You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2016/09/09 18:52:45 UTC
[2/4] ambari git commit: AMBARI-18335. After upgrading cluster from
HDP-2.4.x to HDP-2.5.x and added atlas service - missing kafka security
properties (rlevas)
http://git-wip-us.apache.org/repos/asf/ambari/blob/f9abdafa/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java
new file mode 100644
index 0000000..fca2f1f
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java
@@ -0,0 +1,2272 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.state.kerberos;
+
+import com.google.gson.Gson;
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import com.google.inject.assistedinject.FactoryModuleBuilder;
+import junit.framework.Assert;
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.api.services.AmbariMetaInfo;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.orm.DBAccessor;
+import org.apache.ambari.server.orm.dao.ExtensionLinkDAO;
+import org.apache.ambari.server.orm.entities.ExtensionLinkEntity;
+import org.apache.ambari.server.orm.entities.MetainfoEntity;
+import org.apache.ambari.server.orm.entities.StackEntity;
+import org.apache.ambari.server.stack.StackManagerFactory;
+import org.apache.ambari.server.state.Clusters;
+import org.apache.ambari.server.state.stack.OsFamily;
+import org.easymock.EasyMock;
+import org.easymock.EasyMockSupport;
+import org.junit.Test;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.Collections;
+import java.util.Properties;
+
+import static org.easymock.EasyMock.anyString;
+import static org.easymock.EasyMock.expect;
+
+public class KerberosDescriptorUpdateHelperTest extends EasyMockSupport {
+ private static final KerberosDescriptorFactory KERBEROS_DESCRIPTOR_FACTORY = new KerberosDescriptorFactory();
+ private static final Gson GSON = new Gson();
+
+ @Test
+ public void updateDefaultUserKerberosDescriptor() throws Exception {
+ Injector injector = Guice.createInjector(new AbstractModule() {
+
+ @Override
+ protected void configure() {
+ Properties properties = new Properties();
+ properties.put("metadata.path", "src/main/resources/stacks");
+ properties.put("common.services.path", "src/main/resources/common-services");
+ properties.put("server.version.file", "target/version");
+ properties.put("custom.action.definitions", "/tmp/nofile");
+ Configuration configuration = new Configuration(properties);
+
+ install(new FactoryModuleBuilder().build(StackManagerFactory.class));
+
+ bind(Clusters.class).toInstance(createNiceMock(Clusters.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(Configuration.class).toInstance(configuration);
+ bind(ExtensionLinkDAO.class).toInstance(createNiceMock(ExtensionLinkDAO.class));
+ }
+ });
+
+ OsFamily osFamily = injector.getInstance(OsFamily.class);
+ expect(osFamily.os_list()).andReturn(Collections.singleton("centos6")).anyTimes();
+
+ ExtensionLinkDAO linkDao = injector.getInstance(ExtensionLinkDAO.class);
+ expect(linkDao.findByStack(anyString(), anyString())).andReturn(Collections.<ExtensionLinkEntity>emptyList()).anyTimes();
+
+ TypedQuery<StackEntity> query = createNiceMock(TypedQuery.class);
+ expect(query.setMaxResults(1)).andReturn(query).anyTimes();
+ expect(query.getSingleResult()).andReturn(null).anyTimes();
+
+ EntityManager entityManager = injector.getInstance(EntityManager.class);
+ expect(entityManager.createNamedQuery("StackEntity.findByNameAndVersion", StackEntity.class)).andReturn(query).anyTimes();
+ expect(entityManager.find(EasyMock.eq(MetainfoEntity.class), anyString())).andReturn(createNiceMock(MetainfoEntity.class)).anyTimes();
+
+ AmbariMetaInfo metaInfo = new AmbariMetaInfo(injector.getInstance(Configuration.class));
+
+ replayAll();
+
+ injector.injectMembers(metaInfo);
+ metaInfo.init();
+
+ KerberosDescriptor hdp24 = metaInfo.getKerberosDescriptor("HDP", "2.4");
+ KerberosDescriptor hdp25 = metaInfo.getKerberosDescriptor("HDP", "2.5");
+ KerberosDescriptor user = new KerberosDescriptor(hdp24.toMap());
+
+ KerberosDescriptor updated = KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(hdp24, hdp25, user);
