> On April 19, 2016, 8:47 p.m., Robert Nettleton wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java,
> >  line 158
> > <https://reviews.apache.org/r/45507/diff/1/?file=1320100#file1320100line158>
> >
> >     I'm a little concerned about removing this filter.  
> >     
> >     Many times in the past, we've run into situations where a component 
> > that has just been integrated with Ambari will have password properties 
> > that are not marked as such in the Stack metadata.  
> >     
> >     This can end up causing a given password to show up in clear text in an 
> > exported Blueprint.
> >     
> >     It does make sense that this filter would need to be modified for a 
> > change like the one proposed here, but I think it should be updated, rather 
> > than removed, to still catch the cases it was intended for (password 
> > properties that are not annotated as passwords in the stacks).

Please refer AMBARI-15406-v1


- Amruta


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45507/#review129615
-----------------------------------------------------------


On May 12, 2016, 9:40 p.m., Amruta Borkar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45507/
> -----------------------------------------------------------
> 
> (Updated May 12, 2016, 9:40 p.m.)
> 
> 
> Review request for Ambari, Jayush Luniya, Robert Nettleton, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-15395 and AMBARI-15406
>     https://issues.apache.org/jira/browse/AMBARI-15395
>     https://issues.apache.org/jira/browse/AMBARI-15406
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Enhance blueprints to export placeholder/token for password properties. This 
> is to avoid user from having tochange the password once the cluster is formed 
> if a user wishes to do so.
> Secret References acting as tokens to password properties would be replaced 
> by user with appropriate passwords,
> If any Secret references are found during cluster deployment with blueprint, 
> those will be replaced by default_password provided in blueprint template. 
> Need more comments to make this feature more portable.
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  9cc7b13 
>   
> ambari-server/src/main/java/org/apache/ambari/server/topology/BlueprintValidatorImpl.java
>  432c6f8 
>   
> ambari-server/src/main/java/org/apache/ambari/server/topology/RequiredPasswordValidator.java
>  98eaa40 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  14a718d 
>   
> ambari-server/src/test/java/org/apache/ambari/server/topology/BlueprintImplTest.java
>  0b06eb8 
>   
> ambari-server/src/test/java/org/apache/ambari/server/topology/RequiredPasswordValidatorTest.java
>  e8a2ff5 
> 
> Diff: https://reviews.apache.org/r/45507/diff/
> 
> 
> Testing
> -------
> 
> Tested the patch by trying out blueprint export and creating a cluster from 
> the exported blueprint. Result was: the password tokens were replaced by 
> default password and cluster was created successfully.
> 
> 
> File Attachments
> ----------------
> 
> AMBARI-15406.patch
>   
> https://reviews.apache.org/media/uploaded/files/2016/03/30/8daa09ee-82e5-4cd8-98d3-b1c00f1269b7__AMBARI-15406.patch
> AMBARI-15406-v1
>   
> https://reviews.apache.org/media/uploaded/files/2016/05/12/7faf76cc-a42d-4017-b203-8db19448b09d__AMBARI-15406.patch
> 
> 
> Thanks,
> 
> Amruta Borkar
> 
>

Reply via email to