incubator-hawq git commit: HAWQ-1485. fix exception of decryptPassword twice in lookupResource()

[wlin]

Repository: incubator-hawq
Updated Branches:
  refs/heads/master 0580d0902 -> ee200369c


HAWQ-1485. fix exception of decryptPassword twice in lookupResource()


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/ee200369
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/ee200369
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/ee200369

Branch: refs/heads/master
Commit: ee200369c80df50947571fb04b51684ec19f02be
Parents: 0580d09
Author: interma <inte...@outlook.com>
Authored: Wed Jun 14 18:22:50 2017 +0800
Committer: interma <inte...@outlook.com>
Committed: Thu Jun 15 10:34:32 2017 +0800

----------------------------------------------------------------------
 .../apache/hawq/ranger/service/HawqClient.java  | 23 ++++++++++++++------
 .../hawq/ranger/service/RangerServiceHawq.java  |  9 +++++++-
 2 files changed, 24 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/ee200369/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
----------------------------------------------------------------------
diff --git 
a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
 
b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
index bae2d2d..a8ab4c7 100644
--- 
a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
+++ 
b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java
@@ -94,19 +94,25 @@ public class HawqClient extends BaseClient {
 
     /**
      * clone a new Properties for debug logging:
-     *  1. remove password field for preventing plain password leak in log
-     *  2. add a _password_length field for debug
+     *  1. remove all password fields for preventing plain password leak in log
+     *  2. add _password_length fields for debug
      *
      * @param connectionProperties
      * @return a new cloned Map for debug logging
      */
     private Map<String, String> removePassword(Map<String, String> 
connectionProperties) {
         Map<String, String> new_property = new HashMap<String, 
String>(connectionProperties);
-        if (new_property.containsKey("password")) {
-            String password = new_property.get("password");
-            new_property.remove("password");
-            new_property.put("_password_length", 
Integer.toString(password.length()));
+
+        String pass_fields[] = {"password", "password_jdbc"};
+        for (int i = 0; i < pass_fields.length; i++) {
+            String field = pass_fields[i];
+            if (new_property.containsKey(field)) {
+                String password = new_property.get(field);
+                new_property.remove(field);
+                new_property.put("_"+field+"_length", 
Integer.toString(password.length()));
+            }
         }
+
         return new_property;
     }
 
@@ -130,10 +136,13 @@ public class HawqClient extends BaseClient {
             props.setProperty("jaasApplicationName", "pgjdbc");
         }
 
+        String password = connectionProperties.get("password");
+        if (connectionProperties.containsKey("password_jdbc"))
+            password = connectionProperties.get("password_jdbc");
 
         String url = String.format("jdbc:postgresql://%s:%s/%s", 
connectionProperties.get("hostname"), connectionProperties.get("port"), db);
         props.setProperty("user", connectionProperties.get("username"));
-        props.setProperty("password", connectionProperties.get("password"));
+        props.setProperty("password", password);
 
         if (LOG.isDebugEnabled()) {
             LOG.debug("<== HawqClient.checkConnection Connecting to: (" + url 
+ ") with user: " + connectionProperties.get("username"));

http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/ee200369/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
----------------------------------------------------------------------
diff --git 
a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
 
b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
index 967924a..8915bc6 100644
--- 
a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
+++ 
b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java
@@ -102,6 +102,13 @@ public class RangerServiceHawq extends RangerBaseService {
         return result;
     }
 
+    /**
+     * decrypt password field of configs
+     * Note:
+     *  the decrypted password is set in a new password_jdbc field
+     * @param configs
+     * @throws Exception
+     */
     private void decryptPassword(Map<String, String> configs) throws Exception 
{
         if (configs.containsKey("password")) {
             String normal_password = configs.get("password");
@@ -112,7 +119,7 @@ public class RangerServiceHawq extends RangerBaseService {
                 // when decrypt failed do nothing
                 LOG.warn("decrypt_password failed: " + e);
             }
-            configs.put("password", normal_password);
+            configs.put("password_jdbc", normal_password);
         }
     }