+
+ KerberosDescriptor composite = new KerberosDescriptor(hdp25.toMap());
+ composite.update(updated);
+ Assert.assertEquals(GSON.toJson(hdp25.toMap()), GSON.toJson(composite.toMap()));
+ }
+
+ @Test
+ public void testUpdateProperties() throws AmbariException {
+ KerberosDescriptor oldValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance("{" +
+ " \"properties\": {" +
+ " \"realm\": \"${kerberos-env/realm}\"," +
+ " \"keytab_dir\": \"/etc/security/keytabs\"," +
+ " \"additional_realms\": \"\"," +
+ " \"old_property\": \"old_value\"" +
+ " }" +
+ "}");
+
+ KerberosDescriptor newValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance("{" +
+ " \"properties\": {" +
+ " \"realm\": \"${kerberos-env/realm}\"," +
+ " \"keytab_dir\": \"/etc/security/keytabs\"," +
+ " \"additional_realms\": \"\"," +
+ " \"new_property\": \"new_value\"" +
+ " }" +
+ "}");
+
+ KerberosDescriptor userValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance("{" +
+ " \"properties\": {" +
+ " \"realm\": \"EXAMPLE.COM\"," +
+ " \"keytab_dir\": \"/etc/security/keytabs\"," +
+ " \"additional_realms\": \"\"," +
+ " \"old_property\": \"old_value\"" +
+ " }" +
+ "}");
+
+ KerberosDescriptor updatedUserValue = KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(
+ oldValue,
+ newValue,
+ userValue);
+
+ // "old_property" is removed
+ // "new_property" is added
+ // "realm" retains user set value
+ Assert.assertEquals(
+ KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"properties\": {\n" +
+ " \"new_property\": \"new_value\",\n" +
+ " \"realm\": \"EXAMPLE.COM\",\n" +
+ " \"additional_realms\": \"\",\n" +
+ " \"keytab_dir\": \"/etc/security/keytabs\"\n" +
+ " }\n" +
+ "}"),
+ updatedUserValue);
+ }
+
+ @Test
+ public void testUpdateIdentities() throws AmbariException {
+ KerberosDescriptor oldValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{" +
+ " \"identities\": [" +
+ " {" +
+ " \"name\": \"spnego\"," +
+ " \"principal\": {" +
+ " \"value\": \"HTTP/_HOST@${realm}\"," +
+ " \"type\": \"service\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/spnego.service.keytab\"," +
+ " \"owner\": {" +
+ " \"name\": \"root\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"group\": {" +
+ " \"name\": \"${cluster-env/user_group}\"," +
+ " \"access\": \"r\"" +
+ " }" +
+ " }" +
+ " }," +
+ " {" +
+ " \"name\": \"smokeuser\"," +
+ " \"principal\": {" +
+ " \"value\": \"old_value@${realm}\"," +
+ " \"type\": \"user\"," +
+ " \"configuration\": \"cluster-env/smokeuser_principal_name\"," +
+ " \"local_username\": \"${cluster-env/smokeuser}\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/smokeuser.headless.keytab\"," +
+ " \"owner\": {" +
+ " \"name\": \"${cluster-env/smokeuser}\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"group\": {" +
+ " \"name\": \"${cluster-env/user_group}\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"configuration\": \"cluster-env/smokeuser_keytab\"" +
+ " }" +
+ " }," +
+ " {" +
+ " \"name\": \"old_identity\"," +
+ " \"principal\": {" +
+ " \"value\": \"foobar-${cluster_name|toLower()}@${realm}\"," +
+ " \"type\": \"user\"," +
+ " \"configuration\": \"cluster-env/ambari_principal_name\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/ambari.server.keytab\"" +
+ " }" +
+ " }" +
+ " ]" +
+ "}");
+
+ KerberosDescriptor newValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{" +
+ " \"identities\": [" +
+ " {" +
+ " \"name\": \"spnego\"," +
+ " \"principal\": {" +
+ " \"value\": \"HTTP/_HOST@${realm}\"," +
+ " \"type\": \"service\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/spnego.service.keytab\"," +
+ " \"owner\": {" +
+ " \"name\": \"root\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"group\": {" +
+ " \"name\": \"${cluster-env/user_group}\"," +
+ " \"access\": \"r\"" +
+ " }" +
+ " }" +
+ " }," +
+ " {" +
+ " \"name\": \"smokeuser\"," +
+ " \"principal\": {" +
+ " \"value\": \"${cluster-env/smokeuser}-${cluster_name|toLower()}@${realm}\"," +
