-
Notifications
You must be signed in to change notification settings - Fork 28.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SPARK-22860] [SPARK-24621] [Core] [WebUI] - hide key password from linux ps listing and masterwebui point to https if ssl enabled #21514
Conversation
Instead of filtering out the passwords, would it be more useful to blank the passwords or replace them with |
I just went through the process of getting 'security approval' in my organisation to use Spark in Production. They ran a Qualsys Vulnerability Assessment scanner that among other things picked up a vulnerability called 'presence of string keyStorePassword in process list' so the scan would still fail if the string keyStorePassword appeared at all. |
@cloud-fan can u commit? |
Have you tried the config "spark.redaction.regex" ? |
@@ -100,7 +100,7 @@ private[spark] class StandaloneSchedulerBackend( | |||
val sparkJavaOpts = Utils.sparkJavaOpts(conf, SparkConf.isExecutorStartupConf) | |||
val javaOpts = sparkJavaOpts ++ extraJavaOpts | |||
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | |||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | |||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts.filterNot(_.startsWith("-Dspark.ssl.keyStorePassword")).filterNot(_.startsWith("-Dspark.ssl.keyPassword"))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you really have to do this, I'd have:
javaOpts.filterNot { opt =>
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about *storePassword
?
Actually I'm thinking of using Hadoop credential provider to store password (https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html) to avoid plaintext password. I have a local PR for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does your PR still end up having the literal 'storePassword' in ps output?
Is this only the place where we need to hide the password? e.g., how about logging about properties in SparkSubmitArguments |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add UTs for your changes? Or at least post some pictures with your tests of the changes?
val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) | ||
val uriScheme = "http://" | ||
if (SSL_ENABLED) { | ||
uriScheme = "https://" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
have you tested this? This is a val, I doubt this can even compile...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you try this? It's a bit closer to the usual scala style.
val uriScheme = if (conf.getBoolean("spark.ssl.enabled", false)) "https://" else "http://"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
woops, i just updated val to var
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, but still please add tests for this, in order to enforce the correctness of your solution. PS I agree with @pjfanning's suggestion..
uriScheme = "https://" | ||
} | ||
masterWebUiUrl = uriScheme + masterPublicAddress + ":" + webUi.boundPort | ||
//masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please remove this comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
update in latest commit
ok to test |
Test build #93065 has finished for PR 21514 at commit
|
ok to test |
@HyukjinKwon can u commit this? i fixed the Scala style |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please if you cannot add UT, at least provide some pictures showing the behavior before and after your PR.
@@ -130,7 +130,12 @@ private[deploy] class Master( | |||
logInfo(s"Running Spark version ${org.apache.spark.SPARK_VERSION}") | |||
webUi = new MasterWebUI(this, webUiPort) | |||
webUi.bind() | |||
masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort | |||
val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) | |||
var uriScheme = "http://" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this can be:
val uriScheme = if (SSL_ENABLED) { "https://" } else { "http://" }
Test build #93104 has finished for PR 21514 at commit
|
ok to test |
Test build #93142 has finished for PR 21514 at commit
|
@@ -100,7 +100,9 @@ private[spark] class StandaloneSchedulerBackend( | |||
val sparkJavaOpts = Utils.sparkJavaOpts(conf, SparkConf.isExecutorStartupConf) | |||
val javaOpts = sparkJavaOpts ++ extraJavaOpts | |||
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | |||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | |||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please put the comma at the end of this line instead of the beginning of the next one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -100,7 +100,9 @@ private[spark] class StandaloneSchedulerBackend( | |||
val sparkJavaOpts = Utils.sparkJavaOpts(conf, SparkConf.isExecutorStartupConf) | |||
val javaOpts = sparkJavaOpts ++ extraJavaOpts | |||
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | |||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | |||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries | |||
, javaOpts.filterNot { opt => |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't put long code inline to function argument usually. Please move this before and store it to a local val used here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -282,6 +282,40 @@ class MasterSuite extends SparkFunSuite | |||
} | |||
} | |||
|
|||
test("SPARK-24621 https urls when ssl enabled") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: we usually put a :
after the JIRA number, eg. SPARK-24621:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@mgaido91 - do you know what caused this? |
@tooptoop4 the only thing I can see is that you are suing |
ok to test |
Test build #93166 has finished for PR 21514 at commit
|
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
val javaOptsFiltered = javaOpts.filterNot { opt => | ||
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wrong indentation. This should look like:
val javaOptsFiltered = javaOpts.filterNot { opt =>
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -130,7 +130,9 @@ private[deploy] class Master( | |||
logInfo(s"Running Spark version ${org.apache.spark.SPARK_VERSION}") | |||
webUi = new MasterWebUI(this, webUiPort) | |||
webUi.bind() | |||
masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort | |||
val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: rename to sslEnabled
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
ok to test |
Test build #93172 has finished for PR 21514 at commit
|
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
val javaOptsFiltered = javaOpts.filterNot { opt => | ||
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wrong indentation: missing 2 spaces.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
left some other comments. Please verify locally and fix the scala style error. You can run the linter also locally. Thanks.
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword") | ||
} | ||
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", args, | ||
sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOptsFiltered) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wrong indentation here too, missing 2 spaces. Moreover, in such cases, we usually put one argument per line, so:
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend",
args,
sc.executorEnvs,
...)
eventually(timeout(5 seconds), interval(100 milliseconds)) { | ||
val json = Source.fromURL(s"https://localhost:${localCluster.masterWebUIPort}/json") | ||
.getLines().mkString("\n") | ||
assert(json.contains('<a href="https://')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"
instead of '
eventually(timeout(5 seconds), interval(100 milliseconds)) { | ||
val json = Source.fromURL(s"http://localhost:${localCluster.masterWebUIPort}/json") | ||
.getLines().mkString("\n") | ||
assert(!json.contains('<a href="https://')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
ping @tooptoop4 |
I'm going to suggest to close this. The review comments were not addressed more then few months and there's not quite a great point to keep inactive PRs. Feel free to take over this if any of you here is interested in this. Or @tooptoop4, please recreate a PR after addressing review commnets here. Thanks. |
What changes were proposed in this pull request?
hide password from 'ps' linux command
AND
masterwebui point to https if ssl enabled
How was this patch tested?
Existing tests
Please review http://spark.apache.org/contributing.html before opening a pull request.
The contribution is my own original work and I license the work to the project under the project’s open source license.