AMBARI-21238. Kafka userprincipal to shortname is not using AUTH_TO_LOCAL rules for authorization (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f1e89e4d Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f1e89e4d Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f1e89e4d Branch: refs/heads/branch-feature-AMBARI-20859 Commit: f1e89e4d2cc81d8ba14d465fd5badfe77f329a69 Parents: 03812cb Author: Eugene Chekanskiy <[email protected]> Authored: Wed Jun 14 16:31:28 2017 +0300 Committer: Eugene Chekanskiy <[email protected]> Committed: Wed Jun 14 16:31:28 2017 +0300 ---------------------------------------------------------------------- .../ambari/server/controller/AuthToLocalBuilder.java | 10 ++++++++-- .../common-services/KAFKA/0.10.0.3.0/kerberos.json | 3 +++ .../resources/common-services/KAFKA/0.10.0/kerberos.json | 3 +++ .../resources/common-services/KAFKA/0.9.0/kerberos.json | 3 +++ .../resources/stacks/HDF/2.0/services/KAFKA/kerberos.json | 3 +++ 5 files changed, 20 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f1e89e4d/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java index 33c8f3b..1d4abdd 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java @@ -242,6 +242,9 @@ public class AuthToLocalBuilder implements Cloneable { case SPACES: stringBuilder.append(" "); break; + case COMMA: + stringBuilder.append(","); + break; default: throw new UnsupportedOperationException(String.format("The auth-to-local rule concatenation type is not supported: %s", concatenationType.name())); @@ -661,8 +664,11 @@ public class AuthToLocalBuilder implements Cloneable { /** * Each rule is appended to the set of rules using a space - the ruleset exists on a single line */ - SPACES; - + SPACES, + /** + * Each rule is appended to the set of rules using comma - the ruleset exists on a single line. + */ + COMMA; /** * Translate a string declaring a concatenation type to the enumerated value. * <p/> http://git-wip-us.apache.org/repos/asf/ambari/blob/f1e89e4d/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json index eb31ad6..b4d0018 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json @@ -29,6 +29,9 @@ } } ], + "auth_to_local_properties" : [ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], "components": [ { "name": "KAFKA_BROKER", http://git-wip-us.apache.org/repos/asf/ambari/blob/f1e89e4d/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json index eb31ad6..b4d0018 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json @@ -29,6 +29,9 @@ } } ], + "auth_to_local_properties" : [ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], "components": [ { "name": "KAFKA_BROKER", http://git-wip-us.apache.org/repos/asf/ambari/blob/f1e89e4d/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json index 7500891..247a602 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json @@ -19,6 +19,9 @@ } } ], + "auth_to_local_properties" : [ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], "components": [ { "name": "KAFKA_BROKER", http://git-wip-us.apache.org/repos/asf/ambari/blob/f1e89e4d/contrib/management-packs/hdf-ambari-mpack/src/main/resources/stacks/HDF/2.0/services/KAFKA/kerberos.json ---------------------------------------------------------------------- diff --git a/contrib/management-packs/hdf-ambari-mpack/src/main/resources/stacks/HDF/2.0/services/KAFKA/kerberos.json b/contrib/management-packs/hdf-ambari-mpack/src/main/resources/stacks/HDF/2.0/services/KAFKA/kerberos.json index e1e6461..aa351d1 100644 --- a/contrib/management-packs/hdf-ambari-mpack/src/main/resources/stacks/HDF/2.0/services/KAFKA/kerberos.json +++ b/contrib/management-packs/hdf-ambari-mpack/src/main/resources/stacks/HDF/2.0/services/KAFKA/kerberos.json @@ -28,6 +28,9 @@ } } ], + "auth_to_local_properties" : [ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], "components": [ { "name": "KAFKA_BROKER",
