> On Sept. 13, 2016, 8:37 a.m., Nate Cole wrote: > > ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py, lines > > 138-140 > > <https://reviews.apache.org/r/51705/diff/3/?file=1497455#file1497455line138> > > > > Again, I'm not sure what you're fixing here. Every execution command > > is going to have the password properties in them anyway, and there will be > > hundreds in /var/lib/ambari-agent/data. > > Anita Jebaraj wrote: > Hi Nate, the idea here is to avoid using plaintext passwords in the files > that are saved in the ambari agent cache. To begin with I am trying to come > up with an approach to mask the passwords in the configurations.json, since > it is used only for debugging purposes and hence no impact is expected. If > the approach is accepted, I would like to continue the work of masking the > passwords in all the files in the agent side by creating new JIRAs.
That's what I'm saying - since the stack scripts run in their OWN process separate from the agent, you can't mask them on serialization. Flow is: - Server sends down commands, with passwords in configuration. - Agent serializes command to disk with passwords - Agent invokes stack script - Stack script reads command file with passwords in it That second step is the important one; we can't mask and persist passwords that haven't yet been read. You're right in that alerts may use only the in-memory representation, but that strategy won't work for other stack scripts. - Nate ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51705/#review148705 ----------------------------------------------------------- On Sept. 12, 2016, 6:48 p.m., Anita Jebaraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/51705/ > ----------------------------------------------------------- > > (Updated Sept. 12, 2016, 6:48 p.m.) > > > Review request for Ambari, Di Li, Jonathan Hurley, and Nate Cole. > > > Bugs: AMBARI-18334 > https://issues.apache.org/jira/browse/AMBARI-18334 > > > Repository: ambari > > > Description > ------- > > The configurations.json file loaded in the ambari-agent cache located at > /var/lib/ambari-agent/cache/cluster_configuration contains password details > in plaintext (Ex: ssl.client.keystore.password,ssl.client.truststore.password > etc.). The values are loaded both in the memory cache and file cache, the > file seems to be used only for debugging purposes, so it would be a better > approach to mask the passwords in the file. > > Approach: > > The password_config_type is included in the heartbeat response for alert > definition command and execution command, for which the values are dumped > into the json file. The password_config_type contains the information on > which properties in the configurations has the propertyType password. Based > on the response, the json is parsed and the password values are masked before > dumping it into the configurations.json file. > > > Diffs > ----- > > ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py 72b87be > ambari-agent/src/test/python/ambari_agent/TestAlerts.py 2bddc43 > ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py > a418f6d > > ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ExecutionCommandWrapper.java > 0562c15 > > ambari-server/src/main/java/org/apache/ambari/server/agent/AlertDefinitionCommand.java > 4d2e048 > > ambari-server/src/main/java/org/apache/ambari/server/agent/ExecutionCommand.java > 29737ee > > ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java > 70c24f9 > > Diff: https://reviews.apache.org/r/51705/diff/ > > > Testing > ------- > > Updated the test cases. > Ran mvn test. > > Manually tested by setting up a cluster, the password fields in the > configurations.json is masked. During testing, everytime the ambari agent is > restarted, it registers with the server and the memory cache and file cache > are updated, the alerts in turn uses the value from the memory cache. > > > Thanks, > > Anita Jebaraj > >
