Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-2244

Oozie should mask passwords in the logs when logging command arguments

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 4.1.0, 4.0.1
    • 4.3.0
    • None
    • None

    • All

    Description

      Users have complained that oozie logging the password related argument values in the launcher log is a security hole and want it to be masked in the output. Even password aliases in keystore are considered to be a security hole.

      The fix is to mask any argument values if option name contains the string password (which is true for Sqoop). We do this in multiple places, in Sqoop main, in Launcher Mapper, in JavaMain as well.

      Attachments

        1. OOZIE-2244-no-prefix.patch
          4 kB
          Venkat Ranganathan
        2. OOZIE-2244-01.patch
          4 kB
          Venkat Ranganathan

        Issue Links

        breaks

        Bug - A problem which impairs or prevents the functions of the product. OOZIE-2749 Logging command arguments fails in certain scenarios when using EL functions.

        • Major - Major loss of function.
        • Resolved

        Bug - A problem which impairs or prevents the functions of the product. OOZIE-2748 NPE in LauncherMapper.printArgs()

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            venkatnrangan Venkat Ranganathan
            venkatnrangan Venkat Ranganathan
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment