ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Speidel (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-9640) Allow the KDC admin credentials stored in session to be validated via the REST API
Date Sat, 14 Feb 2015 00:10:11 GMT
John Speidel created AMBARI-9640:
------------------------------------

             Summary: Allow the KDC admin credentials stored in session to be validated via
the REST API
                 Key: AMBARI-9640
                 URL: https://issues.apache.org/jira/browse/AMBARI-9640
             Project: Ambari
          Issue Type: Task
          Components: ambari-server, security
            Reporter: John Speidel
            Assignee: John Speidel
            Priority: Critical
             Fix For: 2.0.0


Based on my conversation with [~rlevas] I understand that the UI wants an api that indicates
whether the kdc admin credentials are set in session at the time of the call and that they
are valid.  

Based on this requirement I am proposing adding this information as part of the kerberos service.
Specifically, the properties, "Services/attributes/kdc_validation_result" and "Services/attributes/kdc_validation_failure_details"
will be added to the response.

GET api/v1/clusters/c1/services/KERBEROS
{code}
{
  "href" : "http://172.18.192.1:8080/api/v1/clusters/c1/services/KERBEROS",
  "ServiceInfo" : {
    "cluster_name" : "c1",
    "maintenance_state" : "OFF",
    "service_name" : "KERBEROS",
    "state" : "INSTALLED"
  },
  "Services" : {
    "attributes" : {
      "kdc_validation_result" : "OK"
    }
  }
}
{code}

In the case of missing credentials:
{code}
{
   ...
   "Services" : {
    "attributes" : {
      "kdc_validation_result" : "MISSING_CREDENTIALS",
      "kdc_validation_failure_details" : "Missing KDC administrator credentials.\nThe KDC
administrator credentials must be set in session by updating the relevant Cluster resource.This
may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the
following payload:\n{\n  \"session_attributes\" : {\n    \"kerberos_admin\" : {\"principal\"
: \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n  }\n}"
    }
  }
}
{code}

For invalid credentials:
{code}
{
   ...
   "Services" : {
    "attributes" : {
      "kdc_validation_result" : "INVALID_CREDENTIALS",
      "kdc_validation_failure_details" : "Invalid KDC administrator credentials.\nThe KDC
administrator credentials must be set in session by updating the relevant Cluster resource.This
may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the
following payload:\n{\n  \"session_attributes\" : {\n    \"kerberos_admin\" : {\"principal\"
: \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n  }\n}"
    }
  }
}
{code}

For bad configuration:
{code}
{
   ...
   "Services" : {
    "attributes" : {
      "kdc_validation_result" : "INVALID_CONFIGURATION",
      "kdc_validation_failure_details" : "The 'kerberos-env/kdc_type' value must be set to
a valid KDC type"
    }
  }
}
{code}

And for all other errors:
{code}
{
   ...
   "Services" : {
    "attributes" : {
      "kdc_validation_result" : "VALIDATION_ERROR",
      "kdc_validation_failure_details" : "..."
    }
  }
}
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message