zeppelin git commit: [ZEPPELIN-3350] Don't allow set cronExecutionUser
Repository: zeppelin
Updated Branches:
refs/heads/master 36a5a9173 -> 08c9ad9a6
[ZEPPELIN-3350] Don't allow set cronExecutionUser
### What is this PR for?
This PR just does a quick fix this security issue.
1. Remove the setting cron user in frontend
2. Run the note via owner.
### What type of PR is it?
[Bug Fix ]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-3350
### How should this be tested?
* Manually tested
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang
Closes #2914 from zjffdu/ZEPPELIN-3350 and squashes the following commits:
63325d0 [Jeff Zhang] [ZEPPELIN-3350] Don't allow set cronExecutionUser
Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/08c9ad9a
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/08c9ad9a
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/08c9ad9a
Branch: refs/heads/master
Commit: 08c9ad9a6692405884ae2b2f730868030247762f
Parents: 36a5a91
Author: Jeff Zhang
Authored: Wed Apr 4 18:13:06 2018 +0800
Committer: Jeff Zhang
Committed: Tue Apr 10 15:51:53 2018 +0800
--
docs/usage/other_features/cron_scheduler.md | 2 +-
zeppelin-web/src/app/notebook/notebook-actionBar.html | 7 ---
.../main/java/org/apache/zeppelin/notebook/Note.java | 14 +-
3 files changed, 6 insertions(+), 17 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/docs/usage/other_features/cron_scheduler.md
--
diff --git a/docs/usage/other_features/cron_scheduler.md
b/docs/usage/other_features/cron_scheduler.md
index c7fc284..7223045 100644
--- a/docs/usage/other_features/cron_scheduler.md
+++ b/docs/usage/other_features/cron_scheduler.md
@@ -41,7 +41,7 @@ You can set a cron schedule easily by clicking each option
such as `1m` and `5m`
You can set the cron schedule by filling in this form. Please see [Cron
Trigger
Tutorial](http://www.quartz-scheduler.org/documentation/quartz-2.2.x/tutorials/crontrigger)
for the available cron syntax.
-### Cron executing user
+### Cron executing user (It is removed from 0.8 where it enforces the cron
execution user to be the note owner for security purpose)
You can set the cron executing user by filling in this form and press the
enter key.
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/zeppelin-web/src/app/notebook/notebook-actionBar.html
--
diff --git a/zeppelin-web/src/app/notebook/notebook-actionBar.html
b/zeppelin-web/src/app/notebook/notebook-actionBar.html
index 7559a87..78ca77e 100644
--- a/zeppelin-web/src/app/notebook/notebook-actionBar.html
+++ b/zeppelin-web/src/app/notebook/notebook-actionBar.html
@@ -281,13 +281,6 @@ limitations under the License.
-- Cron executing user (click enter in field to
submit)
-
-
-
- auto-restart interpreter on cron execution
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
--
diff --git
a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
index 3728cd3..664e986 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
@@ -642,16 +642,10 @@ public class Note implements ParagraphJobListener,
JsonSerializable {
}
/**
- * Run all paragraphs sequentially.
+ * Run all paragraphs sequentially. Only used for CronJob
*/
public synchronized void runAll() {
-String cronExecutingUser = (String) getConfig().get("cronExecutingUser");
-if (null == cronExecutingUser) {
- cronExecutingUser = "anonymous";
-}
-AuthenticationInfo authenticationInfo = new AuthenticationInfo();
-authenticationInfo.setUser(cronExecutingUser);
-runAll(authenticationInfo, true);
+runAll(null, true);
}
public void runAll(AuthenticationInfo authenticationInfo, boolean blocking) {
@@ -659,7 +653,9 @@ public class Note implements ParagraphJobListener,
JsonSerializable {
if (!p.isEnabled()) {
continue;
}
- p.setAuthen
zeppelin git commit: [ZEPPELIN-3350] Don't allow set cronExecutionUser
Repository: zeppelin
Updated Branches:
refs/heads/branch-0.8 d3de51562 -> 852826156
[ZEPPELIN-3350] Don't allow set cronExecutionUser
### What is this PR for?
This PR just does a quick fix this security issue.
1. Remove the setting cron user in frontend
2. Run the note via owner.
### What type of PR is it?
[Bug Fix ]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-3350
### How should this be tested?
* Manually tested
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang
Closes #2914 from zjffdu/ZEPPELIN-3350 and squashes the following commits:
63325d0 [Jeff Zhang] [ZEPPELIN-3350] Don't allow set cronExecutionUser
(cherry picked from commit 08c9ad9a6692405884ae2b2f730868030247762f)
Signed-off-by: Jeff Zhang
Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/85282615
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/85282615
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/85282615
Branch: refs/heads/branch-0.8
Commit: 85282615681e895d477417e9f9b80efdb221bf2c
Parents: d3de515
Author: Jeff Zhang
Authored: Wed Apr 4 18:13:06 2018 +0800
Committer: Jeff Zhang
Committed: Tue Apr 10 15:52:05 2018 +0800
--
docs/usage/other_features/cron_scheduler.md | 2 +-
zeppelin-web/src/app/notebook/notebook-actionBar.html | 7 ---
.../main/java/org/apache/zeppelin/notebook/Note.java | 14 +-
3 files changed, 6 insertions(+), 17 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/85282615/docs/usage/other_features/cron_scheduler.md
--
diff --git a/docs/usage/other_features/cron_scheduler.md
b/docs/usage/other_features/cron_scheduler.md
index c7fc284..7223045 100644
--- a/docs/usage/other_features/cron_scheduler.md
+++ b/docs/usage/other_features/cron_scheduler.md
@@ -41,7 +41,7 @@ You can set a cron schedule easily by clicking each option
such as `1m` and `5m`
You can set the cron schedule by filling in this form. Please see [Cron
Trigger
Tutorial](http://www.quartz-scheduler.org/documentation/quartz-2.2.x/tutorials/crontrigger)
for the available cron syntax.
-### Cron executing user
+### Cron executing user (It is removed from 0.8 where it enforces the cron
execution user to be the note owner for security purpose)
You can set the cron executing user by filling in this form and press the
enter key.
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/85282615/zeppelin-web/src/app/notebook/notebook-actionBar.html
--
diff --git a/zeppelin-web/src/app/notebook/notebook-actionBar.html
b/zeppelin-web/src/app/notebook/notebook-actionBar.html
index 7559a87..78ca77e 100644
--- a/zeppelin-web/src/app/notebook/notebook-actionBar.html
+++ b/zeppelin-web/src/app/notebook/notebook-actionBar.html
@@ -281,13 +281,6 @@ limitations under the License.
-- Cron executing user (click enter in field to
submit)
-
-
-
- auto-restart interpreter on cron execution
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/85282615/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
--
diff --git
a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
index 8889a55..3c49eac 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
@@ -637,16 +637,10 @@ public class Note implements ParagraphJobListener,
JsonSerializable {
}
/**
- * Run all paragraphs sequentially.
+ * Run all paragraphs sequentially. Only used for CronJob
*/
public synchronized void runAll() {
-String cronExecutingUser = (String) getConfig().get("cronExecutingUser");
-if (null == cronExecutingUser) {
- cronExecutingUser = "anonymous";
-}
-AuthenticationInfo authenticationInfo = new AuthenticationInfo();
-authenticationInfo.setUser(cronExecutingUser);
-runAll(authenticationInfo, true);
+runAll(null, true);
}
public void runAll(AuthenticationInfo authenticationInfo, boolean blocking) {
@@ -654,7 +648,9 @@ public class Note implements ParagraphJob
