Skip to content

Commit

Permalink
Executor安全加固
Browse files Browse the repository at this point in the history
  • Loading branch information
frankfreedom committed Aug 18, 2020
1 parent 62ec97b commit dcbab16
Show file tree
Hide file tree
Showing 31 changed files with 1,016 additions and 432 deletions.
6 changes: 3 additions & 3 deletions az-core/src/main/java/azkaban/Constants.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@
package azkaban;

import java.time.Duration;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;

/**
* Constants used in configuration files or shared among classes.
Expand All @@ -38,7 +36,6 @@
*/
public class Constants {


public static final String FLOW_PAUSED_MAX_TIME_MS = "flow.paused.max.time.ms";

public static final long DEFAULT_FLOW_PAUSED_MAX_TIME = 1 * 60 * 60 * 1000;
Expand Down Expand Up @@ -163,6 +160,9 @@ public static class ConfigurationKeys {

public static final String IS_METRICS_ENABLED = "azkaban.is.metrics.enabled";

public static final String IP_WHITELIST_ENABLED = "azkaban.ip.whiteList.enabled";
public static final String IP_WHITELIST = "azkaban.ip.whiteList";

// User facing web server configurations used to construct the user facing server URLs. They are useful when there is a reverse proxy between Azkaban web servers and users.
// enduser -> myazkabanhost:443 -> proxy -> localhost:8081
// when this parameters set then these parameters are used to generate email links.
Expand Down
20 changes: 0 additions & 20 deletions az-webank-alerter/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,31 +18,11 @@
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-common</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
<exclusion>
<artifactId>slf4j-log4j12</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-web-server</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
Expand Down
20 changes: 0 additions & 20 deletions az-webank-homepage/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -23,31 +23,11 @@
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-common</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
<exclusion>
<artifactId>slf4j-log4j12</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-web-server</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
Expand Down
3 changes: 3 additions & 0 deletions az-webank-system-manager/conf/plugin.properties
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,8 @@ viewer.servlet.class=com.webank.wedatasphere.schedulis.system.servlet.SystemServ
wtss.db.jdbc.url=[#SYSTEM_DB_URL]
wtss.db.username=[#SYSTEM_DB_USERNAME]
wtss.db.password=[#SYSTEM_DB_PASSWORD]
esb.app.domain=[#ESB_APP_URL]
esb.app.id=[#ESB_APP_ID]
esb.app.token=[#ESB_APP_TOKEN]


19 changes: 1 addition & 18 deletions az-webank-system-manager/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,27 +18,11 @@
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-common</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-web-server</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
Expand Down Expand Up @@ -99,15 +83,14 @@
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>easyexcel</artifactId>
<version>1.1.1</version>
<version>2.2.3</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>


<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ public User getUser(String username, String password) throws UserManagerExceptio
initUserAuthority(wtssUser, user);

} catch (Exception e) {
logger.error("登录失败!异常信息:" + e);
logger.error("登录失败!异常信息:", e);
throw new UserManagerException("Error User Name Or Password.");
}
}
Expand Down
20 changes: 0 additions & 20 deletions az-webank-user-params/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,31 +18,11 @@
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-common</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
<exclusion>
<artifactId>slf4j-log4j12</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
<artifactId>azkaban-web-server</artifactId>
<version>${schedulis.version}</version>
<exclusions>
<exclusion>
<artifactId>fastjson</artifactId>
<groupId>com.alibaba</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.webank.wedatasphere.schedulis</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ public boolean checkWtssUserIsExist(String name){
try {
cout = jdbcExecutorLoader.findWtssUserByName(name);
}catch (ExecutorManagerException e){
logger.error("can not found wtssuser by" + name + ", " + e);
logger.error("can not found wtssuser by" + name + ", ", e);
}
if(cout == 0){
return false;
Expand Down
73 changes: 43 additions & 30 deletions azkaban-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,18 @@
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
<artifactId>netty</artifactId>
<groupId>io.netty</groupId>
<artifactId>jackson-databind</artifactId>
<groupId>com.fasterxml.jackson.core</groupId>
</exclusion>
<exclusion>
<artifactId>jackson-annotations</artifactId>
<groupId>com.fasterxml.jackson.core</groupId>
</exclusion>
<exclusion>
<artifactId>jackson-core</artifactId>
<groupId>com.fasterxml.jackson.core</groupId>
</exclusion>
<exclusion>
<exclusion>
<artifactId>slf4j-log4j12</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
Expand Down Expand Up @@ -99,22 +107,21 @@
<artifactId>netty</artifactId>
<groupId>io.netty</groupId>
</exclusion>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
<exclusion>
<artifactId>slf4j-log4j12</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-common</artifactId>
<version>${hadoop.version}</version>
<exclusions>

