ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Speidel (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-9640) Allow the KDC admin credentials stored in session to be validated via the REST API
Date Sat, 14 Feb 2015 00:10:11 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

John Speidel updated AMBARI-9640:
---------------------------------
    Remaining Estimate: 24h
     Original Estimate: 24h

> Allow the KDC admin credentials stored in session to be validated via the REST API
> ----------------------------------------------------------------------------------
>
>                 Key: AMBARI-9640
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9640
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server, security
>            Reporter: John Speidel
>            Assignee: John Speidel
>            Priority: Critical
>             Fix For: 2.0.0
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Based on my conversation with [~rlevas] I understand that the UI wants an api that indicates
whether the kdc admin credentials are set in session at the time of the call and that they
are valid.  
> Based on this requirement I am proposing adding this information as part of the kerberos
service.
> Specifically, the properties, "Services/attributes/kdc_validation_result" and "Services/attributes/kdc_validation_failure_details"
will be added to the response.
> GET api/v1/clusters/c1/services/KERBEROS
> {code}
> {
>   "href" : "http://172.18.192.1:8080/api/v1/clusters/c1/services/KERBEROS",
>   "ServiceInfo" : {
>     "cluster_name" : "c1",
>     "maintenance_state" : "OFF",
>     "service_name" : "KERBEROS",
>     "state" : "INSTALLED"
>   },
>   "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "OK"
>     }
>   }
> }
> {code}
> In the case of missing credentials:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "MISSING_CREDENTIALS",
>       "kdc_validation_failure_details" : "Missing KDC administrator credentials.\nThe
KDC administrator credentials must be set in session by updating the relevant Cluster resource.This
may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the
following payload:\n{\n  \"session_attributes\" : {\n    \"kerberos_admin\" : {\"principal\"
: \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n  }\n}"
>     }
>   }
> }
> {code}
> For invalid credentials:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "INVALID_CREDENTIALS",
>       "kdc_validation_failure_details" : "Invalid KDC administrator credentials.\nThe
KDC administrator credentials must be set in session by updating the relevant Cluster resource.This
may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the
following payload:\n{\n  \"session_attributes\" : {\n    \"kerberos_admin\" : {\"principal\"
: \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n  }\n}"
>     }
>   }
> }
> {code}
> For bad configuration:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "INVALID_CONFIGURATION",
>       "kdc_validation_failure_details" : "The 'kerberos-env/kdc_type' value must be set
to a valid KDC type"
>     }
>   }
> }
> {code}
> And for all other errors:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "VALIDATION_ERROR",
>       "kdc_validation_failure_details" : "..."
>     }
>   }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message