[jira] [Commented] (NIFI-7018) Add kerberos password property to NiFi HDFS components

Fri, 28 Feb 2020 07:11:24 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-7018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17047726#comment-17047726
 ] 

ASF subversion and git services commented on NIFI-7018:
-------------------------------------------------------

Commit 614136ce51638fc8ca28cab47d4e5bfa253b6cc4 in nifi's branch 
refs/heads/master from jstorck
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=614136c ]

NIFI-7018: Initial commit of processors extending AbstractHadoopProcessor 
supporting kerberos passwords
AbstractHadoopProcessor will always authenticate the principal with a 
KerberosUser implementation and a UGI will be acquired from the Subject 
associated with the KerberosUser implementation
AbstractHadoopProcessor's getUserGroupInformation method will now attempt to 
check the TGT and relogin if a KerberosUser impelmentation is available, 
otherwise it will return the UGI referenced in the HdfsResource instance
Updated AbstractHadoopProcessor's customValidate method to consider the 
provided password and updated validation failure explanations when a 
KerberosCredentialsService is specified together with a principal, password, or 
keytab
Added toString method override to AbstractKerberosUser
Updated Hive/HBase components to be compatible with the 
KerberosProperties.validatePrincipalWithKeytabOrPassword method
Fixed null ComponentLog in GetHDFSSequenceFileTest

Added package-protected accessor method 
(getAllowExplicitKeytabEnvironmentVariable) to AbstractHadoopProcessor for 
determining if the environment variable "NIFI_ALLOW_EXPLICIT_KEYTAB" has been 
set
AbstractHadoopProcessor will now only fail validation when the 
NIFI_ALLOW_EXPLICIT_KEYTAB environment variable is set to false if a keytab is 
provided to allow the user to specify a principal and password
Added AbstractHadoopProcessorSpec to verify validation of 
principal/keytab/password/kerberos credential service combinations

This closes #4095.


> Add kerberos password property to NiFi HDFS components
> ------------------------------------------------------
>
>                 Key: NIFI-7018
>                 URL: https://issues.apache.org/jira/browse/NIFI-7018
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Extensions
>            Reporter: Jeff Storck
>            Assignee: Jeff Storck
>            Priority: Major
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> In addition to the principal/keytab and KerberosCredentialsService options 
> for accessing kerberized HDFS endpoints from NiFi HDFS components, a password 
> field should be added.
> Components should validate that only one set of options should be configured:
>  * principal and keytab
>  * principal and password
>  * KerberosCredentialsService



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to