[GitHub] incubator-metron pull request #535: METRON-859: Use REST application with Ke...

[merrimanr]

GitHub user merrimanr reopened a pull request:

    https://github.com/apache/incubator-metron/pull/535

    METRON-859: Use REST application with Kerberos

    ## Contributor Comments
    This PR enables the REST application to function in a Kerberized cluster.  
Testing instructions are as follows:
    
    1. Follow the instructions in 
/incubator-metron/metron-deployment/vagrant/Kerberos-setup.md to Kerberize 
Metron in full dev.
    2. Follow the instructions in the "Quick Dev" section of 
/incubator-metron/metron-interface/metron-rest/README.md to deploy and start 
the REST application "locally on the Quick Dev host" (full dev host in this 
case).  Make sure you use the start command for a Kerberos enabled cluster (the 
one with the -Djava.security.auth.login.config parameter).
    3. Navigate to http://node1:8082/swagger-ui.html and exercise the various 
endpoints.  The endpoints should function normally and there should be no 
security-related errors returned.
    
    The REST application uses keytabs to authenticate the various services.  A 
summary of where these come from for each service:
    - Kafka and Zookeeper principals/keytabs come from the client_jaas.conf 
file created during Kerberos setup
    - HDFS and Storm principals/keytabs come from the Spring kerberos.principal 
and kerberos.keytab properties (should there be separate properties for each 
service?)
    
    Unit tests were added for new Kerberos related code but integration tests 
still assume a non-Kerberized testing environment.  I believe adjusting our 
integration testing framework to support Kerberos is out of scope for this PR 
and I'm not sure it's even possible.
    
    This was also tested for regressions against a non-Kerberized cluster 
(start command is differently obviously).
    
    ## Pull Request Checklist
    
    Thank you for submitting a contribution to Apache Metron (Incubating).  
    Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
    Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  
    
    
    In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:
    
    ### For all changes:
    - [x] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
 
    - [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
    - [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?
    
    
    ### For code changes:
    - [x] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
    - [x] Have you included steps or a guide to how the change may be verified 
and tested manually?
    - [x] Have you ensured that the full suite of tests and checks have been 
executed in the root incubating-metron folder via:
      ```
      mvn -q clean integration-test install && build_utils/verify_licenses.sh 
      ```
    
    - [x] Have you written or updated unit tests and or integration tests to 
verify your changes?
    - [x] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
    - [x] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?
    
    ### For documentation related changes:
    - [x] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:
    
      ```
      cd site-book
      bin/generate-md.sh
      mvn site:site
      ```
    
    #### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
    It is also recommened that [travis-ci](https://travis-ci.org) is set up for 
your personal repository such that your branches are built there before 
submitting a pull request.
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/merrimanr/incubator-metron METRON-859

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/535.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #535
    
----
commit 17e3b273bda19d5365e177c1bc8d00fbb226e378
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-18T15:24:08Z

    updated rpm build ansible task

commit 525b384dd9703acd6003ae07c879e1bee5813c9a
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-18T17:27:56Z

    Added Kerberos support to the REST application

commit 03d4e48f8a59dc05758bfb7d917db4f4c9ec594e
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-18T21:16:41Z

    Merge remote-tracking branch 'mirror/master' into METRON-859

commit 20144bcee36caa55237ea3d61f266d9673b7cccb
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-18T21:35:10Z

    Changed principle to principal

commit 7973639803d72a074af27db3ece6efafc3c1d8e9
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-18T22:02:04Z

    Remove hard-coded version

commit d8fe16fedc9d87a89d0579e81f89b4bdad2d5e3f
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-20T16:32:27Z

    Merge remote-tracking branch 'mirror/master' into METRON-859
    
    # Conflicts:
    #   metron-deployment/vagrant/Kerberos-setup.md

commit 82c2efb174195e4ad3d115504110c3b24072ef99
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-20T17:22:36Z

    testing without spring kerberos dependency

commit 04487bca41b5cfa356e07209fba03767621e5af1
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-20T17:38:36Z

    testing for corrupt jars

commit b20f655500c381b5ea247f6d33966d1ad58e8b37
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-20T17:50:24Z

    removing corrupted jar

commit 1faba5c787be5b33899538abe4e2674f4378d99f
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-20T17:55:53Z

    reverted travis config

commit 9d7113e4ce1e9f32d78b269640d9ecd8b542e1fb
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-21T13:08:18Z

    Merge remote-tracking branch 'mirror/master' into METRON-859
    
    # Conflicts:
    #   metron-deployment/vagrant/Kerberos-setup.md

commit 6e6043fc70215a1a919116271635d89090c067ff
Author: merrimanr <merrim...@gmail.com>
Date:   2017-04-21T15:23:05Z

    Updated REST README to resolve conflicts with METRON-799

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---