Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: ambari-dev@ambari.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: ncole@apache.org
To: commits@ambari.apache.org
Date: Wed, 25 Jan 2017 18:57:20 -0000
Message-Id: <8cd981d4aa654c1b92a19c369340a548@git.apache.org>
In-Reply-To: <7f2c2f06082149a6b3168905548c10cb@git.apache.org>
References: <7f2c2f06082149a6b3168905548c10cb@git.apache.org>
Subject: [31/50] [abbrv] ambari git commit: AMBARI-19681: Credential store
 should add hadoop credential provider path property to all affected
 configuration types
archived-at: Wed, 25 Jan 2017 18:56:54 -0000

AMBARI-19681: Credential store should add hadoop credential provider path property to all affected configuration types


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f4f7571d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f4f7571d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f4f7571d

Branch: refs/heads/branch-dev-patch-upgrade
Commit: f4f7571d8f9a7709f030cd2587052492e40e8527
Parents: d77f3a5
Author: Nahappan Somasundaram <nsomasundaram@hortonworks.com>
Authored: Tue Jan 24 09:53:58 2017 -0800
Committer: Nahappan Somasundaram <nsomasundaram@hortonworks.com>
Committed: Tue Jan 24 12:34:25 2017 -0800

----------------------------------------------------------------------
 .../ambari_agent/CustomServiceOrchestrator.py   |  8 ++----
 .../libraries/functions/security_commons.py     | 29 +++++++++-----------
 2 files changed, 15 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/f4f7571d/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
index 02f4212..8f1848c 100644
--- a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
+++ b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
@@ -266,7 +266,6 @@ class CustomServiceOrchestrator():
     serviceName = commandJson['serviceName']
 
     # Gather the password values and remove them from the configuration
-    provider_paths = [] # A service may depend on multiple configs
     configtype_credentials = self.getConfigTypeCredentials(commandJson)
     for config_type, credentials in configtype_credentials.items():
       config = commandJson['configurations'][config_type]
@@ -274,7 +273,6 @@ class CustomServiceOrchestrator():
       if os.path.exists(file_path):
         os.remove(file_path)
       provider_path = 'jceks://file{file_path}'.format(file_path=file_path)
-      provider_paths.append(provider_path)
       logger.info('provider_path={0}'.format(provider_path))
       for alias, pwd in credentials.items():
         logger.debug("config={0}".format(config))
@@ -286,10 +284,8 @@ class CustomServiceOrchestrator():
         cmd_result = subprocess.call(cmd)
         logger.info('cmd_result = {0}'.format(cmd_result))
         os.chmod(file_path, 0644) # group and others should have read access so that the service user can read
-
-    if provider_paths:
-      # Add JCEKS provider paths instead
-      config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
+      # Add JCEKS provider path instead
+      config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = provider_path
 
     return cmd_result
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/f4f7571d/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
index cca244d..96d60da 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
@@ -46,22 +46,19 @@ def update_credential_provider_path(config, config_type, dest_provider_path, fil
   """
   # Get the path to the provider <config_type>.jceks
   if HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME in config:
-    provider_paths = config[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME].split(',')
-    for path_index in range(len(provider_paths)):
-      provider_path = provider_paths[path_index]
-      if config_type == os.path.splitext(os.path.basename(provider_path))[0]:
-        src_provider_path = provider_path[len('jceks://file'):]
-        File(dest_provider_path,
-             owner = file_owner,
-             group = file_group,
-             mode = 0640,
-             content = StaticFile(src_provider_path)
-             )
-        provider_paths[path_index] = 'jceks://file{0}'.format(dest_provider_path)
-        # make a copy of the config dictionary since it is read-only
-        config_copy = config.copy()
-        config_copy[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
-        return config_copy
+    provider_path = config[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME]
+    src_provider_path = provider_path[len('jceks://file'):]
+    File(dest_provider_path,
+        owner = file_owner,
+        group = file_group,
+        mode = 0640,
+        content = StaticFile(src_provider_path)
+    )
+    # make a copy of the config dictionary since it is read-only
+    config_copy = config.copy()
+    # overwrite the provider path with the path specified
+    config_copy[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 'jceks://file{0}'.format(dest_provider_path)
+    return config_copy
   return config
 
 def validate_security_config_properties(params, configuration_rules):