Repository: ambari Updated Branches: refs/heads/trunk fc2b91151 -> fdc2d7798
AMBARI-9077. Add principal type to Kerberos descriptor (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fdc2d779 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fdc2d779 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fdc2d779 Branch: refs/heads/trunk Commit: fdc2d7798f53611b29a3cacad57796e3db402ba8 Parents: fc2b911 Author: Robert Levas <[email protected]> Authored: Wed Jan 14 09:11:03 2015 -0500 Committer: Robert Levas <[email protected]> Committed: Wed Jan 14 09:11:03 2015 -0500 ---------------------------------------------------------------------- .../server/controller/KerberosHelper.java | 3 ++ .../kerberos/KerberosActionDataFile.java | 1 + .../kerberos/KerberosActionDataFileBuilder.java | 12 +++-- .../kerberos/KerberosPrincipalDescriptor.java | 52 +++++++++++++++++++- .../state/kerberos/KerberosPrincipalType.java | 39 +++++++++++++++ .../main/resources/stacks/HDP/2.2/kerberos.json | 5 +- .../HDP/2.2/services/FALCON/kerberos.json | 1 + .../stacks/HDP/2.2/services/HBASE/kerberos.json | 3 ++ .../stacks/HDP/2.2/services/HDFS/kerberos.json | 13 +++-- .../stacks/HDP/2.2/services/HIVE/kerberos.json | 2 + .../stacks/HDP/2.2/services/KNOX/kerberos.json | 1 + .../stacks/HDP/2.2/services/OOZIE/kerberos.json | 1 + .../stacks/HDP/2.2/services/STORM/kerberos.json | 3 ++ .../stacks/HDP/2.2/services/YARN/kerberos.json | 16 ++++-- .../HDP/2.2/services/ZOOKEEPER/kerberos.json | 1 + .../agent/HeartBeatHandlerInjectKeytabTest.java | 2 +- .../server/controller/KerberosHelperTest.java | 3 ++ .../kerberos/KerberosActionDataFileTest.java | 12 +++-- .../kerberos/KerberosServerActionTest.java | 2 +- .../UpdateKerberosConfigsServerActionTest.java | 2 +- .../KerberosPrincipalDescriptorTest.java | 2 + .../resources/stacks/HDP/2.0.8/kerberos.json | 3 +- .../HDP/2.0.8/services/HDFS/kerberos.json | 12 +++-- 23 files changed, 167 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java index ef0d096..626d130 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java @@ -680,10 +680,12 @@ public class KerberosHelper { for (KerberosIdentityDescriptor identity : identities) { KerberosPrincipalDescriptor principalDescriptor = identity.getPrincipalDescriptor(); String principal = null; + String principalType = null; String principalConfiguration = null; if (principalDescriptor != null) { principal = KerberosDescriptor.replaceVariables(principalDescriptor.getValue(), configurations); + principalType = principalDescriptor.getType().name().toLowerCase(); principalConfiguration = KerberosDescriptor.replaceVariables(principalDescriptor.getConfiguration(), configurations); } @@ -710,6 +712,7 @@ public class KerberosHelper { sch.getServiceName(), sch.getServiceComponentName(), principal, + principalType, principalConfiguration, keytabFilePath, keytabFileOwnerName, http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java index 5f5d708..40b3353 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFile.java @@ -29,6 +29,7 @@ public class KerberosActionDataFile { public static final String SERVICE = "service"; public static final String COMPONENT = "component"; public static final String PRINCIPAL = "principal"; + public static final String PRINCIPAL_TYPE = "principal_type"; public static final String PRINCIPAL_CONFIGURATION = "principal_configuration"; public static final String KEYTAB_FILE_PATH = "keytab_file_path"; public static final String KEYTAB_FILE_OWNER_NAME = "keytab_file_owner_name"; http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java index 60bdea8..8888f82 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileBuilder.java @@ -54,6 +54,7 @@ public class KerberosActionDataFileBuilder extends AbstractKerberosDataFileBuild * @param serviceComponentName a String containing the component name column data * @param principal a String containing the (raw, non-evaluated) principal "pattern" * column data + * @param principalType a String declaring the principal type - expecting "service" or "user" * @param principalConfiguration a String containing the principal's configuration property column data * (expected to be the type and name of the configuration property * to use to store the evaluated principal data in @@ -72,14 +73,16 @@ public class KerberosActionDataFileBuilder extends AbstractKerberosDataFileBuild * @throws IOException */ public void addRecord(String hostName, String serviceName, String serviceComponentName, - String principal, String principalConfiguration, String keytabFilePath, - String keytabFileOwnerName, String keytabFileOwnerAccess, - String keytabFileGroupName, String keytabFileGroupAccess, - String keytabFileConfiguration) throws IOException { + String principal, String principalType, String principalConfiguration, + String keytabFilePath, String keytabFileOwnerName, + String keytabFileOwnerAccess, String keytabFileGroupName, + String keytabFileGroupAccess, String keytabFileConfiguration) + throws IOException { super.appendRecord(hostName, serviceName, serviceComponentName, principal, + principalType, principalConfiguration, keytabFilePath, keytabFileOwnerName, @@ -95,6 +98,7 @@ public class KerberosActionDataFileBuilder extends AbstractKerberosDataFileBuild SERVICE, COMPONENT, PRINCIPAL, + PRINCIPAL_TYPE, PRINCIPAL_CONFIGURATION, KEYTAB_FILE_PATH, KEYTAB_FILE_OWNER_NAME, http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptor.java index 6725c92..2c0c90a 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptor.java @@ -28,7 +28,9 @@ import java.util.Map; * A KerberosPrincipalDescriptor has the following properties: * <ul> * <li>value</li> + * <li>type</li> * <li>configuration</li> + * <li>local_username</li> * </ul> * <p/> * The following JSON Schema will yield a valid KerberosPrincipalDescriptor @@ -43,6 +45,10 @@ import java.util.Map; * "description": "The pattern to use to generate the principal", * "type": "string" * }, + * "type": { + * "description": "The type of principal - either 'service' or 'user'", + * "type": "string" + * }, * "configuration": { * "description": "The configuration type and property name indicating the property to be * updated with the generated principal - format: config-type/property.name", @@ -63,6 +69,13 @@ import java.util.Map; public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor { /** + * A string declaring the type of principal this KerberosPrincipalDescriptor represents. + * <p/> + * Expecting either "service" or "user" + */ + private KerberosPrincipalType type; + + /** * A string declaring configuration type and property name indicating the property to be updated * with the generated principal * <p/> @@ -98,6 +111,9 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor { // This is not automatically set by the super classes. setName(getStringValue(data, "value")); + String type = getStringValue(data, "type"); + setType((type == null) ? KerberosPrincipalType.SERVICE : KerberosPrincipalType.valueOf(type.toUpperCase())); + setConfiguration(getStringValue(data, "configuration")); setLocalUsername(getStringValue(data, "local_username")); @@ -133,6 +149,26 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor { } /** + * Gets the type of this KerberosPrincipalDescriptor + * + * @return a KerberosPrincipalType declaring the type of this KerberosPrincipalDescriptor + */ + public KerberosPrincipalType getType() { + return type; + } + + /** + * Sets the type of this KerberosPrincipalDescriptor + * <p/> + * The value should be either "service" or "user" + * + * @param type a KerberosPrincipalType declaring the type of this KerberosPrincipalDescriptor + */ + public void setType(KerberosPrincipalType type) { + this.type = type; + } + + /** * Gets the configuration type and property name indicating the property to be updated with the * generated principal * @@ -192,6 +228,11 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor { setValue(updatedValue); } + KerberosPrincipalType updatedType = updates.getType(); + if (updatedType != null) { + setType(updatedType); + } + updatedValue = updates.getConfiguration(); if (updatedValue != null) { setConfiguration(updatedValue); @@ -217,6 +258,7 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor { Map<String, Object> map = new HashMap<String, Object>(); map.put("value", getValue()); + map.put("type", getType().name().toLowerCase()); map.put("configuration", getConfiguration()); map.put("local_username", getLocalUsername()); @@ -228,7 +270,10 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor { return super.hashCode() + ((getConfiguration() == null) ? 