diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java index 11e9da8a081..1c20bfd1f41 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationResourceProvider.java @@ -40,6 +40,7 @@ import org.apache.ambari.server.controller.utilities.PredicateHelper; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.security.authorization.RoleAuthorization; +import org.apache.ambari.server.utils.SecretReference; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; @@ -210,7 +211,7 @@ private Resource toResource(String serviceName, String componentName, String cat setResourceProperty(resource, CONFIGURATION_SERVICE_NAME_PROPERTY_ID, serviceName, requestedIds); setResourceProperty(resource, CONFIGURATION_COMPONENT_NAME_PROPERTY_ID, componentName, requestedIds); setResourceProperty(resource, CONFIGURATION_CATEGORY_PROPERTY_ID, categoryName, requestedIds); - setResourceProperty(resource, CONFIGURATION_PROPERTIES_PROPERTY_ID, properties, requestedIds); + setResourceProperty(resource, CONFIGURATION_PROPERTIES_PROPERTY_ID, SecretReference.maskPasswordInPropertyMap(properties), requestedIds); setResourceProperty(resource, CONFIGURATION_PROPERTY_TYPES_PROPERTY_ID, propertyTypes, requestedIds); return resource; } diff --git a/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java b/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java index dfd925dd02a..7d556c11e45 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/utils/SecretReference.java @@ -94,17 +94,32 @@ public static String generateStub(String configType, Long configVersion, String * @return New string with the passwords masked, or null if the property map is null. */ public static String maskPasswordInPropertyMap(String propertyMap) { - if (null == propertyMap) return null; - Map<String, String> maskedMap = new HashMap<>(); - Map<String, String> map = gson.fromJson(propertyMap, new TypeToken<Map<String, String>>() {}.getType()); - for (Map.Entry<String, String> e : map.entrySet()) { - String value = e.getValue(); - if (e.getKey().toLowerCase().contains(PASSWORD_TEXT) || e.getKey().toLowerCase().contains(PASSWD_TEXT)) { - value = secretPrefix; - } - maskedMap.put(e.getKey(), value); + if (null == propertyMap) { + return null; + } + final Map<String, String> map = gson.fromJson(propertyMap, new TypeToken<Map<String, String>>() {}.getType()); + return gson.toJson(maskPasswordInPropertyMap(map)); + } + + /** + * Helper function to mask a string of properties that may contain a property with a password. + * @param propertyMap Property map to mask by replacing any passwords with the text "SECRET" + * @return a new map with the passwords masked, or null if the <code>propertyMap</code> is null. + */ + public static Map<String, String> maskPasswordInPropertyMap(Map<String, String> propertyMap) { + if (null == propertyMap) { + return null; + } + final Map<String, String> maskedMap = new HashMap<>(); + for (Map.Entry<String, String> property : propertyMap.entrySet()) { + String value = isPassword(property.getKey()) ? secretPrefix : property.getValue(); + maskedMap.put(property.getKey(), value); } - return gson.toJson(maskedMap); + return maskedMap; + } + + private final static boolean isPassword(String propertyName) { + return propertyName.toLowerCase().contains(PASSWORD_TEXT) || propertyName.toLowerCase().contains(PASSWD_TEXT); } /**
With regards, Apache Git Services