-
Notifications
You must be signed in to change notification settings - Fork 445
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modify Shell to authenticate user on call to config #3440
Modify Shell to authenticate user on call to config #3440
Conversation
test/src/main/java/org/apache/accumulo/test/shell/ShellAuthenticatorTest.java
Outdated
Show resolved
Hide resolved
test/src/main/java/org/apache/accumulo/test/shell/ShellAuthenticatorTest.java
Outdated
Show resolved
Hide resolved
The failure appears to be related to the CRYPT_PASSWORD_CACHE inside of ZKSecurityTool. I commented out this line and the test no longer fails: accumulo/server/base/src/main/java/org/apache/accumulo/server/security/handler/ZKSecurityTool.java Line 152 in 969fc52
|
Findbugs is complaining about:
Not sure what the issue is, there is no hardcoded password |
test/src/main/java/org/apache/accumulo/test/shell/ShellAuthenticatorIT.java
Outdated
Show resolved
Hide resolved
test/src/main/java/org/apache/accumulo/test/shell/ShellAuthenticatorIT.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only findbug warning I received running locally were ignoring the return value from delete(file) - I added them as suggestions - but the formatting may be off.
Check config.delete return value Rename variable from password to authenticationString
It looks like changing the variable name from |
* Use protected method and override in test instead of injecting static implementation as a public static field that allows any thread to modify the shell's authentication behavior * Restore previous context-specific prompts by adding passwordPrompt string to the getAuthenticationToken method * Tweak token variable name to minimize diff and for formatting * Use existing client config file in ShellAuthenticatorIT
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a commit 2db232f to reflect my code review suggested changes. It can be rolled back out in part or in whole if needed, but this seemed like the most efficient way to review.
With those changes, I think this looks good to me.
No issue here. |
@ctubbsii - It looks like you reintroduced the sec-bugs issue:
Some of the sec-bugs password plugins contain patterns for variable names. That's why I chose to use a different variable name. |
* Use the authenticationString variable name instead of password to prevent spotbugs from detecting it as a false positive hard-coded password * This restores the previous commit that did this, which got clobbered when I was resolving conflicts with my code review commit (sorry!)
Yep, sorry about that. I missed that one when I was resolving conflicts with my code review commit. Should be fixed now. |
No description provided.