+ " \"type\": \"user\"," +
+ " \"configuration\": \"cluster-env/smokeuser_principal_name\"," +
+ " \"local_username\": \"${cluster-env/smokeuser}\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"updated_dir/smokeuser.headless.keytab\"," +
+ " \"owner\": {" +
+ " \"name\": \"${cluster-env/smokeuser}\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"group\": {" +
+ " \"name\": \"${cluster-env/user_group}\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"configuration\": \"cluster-env/smokeuser_keytab\"" +
+ " }" +
+ " }," +
+ " {" +
+ " \"name\": \"ambari-server\"," +
+ " \"principal\": {" +
+ " \"value\": \"ambari-server-${cluster_name|toLower()}@${realm}\"," +
+ " \"type\": \"user\"," +
+ " \"configuration\": \"cluster-env/ambari_principal_name\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/ambari.server.keytab\"" +
+ " }" +
+ " }" +
+ " ]" +
+ "}");
+
+ KerberosDescriptor userValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{" +
+ " \"identities\": [" +
+ " {" +
+ " \"name\": \"spnego\"," +
+ " \"principal\": {" +
+ " \"value\": \"CHANGED_HTTP/_HOST@${realm}\"," +
+ " \"type\": \"service\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/spnego.service.keytab\"," +
+ " \"owner\": {" +
+ " \"name\": \"root\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"group\": {" +
+ " \"name\": \"${cluster-env/user_group}\"," +
+ " \"access\": \"r\"" +
+ " }" +
+ " }" +
+ " }," +
+ " {" +
+ " \"name\": \"smokeuser\"," +
+ " \"principal\": {" +
+ " \"value\": \"old_value@${realm}\"," +
+ " \"type\": \"user\"," +
+ " \"configuration\": \"cluster-env/smokeuser_principal_name\"," +
+ " \"local_username\": \"${cluster-env/smokeuser}\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"custom_dir/smokeuser.headless.keytab\"," +
+ " \"owner\": {" +
+ " \"name\": \"${cluster-env/smokeuser}\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"group\": {" +
+ " \"name\": \"${cluster-env/user_group}\"," +
+ " \"access\": \"r\"" +
+ " }," +
+ " \"configuration\": \"cluster-env/smokeuser_keytab\"" +
+ " }" +
+ " }," +
+ " {" +
+ " \"name\": \"old_identity\"," +
+ " \"principal\": {" +
+ " \"value\": \"foobar-${cluster_name|toLower()}@${realm}\"," +
+ " \"type\": \"user\"," +
+ " \"configuration\": \"cluster-env/ambari_principal_name\"" +
+ " }," +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/ambari.server.keytab\"" +
+ " }" +
+ " }" +
+ " ]" +
+ "}");
+
+
+ KerberosDescriptor updatedUserValue = KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(
+ oldValue,
+ newValue,
+ userValue);
+
+ Assert.assertEquals(
+ GSON.toJson(KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"spnego\",\n" +
+ " \"principal\": {\n" +
+ " \"value\": \"CHANGED_HTTP/_HOST@${realm}\",\n" +
+ " \"type\": \"service\"\n" +
+ " },\n" +
+ " \"keytab\": {\n" +
+ " \"file\": \"${keytab_dir}/spnego.service.keytab\",\n" +
+ " \"owner\": {\n" +
+ " \"name\": \"root\",\n" +
+ " \"access\": \"r\"\n" +
+ " },\n" +
+ " \"group\": {\n" +
+ " \"name\": \"${cluster-env/user_group}\",\n" +
+ " \"access\": \"r\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"smokeuser\",\n" +
+ " \"principal\": {\n" +
+ " \"value\": \"${cluster-env/smokeuser}-${cluster_name|toLower()}@${realm}\",\n" +
+ " \"local_username\": \"${cluster-env/smokeuser}\",\n" +
+ " \"configuration\": \"cluster-env/smokeuser_principal_name\",\n" +
+ " \"type\": \"user\"\n" +
+ " },\n" +
+ " \"keytab\": {\n" +
+ " \"file\": \"custom_dir/smokeuser.headless.keytab\",\n" +
+ " \"owner\": {\n" +
+ " \"name\": \"${cluster-env/smokeuser}\",\n" +
+ " \"access\": \"r\"\n" +
+ " },\n" +
+ " \"group\": {\n" +
+ " \"name\": \"${cluster-env/user_group}\",\n" +
+ " \"access\": \"r\"\n" +
+ " },\n" +
+ " \"configuration\": \"cluster-env/smokeuser_keytab\"\n" +
+ " }\n" +
+ " }\n" +
+ " ]\n" +
+ "}").toMap()),
+ GSON.toJson(updatedUserValue.toMap()));
+
+ // Test that the merge of the default (stack) Kerberos descriptor and the updated user-specified
+ // Kerberos descriptor yield the expected composite Kerberos descriptor.
