[ambari] branch branch-2.6 updated: AMBARI-23106. Optionally generate localjceks://file/{path} url (#494)

Tue, 06 Mar 2018 22:17:35 -0800 

This is an automated email from the ASF dual-hosted git repository.

adoroszlai pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.6 by this push:
     new 7cf6ad6  AMBARI-23106. Optionally generate localjceks://file/{path} 
url (#494)
7cf6ad6 is described below

commit 7cf6ad6c5c153f10971b5f52d8aba883bb13d8bf
Author: Zsombor <gzsom...@users.noreply.github.com>
AuthorDate: Wed Mar 7 07:16:55 2018 +0100

    AMBARI-23106. Optionally generate localjceks://file/{path} url (#494)
---
 .../resource_management/libraries/functions/security_commons.py    | 7 +++++--
 .../common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py       | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git 
a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
 
b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
index 96d60da..8599ae3 100644
--- 
a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
+++ 
b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
@@ -32,7 +32,7 @@ FILE_TYPE_JAAS_CONF = 'JAAS_CONF'
 HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME = 
'hadoop.security.credential.provider.path'
 
 # Copy JCEKS provider to service specific location and update the ACL
-def update_credential_provider_path(config, config_type, dest_provider_path, 
file_owner, file_group):
+def update_credential_provider_path(config, config_type, dest_provider_path, 
file_owner, file_group, use_local_jceks=False):
   """
   Copies the JCEKS file for the specified config from the default location to 
the given location,
   and sets the ACLs for the specified owner and group. Also updates the config 
type's configuration
@@ -57,7 +57,10 @@ def update_credential_provider_path(config, config_type, 
dest_provider_path, fil
     # make a copy of the config dictionary since it is read-only
     config_copy = config.copy()
     # overwrite the provider path with the path specified
-    config_copy[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 
'jceks://file{0}'.format(dest_provider_path)
+    if use_local_jceks:
+      config_copy[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 
'localjceks://file{0}'.format(dest_provider_path)
+    else:
+      config_copy[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 
'jceks://file{0}'.format(dest_provider_path)
     return config_copy
   return config
 
diff --git 
a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
 
b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
index 9297337..eb185b3 100644
--- 
a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
+++ 
b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
@@ -121,7 +121,8 @@ def oozie(is_server=False, upgrade_type=None):
                                                       'oozie-site',
                                                       
os.path.join(params.conf_dir, 'oozie-site.jceks'),
                                                       params.oozie_user,
-                                                      params.user_group
+                                                      params.user_group,
+                                                      use_local_jceks=True
                                                       )
 
   XmlConfig("oozie-site.xml",

-- 
To stop receiving notification emails like this one, please contact
adorosz...@apache.org.

Reply via email to