[ambari] branch trunk updated: AMBARI-22977. NullPointerException in KerberosHelperImpl.addIdentities (amagyar)

Tue, 13 Feb 2018 11:39:59 -0800 

This is an automated email from the ASF dual-hosted git repository.

amagyar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 4243e33  AMBARI-22977. NullPointerException in 
KerberosHelperImpl.addIdentities (amagyar)
4243e33 is described below

commit 4243e3367df2c9826bc94b8584ec0f12d6f6c4be
Author: Attila Magyar <amag...@hortonworks.com>
AuthorDate: Tue Feb 13 18:41:35 2018 +0100

    AMBARI-22977. NullPointerException in KerberosHelperImpl.addIdentities 
(amagyar)
---
 .../org/apache/ambari/server/controller/KerberosHelperImpl.java   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 2a30da4..605767f 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -1553,6 +1553,10 @@ public class KerberosHelperImpl implements 
KerberosHelper {
               keytabFileGroupAccess = 
variableReplacementHelper.replaceVariables(keytabDescriptor.getGroupAccess(), 
configurations);
               keytabFileConfiguration = 
variableReplacementHelper.replaceVariables(keytabDescriptor.getConfiguration(), 
configurations);
             }
+            if (keytabFileOwnerName == null || keytabFileGroupName == null) {
+              LOG.warn("Missing owner ({}) or group name ({}) of kerberos 
descriptor {}", keytabFileOwnerName, keytabFileGroupName, 
keytabDescriptor.getName());
+            }
+
             // Evaluate the principal "pattern" found in the record to 
generate the "evaluated principal"
             // by replacing the _HOST and _REALM variables.
             String evaluatedPrincipal = principal.replace("_HOST", 
hostname).replace("_REALM", realm);
@@ -1598,7 +1602,7 @@ public class KerberosHelperImpl implements KerberosHelper 
{
               // TODO probably fail on group difference. Some services can 
inject its principals to same keytab, but
               // TODO with different owners, so make sure that keytabs are 
accessible through group acls
               // TODO this includes same group name and group 'r' mode
-              if 
(!resolvedKeytab.getGroupName().equals(sameKeytab.getGroupName())) {
+              if (!StringUtils.equals(resolvedKeytab.getGroupName(), 
sameKeytab.getGroupName())) {
                 if (differentOwners) {
                   LOG.error(warnTemplate,
                     keytabFilePath, hostname, "groups", 
sameKeytab.getGroupName(),
@@ -1611,7 +1615,7 @@ public class KerberosHelperImpl implements KerberosHelper 
{
                     sameKeytab.getGroupName());
                 }
               }
-              if 
(!resolvedKeytab.getGroupAccess().equals(sameKeytab.getGroupAccess())) {
+              if (!StringUtils.equals(resolvedKeytab.getGroupAccess(), 
sameKeytab.getGroupAccess())) {
                 if (differentOwners) {
                   if (!sameKeytab.getGroupAccess().contains("r")) {
                     LOG.error("Keytab '{}' on host '{}' referenced by multiple 
identities which have different owners," +

-- 
To stop receiving notification emails like this one, please contact
amag...@apache.org.

Reply via email to