+ newValue.update(updatedUserValue);
+
+ Assert.assertEquals(
+ GSON.toJson(KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"ambari-server\",\n" +
+ " \"principal\": {\n" +
+ " \"value\": \"ambari-server-${cluster_name|toLower()}@${realm}\",\n" +
+ " \"configuration\": \"cluster-env/ambari_principal_name\",\n" +
+ " \"type\": \"user\"\n" +
+ " },\n" +
+ " \"keytab\": {\n" +
+ " \"file\": \"${keytab_dir}/ambari.server.keytab\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"spnego\",\n" +
+ " \"principal\": {\n" +
+ " \"value\": \"CHANGED_HTTP/_HOST@${realm}\",\n" +
+ " \"type\": \"service\"\n" +
+ " },\n" +
+ " \"keytab\": {\n" +
+ " \"file\": \"${keytab_dir}/spnego.service.keytab\",\n" +
+ " \"owner\": {\n" +
+ " \"name\": \"root\",\n" +
+ " \"access\": \"r\"\n" +
+ " },\n" +
+ " \"group\": {\n" +
+ " \"name\": \"${cluster-env/user_group}\",\n" +
+ " \"access\": \"r\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"smokeuser\",\n" +
+ " \"principal\": {\n" +
+ " \"value\": \"${cluster-env/smokeuser}-${cluster_name|toLower()}@${realm}\",\n" +
+ " \"local_username\": \"${cluster-env/smokeuser}\",\n" +
+ " \"configuration\": \"cluster-env/smokeuser_principal_name\",\n" +
+ " \"type\": \"user\"\n" +
+ " },\n" +
+ " \"keytab\": {\n" +
+ " \"file\": \"custom_dir/smokeuser.headless.keytab\",\n" +
+ " \"owner\": {\n" +
+ " \"name\": \"${cluster-env/smokeuser}\",\n" +
+ " \"access\": \"r\"\n" +
+ " },\n" +
+ " \"group\": {\n" +
+ " \"name\": \"${cluster-env/user_group}\",\n" +
+ " \"access\": \"r\"\n" +
+ " },\n" +
+ " \"configuration\": \"cluster-env/smokeuser_keytab\"\n" +
+ " }\n" +
+ " }\n" +
+ " ]\n" +
+ "}").toMap()),
+ GSON.toJson(newValue.toMap()));
+ }
+
+ @Test
+ public void testUpdateConfigurations() throws AmbariException {
+ KerberosDescriptor oldValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"core-site\": {\n" +
+ " \"hadoop.security.authentication\": \"kerberos\",\n" +
+ " \"hadoop.security.authorization\": \"true\",\n" +
+ " \"hadoop.proxyuser.HTTP.groups\": \"${hadoop-env/proxyuser_group}\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"some-site\": {\n" +
+ " \"property.unchanged\": \"value 1\",\n" +
+ " \"property.removed\": \"removed value\",\n" +
+ " \"property.altered\": \"old value\"\n," +
+ " \"property.property.changed.in.new\": \"orig value\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"old-site\": {\n" +
+ " \"property\": \"value\"\n" +
+ " }\n" +
+ " }\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor newValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"core-site\": {\n" +
+ " \"hadoop.security.authentication\": \"kerberos\",\n" +
+ " \"hadoop.security.authorization\": \"true\",\n" +
+ " \"hadoop.proxyuser.HTTP.groups\": \"${hadoop-env/proxyuser_group}\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"some-site\": {\n" +
+ " \"property.unchanged\": \"value 1\",\n" +
+ " \"property.added\": \"added value\",\n" +
+ " \"property.altered\": \"new value\",\n" +
+ " \"property.changed.in.new\": \"new value\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"new-site\": {\n" +
+ " \"property.for.new.site\": \"value\"\n" +
+ " }\n" +
+ " }\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor userValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"core-site\": {\n" +
+ " \"hadoop.security.authentication\": \"kerberos\",\n" +
+ " \"hadoop.security.authorization\": \"true\",\n" +
+ " \"hadoop.proxyuser.HTTP.groups\": \"${hadoop-env/proxyuser_group}\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"some-site\": {\n" +
+ " \"property.unchanged\": \"value 1\",\n" +
+ " \"property.removed\": \"changed removed value\",\n" +
+ " \"property.altered\": \"custom value\"\n," +
+ " \"property.property.changed.in.new\": \"orig value\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"old-site\": {\n" +
+ " \"property\": \"value\"\n" +
+ " }\n" +
+ " }\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor updatedUserValue = KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(
+ oldValue,
+ newValue,
+ userValue);
+
+ Assert.assertEquals(
+ GSON.toJson(KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"core-site\": {\n" +
+ " \"hadoop.security.authentication\": \"kerberos\",\n" +
+ " \"hadoop.security.authorization\": \"true\",\n" +
+ " \"hadoop.proxyuser.HTTP.groups\": \"${hadoop-env/proxyuser_group}\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"some-site\": {\n" +
+ " \"property.unchanged\": \"value 1\",\n" +
+ " \"property.added\": \"added value\",\n" +
+ " \"property.altered\": \"custom value\",\n" +
+ " \"property.changed.in.new\": \"new value\"\n" +
+ " }\n" +
+ " }\n" +
+ " ]\n" +
+ "}\n").toMap()),
+ GSON.toJson(updatedUserValue.toMap()));
+ }
+
+ @Test
+ public void testUpdateAuthToLocalRules() throws AmbariException {
+ KerberosDescriptor oldValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"auth_to_local_properties\" : [\n" +
