[SPARK-22860] [SPARK-24621] [Core] [WebUI] - hide key password from linux ps listing and masterwebui point to https if ssl enabled #21514
Conversation
|
Instead of filtering out the passwords, would it be more useful to blank the passwords or replace them with |
|
I just went through the process of getting 'security approval' in my organisation to use Spark in Production. They ran a Qualsys Vulnerability Assessment scanner that among other things picked up a vulnerability called 'presence of string keyStorePassword in process list' so the scan would still fail if the string keyStorePassword appeared at all. |
|
@cloud-fan can u commit? |
|
Have you tried the config "spark.redaction.regex" ? |
| @@ -100,7 +100,7 @@ private[spark] class StandaloneSchedulerBackend( | |||
| val sparkJavaOpts = Utils.sparkJavaOpts(conf, SparkConf.isExecutorStartupConf) | |||
| val javaOpts = sparkJavaOpts ++ extraJavaOpts | |||
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | |||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | |||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts.filterNot(_.startsWith("-Dspark.ssl.keyStorePassword")).filterNot(_.startsWith("-Dspark.ssl.keyPassword"))) | |||
There was a problem hiding this comment.
If you really have to do this, I'd have:
javaOpts.filterNot { opt =>
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")
}
There was a problem hiding this comment.
What about *storePassword?
Actually I'm thinking of using Hadoop credential provider to store password (https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html) to avoid plaintext password. I have a local PR for this.
There was a problem hiding this comment.
does your PR still end up having the literal 'storePassword' in ps output?
|
Is this only the place where we need to hide the password? e.g., how about logging about properties in SparkSubmitArguments |
tooptoop4
changed the title
| val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) | ||
| val uriScheme = "http://" | ||
| if (SSL_ENABLED) { | ||
| uriScheme = "https://" |
There was a problem hiding this comment.
have you tested this? This is a val, I doubt this can even compile...
There was a problem hiding this comment.
Could you try this? It's a bit closer to the usual scala style.
val uriScheme = if (conf.getBoolean("spark.ssl.enabled", false)) "https://" else "http://"
There was a problem hiding this comment.
woops, i just updated val to var
There was a problem hiding this comment.
yes, but still please add tests for this, in order to enforce the correctness of your solution. PS I agree with @pjfanning's suggestion..
| uriScheme = "https://" | ||
| } | ||
| masterWebUiUrl = uriScheme + masterPublicAddress + ":" + webUi.boundPort | ||
| //masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort |
There was a problem hiding this comment.
please remove this comment
There was a problem hiding this comment.
update in latest commit
|
ok to test |
|
Test build #93065 has finished for PR 21514 at commit
|
|
ok to test |
|
@HyukjinKwon can u commit this? i fixed the Scala style |
| @@ -130,7 +130,12 @@ private[deploy] class Master( | |||
| logInfo(s"Running Spark version ${org.apache.spark.SPARK_VERSION}") | |||
| webUi = new MasterWebUI(this, webUiPort) | |||
| webUi.bind() | |||
| masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort | |||
| val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) | |||
| var uriScheme = "http://" | |||
There was a problem hiding this comment.
this can be:
val uriScheme = if (SSL_ENABLED) { "https://" } else { "http://" }
|
Test build #93104 has finished for PR 21514 at commit
|
|
ok to test |
|
Test build #93142 has finished for PR 21514 at commit
|
| @@ -100,7 +100,9 @@ private[spark] class StandaloneSchedulerBackend( | |||
| val sparkJavaOpts = Utils.sparkJavaOpts(conf, SparkConf.isExecutorStartupConf) | |||
| val javaOpts = sparkJavaOpts ++ extraJavaOpts | |||
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | |||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | |||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries | |||
There was a problem hiding this comment.
please put the comma at the end of this line instead of the beginning of the next one.
| @@ -100,7 +100,9 @@ private[spark] class StandaloneSchedulerBackend( | |||
| val sparkJavaOpts = Utils.sparkJavaOpts(conf, SparkConf.isExecutorStartupConf) | |||
| val javaOpts = sparkJavaOpts ++ extraJavaOpts | |||
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | |||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | |||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries | |||
| , javaOpts.filterNot { opt => | |||
There was a problem hiding this comment.
we don't put long code inline to function argument usually. Please move this before and store it to a local val used here.
| @@ -282,6 +282,40 @@ class MasterSuite extends SparkFunSuite | |||
| } | |||
| } | |||
|
|
|||
| test("SPARK-24621 https urls when ssl enabled") { | |||
There was a problem hiding this comment.
nit: we usually put a : after the JIRA number, eg. SPARK-24621:
|
@mgaido91 - do you know what caused this? |
|
@tooptoop4 the only thing I can see is that you are suing |
|
ok to test |
|
Test build #93166 has finished for PR 21514 at commit
|
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
| val javaOptsFiltered = javaOpts.filterNot { opt => | ||
| opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")} |
There was a problem hiding this comment.
wrong indentation. This should look like:
val javaOptsFiltered = javaOpts.filterNot { opt =>
opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword")
}
| @@ -130,7 +130,9 @@ private[deploy] class Master( | |||
| logInfo(s"Running Spark version ${org.apache.spark.SPARK_VERSION}") | |||
| webUi = new MasterWebUI(this, webUiPort) | |||
| webUi.bind() | |||
| masterWebUiUrl = "http://" + masterPublicAddress + ":" + webUi.boundPort | |||
| val SSL_ENABLED = conf.getBoolean("spark.ssl.enabled", false) | |||
There was a problem hiding this comment.
nit: rename to sslEnabled
|
ok to test |
|
Test build #93172 has finished for PR 21514 at commit
|
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", | ||
| args, sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOpts) | ||
| val javaOptsFiltered = javaOpts.filterNot { opt => | ||
| opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword") |
There was a problem hiding this comment.
wrong indentation: missing 2 spaces.
| opt.startsWith("-Dspark.ssl.keyStorePassword") || opt.startsWith("-Dspark.ssl.keyPassword") | ||
| } | ||
| val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend", args, | ||
| sc.executorEnvs, classPathEntries ++ testingClassPath, libraryPathEntries, javaOptsFiltered) |
There was a problem hiding this comment.
wrong indentation here too, missing 2 spaces. Moreover, in such cases, we usually put one argument per line, so:
val command = Command("org.apache.spark.executor.CoarseGrainedExecutorBackend",
args,
sc.executorEnvs,
...)
| eventually(timeout(5 seconds), interval(100 milliseconds)) { | ||
| val json = Source.fromURL(s"https://localhost:${localCluster.masterWebUIPort}/json") | ||
| .getLines().mkString("\n") | ||
| assert(json.contains('<a href="https://')) |
| eventually(timeout(5 seconds), interval(100 milliseconds)) { | ||
| val json = Source.fromURL(s"http://localhost:${localCluster.masterWebUIPort}/json") | ||
| .getLines().mkString("\n") | ||
| assert(!json.contains('<a href="https://')) |
|
ping @tooptoop4 |
|
I'm going to suggest to close this. The review comments were not addressed more then few months and there's not quite a great point to keep inactive PRs. Feel free to take over this if any of you here is interested in this. Or @tooptoop4, please recreate a PR after addressing review commnets here. Thanks. |
What changes were proposed in this pull request?
hide password from 'ps' linux command
AND
masterwebui point to https if ssl enabled
How was this patch tested?
Existing tests
Please review http://spark.apache.org/contributing.html before opening a pull request.
The contribution is my own original work and I license the work to the project under the project’s open source license.