Re: Review Request 44725: After exporting blueprint from ranger enabled cluster ranger.service.https.attrib.keystore.pass is exported

2016-03-24 Thread Amruta Borkar 


> On March 23, 2016, 12:31 p.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java,
> >  line 2723
> > 
> >
> > This is a great idea. I am suprised we haven't done this already.  
> > However, I don't see where this new filter class is being used, so how was 
> > the issue in the description addressed?
> 
> Robert Nettleton wrote:
> Hi Rob, the Blueprint export filters have been around for a while, check 
> out:
> 
> 
> org.apache.ambari.server.controller.internal.BlueprintConfigurationProcessor#shouldPropertyBeExcludedForBlueprintExport
> 
> Basically, this method iterates over the registered filters to determine 
> if a property should be excluded. 
> 
> Thanks.
> 
> Robert Levas wrote:
> Thnaks for the clarification Bob.  Droppng my issue.
> 
> Amruta Borkar wrote:
> Thank you for the review. I don't have the commit rights on trunk. Could 
> you please help push this change?
> 
> Robert Levas wrote:
> I'll commit this.

Thank you Robert, could you please update when committed. Thanks.


- Amruta


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44725/#review125010
---


On March 23, 2016, 1:40 a.m., Amruta Borkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44725/
> ---
> 
> (Updated March 23, 2016, 1:40 a.m.)
> 
> 
> Review request for Ambari, Robert Levas and Robert Nettleton.
> 
> 
> Bugs: AMBARI-15338
> https://issues.apache.org/jira/browse/AMBARI-15338
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After exporting blueprint from ranger enabled cluster 
> ranger.service.https.attrib.keystore.pass is exported.
> Which needs to be removed before using the same blueprint to create another 
> cluster
> Error Show when used same blueprint:
> { "status" : 400, "message" : "Blueprint configuration validation failed: 
> Secret references are not allowed in blueprints, replace following properties 
> with real passwords:\n Config:ranger-admin-site 
> Property:ranger.service.https.attrib.keystore.pass\n" }
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  4230862 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  0f62b2c 
> 
> Diff: https://reviews.apache.org/r/44725/diff/
> 
> 
> Testing
> ---
> 
> Modified test cases to test for if the properties that end with "pass" are 
> getting filtered. Other properties which have 'pass' else where in the name 
> will not get filtered.
> 
> 
> Thanks,
> 
> Amruta Borkar
> 
>

Re: Review Request 44725: After exporting blueprint from ranger enabled cluster ranger.service.https.attrib.keystore.pass is exported

2016-03-23 Thread Robert Levas 


> On March 23, 2016, 8:31 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java,
> >  line 2723
> > 
> >
> > This is a great idea. I am suprised we haven't done this already.  
> > However, I don't see where this new filter class is being used, so how was 
> > the issue in the description addressed?
> 
> Robert Nettleton wrote:
> Hi Rob, the Blueprint export filters have been around for a while, check 
> out:
> 
> 
> org.apache.ambari.server.controller.internal.BlueprintConfigurationProcessor#shouldPropertyBeExcludedForBlueprintExport
> 
> Basically, this method iterates over the registered filters to determine 
> if a property should be excluded. 
> 
> Thanks.

Thnaks for the clarification Bob.  Droppng my issue.


- Robert


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44725/#review125010
---


On March 22, 2016, 9:40 p.m., Amruta Borkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44725/
> ---
> 
> (Updated March 22, 2016, 9:40 p.m.)
> 
> 
> Review request for Ambari, Robert Levas and Robert Nettleton.
> 
> 
> Bugs: AMBARI-15338
> https://issues.apache.org/jira/browse/AMBARI-15338
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After exporting blueprint from ranger enabled cluster 
> ranger.service.https.attrib.keystore.pass is exported.
> Which needs to be removed before using the same blueprint to create another 
> cluster
> Error Show when used same blueprint:
> { "status" : 400, "message" : "Blueprint configuration validation failed: 
> Secret references are not allowed in blueprints, replace following properties 
> with real passwords:\n Config:ranger-admin-site 
> Property:ranger.service.https.attrib.keystore.pass\n" }
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  4230862 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  0f62b2c 
> 
> Diff: https://reviews.apache.org/r/44725/diff/
> 
> 
> Testing
> ---
> 
> Modified test cases to test for if the properties that end with "pass" are 
> getting filtered. Other properties which have 'pass' else where in the name 
> will not get filtered.
> 
> 
> Thanks,
> 
> Amruta Borkar
> 
>

Re: Review Request 44725: After exporting blueprint from ranger enabled cluster ranger.service.https.attrib.keystore.pass is exported

2016-03-22 Thread Robert Nettleton 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44725/#review124874
---


Ship it!




Ship It!

- Robert Nettleton


On March 22, 2016, 6:41 p.m., Amruta Borkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44725/
> ---
> 
> (Updated March 22, 2016, 6:41 p.m.)
> 
> 
> Review request for Ambari, Di Li and Robert Nettleton.
> 
> 
> Bugs: AMBARI-15338
> https://issues.apache.org/jira/browse/AMBARI-15338
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After exporting blueprint from ranger enabled cluster 
> ranger.service.https.attrib.keystore.pass is exported.
> Which needs to be removed before using the same blueprint to create another 
> cluster
> Error Show when used same blueprint:
> { "status" : 400, "message" : "Blueprint configuration validation failed: 
> Secret references are not allowed in blueprints, replace following properties 
> with real passwords:\n Config:ranger-admin-site 
> Property:ranger.service.https.attrib.keystore.pass\n" }
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  4230862 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  0f62b2c 
> 
> Diff: https://reviews.apache.org/r/44725/diff/
> 
> 
> Testing
> ---
> 
> Modified test cases to test for if the properties that end with "pass" are 
> getting filtered. Other properties which have 'pass' else where in the name 
> will not get filtered.
> 
> 
> Thanks,
> 
> Amruta Borkar
> 
>

Re: Review Request 44725: After exporting blueprint from ranger enabled cluster ranger.service.https.attrib.keystore.pass is exported

2016-03-22 Thread Amruta Borkar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44725/
---

(Updated March 22, 2016, 6:41 p.m.)