+ " \"core-site/hadoop.security.auth_to_local\",\n" +
+ " \"some-site/to.be.removed\"\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor newValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"auth_to_local_properties\" : [\n" +
+ " \"core-site/hadoop.security.auth_to_local\",\n" +
+ " \"some-site/to.be.added\"\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor userValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"auth_to_local_properties\" : [\n" +
+ " \"core-site/hadoop.security.auth_to_local\",\n" +
+ " \"some-site/added.by.user\"\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor updatedUserValue = KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(
+ oldValue,
+ newValue,
+ userValue);
+
+ Assert.assertEquals(
+ KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"auth_to_local_properties\" : [\n" +
+ " \"core-site/hadoop.security.auth_to_local\",\n" +
+ " \"some-site/to.be.added\",\n" +
+ " \"some-site/added.by.user\"\n" +
+ " ]\n" +
+ "}\n"),
+ updatedUserValue);
+ }
+
+ @Test
+ public void testUpdateServices() throws AmbariException {
+ KerberosDescriptor oldValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"services\": [\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"secondary_namenode_nn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"SECONDARY_NAMENODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"HDFS_CLIENT\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.datanode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"dn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"datanode_dn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/dn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.datanode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"hdfs-site\": {\n" +
+ " \"dfs.datanode.address\": \"0.0.0.0:1019\",\n" +
+ " \"dfs.datanode.http.address\": \"0.0.0.0:1022\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"DATANODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/nfs.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nfs/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"nfsgateway\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nfs.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/nfs.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NFS_GATEWAY\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"jn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"journalnode_jn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/jn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"JOURNALNODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hadoop-env/hdfs_principal_name\",\n" +
+ " \"type\": \"user\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"${hadoop-env/hdfs_user}-${cluster_name|toLower()}@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"hdfs\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/hdfs.headless.keytab\",\n" +
+ " \"configuration\": \"hadoop-env/hdfs_user_keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"namenode_nn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"hdfs-site\": {\n" +
+ " \"dfs.block.access.token.enable\": \"true\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NAMENODE\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.web.authentication.kerberos.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"hdfs-site/dfs.web.authentication.kerberos.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"/smokeuser\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"auth_to_local_properties\": [\n" +
+ " \"core-site/hadoop.security.auth_to_local\"\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"core-site\": {\n" +
+ " \"hadoop.security.authorization\": \"true\",\n" +
+ " \"hadoop.security.authentication\": \"kerberos\",\n" +
+ " \"hadoop.proxyuser.HTTP.groups\": \"${hadoop-env/proxyuser_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"HDFS\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\" : [\n" +
+ " {\n" +
+ " \"name\" : \"OLD_SERVICE_CLIENT\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\" : [\n" +
+ " {\n" +
+ " \"name\" : \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\" : \"OLD_SERVICE_FOOBAR\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\" : [\n" +
+ " {\n" +
+ " \"name\" : \"/HDFS/NAMENODE/hdfs\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\" : \"/HIVE/HIVE_SERVER/hive_server_hive\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\" : \"OLD_SERVICE_SERVER\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"identities\" : [\n" +
+ " {\n" +
+ " \"name\" : \"/smokeuser\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\" : \"OLD_SERVICE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${atlas-env/metadata_user}\",\n" +
