ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandor Molnar (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-22560) Remove obsolete hack to set KDC admin credentials via Cluster session API
Date Fri, 01 Dec 2017 16:22:00 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-22560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sandor Molnar updated AMBARI-22560:
-----------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

> Remove obsolete hack to set KDC admin credentials via Cluster session API
> -------------------------------------------------------------------------
>
>                 Key: AMBARI-22560
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22560
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Minor
>              Labels: kdc_credentials, kerberos
>             Fix For: trunk
>
>         Attachments: AMBARI_22560_patch, AMBARI_22560_trunk_02.patch
>
>
> Remove hack to set KDC admin credential via the API to set session attribute via the
Cluster resource.
> Near *org/apache/ambari/server/controller/AmbariManagementControllerImpl.java:1469*
> {code:java}
>       // TODO: Once the UI uses the Credential Resource API, remove this block to _clean_
the
>       // TODO: session attributes and store any KDC administrator credentials in the
secure
>       // TODO: credential provider facility.
>       // For now, to keep things backwards compatible, get and remove the KDC administrator
credentials
>       // from the session attributes and store them in the CredentialsProvider. The KDC
administrator
>       // credentials are prefixed with kdc_admin/. The following attributes are expected,
if setting
>       // the KDC administrator credentials:
>       //    kerberos_admin/principal
>       //    kerberos_admin/password
>       if((sessionAttributes != null) && !sessionAttributes.isEmpty()) {
>         Map<String, Object> cleanedSessionAttributes = new HashMap<>();
>         String principal = null;
>         char[] password = null;
>         for(Map.Entry<String,Object> entry: sessionAttributes.entrySet()) {
>           String name = entry.getKey();
>           Object value = entry.getValue();
>           if ("kerberos_admin/principal".equals(name)) {
>             if(value instanceof String) {
>               principal = (String)value;
>             }
>           }
>           else if ("kerberos_admin/password".equals(name)) {
>             if(value instanceof String) {
>               password = ((String) value).toCharArray();
>             }
>           } else {
>             cleanedSessionAttributes.put(name, value);
>           }
>         }
>         if(principal != null) {
>           // The KDC admin principal exists... set the credentials in the credentials
store
>           credentialStoreService.setCredential(cluster.getClusterName(),
>               KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
>               new PrincipalKeyCredential(principal, password), CredentialStoreType.TEMPORARY);
>         }
>         sessionAttributes = cleanedSessionAttributes;
>       }
>       // TODO: END
> {code}
> This is no longer needed once the UI uses the new Credential Resource REST API - see
 AMBARI-13292



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message