[ https://issues.apache.org/jira/browse/OOZIE-2803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15882821#comment-15882821 ]
Hadoop QA commented on OOZIE-2803: ---------------------------------- Testing JIRA OOZIE-2803 Cleaning local git workspace ---------------------------- {color:green}+1 PATCH_APPLIES{color} {color:green}+1 CLEAN{color} {color:red}-1 RAW_PATCH_ANALYSIS{color} . {color:green}+1{color} the patch does not introduce any @author tags . {color:green}+1{color} the patch does not introduce any tabs . {color:green}+1{color} the patch does not introduce any trailing spaces . {color:red}-1{color} the patch contains 11 line(s) longer than 132 characters . {color:green}+1{color} the patch does adds/modifies 3 testcase(s) {color:green}+1 RAT{color} . {color:green}+1{color} the patch does not seem to introduce new RAT warnings {color:green}+1 JAVADOC{color} . {color:green}+1{color} the patch does not seem to introduce new Javadoc warnings {color:green}+1 COMPILE{color} . {color:green}+1{color} HEAD compiles . {color:green}+1{color} patch compiles . {color:green}+1{color} the patch does not seem to introduce new javac warnings {color:orange}0{color} There are [1] new bugs found in total that would be nice to have fixed. . {color:green}+1{color} There are no new bugs found in [server]. . {color:green}+1{color} There are no new bugs found in [client]. . {color:green}+1{color} There are no new bugs found in [docs]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive]. . {color:green}+1{color} There are no new bugs found in [sharelib/spark]. . {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog]. . {color:green}+1{color} There are no new bugs found in [sharelib/hive2]. . {color:green}+1{color} There are no new bugs found in [sharelib/streaming]. . {color:green}+1{color} There are no new bugs found in [sharelib/pig]. . {color:green}+1{color} There are no new bugs found in [sharelib/sqoop]. . {color:green}+1{color} There are no new bugs found in [sharelib/distcp]. . {color:orange}0{color} There are [1] new bugs found in [sharelib/oozie] that would be nice to have fixed. . You can find the FindBugs diff here: sharelib/oozie/findbugs-new.html . {color:green}+1{color} There are no new bugs found in [hadooplibs/hadoop-utils-2]. . {color:green}+1{color} There are no new bugs found in [core]. . {color:green}+1{color} There are no new bugs found in [tools]. . {color:green}+1{color} There are no new bugs found in [examples]. {color:green}+1 BACKWARDS_COMPATIBILITY{color} . {color:green}+1{color} the patch does not change any JPA Entity/Colum/Basic/Lob/Transient annotations . {color:green}+1{color} the patch does not modify JPA files {color:green}+1 TESTS{color} . Tests run: 1886 {color:green}+1 DISTRO{color} . {color:green}+1{color} distro tarball builds with the patch ---------------------------- {color:red}*-1 Overall result, please check the reported -1(s)*{color} The full output of the test-patch run is available at . https://builds.apache.org/job/oozie-trunk-precommit-build/3658/ > Mask passwords when printing out configs/args in MapReduceMain and SparkMain > ---------------------------------------------------------------------------- > > Key: OOZIE-2803 > URL: https://issues.apache.org/jira/browse/OOZIE-2803 > Project: Oozie > Issue Type: Bug > Components: action > Reporter: Peter Bacsko > Assignee: Peter Bacsko > Priority: Critical > Attachments: OOZIE-2803-001.patch, OOZIE-2803-002.patch, > OOZIE-2803-003.patch, OOZIE-2803-004.patch, OOZIE-2803-005.patch > > > Sometimes passwords are displayed in both MapReduce and Spark action. > *MapReduce*: when using {{HADOOP_CREDSTORE_PASSWORD}}, it must be passed to > some Hadoop-specific config values, like {{mapred.child.env}}. This is easy > to fix because we already have a method {{logMasking()}} where you can define > a {{maskSet}} which contains a list of property keys to be masked. > Note that this is not necessarily the perfect solution, since you can pass > multiple env. vars separated by a colon, and only the password specific parts > should be masked. But we need a working solution relatively quickly - later > we can enhance this, eg. we can re-use {{PasswordMasker}} in some way (right > now it only works with {{Map<String, String>}}). > *Spark*: for Spark, we have to pass passwords like this: > {{--conf spark.executorEnv.HADOOP_CREDSTORE_PASSWORD=<custom keystore > password>}} > The Spark arguments are printed in {{SparkMain.run()}}. There is already a > code in {{LauncherMapper.printArgs()}} which deals with situations like this, > but it's not perfect because it only works if the args look something like > {{--password pwd123}}. So if a single arg contains a password, it doesn't > work, therefore we need a different approach here. -- This message was sent by Atlassian JIRA (v6.3.15#6346)