Repository: ambari Updated Branches: refs/heads/trunk a103aaa0b -> db748e555
AMBARI-11085. Kerberos: missing identities for AMS in the CSV (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/db748e55 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/db748e55 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/db748e55 Branch: refs/heads/trunk Commit: db748e55544549c0fdea71356977e79d1ad5b509 Parents: a103aaa Author: Robert Levas <[email protected]> Authored: Wed May 13 14:43:41 2015 -0400 Committer: Robert Levas <[email protected]> Committed: Wed May 13 14:43:50 2015 -0400 ---------------------------------------------------------------------- .../ambari/server/controller/KerberosHelper.java | 18 +++++++++++++----- .../AMBARI_METRICS/0.1.0/kerberos.json | 4 ++-- .../server/controller/KerberosHelperTest.java | 14 +++++++------- 3 files changed, 22 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/db748e55/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java index 6b970c6..e083b0e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java @@ -2077,11 +2077,20 @@ public class KerberosHelper { } if (principal != null) { + KerberosKeytabDescriptor keytabDescriptor = identity.getKeytabDescriptor(); + String keytabFile = null; + + if (keytabDescriptor != null) { + keytabFile = KerberosDescriptor.replaceVariables(keytabDescriptor.getFile(), configurations); + } + if (replaceHostNames) { principal = principal.replace("_HOST", hostname); } - if (!hostActiveIdentities.containsKey(principal)) { + String uniqueKey = String.format("%s|%s", principal, (keytabFile == null) ? "" : keytabFile); + + if (!hostActiveIdentities.containsKey(uniqueKey)) { KerberosPrincipalDescriptor resolvedPrincipalDescriptor = new KerberosPrincipalDescriptor(principal, principalDescriptor.getType(), @@ -2090,13 +2099,12 @@ public class KerberosHelper { KerberosKeytabDescriptor resolvedKeytabDescriptor; - KerberosKeytabDescriptor keytabDescriptor = identity.getKeytabDescriptor(); - if (keytabDescriptor == null) { + if (keytabFile == null) { resolvedKeytabDescriptor = null; } else { resolvedKeytabDescriptor = new KerberosKeytabDescriptor( - KerberosDescriptor.replaceVariables(keytabDescriptor.getFile(), configurations), + keytabFile, KerberosDescriptor.replaceVariables(keytabDescriptor.getOwnerName(), configurations), KerberosDescriptor.replaceVariables(keytabDescriptor.getOwnerAccess(), configurations), KerberosDescriptor.replaceVariables(keytabDescriptor.getGroupName(), configurations), @@ -2105,7 +2113,7 @@ public class KerberosHelper { keytabDescriptor.isCachable()); } - hostActiveIdentities.put(principal, new KerberosIdentityDescriptor( + hostActiveIdentities.put(uniqueKey, new KerberosIdentityDescriptor( identity.getName(), resolvedPrincipalDescriptor, resolvedKeytabDescriptor)); http://git-wip-us.apache.org/repos/asf/ambari/blob/db748e55/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json index 03c3f93..33443e6 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json @@ -80,13 +80,13 @@ { "name": "ams_zookeeper", "principal": { - "value": "zookeeper/_HOST@${realm}", + "value": "amszk/_HOST@${realm}", "type": "service", "configuration": "ams-hbase-security-site/ams.zookeeper.principal", "local_username": "${ams-env/ambari_metrics_user}" }, "keytab": { - "file": "${keytab_dir}/zk.service.ams.keytab", + "file": "${keytab_dir}/ams-zk.service.keytab", "owner": { "name": "${ams-env/ambari_metrics_user}", "access": "r" http://git-wip-us.apache.org/repos/asf/ambari/blob/db748e55/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index 54170a6..5a6ddd3 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -462,7 +462,7 @@ public class KerberosHelperTest extends EasyMockSupport { validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{ put("identity1", new HashMap<String, Object>() { { - put("principal_name", "component1/[email protected]"); + put("principal_name", "service1/[email protected]"); put("principal_type", KerberosPrincipalType.SERVICE); put("principal_configuration", "service1-site/component1.kerberos.principal"); put("principal_local_username", "service1"); @@ -526,7 +526,7 @@ public class KerberosHelperTest extends EasyMockSupport { validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{ put("identity1", new HashMap<String, Object>() { { - put("principal_name", "component1/[email protected]"); + put("principal_name", "service1/[email protected]"); put("principal_type", KerberosPrincipalType.SERVICE); put("principal_configuration", "service1-site/component1.kerberos.principal"); put("principal_local_username", "service1"); @@ -564,7 +564,7 @@ public class KerberosHelperTest extends EasyMockSupport { validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{ put("identity1", new HashMap<String, Object>() { { - put("principal_name", "component1/[email protected]"); + put("principal_name", "service1/[email protected]"); put("principal_type", KerberosPrincipalType.SERVICE); put("principal_configuration", "service1-site/component1.kerberos.principal"); put("principal_local_username", "service1"); @@ -611,7 +611,7 @@ public class KerberosHelperTest extends EasyMockSupport { validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{ put("identity1", new HashMap<String, Object>() { { - put("principal_name", "component1/[email protected]"); + put("principal_name", "service1/[email protected]"); put("principal_type", KerberosPrincipalType.SERVICE); put("principal_configuration", "service1-site/component1.kerberos.principal"); put("principal_local_username", "service1"); @@ -712,7 +712,7 @@ public class KerberosHelperTest extends EasyMockSupport { validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{ put("identity1", new HashMap<String, Object>() { { - put("principal_name", "component1/[email protected]"); + put("principal_name", "service1/[email protected]"); put("principal_type", KerberosPrincipalType.SERVICE); put("principal_configuration", "service1-site/component1.kerberos.principal"); put("principal_local_username", "service1"); @@ -766,7 +766,7 @@ public class KerberosHelperTest extends EasyMockSupport { validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{ put("identity1", new HashMap<String, Object>() { { - put("principal_name", "component1/[email protected]"); + put("principal_name", "service1/[email protected]"); put("principal_type", KerberosPrincipalType.SERVICE); put("principal_configuration", "service1-site/component1.kerberos.principal"); put("principal_local_username", "service1"); @@ -3049,7 +3049,7 @@ public class KerberosHelperTest extends EasyMockSupport { .anyTimes(); final KerberosPrincipalDescriptor principalDescriptor1 = createMock(KerberosPrincipalDescriptor.class); - expect(principalDescriptor1.getValue()).andReturn("component1/_HOST@${realm}").anyTimes(); + expect(principalDescriptor1.getValue()).andReturn("service1/_HOST@${realm}").anyTimes(); expect(principalDescriptor1.getType()).andReturn(KerberosPrincipalType.SERVICE).anyTimes(); expect(principalDescriptor1.getConfiguration()).andReturn("service1-site/component1.kerberos.principal").anyTimes(); expect(principalDescriptor1.getLocalUsername()).andReturn("service1").anyTimes();