0 - : getConfiguration().hashCode()); + : getConfiguration().hashCode()) + + ((getType() == null) + ? 0 + : getType().hashCode()); } @Override @@ -244,6 +289,11 @@ public class KerberosPrincipalDescriptor extends AbstractKerberosDescriptor { (getConfiguration() == null) ? (descriptor.getConfiguration() == null) : getConfiguration().equals(descriptor.getConfiguration()) + ) && + ( + (getType() == null) + ? (descriptor.getType() == null) + : getType().equals(descriptor.getType()) ); } else { return false; http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalType.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalType.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalType.java new file mode 100644 index 0000000..e192be0 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalType.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.state.kerberos; + +/** + * KerberosPrincipalType enumerates the different types of expected Kerberos principals + */ +public enum KerberosPrincipalType { + /** + * User principal. + * <p/> + * Typically in the form <code>user@REALM</code>, but may sometimes be in the form + * <code>user/group@REALM</code>. + */ + USER, + + /** + * Service principal. + * <p/> + * Typically in the form <code>service/host@REALM</code>. + */ + SERVICE +} http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json index 9d3a38f..de5f1a9 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json @@ -7,7 +7,8 @@ { "name": "spnego", "principal": { - "value": "HTTP/_HOST@${realm}" + "value": "HTTP/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/spnego.service.keytab", @@ -25,6 +26,7 @@ "name": "hdfs", "principal": { "value": "${hadoop-env/hdfs_user}@${realm}", + "type" : "user" , "configuration": "hadoop-env/hdfs_principal_name" }, "keytab": { @@ -44,6 +46,7 @@ "name": "smokeuser", "principal": { "value": "${cluster-env/smokeuser}@${realm}", + "type" : "user", "configuration": "cluster-env/smokeuser_principal_name" }, "keytab": { http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json index 7882838..3b71af4 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json @@ -30,6 +30,7 @@ "name": "falcon_server", "principal": { "value": "falcon/${host}@${realm}", + "type" : "service", "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal", "local_username" : "${falcon-env/falcon_user}" }, http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json index 6dd3e84..5e310bc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json @@ -13,6 +13,7 @@ "name": "hbase", "principal": { "value": "${hbase-env/hbase_user}@${realm}", + "type" : "user", "configuration": "hbase-env/hbase_principal_name", "local_username": "${hbase-env/hbase_user}" }, @@ -49,6 +50,7 @@ "name": "hbase_master_hbase", "principal": { "value": "hbase/_HOST@${realm}", + "type" : "service", "configuration": "hbase-site/hbase.master.kerberos.principal", "local_username": "${hbase-env/hbase_user}" }, @@ -74,6 +76,7 @@ "name": "hbase_regionserver_hbase", "principal": { "value": "hbase/_HOST@${realm}", + "type" : "service", "configuration": "hbase-site/hbase.regionserver.kerberos.principal", "local_username": "${hbase-env/hbase_user}" }, http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json index 9f9a4ea..8b7979e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/kerberos.json @@ -37,6 +37,7 @@ "name": "namenode_nn", "principal": { "value": "nn/_HOST@${realm}", + "type" : "service", "configuration": "hdfs-site/dfs.namenode.kerberos.principal", "local_username" : "${hadoop-env/hdfs_user}" }, @@ -56,7 +57,8 @@ { "name": "namenode_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/nn.service.keytab", @@ -92,6 +94,7 @@ "name": "datanode_dn", "principal": { "value": "dn/_HOST@${realm}", + "type" : "service", "configuration": "hdfs-site/dfs.datanode.kerberos.principal", "local_username" : "${hadoop-env/hdfs_user}" }, @@ -111,7 +114,8 @@ { "name": "datanode_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/dn.service.keytab", @@ -142,6 +146,7 @@ "name": "secondary_namenode_nn", "principal": { "value": "nn/_HOST@${realm}", + "type" : "service", "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal", "local_username" : "${hadoop-env/hdfs_user}" }, @@ -161,7 +166,8 @@ { "name": "secondary_namenode_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/nn.service.keytab", @@ -190,6 +196,7 @@ "name": "journalnode_jn", "principal": { "value": "jn/_HOST@${realm}", + "type" : "service", "configuration": "hdfs-site/dfs.journalnode.kerberos.principal", "local_username" : "${hadoop-env/hdfs_user}" }, http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json index e2d1d88..e7b8574 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json @@ -33,6 +33,7 @@ "name": "hive_metastore_hive", "principal": { "value": "hive/_HOST@${realm}", + "type" : "service", "configuration": "hive-site/hive.metastore.kerberos.principal", "local_username": "${hive-env/hive_user}" }, @@ -58,6 +59,7 @@ "name": "hive_server_hive", "principal": { "value": "hive/_HOST@${realm}", + "type" : "service", "configuration": "hive-site/hive.server2.authentication.kerberos.principal", "local_username": "${hive-env/hive_user}" }, http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json index 5db86cd..584a932 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/KNOX/kerberos.json @@ -10,6 +10,7 @@ "name": "knox_principal", "principal": { "value": "${knox-env/knox_user}/_HOST@${realm}", + "type" : "service", "configuration": "knox-env/knox_principal_name", "local_username": "${knox-env/knox_user}" http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json index 5c4b458..a2a3706 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json @@ -32,6 +32,7 @@ "name": "oozie_server", "principal": { "value": "oozie/_HOST@${realm}", + "type" : "service", "configuration": "oozie-site/oozie.service.HadoopAccessorService.kerberos.principal", "local_username" : "${oozie-env/oozie_user}" }, http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json index 77f4fe4..42c3df9 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json @@ -13,6 +13,7 @@ "name": "storm_components", "principal": { "value": "storm/_HOST@${realm}", + "type" : "service", "configuration": "storm-env/storm_principal_name" }, "keytab": { @@ -51,6 +52,7 @@ "name": "nimbus_server", "principal": { "value": "nimbus/_HOST@${realm}", + "type" : "service", "configuration": "storm-env/nimbus_principal_name" }, "keytab": { @@ -75,6 +77,7 @@ "name": "nimbus_server", "principal": { "value": "nimbus/_HOST@${realm}", + "type" : "service", "configuration": "storm-env/nimbus_principal_name" }, "keytab": { http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json index a31fbb8..596d607 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json @@ -30,6 +30,7 @@ "name": "nodemanager_nm", "principal": { "value": "nm/_HOST@${realm}", + "type" : "service", "configuration": "yarn-site/yarn.nodemanager.principal", "local_username": "${yarn-env/yarn_user}" }, @@ -49,7 +50,8 @@ { "name": "nodemanager_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/nm.service.keytab", @@ -88,6 +90,7 @@ "name": "resource_manager_rm", "principal": { "value": "rm/_HOST@${realm}", + "type" : "service", "configuration": "yarn-site/yarn.resourcemanager.principal", "local_username": "${yarn-env/yarn_user}" }, @@ -107,7 +110,8 @@ { "name": "resource_manager_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/rm.service.keytab", @@ -139,6 +143,7 @@ "name": "app_timeline_server_yarn", "principal": { "value": "yarn/_HOST@${realm}", + "type" : "service", "configuration": "yarn-site/yarn.timeline-service.principal", "local_username": "${yarn-env/yarn_user}" }, @@ -158,7 +163,8 @@ { "name": "app_timeline_server_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/yarn.service.keytab", @@ -206,6 +212,7 @@ "name": "history_server_jhs", "principal": { "value": "jhs/_HOST@${realm}", + "type" : "service", "configuration": "mapred-site/mapreduce.jobhistory.principal", "local_username": "${mapred-env/mapred_user}" }, @@ -225,7 +232,8 @@ { "name": "history_server_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/jhs.service.keytab", http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json index b22d5fe..0a64ea5 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json @@ -15,6 +15,7 @@ "name": "zookeeper_zk", "principal": { "value": "zookeeper/_HOST@${realm}", + "type" : "service", "configuration": "zookeeper-env/zookeeper_principal_name" }, "keytab": { http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java index 22eb31a..d613669 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartBeatHandlerInjectKeytabTest.java @@ -68,7 +68,7 @@ public class HeartBeatHandlerInjectKeytabTest { kerberosActionDataFileBuilder = new KerberosActionDataFileBuilder(indexFile); kerberosActionDataFileBuilder.addRecord("c6403.ambari.apache.org", "HDFS", "DATANODE", - "dn/_HOST@_REALM", "hdfs-site/dfs.namenode.kerberos.principal", + "dn/_HOST@_REALM", "service", "hdfs-site/dfs.namenode.kerberos.principal", "/etc/security/keytabs/dn.service.keytab", "hdfs", "r", "hadoop", "", "hdfs-site/dfs.namenode.keytab.file"); http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index dea5d61..e32524a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -59,6 +59,7 @@ import org.apache.ambari.server.state.kerberos.KerberosDescriptor; import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor; import org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor; import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor; +import org.apache.ambari.server.state.kerberos.KerberosPrincipalType; import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor; import org.apache.ambari.server.state.stack.OsFamily; import org.easymock.EasyMockSupport; @@ -324,10 +325,12 @@ public class KerberosHelperTest extends EasyMockSupport { final KerberosPrincipalDescriptor principalDescriptor1 = createNiceMock(KerberosPrincipalDescriptor.class); expect(principalDescriptor1.getValue()).andReturn("component1/_HOST@${realm}").once(); + expect(principalDescriptor1.getType()).andReturn(KerberosPrincipalType.SERVICE).once(); expect(principalDescriptor1.getConfiguration()).andReturn("service1-site/component1.kerberos.principal").once(); final KerberosPrincipalDescriptor principalDescriptor2 = createNiceMock(KerberosPrincipalDescriptor.class); expect(principalDescriptor2.getValue()).andReturn("component2/${host}@${realm}").once(); + expect(principalDescriptor2.getType()).andReturn(KerberosPrincipalType.SERVICE).once(); expect(principalDescriptor2.getConfiguration()).andReturn("service2-site/component2.kerberos.principal").once(); final KerberosKeytabDescriptor keytabDescriptor1 = createNiceMock(KerberosKeytabDescriptor.class); http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java index 7958b6e..25c7be7 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosActionDataFileTest.java @@ -47,7 +47,7 @@ public class KerberosActionDataFileTest { for (int i = 0; i < 10; i++) { builder.addRecord("hostName" + i, "serviceName" + i, "serviceComponentName" + i, - "principal" + i, "principalConfiguration" + i, "keytabFilePath" + i, + "principal" + i, "principal_type" + i, "principalConfiguration" + i, "keytabFilePath" + i, "keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i, "keytabFileGroupName" + i, "keytabFileGroupAccess" + i, "keytabFileConfiguration" + i); @@ -55,7 +55,7 @@ public class KerberosActionDataFileTest { // Add some odd characters