+ " \"value\": \"atlas/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"atlas\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${atlas-env/metadata_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/atlas.service.keytab\",\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"application-properties/atlas.http.authentication.kerberos.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": \"HTTP/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"/spnego\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"application-properties/atlas.http.authentication.kerberos.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"ATLAS_SERVER\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"auth_to_local_properties\": [\n" +
+ " \"application-properties/atlas.http.authentication.kerberos.name.rules|new_lines_escaped\"\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"application-properties\": {\n" +
+ " \"atlas.authentication.method\": \"kerberos\",\n" +
+ " \"atlas.http.authentication.enabled\": \"true\",\n" +
+ " \"atlas.http.authentication.type\": \"kerberos\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"ATLAS\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"name\": \"EXISTING_SERVICE_CLIENT\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"/HIVE/HIVE_SERVER/hive_server_hive\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"EXISTING_SERVICE_SERVER\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"EXISTING_SERVICE_ORIG_SERVER\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/smokeuser\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"EXISTING_SERVICE\"\n" +
+ " }\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor newValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"services\": [\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"application-properties/atlas.jaas.KafkaClient.option.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${atlas-env/metadata_user}\",\n" +
+ " \"value\": \"atlas/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"atlas\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${atlas-env/metadata_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/atlas.service.keytab\",\n" +
+ " \"configuration\": \"application-properties/atlas.jaas.KafkaClient.option.keyTab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"reference\": \"/ATLAS/ATLAS_SERVER/atlas\",\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"atlas_auth\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.method.kerberos.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": \"HTTP/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"/spnego\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.method.kerberos.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"reference\": \"/ATLAS/ATLAS_SERVER/atlas\",\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"ranger_atlas_audit\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"ATLAS_SERVER\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"auth_to_local_properties\": [\n" +
+ " \"application-properties/atlas.authentication.method.kerberos.name.rules|new_lines_escaped\"\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"ranger-atlas-audit\": {\n" +
+ " \"xasecure.audit.jaas.Client.loginModuleControlFlag\": \"required\",\n" +
+ " \"xasecure.audit.jaas.Client.option.serviceName\": \"solr\",\n" +
+ " \"xasecure.audit.jaas.Client.loginModuleName\": \"com.sun.security.auth.module.Krb5LoginModule\",\n" +
+ " \"xasecure.audit.jaas.Client.option.useKeyTab\": \"true\",\n" +
+ " \"xasecure.audit.jaas.Client.option.storeKey\": \"false\",\n" +
+ " \"xasecure.audit.destination.solr.force.use.inmemory.jaas.config\": \"true\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"application-properties\": {\n" +
+ " \"atlas.kafka.security.protocol\": \"PLAINTEXTSASL\",\n" +
+ " \"atlas.jaas.KafkaClient.option.storeKey\": \"true\",\n" +
+ " \"atlas.solr.kerberos.enable\": \"true\",\n" +
+ " \"atlas.jaas.KafkaClient.loginModuleControlFlag\": \"required\",\n" +
+ " \"atlas.authentication.method.kerberos\": \"true\",\n" +
+ " \"atlas.jaas.KafkaClient.option.useKeyTab\": \"true\",\n" +
+ " \"atlas.kafka.sasl.kerberos.service.name\": \"${kafka-env/kafka_user}\",\n" +
+ " \"atlas.jaas.KafkaClient.loginModuleName\": \"com.sun.security.auth.module.Krb5LoginModule\",\n" +
+ " \"atlas.jaas.KafkaClient.option.serviceName\": \"${kafka-env/kafka_user}\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"ATLAS\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"secondary_namenode_nn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"SECONDARY_NAMENODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"HDFS_CLIENT\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.datanode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"dn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"datanode_dn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/dn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.datanode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"hdfs-site\": {\n" +
+ " \"dfs.datanode.address\": \"0.0.0.0:1019\",\n" +
