Robert Nettleton created AMBARI-7630:
----------------------------------------
Summary: Oozie Metastore password not properly exported by
Blueprint processor
Key: AMBARI-7630
URL: https://issues.apache.org/jira/browse/AMBARI-7630
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 1.6.0
Reporter: Robert Nettleton
Assignee: Robert Nettleton
Priority: Critical
Fix For: 1.7.0
If a user sets the following Oozie property when creating a cluster:
oozie_metastore_user_passwd
This password field, including the password text, will be included in an
exported Blueprint, should the user export a Blueprint from the running
cluster. This will occur in any cluster creation scenario (using the UI vs.
using a Blueprint).
Password data should not be included in an exported Blueprint, as this
represents a security concern. A more minor problem is that the password used
in this cluster may not be useful in the next cluster created with the exported
Blueprint.
The Blueprint configuration processor should be modified to remove this
property from an exported Blueprint.
This Oozie configuration property appears to be from older versions of HDP. As
such, the stack metadata information for this property is not available, which
is why the Blueprint processor does not currently remove this password from the
stack.
In the short term (1.7.0), the BlueprintConfigurationProcessor should be
modified to properly handle this property. Going forward, the stack
definitions should be modified such that this property includes the password
metadata.
I'm working on a fix for this, and will be submitting a patch shortly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