builder.addRecord("hostName's", "serviceName#", "serviceComponentName\"", - "principal", "principalConfiguration", "keytabFilePath", + "principal", "principal_type", "principalConfiguration", "keytabFilePath", "'keytabFileOwnerName'", "<keytabFileOwnerAccess>", "\"keytabFileGroupName\"", "keytab,File,Group,Access", "\"keytab,'File',Configuration\""); @@ -80,6 +80,7 @@ public class KerberosActionDataFileTest { Assert.assertEquals("serviceName" + i, record.get(KerberosActionDataFile.SERVICE)); Assert.assertEquals("serviceComponentName" + i, record.get(KerberosActionDataFile.COMPONENT)); Assert.assertEquals("principal" + i, record.get(KerberosActionDataFile.PRINCIPAL)); + Assert.assertEquals("principal_type" + i, record.get(KerberosActionDataFile.PRINCIPAL_TYPE)); Assert.assertEquals("principalConfiguration" + i, record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION)); Assert.assertEquals("keytabFilePath" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_PATH)); Assert.assertEquals("keytabFileOwnerName" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME)); @@ -92,6 +93,7 @@ public class KerberosActionDataFileTest { Assert.assertEquals("serviceName#", record.get(KerberosActionDataFile.SERVICE)); Assert.assertEquals("serviceComponentName\"", record.get(KerberosActionDataFile.COMPONENT)); Assert.assertEquals("principal", record.get(KerberosActionDataFile.PRINCIPAL)); + Assert.assertEquals("principal_type", record.get(KerberosActionDataFile.PRINCIPAL_TYPE)); Assert.assertEquals("principalConfiguration", record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION)); Assert.assertEquals("keytabFilePath", record.get(KerberosActionDataFile.KEYTAB_FILE_PATH)); Assert.assertEquals("'keytabFileOwnerName'", record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME)); @@ -116,6 +118,7 @@ public class KerberosActionDataFileTest { Assert.assertEquals("serviceName" + i, record.get(KerberosActionDataFile.SERVICE)); Assert.assertEquals("serviceComponentName" + i, record.get(KerberosActionDataFile.COMPONENT)); Assert.assertEquals("principal" + i, record.get(KerberosActionDataFile.PRINCIPAL)); + Assert.assertEquals("principal_type" + i, record.get(KerberosActionDataFile.PRINCIPAL_TYPE)); Assert.assertEquals("principalConfiguration" + i, record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION)); Assert.assertEquals("keytabFilePath" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_PATH)); Assert.assertEquals("keytabFileOwnerName" + i, record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME)); @@ -128,6 +131,7 @@ public class KerberosActionDataFileTest { Assert.assertEquals("serviceName#", record.get(KerberosActionDataFile.SERVICE)); Assert.assertEquals("serviceComponentName\"", record.get(KerberosActionDataFile.COMPONENT)); Assert.assertEquals("principal", record.get(KerberosActionDataFile.PRINCIPAL)); + Assert.assertEquals("principal_type", record.get(KerberosActionDataFile.PRINCIPAL_TYPE)); Assert.assertEquals("principalConfiguration", record.get(KerberosActionDataFile.PRINCIPAL_CONFIGURATION)); Assert.assertEquals("keytabFilePath", record.get(KerberosActionDataFile.KEYTAB_FILE_PATH)); Assert.assertEquals("'keytabFileOwnerName'", record.get(KerberosActionDataFile.KEYTAB_FILE_OWNER_NAME)); @@ -148,7 +152,7 @@ public class KerberosActionDataFileTest { Assert.assertFalse(builder.isClosed()); builder.addRecord("hostName", "serviceName", "serviceComponentName", - "principal", "principalConfiguration", "keytabFilePath", + "principal","principal_type", "principalConfiguration", "keytabFilePath", "keytabFileOwnerName", "keytabFileOwnerAccess", "keytabFileGroupName", "keytabFileGroupAccess", "keytabFileConfiguration"); @@ -174,7 +178,7 @@ public class KerberosActionDataFileTest { Assert.assertFalse(builder.isClosed()); builder.addRecord("hostName", "serviceName", "serviceComponentName", - "principal", "principalConfiguration", "keytabFilePath", + "principal", "principal_type", "principalConfiguration", "keytabFilePath", "keytabFileOwnerName", "keytabFileOwnerAccess", "keytabFileGroupName", "keytabFileGroupAccess", "keytabFileConfiguration"); http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java