Quantcast

Dynamic Shell.fetch with user and encrypted password

classic Classic list List threaded Threaded
8 messages Options
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Dynamic Shell.fetch with user and encrypted password

EB
Apologies for noob level post as I'm learning both Groovy and glu.

1.  I need to get content from sftp, svn, and http locations.  From what I've seen, this isn't a problem with Shell.Fetch, but can't confirm due to point 2.


2.  How can I properly pass in my user and (encrypted) password for authentication against protected resources when using fetch?

Thanks in advance!

Eric
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
I am not sure what you mean by "encrypted", but glu uses the standard uri user-info entry => http://en.wikipedia.org/wiki/URI_scheme

So in general it would something like: http://username:password@host:port/xxx

If you use https (vs http) then this information will not be passed in clear text.

Yan
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

EB
Understood, but concerned about different authentication types.  
Where is there more information on the fetch command used in the samples.  I think this is my hang-up.  I want to be sure I may also use it for sftp and other uri types.
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

EB
On further note.. this also is in reference to just getting the scripts for the static model to load, so we don't want some folks to be able to just read the password in static model.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
In reply to this post by EB
This is the code that gets executed in the end: https://github.com/pongasoft/utils-misc/blob/master/org.linkedin.util-groovy/src/main/groovy/org/linkedin/groovy/util/io/GroovyIOUtils.groovy#L324

And under the cover it uses the Get task from ant (1.8.2)... so whatever it supports should work

Yan

On Fri, Oct 24, 2014 at 11:24 AM, EB [via glu] <[hidden email]> wrote:
Understood, but concerned about different authentication types.  
Where is there more information on the fetch command used in the samples.  I think this is my hang-up.  I want to be sure I may also use it for sftp and other uri types.


If you reply to this email, your message will be added to the discussion below:
http://glu.977617.n3.nabble.com/Dynamic-Shell-fetch-with-user-and-encrypted-password-tp4026767p4026770.html
To start a new topic under glu, email [hidden email]
To unsubscribe from glu, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
In reply to this post by EB
EB
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

EB
Saw that, but it is if you're in the groovy script.. not at the model level.  So in thinking further, you have to have a non-secure point (or one on the local file system for the script files...?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Dynamic Shell.fetch with user and encrypted password

frenchyan
Administrator
1) You generate the key in the console

2) you encrypt the password (and username if you wish) in the console using the key

3) you store it in the model: example:

"initParameters": {

    "downloadURL": "http://@username@:@password@@acme.com/xxx"

    "username": "uuu1"

    "password": "Encrypted-AES/CBC/PKCS5Padding(2AH69mj7wNGtZ6ZvFu_j_T,0snIjqHsu1Ex7gMIqnjXa2,cmJM)"

  },


4) in the glu script you can simply do this:

def configure = {
  def password = params.password
  if(password.startsWith("Encrypted-"))
   password = EncryptionUtils.decrypt(password, args.encryptionKeys)
  def tokesn = [
    password: password,
    username: params.username
  ]
  def downloadURL = shell.replaceTokens(params.downloadURL, tokens)

  shell.fetch(downloadURL)
}

5) The glu script is generic whether the password is encrypted or not... if it is encrypted it will decrypt it otherwise it will just use it as is... So you can reuse the same glu script and have different modesl (one for dev which has plain text passwords and one for prod with encrypted passwords for example)

6) you can do the same with username (or any other values...) => since the password is encrypted it is fine to store it in the model

Yan


Loading...