zeppelin git commit: [ZEPPELIN-3350] Don't allow set cronExecutionUser
Repository: zeppelin Updated Branches: refs/heads/master 36a5a9173 -> 08c9ad9a6 [ZEPPELIN-3350] Don't allow set cronExecutionUser ### What is this PR for? This PR just does a quick fix this security issue. 1. Remove the setting cron user in frontend 2. Run the note via owner. ### What type of PR is it? [Bug Fix ] ### Todos * [ ] - Task ### What is the Jira issue? * https://issues.apache.org/jira/browse/ZEPPELIN-3350 ### How should this be tested? * Manually tested ### Screenshots (if appropriate) ![screen shot 2018-04-09 at 3 04 06 pm](https://user-images.githubusercontent.com/164491/38483974-707dca56-3c07-11e8-918a-cd47ed94ee99.png) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Jeff Zhang Closes #2914 from zjffdu/ZEPPELIN-3350 and squashes the following commits: 63325d0 [Jeff Zhang] [ZEPPELIN-3350] Don't allow set cronExecutionUser Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/08c9ad9a Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/08c9ad9a Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/08c9ad9a Branch: refs/heads/master Commit: 08c9ad9a6692405884ae2b2f730868030247762f Parents: 36a5a91 Author: Jeff Zhang Authored: Wed Apr 4 18:13:06 2018 +0800 Committer: Jeff Zhang Committed: Tue Apr 10 15:51:53 2018 +0800 -- docs/usage/other_features/cron_scheduler.md | 2 +- zeppelin-web/src/app/notebook/notebook-actionBar.html | 7 --- .../main/java/org/apache/zeppelin/notebook/Note.java | 14 +- 3 files changed, 6 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/docs/usage/other_features/cron_scheduler.md -- diff --git a/docs/usage/other_features/cron_scheduler.md b/docs/usage/other_features/cron_scheduler.md index c7fc284..7223045 100644 --- a/docs/usage/other_features/cron_scheduler.md +++ b/docs/usage/other_features/cron_scheduler.md @@ -41,7 +41,7 @@ You can set a cron schedule easily by clicking each option such as `1m` and `5m` You can set the cron schedule by filling in this form. Please see [Cron Trigger Tutorial](http://www.quartz-scheduler.org/documentation/quartz-2.2.x/tutorials/crontrigger) for the available cron syntax. -### Cron executing user +### Cron executing user (It is removed from 0.8 where it enforces the cron execution user to be the note owner for security purpose) You can set the cron executing user by filling in this form and press the enter key. http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/zeppelin-web/src/app/notebook/notebook-actionBar.html -- diff --git a/zeppelin-web/src/app/notebook/notebook-actionBar.html b/zeppelin-web/src/app/notebook/notebook-actionBar.html index 7559a87..78ca77e 100644 --- a/zeppelin-web/src/app/notebook/notebook-actionBar.html +++ b/zeppelin-web/src/app/notebook/notebook-actionBar.html @@ -281,13 +281,6 @@ limitations under the License. -- Cron executing user (click enter in field to submit) - - - - auto-restart interpreter on cron execution http://git-wip-us.apache.org/repos/asf/zeppelin/blob/08c9ad9a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java -- diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java index 3728cd3..664e986 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java @@ -642,16 +642,10 @@ public class Note implements ParagraphJobListener, JsonSerializable { } /** - * Run all paragraphs sequentially. + * Run all paragraphs sequentially. Only used for CronJob */ public synchronized void runAll() { -String cronExecutingUser = (String) getConfig().get("cronExecutingUser"); -if (null == cronExecutingUser) { - cronExecutingUser = "anonymous"; -} -AuthenticationInfo authenticationInfo = new AuthenticationInfo(); -authenticationInfo.setUser(cronExecutingUser); -runAll(authenticationInfo, true); +runAll(null, true); } public void runAll(AuthenticationInfo authenticationInfo, boolean blocking) { @@ -659,7 +653,9 @@ public class Note implements ParagraphJobListener, JsonSerializable { if (!p.isEnabled()) { continue; } - p.setAuthen
zeppelin git commit: [ZEPPELIN-3350] Don't allow set cronExecutionUser
Repository: zeppelin Updated Branches: refs/heads/branch-0.8 d3de51562 -> 852826156 [ZEPPELIN-3350] Don't allow set cronExecutionUser ### What is this PR for? This PR just does a quick fix this security issue. 1. Remove the setting cron user in frontend 2. Run the note via owner. ### What type of PR is it? [Bug Fix ] ### Todos * [ ] - Task ### What is the Jira issue? * https://issues.apache.org/jira/browse/ZEPPELIN-3350 ### How should this be tested? * Manually tested ### Screenshots (if appropriate) ![screen shot 2018-04-09 at 3 04 06 pm](https://user-images.githubusercontent.com/164491/38483974-707dca56-3c07-11e8-918a-cd47ed94ee99.png) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Jeff Zhang Closes #2914 from zjffdu/ZEPPELIN-3350 and squashes the following commits: 63325d0 [Jeff Zhang] [ZEPPELIN-3350] Don't allow set cronExecutionUser (cherry picked from commit 08c9ad9a6692405884ae2b2f730868030247762f) Signed-off-by: Jeff Zhang Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/85282615 Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/85282615 Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/85282615 Branch: refs/heads/branch-0.8 Commit: 85282615681e895d477417e9f9b80efdb221bf2c Parents: d3de515 Author: Jeff Zhang Authored: Wed Apr 4 18:13:06 2018 +0800 Committer: Jeff Zhang Committed: Tue Apr 10 15:52:05 2018 +0800 -- docs/usage/other_features/cron_scheduler.md | 2 +- zeppelin-web/src/app/notebook/notebook-actionBar.html | 7 --- .../main/java/org/apache/zeppelin/notebook/Note.java | 14 +- 3 files changed, 6 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/85282615/docs/usage/other_features/cron_scheduler.md -- diff --git a/docs/usage/other_features/cron_scheduler.md b/docs/usage/other_features/cron_scheduler.md index c7fc284..7223045 100644 --- a/docs/usage/other_features/cron_scheduler.md +++ b/docs/usage/other_features/cron_scheduler.md @@ -41,7 +41,7 @@ You can set a cron schedule easily by clicking each option such as `1m` and `5m` You can set the cron schedule by filling in this form. Please see [Cron Trigger Tutorial](http://www.quartz-scheduler.org/documentation/quartz-2.2.x/tutorials/crontrigger) for the available cron syntax. -### Cron executing user +### Cron executing user (It is removed from 0.8 where it enforces the cron execution user to be the note owner for security purpose) You can set the cron executing user by filling in this form and press the enter key. http://git-wip-us.apache.org/repos/asf/zeppelin/blob/85282615/zeppelin-web/src/app/notebook/notebook-actionBar.html -- diff --git a/zeppelin-web/src/app/notebook/notebook-actionBar.html b/zeppelin-web/src/app/notebook/notebook-actionBar.html index 7559a87..78ca77e 100644 --- a/zeppelin-web/src/app/notebook/notebook-actionBar.html +++ b/zeppelin-web/src/app/notebook/notebook-actionBar.html @@ -281,13 +281,6 @@ limitations under the License. -- Cron executing user (click enter in field to submit) - - - - auto-restart interpreter on cron execution http://git-wip-us.apache.org/repos/asf/zeppelin/blob/85282615/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java -- diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java index 8889a55..3c49eac 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java @@ -637,16 +637,10 @@ public class Note implements ParagraphJobListener, JsonSerializable { } /** - * Run all paragraphs sequentially. + * Run all paragraphs sequentially. Only used for CronJob */ public synchronized void runAll() { -String cronExecutingUser = (String) getConfig().get("cronExecutingUser"); -if (null == cronExecutingUser) { - cronExecutingUser = "anonymous"; -} -AuthenticationInfo authenticationInfo = new AuthenticationInfo(); -authenticationInfo.setUser(cronExecutingUser); -runAll(authenticationInfo, true); +runAll(null, true); } public void runAll(AuthenticationInfo authenticationInfo, boolean blocking) { @@ -654,7 +648,9 @@ public class Note implements ParagraphJob