index d720da2..8e8cccd 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java @@ -102,7 +102,7 @@ public class KerberosServerActionTest { new KerberosActionDataFileBuilder(new File(temporaryDirectory, KerberosActionDataFile.DATA_FILE_NAME)); for (int i = 0; i < 10; i++) { builder.addRecord("hostName", "serviceName" + i, "serviceComponentName" + i, - "principal|_HOST|_REALM" + i, "principalConfiguration" + i, "keytabFilePath" + i, + "principal|_HOST|_REALM" + i, "principal_type", "principalConfiguration" + i, "keytabFilePath" + i, "keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i, "keytabFileGroupName" + i, "keytabFileGroupAccess" + i, "keytabFileConfiguration" + i); http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java index 7a3308f..8215120 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java @@ -94,7 +94,7 @@ public class UpdateKerberosConfigsServerActionTest { kerberosActionDataFileBuilder = new KerberosActionDataFileBuilder(indexFile); kerberosActionDataFileBuilder.addRecord("c6403.ambari.apache.org", "HDFS", "DATANODE", - "dn/_HOST@_REALM", "hdfs-site/dfs.namenode.kerberos.principal", + "dn/_HOST@_REALM", "service", "hdfs-site/dfs.namenode.kerberos.principal", "/etc/security/keytabs/dn.service.keytab", "hdfs", "r", "hadoop", "", "hdfs-site/dfs.namenode.keytab.file"); http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptorTest.java index 9d56dc2..3bbb220 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosPrincipalDescriptorTest.java @@ -29,6 +29,7 @@ public class KerberosPrincipalDescriptorTest { public static final String JSON_VALUE = "{" + "\"value\": \"service/_HOST@_REALM\"," + + "\"type\": \"service\"," + "\"configuration\": \"service-site/service.component.kerberos.principal\"," + "\"local_username\": \"localUser\"" + "}"; @@ -37,6 +38,7 @@ public class KerberosPrincipalDescriptorTest { new HashMap<String, Object>() { { put("value", "HTTP/_HOST@_REALM"); + put("type", "service"); put("configuration", "service-site/service.component.kerberos.https.principal"); put("local_username", null); } http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json b/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json index 4308d81..1902319 100644 --- a/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json +++ b/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos.json @@ -7,7 +7,8 @@ { "name": "spnego", "principal": { - "value": "HTTP/_HOST@${realm}" + "value": "HTTP/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/spnego.service.keytab", http://git-wip-us.apache.org/repos/asf/ambari/blob/fdc2d779/ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json b/ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json index 87c080e..99a4227 100644 --- a/ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json +++ b/ambari-server/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json @@ -10,6 +10,7 @@ "name": "namenode_nn", "principal": { "value": "nn/_HOST@${realm}", + "type" : "service", "configuration": "hdfs-site/dfs.namenode.kerberos.principal", "local_username": "${hadoop-env/hdfs_user}" }, @@ -29,7 +30,8 @@ { "name": "namenode_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/nn.service.keytab", @@ -65,6 +67,7 @@ "name": "datanode_dn", "principal": { "value": "dn/_HOST@${realm}", + "type" : "service", "configuration": "hdfs-site/dfs.datanode.kerberos.principal", "local_username": "${hadoop-env/hdfs_user}" }, @@ -84,7 +87,8 @@ { "name": "datanode_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/dn.service.keytab", @@ -107,6 +111,7 @@ "name": "secondary_namenode_nn", "principal": { "value": "nn/_HOST@${realm}", + "type" : "service", "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal", "local_username": "${hadoop-env/hdfs_user}" }, @@ -126,7 +131,8 @@ { "name": "secondary_namenode_host", "principal": { - "value": "host/_HOST@${realm}" + "value": "host/_HOST@${realm}", + "type" : "service" }, "keytab": { "file": "${keytab_dir}/snn.service.keytab",
