[
https://issues.apache.org/jira/browse/KNOX-2147?focusedWorklogId=360811&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-360811
]
ASF GitHub Bot logged work on KNOX-2147:
----------------------------------------
Author: ASF GitHub Bot
Created on: 17/Dec/19 10:01
Start Date: 17/Dec/19 10:01
Worklog Time Spent: 10m
Work Description: smolnar82 commented on pull request #217: KNOX-2147 -
Mask username/password in case we display call history and keep them safely (by
setting proper file permissions) in JSON file
URL: https://github.com/apache/knox/pull/217#discussion_r358699268
##########
File path:
gateway-shell/src/main/java/org/apache/knox/gateway/shell/table/KnoxShellTableJSONSerializer.java
##########
@@ -51,15 +63,60 @@
* if this is <code>true</code> the underlying JSON serializer will
* output the table's content; otherwise the table's
* <code>callHistory</code> will be serilized
+ * @param filePath
+ * if set, the JSON result will be written into the given file
+ * (creating if not exists; overwritten if exists)
* @return the serialized table in JSON format
*/
- static String serializeKnoxShellTable(KnoxShellTable table, boolean data) {
- SimpleFilterProvider filterProvider = new SimpleFilterProvider();
- if (data) {
- filterProvider.addFilter("knoxShellTableFilter",
SimpleBeanPropertyFilter.filterOutAllExcept("headers", "rows", "title", "id"));
+ static String serializeKnoxShellTable(KnoxShellTable table, boolean data,
String filePath) {
+ if (StringUtils.isNotBlank(filePath)) {
+ return saveTableInFile(table, data, filePath);
} else {
- filterProvider.addFilter("knoxShellTableFilter",
SimpleBeanPropertyFilter.filterOutAllExcept("callHistoryList"));
+ final SimpleFilterProvider filterProvider = new SimpleFilterProvider();
+ if (data) {
+ filterProvider.addFilter("knoxShellTableFilter",
SimpleBeanPropertyFilter.filterOutAllExcept("headers", "rows", "title", "id"));
+ } else {
+ filterProvider.addFilter("knoxShellTableFilter",
SimpleBeanPropertyFilter.filterOutAllExcept("callHistoryList"));
+ }
+ return JsonUtils.renderAsJsonString(table, filterProvider,
JSON_DATE_FORMAT.get());
+ }
+ }
+
+ private static String saveTableInFile(KnoxShellTable table, boolean data,
String filePath) {
+ try {
+ final String jsonResult;
+ if (data) {
+ final SimpleFilterProvider filterProvider = new SimpleFilterProvider();
+ filterProvider.addFilter("knoxShellTableFilter",
SimpleBeanPropertyFilter.filterOutAllExcept("headers", "rows", "title", "id"));
+ jsonResult = JsonUtils.renderAsJsonString(table, filterProvider,
JSON_DATE_FORMAT.get());
+ } else {
+ jsonResult =
JsonUtils.renderAsJsonString(KnoxShellTableCallHistory.getInstance().getCallHistory(table.id),
null, JSON_DATE_FORMAT.get());
+ }
+ final Path jsonFilePath = Paths.get(filePath);
+ if (!Files.exists(jsonFilePath.getParent())) {
+ Files.createDirectories(jsonFilePath.getParent());
+ }
+ Files.deleteIfExists(jsonFilePath);
+ Files.createFile(jsonFilePath);
+ setPermissions(jsonFilePath);
+ FileUtils.writeStringToFile(jsonFilePath.toFile(), jsonResult,
StandardCharsets.UTF_8);
+ return "Successfully saved into " + filePath;
+ } catch (IOException e) {
+ throw new KnoxShellException("Error while saving KnoxShellTable JSON
into " + filePath, e);
+ }
+ }
+
+ private static void setPermissions(Path path) throws IOException {
+ if (path.getFileSystem().supportedFileAttributeViews().contains("posix")) {
+ Files.setPosixFilePermissions(path, ONLY_OWNER_FILE_PERMISSIONS);
+ } else { // on Windows - or any other operating system which does not
support posix - setReadable/setWriteable should be used
Review comment:
Fixed the permission part.
`FileUtils.write*` takes a `File` object as its first parameter. We can use
`Files.write(Path, byte[], OpenOption...)` to operate with `Path`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 360811)
Time Spent: 1h 20m (was: 1h 10m)
> Keep username and password out of KnoxShellTableCallHistory
> ------------------------------------------------------------
>
> Key: KNOX-2147
> URL: https://issues.apache.org/jira/browse/KNOX-2147
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxShell
> Reporter: Larry McCay
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.4.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> In working on KNOX-2132, I couldn't actually get the call history to work and
> was therefore unable to make sure that the username and password params don't
> end up in the persisted history or at least not rendered in the listing.
> Either call history no longer works or I just don't know how to enable it.
> Tests don't seem to cover the actual AOP based capture but record hardcoded
> calls rather than actual table interactions. I also notice that the
> aspectjrt.jar isn't being placed in the lib dir for knoxshell which seems
> broken.
> So, first thing to do is ensure that call history is actually working and fix
> it if not. Then determine what to do about the username and password and
> persistence of call histories as the means for reconstituting a dataset. Do
> we build in a required login which would mean that the dataset rehydration
> would require a user interaction for login? Do we encrypt the credentials -
> if so, using what as a key and how to manage it? Do we just rely on file
> permissions?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
