[jira] [Commented] (YARN-11726) Exposing Password Retrieval Process for Web Application Utilities in method `getPassword`

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/YARN-11726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18056481#comment-18056481
 ] 

ASF GitHub Bot commented on YARN-11726:
---------------------------------------

Hean-Chhinling commented on PR #8224:
URL: https://github.com/apache/hadoop/pull/8224#issuecomment-3848261553

   False warning on ASFlicense
   
   ```
   .mvn/jvm.config:1:Missing Apache License
   ```




> Exposing Password Retrieval Process for Web Application Utilities in method 
> `getPassword`
> -----------------------------------------------------------------------------------------
>
>                 Key: YARN-11726
>                 URL: https://issues.apache.org/jira/browse/YARN-11726
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: yarn
>    Affects Versions: 3.3.6
>         Environment: Version: {{3.3.6}}
> Location: 
> {{{}hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/webapp/util/WebAppUtils.java{}}},
>  in the {{getPassword}} method, lines 486-500.
>            Reporter: LoggingResearch
>            Assignee: chhinlinghean
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: TestWebAppUtils.java, original-vs-log-enhanced.md
>
>
> The method {{getPassword}} in {{WebAppUtils}} is responsible for securely 
> retrieving passwords from the configuration based on the provided alias. If 
> the alias is not set or if there's an issue during the retrieval, the system 
> currently fails silently. Enhancing the logging within this method will 
> provide more transparency and help diagnose configuration issues, such as 
> missing or incorrect password aliases.
>  
> *Expected Behavior:* 
> The system should log the success or failure of password retrieval attempts, 
> including any issues encountered during the process. This will improve 
> traceability and allow administrators to more easily identify and correct 
> misconfigurations or errors related to password management.
>  
> *How-to-Fix:*
> We propose adding log statements to expose the success or failure of password 
> retrieval operations. This will enhance the visibility of 
> configuration-related issues, allowing administrators to better manage 
> security credentials within YARN.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org