[jira] [Commented] (AMBARI-8447) Update ConfigurationResourceProvider to handle Kerberos Administrative Credentials as a special case

Hadoop QA (JIRA) Sat, 06 Dec 2014 10:39:47 -0800

    [ 
https://issues.apache.org/jira/browse/AMBARI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14236918#comment-14236918
 ]


Hadoop QA commented on AMBARI-8447:
-----------------------------------

{color:green}+1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12685559/AMBARI-8447.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:green}+1 tests included{color}.  The patch appears to include 7 new 
or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in 
ambari-server.

Test results: 
https://builds.apache.org/job/Ambari-trunk-test-patch/829//testReport/
Console output: 
https://builds.apache.org/job/Ambari-trunk-test-patch/829//console

This message is automatically generated.

> Update ConfigurationResourceProvider to handle Kerberos Administrative 
> Credentials as a special case 
> -----------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-8447
>                 URL: https://issues.apache.org/jira/browse/AMBARI-8447
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Tom Beerbower
>              Labels: api, configuration, kerberos, session
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-8447.patch
>
>
> Certain configuration settings need to handled in special-case scenarios. For 
> example short-lived settings to be stored per request or session scope.  Or 
> secure data the must not be stored in the Ambari database.
> An example of this type of data is the administrative credentials used to 
> manage a KDC server.   This _configuration_ data is short lived (per session) 
> and sensitive. Therefore, it must be handled as a special case.  
> To determine that a configuration request contains this data, the {{type}} of 
> the configuration is to be used.  For this specific case, a configuration 
> {{type}} of *_kerberos_admin_identity_* will trigger the special case to 
> secure and store the administrative credentials in a file.  Ideally if the 
> _session_ data was available (see AMBARI-8426) a session-based encryption key 
> would be created and stored in session. That key would then be used to 
> encrypt the data from this request. The encrypted data and key would then be 
> retrieved from the _session_, decrypted, and used as needed. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AMBARI-8447) Update ConfigurationResourceProvider to handle Kerberos Administrative Credentials as a special case

Reply via email to