This is an automated email from the ASF dual-hosted git repository. rlevas pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new 7887a2f [AMBARI-23622] JWT cookie name and audiences not queried for during ambari-server setup-sso 7887a2f is described below commit 7887a2f11312c9ac796c4a0c1946a2e89deeedab Author: Robert Levas <rle...@hortonworks.com> AuthorDate: Thu Apr 19 09:19:51 2018 -0400 [AMBARI-23622] JWT cookie name and audiences not queried for during ambari-server setup-sso --- ambari-server/src/main/python/ambari-server.py | 4 ++-- ambari-server/src/main/python/ambari_server/setupSso.py | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index 6e4192a..2383086 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -577,8 +577,8 @@ def init_setup_sso_options(parser): parser.add_option('--sso-enabled-services', default=None, help="A comma separated list of services that are expected to be configured for SSO (you are allowed to use '*' to indicate ALL services)", dest='sso_enabled_services') parser.add_option('--sso-provider-url', default=None, help="The URL of SSO provider; this must be provided when --sso-enabled is set to 'true'", dest="sso_provider_url") parser.add_option('--sso-public-cert-file', default=None, help="The path where the public certificate PEM is located; this must be provided when --sso-enabled is set to 'true'", dest="sso_public_cert_file") - parser.add_option('--sso-jwt-cookie-name', default="hadoop-jwt", help="The name of the JWT cookie", dest="sso_jwt_cookie_name") - parser.add_option('--sso-jwt-audience-list', default="", help="A comma separated list of JWT audience(s)", dest="sso_jwt_audience_list") + parser.add_option('--sso-jwt-cookie-name', default=None, help="The name of the JWT cookie", dest="sso_jwt_cookie_name") + parser.add_option('--sso-jwt-audience-list', default=None, help="A comma separated list of JWT audience(s)", dest="sso_jwt_audience_list") parser.add_option('--ambari-admin-username', default=None, help="Ambari Admin username for LDAP setup", dest="ambari_admin_username") parser.add_option('--ambari-admin-password', default=None, help="Ambari Admin password for LDAP setup", dest="ambari_admin_password") diff --git a/ambari-server/src/main/python/ambari_server/setupSso.py b/ambari-server/src/main/python/ambari_server/setupSso.py index faae031..33ff78c 100644 --- a/ambari-server/src/main/python/ambari_server/setupSso.py +++ b/ambari-server/src/main/python/ambari_server/setupSso.py @@ -42,6 +42,7 @@ JWT_COOKIE_NAME = "ambari.sso.jwt.cookieName" SSO_PROVIDER_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl" SSO_PROVIDER_URL_DEFAULT = "https://knox.example.com:8443/gateway/knoxsso/api/v1/websso" JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt" +JWT_AUDIENCES_DEFAULT = "" CERTIFICATE_HEADER = "-----BEGIN CERTIFICATE-----" CERTIFICATE_FOOTER = "-----END CERTIFICATE-----" @@ -100,23 +101,23 @@ def populate_sso_public_cert(options, properties): def populate_jwt_cookie_name(options, properties): - if not options.sso_jwt_cookie_name: + if not options.sso_jwt_cookie_name and (not options.sso_provider_url or not options.sso_public_cert_file): cookie_name = get_value_from_dictionary(properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT) cookie_name = get_validated_string_input("JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING, "Invalid cookie name", False) else: - cookie_name = options.sso_jwt_cookie_name + cookie_name = options.sso_jwt_cookie_name if options.sso_jwt_cookie_name else JWT_COOKIE_NAME_DEFAULT properties[JWT_COOKIE_NAME] = cookie_name def populate_jwt_audiences(options, properties): - if options.sso_jwt_audience_list is None: - audiences = get_value_from_dictionary(properties, JWT_AUDIENCES) + if options.sso_jwt_audience_list is None and (not options.sso_provider_url or not options.sso_public_cert_file): + audiences = get_value_from_dictionary(properties, JWT_AUDIENCES, JWT_AUDIENCES_DEFAULT) audiences = get_validated_string_input("JWT audiences list (comma-separated), empty for any ({0}):".format(audiences), audiences, REGEX_ANYTHING, "Invalid value", False) else: - audiences = options.sso_jwt_audience_list + audiences = options.sso_jwt_audience_list if options.sso_jwt_audience_list else JWT_AUDIENCES_DEFAULT properties[JWT_AUDIENCES] = audiences -- To stop receiving notification emails like this one, please contact rle...@apache.org.