+ " \"dfs.datanode.http.address\": \"0.0.0.0:1022\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"DATANODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/nfs.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nfs/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"nfsgateway\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nfs.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/nfs.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NFS_GATEWAY\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"jn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"journalnode_jn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/jn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"JOURNALNODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hadoop-env/hdfs_principal_name\",\n" +
+ " \"type\": \"user\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"${hadoop-env/hdfs_user}-${cluster_name|toLower()}@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"hdfs\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/hdfs.headless.keytab\",\n" +
+ " \"configuration\": \"hadoop-env/hdfs_user_keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"namenode_nn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/HDFS/NAMENODE/namenode_nn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"hdfs-site\": {\n" +
+ " \"dfs.block.access.token.enable\": \"true\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NAMENODE\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.web.authentication.kerberos.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"hdfs-site/dfs.web.authentication.kerberos.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"/smokeuser\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"auth_to_local_properties\": [\n" +
+ " \"core-site/hadoop.security.auth_to_local\"\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"ranger-hdfs-audit\": {\n" +
+ " \"xasecure.audit.jaas.Client.loginModuleControlFlag\": \"required\",\n" +
+ " \"xasecure.audit.jaas.Client.option.serviceName\": \"solr\",\n" +
+ " \"xasecure.audit.jaas.Client.loginModuleName\": \"com.sun.security.auth.module.Krb5LoginModule\",\n" +
+ " \"xasecure.audit.jaas.Client.option.useKeyTab\": \"true\",\n" +
+ " \"xasecure.audit.jaas.Client.option.storeKey\": \"false\",\n" +
+ " \"xasecure.audit.destination.solr.force.use.inmemory.jaas.config\": \"true\"\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"core-site\": {\n" +
+ " \"hadoop.security.authorization\": \"true\",\n" +
+ " \"hadoop.security.authentication\": \"kerberos\",\n" +
+ " \"hadoop.proxyuser.HTTP.groups\": \"${hadoop-env/proxyuser_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"HDFS\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"name\": \"NEW_SERVICE_CLIENT\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"/HIVE/HIVE_SERVER/hive_server_hive\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NEW_SERVICE_FOO_BAR\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NEW_SERVICE_SERVER\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/smokeuser\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NEW_SERVICE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"name\": \"EXISTING_SERVICE_CLIENT\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"EXISTING_SERVICE_SERVER\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"EXISTING_SERVICE_NEW_SERVER\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/smokeuser\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"/HIVE/HIVE_SERVER/hive_server_hive\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"EXISTING_SERVICE\"\n" +
+ " }\n" +
+ " ]\n" +
+ "}\n");
+
+ KerberosDescriptor userValue = KERBEROS_DESCRIPTOR_FACTORY.createInstance(oldValue.toMap());
+
+ KerberosDescriptor updatedUserValue = KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(
+ oldValue,
+ newValue,
+ userValue);
+
+ Assert.assertEquals(
+ GSON.toJson(KERBEROS_DESCRIPTOR_FACTORY.createInstance(
+ "{\n" +
+ " \"services\": [\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"application-properties/atlas.jaas.KafkaClient.option.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${atlas-env/metadata_user}\",\n" +
+ " \"value\": \"atlas/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"atlas\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${atlas-env/metadata_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/atlas.service.keytab\",\n" +
+ " \"configuration\": \"application-properties/atlas.jaas.KafkaClient.option.keyTab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.method.kerberos.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": \"HTTP/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"/spnego\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"application-properties/atlas.authentication.method.kerberos.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"ATLAS_SERVER\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"auth_to_local_properties\": [\n" +
