> On Nov. 2, 2015, 5:56 p.m., Robert Nettleton wrote: > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintResourceProvider.java, > > line 24 > > <https://reviews.apache.org/r/39687/diff/3/?file=1114082#file1114082line24> > > > > Can we get some more information on why this change is only applied to > > the Blueprint resource provider, and not to the cluster's resource provider? > > > > It's important to note that the Cluster resource currently returns all > > passwords in cleartext anyway, so any attempt to mask at the Blueprint > > level would also need to be accompanied by some changes to at least the > > ClusterResourceProvider, in order to make sure that passwords in this > > resource are masked as well. > > Eugene Chekanskiy wrote: > Secret reference is a string like > SECRET:configType:configVersion:propertyName. > Cluster-level replacing was implemented in previous patch, thats why in > this patch applied only to blueprint(eg blueprint changes is just a part of > patch, where main task was to allow using references in custom actions). > On every call to API all password properties replaced with references. In > blueprints used referecnes with config version -1(because we dont have nay > configs yet). > When user send new configuration with secrete reference server > automatically extracts its value and writes it to database. > Communitation between server and agent unchanged, server send property > values from database without any references.
Thanks for clarifying. I'll drop this issue now. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/39687/#review104742 ----------------------------------------------------------- On Nov. 2, 2015, 5:24 p.m., Vitalyi Brodetskyi wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/39687/ > ----------------------------------------------------------- > > (Updated Nov. 2, 2015, 5:24 p.m.) > > > Review request for Ambari, Dmitro Lisnichenko, Dmytro Sen, Robert Nettleton, > and Sid Wagle. > > > Bugs: AMBARI-13582 > https://issues.apache.org/jira/browse/AMBARI-13582 > > > Repository: ambari > > > Description > ------- > > Added ability to use secret references in custom actions; /api/v1/blueprints > and /api/v1/clusters/cl?format=blueprint returns masked passwords. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariActionExecutionHelper.java > d834731 > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java > 5f432ef > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java > 625ebc6 > > ambari-server/src/main/java/org/apache/ambari/server/controller/ConfigurationResponse.java > 3ed9306 > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintResourceProvider.java > fa355fa > ambari-server/src/main/java/org/apache/ambari/server/stack/StackModule.java > def33f0 > ambari-server/src/main/java/org/apache/ambari/server/state/StackInfo.java > e3ac3e0 > > ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java > 279b31f > > ambari-server/src/main/java/org/apache/ambari/server/topology/BlueprintValidatorImpl.java > 9e8f163 > > ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java > 2b1aeae > > ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java > c6170e4 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintResourceProviderTest.java > 369bf02 > > ambari-server/src/test/java/org/apache/ambari/server/topology/BlueprintImplTest.java > 2199247 > > ambari-server/src/test/resources/stacks/HDP/2.0.6/services/YARN/configuration/yarn-site.xml > 1c02e86 > > Diff: https://reviews.apache.org/r/39687/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Vitalyi Brodetskyi > >
