> On March 14, 2016, 12:27 p.m., Di Li wrote: > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java, > > line 2668 > > <https://reviews.apache.org/r/44725/diff/2/?file=1296341#file1296341line2668> > > > > So any properties end with ".pass" will be marked, yes? That check > > seems a bit broad to me, at least broader than checking Password or Secret. > > > > Each property (understandably that only when its defintion follows the > > rules) should use "property-type" to indicate if it's a password > > "<property-type>PASSWORD</property-type>". Can we check this instead of > > guessing property name patterns? > > > > We should honor the setting, so that when user needs to mask a > > property, he can either ends the property name with .password or .secret > > (this is really a hardcoded logic than stack driven) or configure the > > property propertly (stack driven, a more preferrable way).
Hello Di, Property_type is not accessible to the DAO part. It shows only at UI. So I have tried to generalise the expression using Property_value rather than property_name. Please give your input for that. Thanks - Amruta ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/44725/#review123409 ----------------------------------------------------------- On March 17, 2016, 6:52 p.m., Amruta Borkar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/44725/ > ----------------------------------------------------------- > > (Updated March 17, 2016, 6:52 p.m.) > > > Review request for Ambari, Di Li and Robert Nettleton. > > > Bugs: AMBARI-15338 > https://issues.apache.org/jira/browse/AMBARI-15338 > > > Repository: ambari > > > Description > ------- > > After exporting blueprint from ranger enabled cluster > ranger.service.https.attrib.keystore.pass is exported. > Which needs to be removed before using the same blueprint to create another > cluster > Error Show when used same blueprint: > { "status" : 400, "message" : "Blueprint configuration validation failed: > Secret references are not allowed in blueprints, replace following properties > with real passwords:\n Config:ranger-admin-site > Property:ranger.service.https.attrib.keystore.pass\n" } > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java > f5e7578 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java > 68d5755 > > Diff: https://reviews.apache.org/r/44725/diff/ > > > Testing > ------- > > Modified test cases to test for if the properties that end with "pass" are > getting filtered. Other properties which have 'pass' else where in the name > will not get filtered. > > > Thanks, > > Amruta Borkar > >
