ATLAS-4107: Atlas not picking the ldap bind password from the correct jceks file.
Change-Id: I8f457b63f3170c2b1313ab365223d18af6023f87
Signed-off-by: Sarath Subramanian <sarath@apache.org>
diff --git a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
index e662c8f..bf97ab1 100644
--- a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
+++ b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
@@ -34,6 +34,7 @@
import java.util.AbstractMap.SimpleEntry;
import java.util.Iterator;
import java.util.Properties;
+import static org.apache.atlas.security.SecurityProperties.HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH;
/**
* Application properties used by Atlas.
@@ -57,6 +58,8 @@
public static final String STORAGE_BACKEND_HBASE2 = "hbase2";
public static final String INDEX_BACKEND_SOLR = "solr";
public static final String LDAP_TYPE = "atlas.authentication.method.ldap.type";
+ public static final String LDAP = "LDAP";
+ public static final String AD = "AD";
public static final String LDAP_AD_BIND_PASSWORD = "atlas.authentication.method.ldap.ad.bind.password";
public static final String LDAP_BIND_PASSWORD = "atlas.authentication.method.ldap.bind.password";
public static final String MASK_LDAP_PASSWORD = "********";
@@ -278,17 +281,17 @@
if (StringUtils.isNotEmpty(ldapType)) {
try {
- if (ldapType.equalsIgnoreCase("ldap")) {
+ if (ldapType.equalsIgnoreCase(LDAP)) {
String maskPasssword = configuration.getString(LDAP_BIND_PASSWORD);
if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
- String password = SecurityUtil.getPassword(configuration, LDAP_BIND_PASSWORD);
+ String password = SecurityUtil.getPassword(configuration, LDAP_BIND_PASSWORD, HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH);
configuration.clearProperty(LDAP_BIND_PASSWORD);
configuration.addProperty(LDAP_BIND_PASSWORD, password);
}
- } else if (ldapType.equalsIgnoreCase("ad")) {
+ } else if (ldapType.equalsIgnoreCase(AD)) {
String maskPasssword = configuration.getString(LDAP_AD_BIND_PASSWORD);
if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
- String password = SecurityUtil.getPassword(configuration, LDAP_AD_BIND_PASSWORD);
+ String password = SecurityUtil.getPassword(configuration, LDAP_AD_BIND_PASSWORD, HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH);
configuration.clearProperty(LDAP_AD_BIND_PASSWORD);
configuration.addProperty(LDAP_AD_BIND_PASSWORD, password);
}
diff --git a/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java b/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
index 2147cd1..0d94986 100644
--- a/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
+++ b/intg/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -40,6 +40,7 @@
public static final String SERVER_CERT_PASSWORD_KEY = "password";
public static final String CLIENT_AUTH_KEY = "client.auth.enabled";
public static final String CERT_STORES_CREDENTIAL_PROVIDER_PATH = "cert.stores.credential.provider.path";
+ public static final String HADOOP_SECURITY_CREDENTIAL_PROVIDER_PATH = "hadoop.security.credential.provider.path";
public static final String SSL_CLIENT_PROPERTIES = "ssl-client.xml";
public static final String BIND_ADDRESS = "atlas.server.bind.address";
public static final String ATLAS_SSL_EXCLUDE_CIPHER_SUITES = "atlas.ssl.exclude.cipher.suites";
diff --git a/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java b/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
index 082c637..cf426fd 100644
--- a/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
+++ b/intg/src/main/java/org/apache/atlas/security/SecurityUtil.java
@@ -40,12 +40,27 @@
* @throws IOException
*/
public static String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {
+ return getPassword(config, key, CERT_STORES_CREDENTIAL_PROVIDER_PATH);
+ }
+
+
+ /**
+ * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
+ * configured credential provider.
+ *
+ * @param config application configuration
+ * @param key the key/alias for the password.
+ * @param pathPropertyName property of path
+ * @return the password.
+ * @throws IOException
+ */
+ public static String getPassword(org.apache.commons.configuration.Configuration config, String key, String pathPropertyName) throws IOException {
String password;
- String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
+ String provider = config.getString(pathPropertyName);
if (provider != null) {
- LOG.info("Attempting to retrieve password for key {} from configured credential provider path {}", key, provider);
+ LOG.info("Attempting to retrieve password for key {} from {} configured credential provider path {}", key, pathPropertyName, provider);
Configuration c = new Configuration();
c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
@@ -58,7 +73,7 @@
}
} else {
- throw new IOException("No credential provider path configured for storage of certificate store passwords");
+ throw new IOException("No credential provider path " + pathPropertyName + " configured for storage of certificate store passwords");
}
return password;
