[SPARK-22860] [SPARK-24621] [Core] [WebUI] - hide key password from linux ps listing and masterwebui point to https if ssl enabled #21514
Conversation
|
Instead of filtering out the passwords, would it be more useful to blank the passwords or replace them with |
|
I just went through the process of getting 'security approval' in my organisation to use Spark in Production. They ran a Qualsys Vulnerability Assessment scanner that among other things picked up a vulnerability called 'presence of string keyStorePassword in process list' so the scan would still fail if the string keyStorePassword appeared at all. |
|
@cloud-fan can u commit? |
|
Have you tried the config "spark.redaction.regex" ? |
| val javaOpts = sparkJavaOpts ++ extraJavaOpts | ||
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts.filterNot(_.startsWith("-Dspark.ssl.keyStorePassword")).filterNot(_.startsWith("-Dspark.ssl.keyPassword"))) |
There was a problem hiding this comment.
If you really have to do this, I'd have:
javaOpts.filterNot { opt =>
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")
}
There was a problem hiding this comment.
What about *storePassword?
Actually I'm thinking of using Hadoop credential provider to store password (https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html) to avoid plaintext password. I have a local PR for this.
There was a problem hiding this comment.
does your PR still end up having the literal 'storePassword' in ps output?
|
Is this only the place where we need to hide the password? e.g., how about logging about properties in SparkSubmitArguments |
tooptoop4
changed the title
mgaido91
left a comment
mgaido91
left a comment
There was a problem hiding this comment.
can you add UTs for your changes? Or at least post some pictures with your tests of the changes?
| val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) | ||
| val uriScheme = "http://" | ||
| if (SSL_ENABLED) { | ||
| uriScheme = "https://" |
There was a problem hiding this comment.
have you tested this? This is a val, I doubt this can even compile...
There was a problem hiding this comment.
Could you try this? It's a bit closer to the usual scala style.
val uriScheme = if (conf.getBoolean("spark.ssl.enabled", false)) "https://" else "http://"
There was a problem hiding this comment.
woops, i just updated val to var
There was a problem hiding this comment.
yes, but still please add tests for this, in order to enforce the correctness of your solution. PS I agree with @pjfanning's suggestion..
| uriScheme = "https://" | ||
| } | ||
| masterWebUiUrl = uriScheme + masterPublicAddress + ":" + webUi.boundPort | ||
| //masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort |
There was a problem hiding this comment.
please remove this comment
There was a problem hiding this comment.
update in latest commit
|
ok to test |
|
Test build #93065 has finished for PR 21514 at commit
|
|
ok to test |
|
@HyukjinKwon can u commit this? i fixed the Scala style |
mgaido91
left a comment
mgaido91
left a comment
There was a problem hiding this comment.
please if you cannot add UT, at least provide some pictures showing the behavior before and after your PR.
| webUi.bind() | ||
| masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort | ||
| val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) | ||
| var uriScheme = "http://" |
There was a problem hiding this comment.
this can be:
val uriScheme = if (SSL_ENABLED) { "https://" } else { "http://" }
|
Test build #93104 has finished for PR 21514 at commit
|
|
ok to test |
|
Test build #93142 has finished for PR 21514 at commit
|
| val javaOpts = sparkJavaOpts ++ extraJavaOpts | ||
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries |
There was a problem hiding this comment.
please put the comma at the end of this line instead of the beginning of the next one.
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries | ||
| , javaOpts.filterNot { opt => |
There was a problem hiding this comment.
we don't put long code inline to function argument usually. Please move this before and store it to a local val used here.
| } | ||
| } | ||
|
|
||
| test("SPARK-24621 https urls when ssl enabled") { |
There was a problem hiding this comment.
nit: we usually put a : after the JIRA number, eg. SPARK-24621:
|
@mgaido91 - do you know what caused this? |
|
@tooptoop4 the only thing I can see is that you are suing |
|
ok to test |
|
Test build #93166 has finished for PR 21514 at commit
|
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
| val javaOptsFiltered = javaOpts.filterNot { opt => | ||
| opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")} |
There was a problem hiding this comment.
wrong indentation. This should look like:
val javaOptsFiltered = javaOpts.filterNot { opt =>
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")
}
| webUi = new MasterWebUI(this, webUiPort) | ||
| webUi.bind() | ||
| masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort | ||
| val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) |
There was a problem hiding this comment.
nit: rename to sslEnabled
|
ok to test |
|
Test build #93172 has finished for PR 21514 at commit
|
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
| val javaOptsFiltered = javaOpts.filterNot { opt => | ||
| opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword") |
There was a problem hiding this comment.
wrong indentation: missing 2 spaces.
mgaido91
left a comment
mgaido91
left a comment
There was a problem hiding this comment.
left some other comments. Please verify locally and fix the scala style error. You can run the linter also locally. Thanks.
| opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword") | ||
| } | ||
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", args, | ||
| sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOptsFiltered) |
There was a problem hiding this comment.
wrong indentation here too, missing 2 spaces. Moreover, in such cases, we usually put one argument per line, so:
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend",
args,
sc.executorEnvs,
...)
| eventually(timeout(5 seconds), interval(100 milliseconds)) { | ||
| val json = Source.fromURL(s"https://localhost:${localCluster.masterWebUIPort}/json") | ||
| .getLines().mkString("\n") | ||
| assert(json.contains('<a href="https://')) |
| eventually(timeout(5 seconds), interval(100 milliseconds)) { | ||
| val json = Source.fromURL(s"http://localhost:${localCluster.masterWebUIPort}/json") | ||
| .getLines().mkString("\n") | ||
| assert(!json.contains('<a href="https://')) |
|
ping @tooptoop4 |
|
I'm going to suggest to close this. The review comments were not addressed more then few months and there's not quite a great point to keep inactive PRs. Feel free to take over this if any of you here is interested in this. Or @tooptoop4, please recreate a PR after addressing review commnets here. Thanks. |
Closes apache#21766 Closes apache#21679 Closes apache#21161 Closes apache#20846 Closes apache#19434 Closes apache#18080 Closes apache#17648 Closes apache#17169 Add: Closes apache#22813 Closes apache#21994 Closes apache#22005 Closes apache#22463 Add: Closes apache#15899 Add: Closes apache#22539 Closes apache#21868 Closes apache#21514 Closes apache#21402 Closes apache#21322 Closes apache#21257 Closes apache#20163 Closes apache#19691 Closes apache#18697 Closes apache#18636 Closes apache#17176 Closes apache#23001 from wangyum/CloseStalePRs. Authored-by: Yuming Wang <yumwang@ebay.com> Signed-off-by: hyukjinkwon <gurwls223@apache.org>
8 participants
What changes were proposed in this pull request?
hide password from 'ps' linux command
AND
masterwebui point to https if ssl enabled
How was this patch tested?
Existing tests
Please review http://spark.apache.org/contributing.html before opening a pull request.
The contribution is my own original work and I license the work to the project under the project’s open source license.