInfoEntity.AppClusterStatus.NORMAL.name());
} catch (Exception e) {
clusterInfo.setStatus(ClusterInfoEntity.AppClusterStatus.ABNORMAL.name());
@@ -584,7 +588,7 @@ public class DorisManagerUserSpaceComponent extends
BaseService {
String password = queryClient.createUser(ConstantDef.DORIS_DEFAULT_NS,
ConstantDef.MYSQL_DEFAULT_SCHEMA,
clusterInfo, userName);
allUserGroup.setPaloUserName(userName);
- allUserGroup.setPassword(password);
+ allUserGroup.setPassword(CredsUtil.aesEncrypt(password));
groupRoleRepository.save(allUserGroup);
log.debug("save palo user for group");
diff --git
a/manager/dm-server/src/main/java/org/apache/doris/stack/control/request/handler/DorisClusterTakeOverRequestHandler.java
b/manager/dm-server/src/main/java/org/apache/doris/stack/control/request/handler/DorisClusterTakeOverRequestHandler.java
index e5434eb..f5efc25 100644
---
a/manager/dm-server/src/main/java/org/apache/doris/stack/control/request/handler/DorisClusterTakeOverRequestHandler.java
+++
b/manager/dm-server/src/main/java/org/apache/doris/stack/control/request/handler/DorisClusterTakeOverRequestHandler.java
@@ -33,6 +33,7 @@ import org.apache.doris.stack.entity.ClusterInfoEntity;
import org.apache.doris.stack.entity.CoreUserEntity;
import org.apache.doris.stack.entity.ResourceNodeEntity;
import
org.apache.doris.stack.model.request.control.DorisClusterModuleResourceConfig;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -129,7 +130,7 @@ public class DorisClusterTakeOverRequestHandler extends
DorisClusterRequestHandl
List<String> nodeIps = new ArrayList<>();
Statement stmt = jdbcClient.getStatement(clusterInfo.getAddress(),
clusterInfo.getQueryPort(),
- clusterInfo.getUser(), clusterInfo.getPasswd());
+ clusterInfo.getUser(),
CredsUtil.aesDecrypt(clusterInfo.getPasswd()));
Set<String> feNodeIps = jdbcClient.getFeOrBeIps(stmt, "'/frontends';");
log.debug("The node list IP of Doris cluster Fe is {}", feNodeIps);
diff --git
a/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java
b/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java
index 06ae771..d5b52bc 100644
--- a/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java
+++ b/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java
@@ -34,9 +34,9 @@ import javax.crypto.spec.SecretKeySpec;
public class CredsUtil {
/**
- * Encrypt Key
- * AES must be 128 bits
- */
+ * Encrypt Key
+ * AES must be 128 bits
+ */
private static final String ENCRYPT_KEY = "12dfA67887iyW321";
private static final String ALGORITHM_STR = "AES/ECB/PKCS5Padding";
@@ -196,4 +196,17 @@ public class CredsUtil {
return decryptPassword;
}
+ /**
+ * AES decrypt
+ *
+ * @param encryptStr
+ * @return decrypt string if the encryptStr is de
+ */
+ public static String tryAesDecrypt(String encryptStr) throws Exception {
+ try {
+ return aesDecrypt(encryptStr);
+ } catch (Exception e) {
+ return encryptStr;
+ }
+ }
}
diff --git
a/manager/manager/src/main/java/org/apache/doris/stack/connector/DorisNodesClient.java
b/manager/manager/src/main/java/org/apache/doris/stack/connector/DorisNodesClient.java
index b6ecc5c..1c36f4e 100644
---
a/manager/manager/src/main/java/org/apache/doris/stack/connector/DorisNodesClient.java
+++
b/manager/manager/src/main/java/org/apache/doris/stack/connector/DorisNodesClient.java
@@ -27,6 +27,7 @@ import org.apache.doris.stack.model.palo.PaloResponseEntity;
import com.alibaba.fastjson.JSON;
import com.google.common.collect.Maps;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -54,7 +55,7 @@ public class DorisNodesClient extends PaloClient {
log.debug("Send get doris node list request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
diff --git
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloFileUploadClient.java
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloFileUploadClient.java
index 55ac8d1..57c3b20 100644
---
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloFileUploadClient.java
+++
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloFileUploadClient.java
@@ -30,6 +30,7 @@ import org.apache.doris.stack.exception.HdfsUrlException;
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.multipart.MultipartFile;
@@ -68,7 +69,7 @@ public class PaloFileUploadClient extends PaloClient {
headers.put("Content-Type", contentType);
String[] array = contentType.split(";");
String[] boundary = array[1].split("=");
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.uploadFile(url, file,
headers, otherParams, boundary[1]);
@@ -102,7 +103,7 @@ public class PaloFileUploadClient extends PaloClient {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setPostHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
headers.put("label", importReq.getName());
StringBuffer columnNameBuffer = new StringBuffer();
@@ -145,7 +146,7 @@ public class PaloFileUploadClient extends PaloClient {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doDelete(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
log.error("delete file error:" + response.getData());
@@ -164,7 +165,7 @@ public class PaloFileUploadClient extends PaloClient {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setPostHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doPost(url, headers, req);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
diff --git
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloForwardManagerClient.java
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloForwardManagerClient.java
index b58b4ef..d547770 100644
---
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloForwardManagerClient.java
+++
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloForwardManagerClient.java
@@ -28,6 +28,7 @@ import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONException;
