> On Nov. 2, 2015, 5:56 p.m., Robert Nettleton wrote: > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintResourceProvider.java, > > line 24 > > <https://reviews.apache.org/r/39687/diff/3/?file=1114082#file1114082line24> > > > > Can we get some more information on why this change is only applied to > > the Blueprint resource provider, and not to the cluster's resource provider? > > > > It's important to note that the Cluster resource currently returns all > > passwords in cleartext anyway, so any attempt to mask at the Blueprint > > level would also need to be accompanied by some changes to at least the > > ClusterResourceProvider, in order to make sure that passwords in this > > resource are masked as well.
Secret reference is a string like SECRET:configType:configVersion:propertyName. Cluster-level replacing was implemented in previous patch, thats why in this patch applied only to blueprint(eg blueprint changes is just a part of patch, where main task was to allow using references in custom actions). On every call to API all password properties replaced with references. In blueprints used referecnes with config version -1(because we dont have nay configs yet). When user send new configuration with secrete reference server automatically extracts its value and writes it to database. Communitation between server and agent unchanged, server send property values from database without any references. - Eugene ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/39687/#review104742 ----------------------------------------------------------- On Nov. 2, 2015, 5:24 p.m., Vitalyi Brodetskyi wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/39687/ > ----------------------------------------------------------- > > (Updated Nov. 2, 2015, 5:24 p.m.) > > > Review request for Ambari, Dmitro Lisnichenko, Dmytro Sen, Robert Nettleton, > and Sid Wagle. > > > Bugs: AMBARI-13582 > https://issues.apache.org/jira/browse/AMBARI-13582 > > > Repository: ambari > > > Description > ------- > > Added ability to use secret references in custom actions; /api/v1/blueprints > and /api/v1/clusters/cl?format=blueprint returns masked passwords. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariActionExecutionHelper.java > d834731 > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java > 5f432ef > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java > 625ebc6 > > ambari-server/src/main/java/org/apache/ambari/server/controller/ConfigurationResponse.java > 3ed9306 > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintResourceProvider.java > fa355fa > ambari-server/src/main/java/org/apache/ambari/server/stack/StackModule.java > def33f0 > ambari-server/src/main/java/org/apache/ambari/server/state/StackInfo.java > e3ac3e0 > > ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java > 279b31f > > ambari-server/src/main/java/org/apache/ambari/server/topology/BlueprintValidatorImpl.java > 9e8f163 > > ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java > 2b1aeae > > ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java > c6170e4 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintResourceProviderTest.java > 369bf02 > > ambari-server/src/test/java/org/apache/ambari/server/topology/BlueprintImplTest.java > 2199247 > > ambari-server/src/test/resources/stacks/HDP/2.0.6/services/YARN/configuration/yarn-site.xml > 1c02e86 > > Diff: https://reviews.apache.org/r/39687/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Vitalyi Brodetskyi > >
