-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31656/
-----------------------------------------------------------
Review request for Ambari, Andrew Onischuk, Emil Anca, John Speidel, and Robert
Nettleton.
Bugs: AMBARI-9852
https://issues.apache.org/jira/browse/AMBARI-9852
Repository: ambari
Description
-------
The Kerberos _service check_ needs to generate it's own unique identity to use
for testing and then destroy it when complete. This will ensure that any
_known_ identities (such as the smokeuser, usually ambari-qa) does not
accidentally get removed if shared between clusters or if the service check is
run after Kerberos is enabled.
The service check must perform the following steps:
1. Create a unique principal in the relevant KDC (server)
2. Test that the principal can be used to authenticate via kinit (agent)
3. Destroy the principal (server)
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
2bf0cbf
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
8dd6c4d
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
3705cfe
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py
ee4a4c3
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
e16f22f
Diff: https://reviews.apache.org/r/31656/diff/
Testing
-------
Manual testing in several scenarios
#Jenkins test results: PENDING
Thanks,
Robert Levas