import com.google.common.collect.Maps;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -50,7 +51,7 @@ public class PaloForwardManagerClient extends PaloClient {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response;
try {
response = poolManager.doGet(url, headers);
@@ -69,7 +70,7 @@ public class PaloForwardManagerClient extends PaloClient {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
headers.put("Content-Type", "application/json");
PaloResponseEntity response;
try {
@@ -83,11 +84,11 @@ public class PaloForwardManagerClient extends PaloClient {
return ResponseEntityBuilder.ok(JSON.parse(response.getData()));
}
- public boolean doesFeMonitorExist(ClusterInfoEntity entity) {
+ public boolean doesFeMonitorExist(ClusterInfoEntity entity) throws
Exception {
String url = "http://"; + entity.getAddress() + ":" +
entity.getHttpPort() + FE_MONITOR_CHECK_API;
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response;
try {
response = poolManager.doGet(url, headers);
diff --git
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloLoginClient.java
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloLoginClient.java
index f680254..b4aa3f4 100644
---
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloLoginClient.java
+++
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloLoginClient.java
@@ -22,6 +22,7 @@ import org.apache.doris.stack.entity.ClusterInfoEntity;
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -44,7 +45,7 @@ public class PaloLoginClient extends PaloClient {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setPostHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doPost(url, headers, null);
if (response.getCode() != LOGIN_SUCCESS_CODE) {
diff --git
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloMetaInfoClient.java
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloMetaInfoClient.java
index 3f79858..ff07751 100644
---
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloMetaInfoClient.java
+++
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloMetaInfoClient.java
@@ -24,6 +24,7 @@ import org.apache.doris.stack.entity.ClusterInfoEntity;
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -55,7 +56,7 @@ public class PaloMetaInfoClient extends PaloClient {
log.debug("Send get database list request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
throw new PaloRequestException("Get Database list by ns error.");
@@ -92,7 +93,7 @@ public class PaloMetaInfoClient extends PaloClient {
log.debug("Send get table list request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
@@ -102,7 +103,7 @@ public class PaloMetaInfoClient extends PaloClient {
}
public TableSchemaInfo.TableSchema getTableBaseSchema(String ns, String
db, String table,
- ClusterInfoEntity entity) throws
Exception {
+ ClusterInfoEntity
entity) throws Exception {
TableSchemaInfo result = getTableSchema(ns, db, table, entity);
TableSchemaInfo.TableSchema tableSchema =
result.getSchemaInfo().getSchemaMap().get(table);
return tableSchema;
@@ -131,7 +132,7 @@ public class PaloMetaInfoClient extends PaloClient {
log.debug("Send get table schema request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
diff --git
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloQueryClient.java
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloQueryClient.java
index 9e4a89e..a7c12f1 100644
---
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloQueryClient.java
+++
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloQueryClient.java
@@ -24,6 +24,7 @@ import
org.apache.doris.stack.model.response.construct.NativeQueryResp;
import org.apache.doris.stack.entity.ClusterInfoEntity;
import lombok.extern.slf4j.Slf4j;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -119,7 +120,7 @@ public class PaloQueryClient extends PaloClient {
public NativeQueryResp executeSQL(String sql, String ns, String db,
ClusterInfoEntity entity) throws Exception {
Statement stmt = jdbcClient.getStatement(entity.getAddress(),
entity.getQueryPort(),
- entity.getUser(), entity.getPasswd(), db);
+ entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()),
db);
try {
NativeQueryResp res = executeSql(stmt, sql);
return res;
diff --git
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloStatisticClient.java
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloStatisticClient.java
index 0041584..b23b717 100644
---
a/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloStatisticClient.java
+++
b/manager/manager/src/main/java/org/apache/doris/stack/connector/PaloStatisticClient.java
@@ -24,6 +24,7 @@ import org.apache.doris.stack.entity.ClusterInfoEntity;
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
+import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -49,7 +50,7 @@ public class PaloStatisticClient extends PaloClient {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
- setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
+ setAuthHeaders(headers, entity.getUser(),
CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
diff --git
a/manager/resource-common/src/main/java/org/apache/doris/stack/entity/ClusterInfoEntity.java
b/manager/resource-common/src/main/java/org/apache/doris/stack/entity/ClusterInfoEntity.java
index b904175..42484e2 100644
---
a/manager/resource-common/src/main/java/org/apache/doris/stack/entity/ClusterInfoEntity.java
+++
b/manager/resource-common/src/main/java/org/apache/doris/stack/entity/ClusterInfoEntity.java
@@ -75,7 +75,6 @@ public class ClusterInfoEntity {
/**
* Doris user password
- * TODO:The subsequent storage shall be encrypted to prevent the leakage
of password information
*/
@Column(length = 100)
private String passwd;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