Review request for Ambari, Di Li and Robert Nettleton.


Changes
---

Uploading new patch with suggested changes. Created a new filter class to 
filter properties based on property_type present in Stack. Added test cases for 
the same.


Bugs: AMBARI-15338
https://issues.apache.org/jira/browse/AMBARI-15338


Repository: ambari


Description
---

After exporting blueprint from ranger enabled cluster 
ranger.service.https.attrib.keystore.pass is exported.
Which needs to be removed before using the same blueprint to create another 
cluster
Error Show when used same blueprint:
{ "status" : 400, "message" : "Blueprint configuration validation failed: 
Secret references are not allowed in blueprints, replace following properties 
with real passwords:\n Config:ranger-admin-site 
Property:ranger.service.https.attrib.keystore.pass\n" }


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
 4230862 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
 0f62b2c 

Diff: https://reviews.apache.org/r/44725/diff/


Testing
---

Modified test cases to test for if the properties that end with "pass" are 
getting filtered. Other properties which have 'pass' else where in the name 
will not get filtered.


Thanks,

Amruta Borkar

Re: Review Request 44725: After exporting blueprint from ranger enabled cluster ranger.service.https.attrib.keystore.pass is exported

2016-03-19 Thread Amruta Borkar 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44725/
---

(Updated March 17, 2016, 6:52 p.m.)


Review request for Ambari, Di Li and Robert Nettleton.


Changes
---

Currently Secret References are getting filtered based on Property Name, but as 
properties are ending with difference strings (password, secret, pass), the 
filtering expression needs to be modified every time. 

As these password properties have values that follow the same format 
"SECRET:property_name:version:property_name" we can filter Secret References 
based on property value, rather than property name, as this would make it 
generic.


Bugs: AMBARI-15338
https://issues.apache.org/jira/browse/AMBARI-15338


Repository: ambari


Description
---

After exporting blueprint from ranger enabled cluster 
ranger.service.https.attrib.keystore.pass is exported.
Which needs to be removed before using the same blueprint to create another 
cluster
Error Show when used same blueprint:
{ "status" : 400, "message" : "Blueprint configuration validation failed: 
Secret references are not allowed in blueprints, replace following properties 
with real passwords:\n Config:ranger-admin-site 
Property:ranger.service.https.attrib.keystore.pass\n" }


Diffs (updated)
-

  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
 f5e7578 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
 68d5755 

Diff: https://reviews.apache.org/r/44725/diff/


Testing
---

Modified test cases to test for if the properties that end with "pass" are 
getting filtered. Other properties which have 'pass' else where in the name 
will not get filtered.


Thanks,

Amruta Borkar

Re: Review Request 44725: After exporting blueprint from ranger enabled cluster ranger.service.https.attrib.keystore.pass is exported

2016-03-19 Thread Amruta Borkar 


> On March 14, 2016, 12:27 p.m., Di Li wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java,
> >  line 2668
> > 
> >
> > So any properties end with ".pass" will be marked, yes? That check 
> > seems a bit broad to me, at least broader than checking Password or Secret.
> > 
> > Each property (understandably that only when its defintion follows the 
> > rules) should use "property-type" to indicate if it's a password 
> > "PASSWORD". Can we check this instead of 
> > guessing property name patterns? 
> > 
> > We should honor the setting, so that when user needs to mask a 
> > property, he can either ends the property name with .password or .secret 
> > (this is really a hardcoded logic than stack driven) or configure the 
> > property propertly (stack driven, a more preferrable way).

Hello Di,

Property_type is not accessible to the DAO part. It shows only at UI. So I have 
tried to generalise the expression using Property_value rather than 
property_name. Please give your input for that. 
Thanks


- Amruta


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/44725/#review123409
---


On March 17, 2016, 6:52 p.m., Amruta Borkar wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/44725/
> ---
> 
> (Updated March 17, 2016, 6:52 p.m.)
> 
> 
> Review request for Ambari, Di Li and Robert Nettleton.
> 
> 
> Bugs: AMBARI-15338
> https://issues.apache.org/jira/browse/AMBARI-15338
> 
> 
> Repository: ambari
> 
> 
> Description
> ---
> 
> After exporting blueprint from ranger enabled cluster 
> ranger.service.https.attrib.keystore.pass is exported.
> Which needs to be removed before using the same blueprint to create another 
> cluster
> Error Show when used same blueprint:
> { "status" : 400, "message" : "Blueprint configuration validation failed: 
> Secret references are not allowed in blueprints, replace following properties 
> with real passwords:\n Config:ranger-admin-site 
> Property:ranger.service.https.attrib.keystore.pass\n" }
> 
> 
> Diffs
> -
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
>  f5e7578 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
>  68d5755 
> 
> Diff: https://reviews.apache.org/r/44725/diff/
> 
> 
> Testing
> ---
> 
> Modified test cases to test for if the properties that end with "pass" are 
> getting filtered. Other properties which have 'pass' else where in the name 
> will not get filtered.
> 
> 
> Thanks,
> 
> Amruta Borkar
> 
>