-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35017/
-----------------------------------------------------------
Review request for Ambari, Arpit Gupta, Raghav Gautam, Robert Nettleton, and
Tom Beerbower.
Bugs: AMBARI-11629
https://issues.apache.org/jira/browse/AMBARI-11629
Repository: ambari
Description
-------
After enabling Kerberos, the value for property
*.falcon.http.authentication.kerberos.name.rules is set to
```
RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/
RULE:[1:$1@$0]([email protected])s/.*/hdfs/
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[2:$1@$0]([email protected])s/.*/ams/
RULE:[2:$1@$0]([email protected])s/.*/ams/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/falcon/
RULE:[2:$1@$0]([email protected])s/.*/hive/
RULE:[2:$1@$0]([email protected])s/.*/mapred/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
RULE:[2:$1@$0]([email protected])s/.*/hdfs/
RULE:[2:$1@$0]([email protected])s/.*/oozie/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
RULE:[2:$1@$0]([email protected])s/.*/yarn/
DEFAULT
```
This is incorrect. The correct value should be
```
RULE:[1:$1@$0]([email protected])s/.*/ambari-qa/ \
RULE:[1:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// \
RULE:[2:$1@$0]([email protected])s/.*/ams/ \
RULE:[2:$1@$0]([email protected])s/.*/ams/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/falcon/ \
RULE:[2:$1@$0]([email protected])s/.*/hive/ \
RULE:[2:$1@$0]([email protected])s/.*/mapred/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
RULE:[2:$1@$0]([email protected])s/.*/hdfs/ \
RULE:[2:$1@$0]([email protected])s/.*/oozie/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
RULE:[2:$1@$0]([email protected])s/.*/yarn/ \
DEFAULT
```
Please notice the "\" at end of each RULE. This is needed because of the type
of configuration file the data is in - a (Java) properties file, where
properties values must be a single line or escaped if multi-lined.
*Solution*
Convert the multi-line auth-to-local rule to meet the requirements of the
configuration file type by allowing the concatenation type to be specified in
the Kerberos descriptor. The following concatenation types are allowed:
- *new lines* - each rule is separated by a new line
- *new_lines_escaped* - each rule is separated by an escaped new line
- *spaces* - each rule is separated by a whitespace charater
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
c599cc1
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
70d08ba
ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
df3ba34
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
58013e2
Diff: https://reviews.apache.org/r/35017/diff/
Testing
-------
Manually tested to see _fixed_ Falcon startup.properties file and successfully
Kerberized cluster.
Unit tests passed localled
#Jenkins test results: PENDING
Thanks,
Robert Levas
