Dynamic Shell.fetch with user and encrypted password

classic Classic list List threaded Threaded
8 messages Options
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Dynamic Shell.fetch with user and encrypted password

EB
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
I am not sure what you mean by "encrypted", but glu uses the standard uri user-info entry => http://en.wikipedia.org/wiki/URI_scheme

So in general it would something like: http://username:password@host:port/xxx

If you use https (vs http) then this information will not be passed in clear text.

Yan
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

EB
CONTENTS DELETED
The author has deleted this message.
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

EB
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
In reply to this post by EB
This is the code that gets executed in the end: https://github.com/pongasoft/utils-misc/blob/master/org.linkedin.util-groovy/src/main/groovy/org/linkedin/groovy/util/io/GroovyIOUtils.groovy#L324

And under the cover it uses the Get task from ant (1.8.2)... so whatever it supports should work

Yan

On Fri, Oct 24, 2014 at 11:24 AM, EB [via glu] <[hidden email]> wrote:
Understood, but concerned about different authentication types.  
Where is there more information on the fetch command used in the samples.  I think this is my hang-up.  I want to be sure I may also use it for sftp and other uri types.


If you reply to this email, your message will be added to the discussion below:
http://glu.977617.n3.nabble.com/Dynamic-Shell-fetch-with-user-and-encrypted-password-tp4026767p4026770.html
To start a new topic under glu, email [hidden email]
To unsubscribe from glu, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
In reply to this post by EB
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

EB
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
1) You generate the key in the console

2) you encrypt the password (and username if you wish) in the console using the key

3) you store it in the model: example:

"initParameters": {

    "downloadURL": "http://@username@:@password@@acme.com/xxx"

    "username": "uuu1"

    "password": "Encrypted-AES/CBC/PKCS5Padding(2AH69mj7wNGtZ6ZvFu_j_T,0snIjqHsu1Ex7gMIqnjXa2,cmJM)"

  },


4) in the glu script you can simply do this:

def configure = {
  def password = params.password
  if(password.startsWith("Encrypted-"))
   password = EncryptionUtils.decrypt(password, args.encryptionKeys)
  def tokesn = [
    password: password,
    username: params.username
  ]
  def downloadURL = shell.replaceTokens(params.downloadURL, tokens)

  shell.fetch(downloadURL)
}

5) The glu script is generic whether the password is encrypted or not... if it is encrypted it will decrypt it otherwise it will just use it as is... So you can reuse the same glu script and have different modesl (one for dev which has plain text passwords and one for prod with encrypted passwords for example)

6) you can do the same with username (or any other values...) => since the password is encrypted it is fine to store it in the model

Yan


Loading...