<exclusion>
<artifactId>jackson-databind</artifactId>
<groupId>com.fasterxml.jackson.core</groupId>
</exclusion>
<exclusion>
<artifactId>jackson-annotations</artifactId>
<groupId>com.fasterxml.jackson.core</groupId>
</exclusion>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
Expand All @@ -123,6 +130,10 @@
<artifactId>slf4j-log4j12</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
<exclusion>
<artifactId>commons-beanutils</artifactId>
<groupId>commons-beanutils</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
Expand All @@ -131,10 +142,10 @@
<version>${hadoop.version}</version>
<exclusions>
<exclusion>
<artifactId>netty</artifactId>
<groupId>io.netty</groupId>
<artifactId>jackson-databind</artifactId>
<groupId>com.fasterxml.jackson.core</groupId>
</exclusion>
<exclusion>
<exclusion>
<artifactId>log4j</artifactId>
<groupId>log4j</groupId>
</exclusion>
Expand Down Expand Up @@ -182,6 +193,12 @@
<groupId>org.quartz-scheduler</groupId>
<artifactId>quartz</artifactId>
<version>${quartz.version}</version>
<exclusions>
<exclusion>
<artifactId>c3p0</artifactId>
<groupId>c3p0</groupId>
</exclusion>
</exclusions>
</dependency>

<dependency>
Expand Down Expand Up @@ -217,20 +234,6 @@
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>${velocity.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.struts</groupId>
<artifactId>struts-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.struts</groupId>
<artifactId>struts-taglib</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.struts</groupId>
<artifactId>struts-tiles</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
Expand Down Expand Up @@ -268,7 +271,17 @@
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>easyexcel</artifactId>
<version>1.1.1</version>
<version>2.2.3</version>
<exclusions>
<exclusion>
<artifactId>poi</artifactId>
<groupId>org.apache.poi</groupId>
</exclusion>
<exclusion>
<artifactId>poi-ooxml-schemas</artifactId>
<groupId>org.apache.poi</groupId>
</exclusion>
</exclusions>
</dependency>

<dependency>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ public interface ConnectorParams {
public static final String EXECID_PARAM = "execid";
public static final String SHAREDTOKEN_PARAM = "token";
public static final String USER_PARAM = "user";
public static final String TOKEN_PARAM = "token";

public static final String UPDATE_ACTION = "update";
public static final String STATUS_ACTION = "status";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,10 @@

package azkaban.executor;

import azkaban.Constants;
import azkaban.utils.JSONUtils;
import azkaban.utils.Pair;
import azkaban.utils.Props;
import com.google.inject.Inject;
import java.io.IOException;
import java.net.URI;
Expand All @@ -28,17 +30,20 @@
import java.util.concurrent.TimeUnit;
import javax.inject.Singleton;

import com.webank.wedatasphere.schedulis.common.utils.JwtTokenUtils;
import okhttp3.*;
import org.codehaus.jackson.map.ObjectMapper;

@Singleton
public class ExecutorApiGateway {

private final ExecutorApiClient apiClient;
private final Props azkProps;

@Inject
public ExecutorApiGateway(final ExecutorApiClient apiClient) {
public ExecutorApiGateway(final ExecutorApiClient apiClient,final Props azkProps) {
this.apiClient = apiClient;
this.azkProps = azkProps;
}

// FIXME change this method access as public type in order to outside package object can call this method.
Expand Down Expand Up @@ -82,6 +87,12 @@ public Map<String, Object> callWithExecutionId(final String host, final int port
.valueOf(executionId)));
paramList.add(new Pair<>(ConnectorParams.USER_PARAM, user));

if(this.azkProps.getBoolean(Constants.ConfigurationKeys.IP_WHITELIST_ENABLED,false)){
String dss_secret = azkProps.getString("dss.secret", "dws-wtss|WeBankBDPWTSS&DWS@2019");
String token = JwtTokenUtils.getToken(null,false,dss_secret,300);
paramList.add(new Pair<>(ConnectorParams.TOKEN_PARAM, token));
}

return callForJsonObjectMap(host, port, "/executor", paramList);
} catch (final IOException e) {
throw new ExecutorManagerException(e);
Expand Down Expand Up @@ -131,6 +142,12 @@ private String callForJsonString(final String host, final int port, final String
@SuppressWarnings("unchecked") final URI uri =
ExecutorApiClient.buildUri(host, port, path, true);

if(this.azkProps.getBoolean(Constants.ConfigurationKeys.IP_WHITELIST_ENABLED,false)){
String dss_secret = azkProps.getString("dss.secret", "dws-wtss|WeBankBDPWTSS&DWS@2019");
String token = JwtTokenUtils.getToken(null,false,dss_secret,300);
paramList.add(new Pair<>(ConnectorParams.TOKEN_PARAM, token));
}

return this.apiClient.httpPost(uri, paramList);
}

Expand Down
Loading

0 comments on commit dcbab16

Please sign in to comment.