ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 31656: Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity for testing
Date Tue, 03 Mar 2015 04:48:19 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------

(Updated March 2, 2015, 11:48 p.m.)


Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert Nettleton.


Bugs: AMBARI-9852
    https://issues.apache.org/jira/browse/AMBARI-9852


Repository: ambari


Description
-------

The Kerberos _service check_ needs to generate it's own unique identity to use for testing
and then destroy it when complete.  This will ensure that any _known_ identities (such as
the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters
or if the service check is run after Kerberos is enabled. 

The service check must perform the following steps:

1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
2bf0cbf 
  ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java 8dd6c4d

  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
3705cfe 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py
ee4a4c3 
  ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
e16f22f 

Diff: https://reviews.apache.org/r/31656/diff/


Testing (updated)
-------

Manual testing in several scenarios

#Jenkins test results:

Running org.apache.ambari.server.controller.KerberosHelperTest
Tests run: 24, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.797 sec

Running tests for stack:2.2 service:KERBEROS
test_configure_cross_realm_trust (test_kerberos_server.TestKerberosServer) ... ok
test_configure_managed_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_ad (test_kerberos_server.TestKerberosServer) ... ok
test_configure_unmanaged_kdc (test_kerberos_server.TestKerberosServer) ... ok
test_configure_cross_realm_trust (test_kerberos_client.TestKerberosClient) ... ok
test_configure_managed_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_ad (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc (test_kerberos_client.TestKerberosClient) ... ok
test_configure_unmanaged_kdc_and_krb5conf (test_kerberos_client.TestKerberosClient) ... ok
test_delete_keytab (test_kerberos_client.TestKerberosClient) ... ok
test_get_property (test_kerberos_client.TestKerberosClient) ... ok
test_set_keytab (test_kerberos_client.TestKerberosClient) ... ok

----------------------------------------------------------------------
Ran 12 tests in 0.177s

**Note: Overall Jenkins test run failed due to errors unrelated to this patch.**


Thanks,

Robert Levas


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message