Repository: oozie Updated Branches: refs/heads/master 4d43fe8c4 -> 6a731f992
OOZIE-2272 Use Hadoop's CredentialProvider for passwords in oozie-site (rkanter) Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/6a731f99 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/6a731f99 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/6a731f99 Branch: refs/heads/master Commit: 6a731f9926158da38d1e3b518671ada95a544fe8 Parents: 4d43fe8 Author: Robert Kanter <[email protected]> Authored: Thu Jul 9 17:25:25 2015 -0700 Committer: Robert Kanter <[email protected]> Committed: Thu Jul 9 17:25:25 2015 -0700 ---------------------------------------------------------------------- .../oozie/action/email/EmailActionExecutor.java | 2 +- .../oozie/service/ConfigurationService.java | 33 ++++++++++++++++++++ .../org/apache/oozie/service/JPAService.java | 2 +- .../sla/listener/SLAEmailEventListener.java | 2 +- release-log.txt | 1 + .../java/org/apache/oozie/tools/OozieDBCLI.java | 3 +- 6 files changed, 39 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java b/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java index 1d260b4..dc58236 100644 --- a/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java +++ b/core/src/main/java/org/apache/oozie/action/email/EmailActionExecutor.java @@ -168,7 +168,7 @@ public class EmailActionExecutor extends ActionExecutor { String smtpPort = getOozieConf().get(EMAIL_SMTP_PORT, "25"); Boolean smtpAuth = getOozieConf().getBoolean(EMAIL_SMTP_AUTH, false); String smtpUser = getOozieConf().get(EMAIL_SMTP_USER, ""); - String smtpPassword = getOozieConf().get(EMAIL_SMTP_PASS, ""); + String smtpPassword = ConfigurationService.getPassword(EMAIL_SMTP_PASS); String fromAddr = getOozieConf().get(EMAIL_SMTP_FROM, "oozie@localhost"); Properties properties = new Properties(); http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/service/ConfigurationService.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/service/ConfigurationService.java b/core/src/main/java/org/apache/oozie/service/ConfigurationService.java index 93a7326..4fba996 100644 --- a/core/src/main/java/org/apache/oozie/service/ConfigurationService.java +++ b/core/src/main/java/org/apache/oozie/service/ConfigurationService.java @@ -31,6 +31,8 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.StringWriter; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -95,6 +97,8 @@ public class ConfigurationService implements Service, Instrumentable { private static final Set<String> MASK_PROPS = new HashSet<String>(); private static Map<String,String> defaultConfigs = new HashMap<String,String>(); + private static Method getPasswordMethod; + static { //all this properties are seeded as system properties, no need to log changes @@ -114,6 +118,14 @@ public class ConfigurationService implements Service, Instrumentable { // These properties should be masked when displayed because they contain sensitive info (e.g. password) MASK_PROPS.add(JPAService.CONF_PASSWORD); MASK_PROPS.add("oozie.authentication.signature.secret"); + + try { + // Only supported in Hadoop 2.6.0+ + getPasswordMethod = Configuration.class.getMethod("getPassword", String.class); + } catch (NoSuchMethodException e) { + // Not supported + getPasswordMethod = null; + } } public static final String DEFAULT_CONFIG_FILE = "oozie-default.xml"; @@ -537,4 +549,25 @@ public class ConfigurationService implements Service, Instrumentable { return conf.getClass(name, Object.class); } + public static String getPassword(Configuration conf, String name) { + if (getPasswordMethod != null) { + try { + char[] pass = (char[]) getPasswordMethod.invoke(conf, name); + return new String(pass); + } catch (IllegalAccessException e) { + log.error(e); + throw new IllegalArgumentException("Could not load password for [" + name + "]", e); + } catch (InvocationTargetException e) { + log.error(e); + throw new IllegalArgumentException("Could not load password for [" + name + "]", e); + } + } else { + return conf.get(name); + } + } + + public static String getPassword(String name) { + Configuration conf = Services.get().getConf(); + return getPassword(conf, name); + } } http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/service/JPAService.