Review Request 65242: service passwords and its encrypt configuration improvement

Fri, 19 Jan 2018 08:19:41 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/65242/
-----------------------------------------------------------

Review request for ranger.


Bugs: RANGER-1643
    https://issues.apache.org/jira/browse/RANGER-1643


Repository: ranger


Description
-------

A user provided password and its crpytographic parameters (e.g.: encryption 
algorithm, iterationcount, salt, encryptionkey, iv)
should not encode into a single string with coma separation, but should rather 
each have their own service configuration key to store their value. my patch 
removed each scattered place, where this coma separated decoding of algo params 
happened, and added each their own key/value at the service#getConfigs


Diffs
-----

  agents-common/src/main/java/org/apache/ranger/plugin/client/BaseClient.java 
cb170c2c1 
  agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
6ba42d475 
  agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json 
4a550c640 
  agents-common/src/main/resources/service-defs/ranger-servicedef-hbase.json 
71fae66d4 
  agents-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json 
2e5d07c2f 
  agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json 
b0f877a01 
  agents-common/src/main/resources/service-defs/ranger-servicedef-kafka.json 
839d7806d 
  agents-common/src/main/resources/service-defs/ranger-servicedef-kms.json 
f96cb9cd1 
  agents-common/src/main/resources/service-defs/ranger-servicedef-knox.json 
495a69913 
  agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json 
2f12721e1 
  agents-common/src/main/resources/service-defs/ranger-servicedef-storm.json 
03c1574ff 
  agents-common/src/main/resources/service-defs/ranger-servicedef-yarn.json 
a32c08d93 
  
agents-common/src/test/java/org/apache/ranger/plugin/util/PasswordUtilsTest.java
 4e135aaa7 
  
hive-agent/src/main/java/org/apache/ranger/services/hive/client/HiveClient.java 
265c01575 
  
knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java 
0c83ef9bb 
  
knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxConnectionMgr.java
 55bc2381d 
  
knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxResourceMgr.java
 e887b1157 
  
plugin-atlas/src/main/java/org/apache/ranger/services/atlas/client/AtlasClient.java
 ea05ad0fe 
  plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSClient.java 
af0ac71f0 
  
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSConnectionMgr.java
 b81d7b857 
  
plugin-kms/src/main/java/org/apache/ranger/services/kms/client/KMSResourceMgr.java
 fe54723df 
  
plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java
 5875a298b 
  security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb609e 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
9d8f5d2a9 
  
security-admin/src/main/java/org/apache/ranger/patch/PatchPasswordParameterStoring_J100013.java
 PRE-CREATION 
  
security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
 df3fdb57c 
  security-admin/src/main/java/org/apache/ranger/service/XAssetService.java 
132879a63 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
9dfc03df1 
  security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java 
f7eb0d430 
  
storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormClient.java
 363a6561c 
  
storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormConnectionMgr.java
 ab1b409a4 
  
storm-agent/src/main/java/org/apache/ranger/services/storm/client/StormResourceMgr.java
 0dd550793 


Diff: https://reviews.apache.org/r/65242/diff/1/


Testing
-------

by hand:
1. on ranger admin ui: i edited hive service and added the config keys and 
values that was comaseparated into the password previously.
2. removed the same configs and comas from the password (in ranger database)
3. hit test connection on the ranger admin ui, edit hive service
4. connection was successful


What i chould not test:
the patch class i included 
org.apache.ranger.patch.PatchPasswordParameterStoring_J100013.java

I did not find any documentation on how this patch classes are set up to run, 
please point me towards how i can test the automatic updating of the password 
fields in the database!


Thanks,

Endre Zoltan Kovacs

Reply via email to