ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nate Cole" <nc...@hortonworks.com>
Subject Re: Review Request 40099: RU: PreCheck for consistency of password between Ranger and Ambari
Date Mon, 09 Nov 2015 20:04:33 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40099/
-----------------------------------------------------------

(Updated Nov. 9, 2015, 3:04 p.m.)


Review request for Ambari, Alejandro Fernandez, Gautam Borad, Jonathan Hurley, and Velmurugan
Periasamy.


Changes
-------

RB lost the diff when I pushed the wrong button.  Arrg.


Bugs: AMBARI-13797
    https://issues.apache.org/jira/browse/AMBARI-13797


Repository: ambari


Description
-------

Need a prereq check to confirm that Ambari's password for Ranger will work against the Ranger
server.  It's possible to change the password using the Ranger UI, so this check attempts
to verify that.

The Ranger access points are still under investigation, but shouldn't impact the logic of
the code.  The general rules are:

- Try to access Ranger using admin credentials.  401=FAIL, 200=PASS, other or IOException:
WARN.
- If PASS, check to load the users JSON and look for Ranger Admin User.  Do not fail if user
doesn't exist (not sync'ed).
- If Ranger Admin User is found, access Ranger with credentials.  401=FAIL, 200=PASS, other
or IOException=WARN.

We only want to FAIL when it's truly known that the credentials are bad.  Only PASS when it's
truly known the credentials are good.  WARNING every other case.


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/checks/CheckDescription.java 603b279

  ambari-server/src/main/java/org/apache/ambari/server/checks/RangerPasswordCheck.java PRE-CREATION

  ambari-server/src/test/java/org/apache/ambari/server/checks/RangerPasswordCheckTest.java
PRE-CREATION 

Diff: https://reviews.apache.org/r/40099/diff/


Testing
-------

Manual.  Automated pending.


Thanks,

Nate Cole


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message