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/service/JPAService.java b/core/src/main/java/org/apache/oozie/service/JPAService.java index 906cb0f..5d9da1a 100644 --- a/core/src/main/java/org/apache/oozie/service/JPAService.java +++ b/core/src/main/java/org/apache/oozie/service/JPAService.java @@ -141,7 +141,7 @@ public class JPAService implements Service, Instrumentable { String url = ConfigurationService.get(conf, CONF_URL); String driver = ConfigurationService.get(conf, CONF_DRIVER); String user = ConfigurationService.get(conf, CONF_USERNAME); - String password = ConfigurationService.get(conf, CONF_PASSWORD).trim(); + String password = ConfigurationService.getPassword(conf, CONF_PASSWORD).trim(); String maxConn = ConfigurationService.get(conf, CONF_MAX_ACTIVE_CONN).trim(); String dataSource = ConfigurationService.get(conf, CONF_CONN_DATA_SOURCE); String connPropsConfig = ConfigurationService.get(conf, CONF_CONN_PROPERTIES); http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java b/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java index 535859f..6076056 100644 --- a/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java +++ b/core/src/main/java/org/apache/oozie/sla/listener/SLAEmailEventListener.java @@ -107,7 +107,7 @@ public class SLAEmailEventListener extends SLAEventListener { String smtpPort = conf.get(EmailActionExecutor.EMAIL_SMTP_PORT, SMTP_PORT_DEFAULT); Boolean smtpAuth = conf.getBoolean(EmailActionExecutor.EMAIL_SMTP_AUTH, SMTP_AUTH_DEFAULT); String smtpUser = conf.get(EmailActionExecutor.EMAIL_SMTP_USER, ""); - String smtpPassword = conf.get(EmailActionExecutor.EMAIL_SMTP_PASS, ""); + String smtpPassword = ConfigurationService.getPassword(EmailActionExecutor.EMAIL_SMTP_PASS); String smtpConnectTimeout = conf.get(SMTP_CONNECTION_TIMEOUT, SMTP_CONNECTION_TIMEOUT_DEFAULT); String smtpTimeout = conf.get(SMTP_TIMEOUT, SMTP_TIMEOUT_DEFAULT); http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 3a990bb..b19a913 100644 --- a/release-log.txt +++ b/release-log.txt @@ -1,5 +1,6 @@ -- Oozie 4.3.0 release (trunk - unreleased) +OOZIE-2272 Use Hadoop's CredentialProvider for passwords in oozie-site (rkanter) OOZIE-2287 Add support for deleting hcat partitions in fs action delete (kailongs via rohini) OOZIE-2285 Change in concurrency should trigger coord action ready command (kailongs via rohini) OOZIE-2284 HBaseCredentials should only add hbase-default.xml and hbase-site.xml to actionConf (rohini) http://git-wip-us.apache.org/repos/asf/oozie/blob/6a731f99/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java ---------------------------------------------------------------------- diff --git a/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java b/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java index a639f4a..080fc24 100644 --- a/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java +++ b/tools/src/main/java/org/apache/oozie/tools/OozieDBCLI.java @@ -26,6 +26,7 @@ import org.apache.commons.io.IOUtils; import org.apache.hadoop.conf.Configuration; import org.apache.oozie.BuildInfo; import org.apache.oozie.cli.CLIParser; +import org.apache.oozie.service.ConfigurationService; import org.apache.oozie.service.JPAService; import org.apache.oozie.service.Services; @@ -168,7 +169,7 @@ public class OozieDBCLI { String url = conf.get(JPAService.CONF_URL); jdbcConf.put("url", url); jdbcConf.put("user", conf.get(JPAService.CONF_USERNAME)); - jdbcConf.put("password", conf.get(JPAService.CONF_PASSWORD)); + jdbcConf.put("password", ConfigurationService.getPassword(conf, JPAService.CONF_PASSWORD)); String dbType = url.substring("jdbc:".length()); if (dbType.indexOf(":") <= 0) { throw new RuntimeException("Invalid JDBC URL, missing vendor 'jdbc:[VENDOR]:...'");