+ " \"application-properties/atlas.authentication.method.kerberos.name.rules|new_lines_escaped\"\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"application-properties\": {\n" +
+ " \"atlas.kafka.security.protocol\": \"PLAINTEXTSASL\",\n" +
+ " \"atlas.jaas.KafkaClient.option.storeKey\": \"true\",\n" +
+ " \"atlas.solr.kerberos.enable\": \"true\",\n" +
+ " \"atlas.jaas.KafkaClient.loginModuleControlFlag\": \"required\",\n" +
+ " \"atlas.authentication.method.kerberos\": \"true\",\n" +
+ " \"atlas.jaas.KafkaClient.option.useKeyTab\": \"true\",\n" +
+ " \"atlas.kafka.sasl.kerberos.service.name\": \"${kafka-env/kafka_user}\",\n" +
+ " \"atlas.jaas.KafkaClient.loginModuleName\": \"com.sun.security.auth.module.Krb5LoginModule\",\n" +
+ " \"atlas.jaas.KafkaClient.option.serviceName\": \"${kafka-env/kafka_user}\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"ATLAS\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"secondary_namenode_nn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"SECONDARY_NAMENODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"name\": \"/HDFS/NAMENODE/hdfs\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"HDFS_CLIENT\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.datanode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"dn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"datanode_dn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/dn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.datanode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"hdfs-site\": {\n" +
+ " \"dfs.datanode.address\": \"0.0.0.0:1019\",\n" +
+ " \"dfs.datanode.http.address\": \"0.0.0.0:1022\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"DATANODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/nfs.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nfs/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"nfsgateway\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nfs.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/nfs.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NFS_GATEWAY\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"jn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"journalnode_jn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/jn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"JOURNALNODE\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hadoop-env/hdfs_principal_name\",\n" +
+ " \"type\": \"user\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"${hadoop-env/hdfs_user}-${cluster_name|toLower()}@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"hdfs\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/hdfs.headless.keytab\",\n" +
+ " \"configuration\": \"hadoop-env/hdfs_user_keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.kerberos.principal\",\n" +
+ " \"type\": \"service\",\n" +
+ " \"local_username\": \"${hadoop-env/hdfs_user}\",\n" +
+ " \"value\": \"nn/_HOST@${realm}\"\n" +
+ " },\n" +
+ " \"name\": \"namenode_nn\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": \"r\",\n" +
+ " \"name\": \"${hadoop-env/hdfs_user}\"\n" +
+ " },\n" +
+ " \"file\": \"${keytab_dir}/nn.service.keytab\",\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.keytab.file\",\n" +
+ " \"group\": {\n" +
+ " \"access\": \"\",\n" +
+ " \"name\": \"${cluster-env/user_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.namenode.kerberos.internal.spnego.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"hdfs-site\": {\n" +
+ " \"dfs.block.access.token.enable\": \"true\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"NAMENODE\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"identities\": [\n" +
+ " {\n" +
+ " \"principal\": {\n" +
+ " \"configuration\": \"hdfs-site/dfs.web.authentication.kerberos.principal\",\n" +
+ " \"type\": null,\n" +
+ " \"local_username\": null,\n" +
+ " \"value\": null\n" +
+ " },\n" +
+ " \"name\": \"/spnego\",\n" +
+ " \"keytab\": {\n" +
+ " \"owner\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " },\n" +
+ " \"file\": null,\n" +
+ " \"configuration\": \"hdfs-site/dfs.web.authentication.kerberos.keytab\",\n" +
+ " \"group\": {\n" +
+ " \"access\": null,\n" +
+ " \"name\": null\n" +
+ " }\n" +
+ " }\n" +
+ " },\n" +
+ " {\n" +
+ " \"name\": \"/smokeuser\"\n" +
+ " }\n" +
+ " ],\n" +
+ " \"auth_to_local_properties\": [\n" +
+ " \"core-site/hadoop.security.auth_to_local\"\n" +
+ " ],\n" +
+ " \"configurations\": [\n" +
+ " {\n" +
+ " \"core-site\": {\n" +
+ " \"hadoop.security.authorization\": \"true\",\n" +
+ " \"hadoop.security.authentication\": \"kerberos\",\n" +
+ " \"hadoop.proxyuser.HTTP.groups\": \"${hadoop-env/proxyuser_group}\"\n" +
+ " }\n" +
+ " }\n" +
+ " ],\n" +
+ " \"name\": \"HDFS\"\n" +
+ " },\n" +
+ " {\n" +
+ " \"components\": [\n" +
+ " {\n" +
+ " \"name\": \"EXISTING_SERVICE_CLIENT\"\n" +
+ " },\n" +
+
<TRUNCATED>