Review Request 63450: Improve KDC integration

Tue, 31 Oct 2017 13:57:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63450/
-----------------------------------------------------------

Review request for Ambari, Attila Magyar, Balázs Bence Sári, Eugene Chekanskiy, 
Jonathan Hurley, Laszlo Puskas, Nate Cole, Robert Nettleton, and Sebastian 
Toader.


Bugs: AMBARI-22293
    https://issues.apache.org/jira/browse/AMBARI-22293


Repository: ambari


Description
-------

Improve KDC integration by making the interfaces more consistent with each 
other.

#Notes:
- When using the MIT KDC or IPA options, the `kerberos-env/admin_server_host` 
value *must be the fully qualified domain name* (FQDN) of the host were the KDC 
administrator service is. 
- When connecting to the MIT KDC and IPA server, a username a password is not 
used to authenticate using the kadmin utility.  A Kerberos ticket is first 
acquired and that is used for authentication.
- When creating Kerberos identities using the MIT KDC and IPA handlers, the 
Ambari-generated password is not used.  All password's for principals in the 
MIT KDC and IP server are generated randomly by the KDC.
- Removed `kerberos-env/set_password_expiry` and 
`kerberos-env/password_chat_timeout` properties since they are no longer needed
- Changed `kerberos-env/groups` to `kerberos-env/ipa_user_groups` to be more 
explicit in how the property is used.
- The setPassword implementation for the MIT KDC and IPA handlers do nothing 
except check to see if the relevant principal exists. This is to maintain 
backward compatibility with previous implementations.


Diffs
-----

  ambari-agent/src/main/python/ambari_agent/ActionQueue.py 1eda5c2fb0 
  
ambari-common/src/main/python/resource_management/core/providers/package/__init__.py
 8728b5e0f2 
  
ambari-common/src/main/python/resource_management/core/providers/package/apt.py 
e236697998 
  
ambari-common/src/main/python/resource_management/core/providers/package/yumrpm.py
 b9b67926c3 
  
ambari-common/src/main/python/resource_management/core/providers/package/zypper.py
 6fc4b59976 
  
ambari-common/src/main/python/resource_management/libraries/functions/repository_util.py
 7ad7df06a4 
  ambari-common/src/main/python/resource_management/libraries/script/script.py 
12e6f98135 
  ambari-funtest/pom.xml bb2068d901 
  
ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClientBuilder.java
 54c4ae341f 
  
ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/CreateCollectionCommand.java
 53e96fdf8e 
  
ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/CreateShardCommand.java
 9b57827675 
  
ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetShardsCommand.java
 e49bfecb5e 
  ambari-infra/pom.xml 908abb45a6 
  ambari-logsearch/README.md d05f45a6f4 
  
ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/input/InputFile.java
 e24a7aaa24 
  ambari-logsearch/docker/.gitignore 99455ed39d 
  ambari-logsearch/docker/Dockerfile 1e4135e3e7 
  ambari-logsearch/docker/all.yml PRE-CREATION 
  ambari-logsearch/docker/bin/start.sh 883ba02f03 
  ambari-logsearch/docker/docker-compose.yml PRE-CREATION 
  ambari-logsearch/docker/logsearch-docker.sh 1660ceea61 
  ambari-logsearch/docker/logsearch-logfeeder.yml PRE-CREATION 
  ambari-logsearch/docker/logsearch-server.yml PRE-CREATION 
  ambari-logsearch/docker/solr.yml PRE-CREATION 
  ambari-logsearch/docker/zookeeper.yml PRE-CREATION 
  ambari-logsearch/pom.xml 9434365f50 
  ambari-project/pom.xml 00ba1bcb4c 
  ambari-server/docs/security/kerberos/kerberos_service.md 65e312b866 
  ambari-server/pom.xml e250da7592 
  
ambari-server/src/main/java/org/apache/ambari/server/agent/CommandRepository.java
 301f475073 
  
ambari-server/src/main/java/org/apache/ambari/server/agent/ExecutionCommand.java
 fd27169b31 
  
ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
 d0d115d682 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/AmbariConfigurationRequestSwagger.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/AmbariConfigurationResponseSwagger.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/AmbariConfigurationService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/AmbariConfiguration.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapConfigOperation.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapConfigurationRequest.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapConfigurationService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRequestInfo.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/stackadvisor/StackAdvisorRequest.java
 3a2b488457 
  
ambari-server/src/main/java/org/apache/ambari/server/api/services/stackadvisor/commands/StackAdvisorCommand.java
 356754d807 
  
ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
 1b4d74142e 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariActionExecutionHelper.java
 0f6eb90803 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelper.java
 e12477eede 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
 1b1f524da1 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 8988be007b 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
 dc97871ddc 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
 a1987755f7 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
 a98ad46150 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractProviderModule.java
 1cd2d10507 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariConfigurationResourceProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
 43779a3704 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
 e65693b47b 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
 362b4e631c 
  ambari-server/src/main/java/org/apache/ambari/server/events/AmbariEvent.java 
9a5ee79913 
  
ambari-server/src/main/java/org/apache/ambari/server/events/AmbariLdapConfigChangedEvent.java
 PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java 
PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfigKeys.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfigurationFactory.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapConfigurationProvider.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapException.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AttributeDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapAttributeDetectionService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConfigurationService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapConnectionConfigService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConnectionConfigService.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/LdapConnectionTemplateFactory.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/AttributeDetectorFactory.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/ChainedAttributeDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupNameAttrDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupObjectClassDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/OccurrenceAndWeightBasedDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserGroupMemberAttrDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserNameAttrDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/detectors/UserObjectClassDetector.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/dao/AmbariConfigurationDAO.java
 PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/orm/dao/DaoUtils.java 
cd3faf087c 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/AmbariConfigurationEntity.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ConfigurationBaseEntity.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RepositoryVersionEntity.java
 7eedc4dffa 
  
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
 cd35c2c991 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
 f7d6060710 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java
 1c0853b98e 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
 2b3a0ca40d 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.java
 9a6a07e4d3 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KDCKerberosOperationHandler.java
 PRE-CREATION 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
 8749f81068 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
 0997f650f8 
  
ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/FinalizeUpgradeAction.java
 87ea1fcd8f 
  
ambari-server/src/main/java/org/apache/ambari/server/stack/MasterHostResolver.java
 fc657c1533 
  
ambari-server/src/main/java/org/apache/ambari/server/state/UpgradeContext.java 
cb44adba3a 
  
ambari-server/src/main/java/org/apache/ambari/server/state/stack/upgrade/RepositoryVersionHelper.java
 f540d8df4b 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java
 ffcf668025 
  
ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog300.java
 bfe2a1346e 
  ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql 614af1ef15 
  ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql 530411a149 
  ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ebe5f120a2 
  ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql 634db9566a 
  ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql f64ff80b73 
  ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql 7a3feaf92a 
  ambari-server/src/main/resources/META-INF/persistence.xml e4045ef536 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 0a081215ec 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/configuration/kerberos-env.xml
 0a081215ec 
  ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml 
4a7b3e0519 
  ambari-server/src/main/resources/custom_actions/scripts/install_packages.py 
872d55ea7a 
  ambari-server/src/main/resources/stacks/PERF/1.0/hdp_urlinfo.json 
PRE-CREATION 
  ambari-server/src/main/resources/stacks/PERF/1.0/repos/repoinfo.xml 
0895fabe56 
  
ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml
 66e81dbb00 
  ambari-server/src/main/resources/stacks/PERF/1.0/vdf.xml PRE-CREATION 
  ambari-server/src/main/resources/stacks/PERF/2.0/hdp_urlinfo.json 
PRE-CREATION 
  ambari-server/src/main/resources/stacks/PERF/2.0/repos/repoinfo.xml 
5c3b40b7e5 
  ambari-server/src/main/resources/stacks/PERF/2.0/vdf.xml PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/api/services/stackadvisor/commands/StackAdvisorCommandTest.java
 eaa471661d 
  
ambari-server/src/test/java/org/apache/ambari/server/checks/UpgradeCheckOrderTest.java
 aa975e2ef6 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
 7ed52d2782 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariConfigurationResourceProviderTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
 a141570326 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/internal/StackAdvisorResourceProviderTest.java
 ab60948b1b 
  
ambari-server/src/test/java/org/apache/ambari/server/ldap/LdapModuleFunctionalTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/ldap/domain/TestAmbariLdapConfigurationFactory.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/ldap/service/AmbariLdapFacadeTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionServiceTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapConfigurationServiceTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ads/detectors/GroupMemberAttrDetectorTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/notifications/DispatchFactoryTest.java
 382799c2c7 
  
ambari-server/src/test/java/org/apache/ambari/server/orm/InMemoryDefaultTestModule.java
 434a2a1e22 
  
ambari-server/src/test/java/org/apache/ambari/server/orm/JdbcPropertyTest.java 
427cede296 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
 442414f14d 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
 4941bc7afb 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserProviderTest.java
 2362823b30 
  
ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
 5747408954 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
 483cc0aed2 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandlerTest.java
 f2a09bafb9 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KDCKerberosOperationHandlerTest.java
 PRE-CREATION 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
 88c841c3a1 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
 a43db4d12c 
  
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
 04d03bebb5 
  
ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog300Test.java
 25e9dbf739 
  
ambari-server/src/test/python/custom_actions/configs/install_packages_config.json
 4bebe99e5d 
  
ambari-server/src/test/python/custom_actions/configs/install_packages_repository_file.json
 761dced513 
  ambari-server/src/test/python/stacks/2.0.6/configs/repository_file.json 
7efb7d9966 
  ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json 
288d155c47 
  ambari-server/src/test/python/stacks/2.5/configs/ranger-kms-secured.json 
f7f054a0db 
  ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-secured.json 
38b59061b4 
  ambari-server/src/test/resources/PreconfigureActionTest_cluster_config.json 
2a744c70be 
  ambari-web/app/assets/test/tests.js fe0dd171d1 
  ambari-web/app/controllers/main/admin/kerberos/step2_controller.js 05b0b31e3b 
  ambari-web/app/controllers/main/dashboard/config_history_controller.js 
5197ad9fa1 
  ambari-web/app/messages.js 0123356cf7 
  ambari-web/app/routes/main.js 5ba7c3d8ae 
  ambari-web/app/styles/application.less d40ab8e136 
  ambari-web/app/templates/main/alerts.hbs 1ce2c91d20 
  ambari-web/app/templates/main/dashboard/config_history.hbs bc6ef7ca90 
  ambari-web/app/templates/main/host.hbs 992c6b199b 
  ambari-web/app/templates/main/service/services/hdfs.hbs fec5bac45e 
  ambari-web/app/templates/main/service/services/yarn.hbs aa8ee48a47 
  ambari-web/app/utils/ajax/ajax.js c32d8d4078 
  ambari-web/app/views.js 8ffa8f5d7a 
  ambari-web/app/views/common/search_box_view.js PRE-CREATION 
  ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_column_view.js 
67bde4f5c1 
  ambari-web/app/views/main/alerts/alert_search_box.js eebd7ee7c2 
  ambari-web/app/views/main/dashboard/config_history_search_box.js PRE-CREATION 
  ambari-web/app/views/main/dashboard/config_history_view.js 2808de3929 
  ambari-web/app/views/main/host/combo_search_box.js b77e877f4e 
  ambari-web/app/views/main/service/services/yarn.js 35335853b1 
  ambari-web/test/views/common/search_box_view_test.js PRE-CREATION 
  ambari-web/test/views/main/alerts/alert_search_box_test.js f5ff79c8e0 
  ambari-web/test/views/main/dashboard/config_history_search_box_test.js 
PRE-CREATION 
  ambari-web/test/views/main/dashboard/config_history_view_test.js da9ce318b9 
  ambari-web/test/views/main/host/combo_search_box_test.js 0775f66d05 
  ambari-web/test/views/main/service/services/yarn_test.js d422d47d88 
  contrib/views/storm/pom.xml c424f45772 
  docs/pom.xml 8af497eb0f 


Diff: https://reviews.apache.org/r/63450/diff/1/


Testing
-------

Manually tested new and upgraded clusters using AD, MIT KDC, and IPA options. 

# Local test results: 
```
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 26:09 min
[INFO] Finished at: 2017-10-31T16:24:49-04:00
[INFO] Final Memory: 99M/2148M
[INFO] ------------------------------------------------------------------------
```

# Jenkins test results: PENDING


Thanks,

Robert Levas

Reply via email to