----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/51705/#review148705 -----------------------------------------------------------
ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py (lines 137 - 139) <https://reviews.apache.org/r/51705/#comment216208> Again, I'm not sure what you're fixing here. Every execution command is going to have the password properties in them anyway, and there will be hundreds in /var/lib/ambari-agent/data. - Nate Cole On Sept. 12, 2016, 6:48 p.m., Anita Jebaraj wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/51705/ > ----------------------------------------------------------- > > (Updated Sept. 12, 2016, 6:48 p.m.) > > > Review request for Ambari, Di Li, Jonathan Hurley, and Nate Cole. > > > Bugs: AMBARI-18334 > https://issues.apache.org/jira/browse/AMBARI-18334 > > > Repository: ambari > > > Description > ------- > > The configurations.json file loaded in the ambari-agent cache located at > /var/lib/ambari-agent/cache/cluster_configuration contains password details > in plaintext (Ex: ssl.client.keystore.password,ssl.client.truststore.password > etc.). The values are loaded both in the memory cache and file cache, the > file seems to be used only for debugging purposes, so it would be a better > approach to mask the passwords in the file. > > Approach: > > The password_config_type is included in the heartbeat response for alert > definition command and execution command, for which the values are dumped > into the json file. The password_config_type contains the information on > which properties in the configurations has the propertyType password. Based > on the response, the json is parsed and the password values are masked before > dumping it into the configurations.json file. > > > Diffs > ----- > > ambari-agent/src/main/python/ambari_agent/ClusterConfiguration.py 72b87be > ambari-agent/src/test/python/ambari_agent/TestAlerts.py 2bddc43 > ambari-agent/src/test/python/ambari_agent/TestClusterConfigurationCache.py > a418f6d > > ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ExecutionCommandWrapper.java > 0562c15 > > ambari-server/src/main/java/org/apache/ambari/server/agent/AlertDefinitionCommand.java > 4d2e048 > > ambari-server/src/main/java/org/apache/ambari/server/agent/ExecutionCommand.java > 29737ee > > ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java > 70c24f9 > > Diff: https://reviews.apache.org/r/51705/diff/ > > > Testing > ------- > > Updated the test cases. > Ran mvn test. > > Manually tested by setting up a cluster, the password fields in the > configurations.json is masked. During testing, everytime the ambari agent is > restarted, it registers with the server and the memory cache and file cache > are updated, the alerts in turn uses the value from the memory cache. > > > Thanks, > > Anita Jebaraj > >
