ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-13214) Create a credentials resource used to securely set, update, and remove credentials used by Ambari
Date Tue, 29 Sep 2015 22:41:04 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-13214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-13214:
----------------------------------
    Attachment: AMBARI-13214_trunk_01.patch

> Create a credentials resource used to securely set, update, and remove credentials used
by Ambari
> -------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-13214
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13214
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.3
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: security
>             Fix For: 2.1.3
>
>         Attachments: AMBARI-13214_trunk_01.patch
>
>
> Storage of the credentials is to be done using the existing _secure_ credentials provider
API which already exits within Ambari.  See {{org.apache.ambari.server.security.encryption.CredentialStoreService}}
and {{org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl}}.
> Credential may be stored in either Ambari's persistent or temporary secure storage facilities.

> *Test capabilities*
> * Request 
> {noformat}GET api/v1/clusters/{CLUSTER_NAME}{noformat}
> * Responses
> {code:title=200 OK}
> {
>   ...
>   "credential_store_properties" : {
>     "storage.persistent" : "true",
>     "storage.temporary" : "true"
>   },
>   ...
> }
> {code}
> *Setting the credentials*
> * Request 
> {noformat}POST /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> {code:title=payload}
> {
>   "Credential" : {
>     "principal" : "USERNAME",
>     "key" : "SECRET",
>     "persist" : true
>   }
> }
> {code}
> Where:
> ** principal:  the principal (or username) part of the credential to store
> ** key: the secret key part of the credential to store
> ** persist:  a boolean value indicating whether to store this credential in a persisted
(true) or temporary (false) secure credential store
> * Responses
> {code:title=200 OK}
> <empty>
> {code}
> {code:title=400 Bad Request}
> {
>   "status": 400,
>   "message": "Cannot persist credential in Ambari's secure credential store since secure
storage has not yet be configured.  Use ambari-server setup-security to enable this feature."
> }
> {code}
> {code:title=403 Forbidden}
> {
>   "status": 403,
>   "message": "You do not have permissions to access this resource."
> }
> {code}
> *Updating the credentials*
> * Request
> {noformat}PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> {code:title=payload}
> {
>   "Credential" : {
>     "principal" : "USERNAME",
>     "key" : "SECRET1",
>     "persist" : true
>   }
> }
> {code}
> Where:
> ** principal:  the principal (or username) part of the credential to store
> ** key: the secret key part of the credential to store
> ** persist:  a boolean value indicating whether to store this credential in a persisted
(true) or temporary (false) secure credential store
> * Responses
> {code:title=200 OK}
> <empty>
> {code}
> {code:title=400 Bad Request}
> {
>   "status": 400,
>   "message": "Cannot persist credential in Ambari's secure credential store since secure
storage has not yet be configured.  Use ambari-server setup-security to enable this feature."
> }
> {code}
> {code:title=403 Forbidden}
> {
>   "status": 403,
>   "message": "You do not have permissions to access this resource."
> }
> {code}
> *Removing the credentials*
> * Request
> {noformat}DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> * Responses
> {code:title=200 OK}
> <empty>
> {code}
> {code:title=404 Not Found}
> {
>   "status": 404,
>   "message": "Not Found"
> }
> {code}
> {code:title=403 Forbidden}
> {
>   "status": 403,
>   "message": "You do not have permissions to access this resource."
> }
> {code}
> *Listing credentials*
> * Request
> {noformat}GET /api/v1/clusters/{CLUSTER_NAME}/credentials{noformat}
> * Responses 
> {code:title=200 OK}
> {
>   "href" : "http://host:8080/api/v1/clusters/c1/credentials",
>   "items" : [
>     {
>       "href" : "http://host:8080/api/v1/clusters/c1/credentials/kdc.admin.credentials",
>       "Credential" : {
>         "alias" : "kdc.admin.credentials",
>         "cluster_name" : "c1"
>       }
>     },
>     {
>       "href" : "http://host:8080/api/v1/clusters/c1/credentials/service.admin.credentials",
>       "Credential" : {
>         "alias" : "service.admin.credentials",
>         "cluster_name" : "c1"
>       }
>     }
>   ]
> }
> {code}
> {code:title=404 Not Found}
> {
>   "status": 404,
>   "message": "Not Found"
> }
> {code}
> {code:title=403 Forbidden}
> {
>   "status": 403,
>   "message": "You do not have permissions to access this resource."
> }
> {code}
> *Retrieving credentials*
> * Request
> {noformat}GET /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> * Responses 
> {code:title=200 OK}
> {
>   "href" : "http://host:8080/api/v1/clusters/c1/credentials/kdc.admin.credentials",
>   "Credential" : {
>     "alias" : "kdc.admin.credentials",
>     "cluster_name" : "c1",
>     "persist" : true
>   }
> }
> {code}
> {code:title=404 Not Found}
> {
>   "status": 404,
>   "message": "Not Found"
> }
> {code}
> {code:title=403 Forbidden}
> {
>   "status": 403,
>   "message": "You do not have permissions to access this resource."
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message