[
https://issues.apache.org/jira/browse/AMBARI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14235626#comment-14235626
]
Tom Beerbower commented on AMBARI-8447:
---------------------------------------
Add API support to allow for session attributes to be set for a cluster.
Expose the {{session_attributes}} property on a cluster resource. To add
session attributes for a cluster the {{session_attributes}} property can be set
on a cluster resource. The value of the {{session_attributes}} should be a
collection of name value pairs, as follows ...
{code}
PUT api/v1/clusters/c1
[{
"session_attributes" : {
"attr1" : "v1",
"attr2" : "v2",
"attr3" : {"sub1" : "v31", "sub2" : "v32"}
}
}]
{code}
The above example would add the following attributes to the session for cluster
c1:
||attribute||value
|attr1 | v1
|attr2 | v2
|attr3/sub1 | v31
|attr3/sub2 | v32
The cluster session attribute property is not available to read through the
REST API. The map of cluster session attribute properties is available to
resource providers on the Ambari server through the following method on the
{{org.apache.ambari.server.state.Clusters}} singleton...
{code}
/**
* Get the map of session attributes for the cluster identified by the given
name.
*
* @param name the cluster name
*
* @return the map of session attributes for the cluster
*/
public Map<String, Object> getSessionAttributes(String name);
{code}
All session attributes set through the above API are scoped by cluster name and
session. When the session dies, so do the attribute values for that session.
[~rlevas], [~jspeidel],
Could you review the above the above?
> Update ConfigurationResourceProvider to handle Kerberos Administrative
> Credentials as a special case
> -----------------------------------------------------------------------------------------------------
>
> Key: AMBARI-8447
> URL: https://issues.apache.org/jira/browse/AMBARI-8447
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Tom Beerbower
> Labels: api, configuration, kerberos, session
> Fix For: 2.0.0
>
>
> Certain configuration settings need to handled in special-case scenarios. For
> example short-lived settings to be stored per request or session scope. Or
> secure data the must not be stored in the Ambari database.
> An example of this type of data is the administrative credentials used to
> manage a KDC server. This _configuration_ data is short lived (per session)
> and sensitive. Therefore, it must be handled as a special case.
> To determine that a configuration request contains this data, the {{type}} of
> the configuration is to be used. For this specific case, a configuration
> {{type}} of *_kerberos_admin_identity_* will trigger the special case to
> secure and store the administrative credentials in a file. Ideally if the
> _session_ data was available (see AMBARI-8426) a session-based encryption key
> would be created and stored in session. That key would then be used to
> encrypt the data from this request. The encrypted data and key would then be
> retrieved from the _session_, decrypted, and used as needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
