ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-8447) Update ConfigurationResourceProvider to handle Kerberos Administrative Credentials as a special case
Date Tue, 09 Dec 2014 01:54:12 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14238842#comment-14238842
] 

Hudson commented on AMBARI-8447:
--------------------------------

FAILURE: Integrated in Ambari-trunk-Commit-docker #418 (See [https://builds.apache.org/job/Ambari-trunk-Commit-docker/418/])
AMBARI-8447 - Update ConfigurationResourceProvider to handle Kerberos Administrative Credentials
as a special case (tbeerbower) (tbeerbower: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=f947bfb4194bef1ab8346bf1d8b8ed7a216e5034)
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
* ambari-server/src/main/java/org/apache/ambari/server/state/Clusters.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/ClusterRequest.java
* ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java
* ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
* ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
* ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClusterImplTest.java
* ambari-server/src/test/java/org/apache/ambari/server/state/cluster/ClustersImplTest.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java
* ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java


> Update ConfigurationResourceProvider to handle Kerberos Administrative Credentials as
a special case 
> -----------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-8447
>                 URL: https://issues.apache.org/jira/browse/AMBARI-8447
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Tom Beerbower
>              Labels: api, configuration, kerberos, session
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-8447.patch
>
>
> Certain configuration settings need to handled in special-case scenarios. For example
short-lived settings to be stored per request or session scope.  Or secure data the must not
be stored in the Ambari database.
> An example of this type of data is the administrative credentials used to manage a KDC
server.   This _configuration_ data is short lived (per session) and sensitive. Therefore,
it must be handled as a special case.  
> To determine that a configuration request contains this data, the {{type}} of the configuration
is to be used.  For this specific case, a configuration {{type}} of *_kerberos_admin_identity_*
will trigger the special case to secure and store the administrative credentials in a file.
 Ideally if the _session_ data was available (see AMBARI-8426) a session-based encryption
key would be created and stored in session. That key would then be used to encrypt the data
from this request. The encrypted data and key would then be retrieved from the _session_,
decrypted, and used as needed. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message