[jira] [Commented] (AMBARI-19681) Credential Store should add hadoop credential provider path property to all affected configuration types

Tue, 24 Jan 2017 13:26:21 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-19681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15836656#comment-15836656
 ] 

Hudson commented on AMBARI-19681:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-branch-2.5 #788 (See 
[https://builds.apache.org/job/Ambari-branch-2.5/788/])
AMBARI-19681: Credential store should add hadoop credential provider 
(nsomasundaram: 
[http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=77bd5ebebaf5808a4e9627cca0b0a77a12ad6aec])
* (edit) ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
* (edit) 
ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py


> Credential Store should add hadoop credential provider path property to all 
> affected configuration types
> --------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-19681
>                 URL: https://issues.apache.org/jira/browse/AMBARI-19681
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent
>    Affects Versions: 2.5.0
>            Reporter: Nahappan Somasundaram
>            Assignee: Nahappan Somasundaram
>             Fix For: 2.5.0
>
>         Attachments: rb55853.patch
>
>
> CustomServiceOrchestrator.py function generateJceks adds the property 
> 'hadoop.security.credential.provider.path' only to the last configuration 
> type that requires it. The function iterates over the configtype_credentials 
> dictionary, and at each iteration it updates the variable named config (line 
> 272):
> {code}
> config = commandJson['configurations'][config_type]
> {code}
> After the iteration is over, and the provider_paths variable is set the 
> function adds the provider paths to the dictionary with the key 
> 'hadoop.security.credential.provider.path' (line 292)
> {code}
> config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
> {code}
> The problem is that at this point the variable config contains the latest 
> config type that needs this property to be set up, while all of them should 
> have it! So if both config_type_1, and config_type_2 have passwords 
> properties present in configtype_credentials, only config_type_2 will have 
> the dictionary entry set for the key 
> 'hadoop.security.credential.provider.path', and it will contain a reference 
> to both of their jceks files!
> Another issue is that there is no reason to collect the provider paths to an 
> array, each config_type should have a reference only to it's own provider.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to