You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by am...@apache.org on 2018/05/29 14:57:39 UTC

[ambari] branch trunk updated: [AMBARI-23962] Improvements for credential_store_helper to include all features (#1391)

This is an automated email from the ASF dual-hosted git repository.

amagyar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 9a728ff  [AMBARI-23962] Improvements for credential_store_helper to include all features (#1391)
9a728ff is described below

commit 9a728ffb083ee7de6dd46a8973df5517cd241d18
Author: amerissa <am...@gmail.com>
AuthorDate: Tue May 29 10:57:29 2018 -0400

    [AMBARI-23962] Improvements for credential_store_helper to include all features (#1391)
    
    * When installing Atlas/Ranger with HTTPS ambari-infra (solr), the script does not account for the truststore. By default we should be picking up the truststore information from Ambari Infra. Failure to do so will result in PKIX error. It happens when installing fresh and SSL is preenabled
    
    * Add all of credentialapi.jar features to credential_store_helper.py
    
    * Adjust the regex filter
    
    * revert solr_cloud_util.py to master
    
    * Adjustment as per @zeroflag.
    
    * Adjustment as per @zeroflag.
---
 .../ambari_commons/credential_store_helper.py      | 47 ++++++++++++++++++++--
 1 file changed, 43 insertions(+), 4 deletions(-)

diff --git a/ambari-common/src/main/python/ambari_commons/credential_store_helper.py b/ambari-common/src/main/python/ambari_commons/credential_store_helper.py
index 81b59a4..cc392d0 100644
--- a/ambari-common/src/main/python/ambari_commons/credential_store_helper.py
+++ b/ambari-common/src/main/python/ambari_commons/credential_store_helper.py
@@ -19,17 +19,24 @@ limitations under the License.
 """
 
 import os
+import re
 
-from resource_management.core.resources.system import File
+from resource_management.core.resources.system import File, Execute
 from resource_management.core.shell import checked_call
 from resource_management.core.source import DownloadSource
+from resource_management.core.utils import PasswordString
 
 credential_util_cmd = 'org.apache.ambari.server.credentialapi.CredentialUtil'
 credential_util_jar = 'CredentialUtil.jar'
 
-def get_password_from_credential_store(alias, provider_path, cs_lib_path, java_home, jdk_location):
+def removeloglines(lines):
+    regex = re.compile(r'^(([0-1][0-9])|([2][0-3])):([0-5][0-9])(:[0-5][0-9])[,]\d{1,3}')
+    cleanlines = [x for x in lines if not regex.match(x)]
+    return(cleanlines)
+
+def downloadjar(cs_lib_path, jdk_location):
     # Try to download CredentialUtil.jar from ambari-server resources
-    credential_util_dir = cs_lib_path.split('*')[0] # Remove the trailing '*'
+    credential_util_dir = cs_lib_path.split('*')[0].split(":")[-1] # Remove the trailing '*' and get the last directory if an entire path is passed
     credential_util_path = os.path.join(credential_util_dir, credential_util_jar)
     credential_util_url =  jdk_location + '/' + credential_util_jar
     File(credential_util_path,
@@ -37,9 +44,41 @@ def get_password_from_credential_store(alias, provider_path, cs_lib_path, java_h
          mode = 0755,
          )
 
+def get_password_from_credential_store(alias, provider_path, cs_lib_path, java_home, jdk_location):
+    downloadjar(cs_lib_path, jdk_location)
+
     # Execute a get command on the CredentialUtil CLI to get the password for the specified alias
     java_bin = '{java_home}/bin/java'.format(java_home=java_home)
     cmd = (java_bin, '-cp', cs_lib_path, credential_util_cmd, 'get', alias, '-provider', provider_path)
     cmd_result, std_out_msg  = checked_call(cmd)
     std_out_lines = std_out_msg.split('\n')
-    return std_out_lines[-1] # Get the last line of the output, to skip warnings if any.
\ No newline at end of file
+    return(removeloglines(std_out_lines)[0]) # Get the last line of the output, to skip warnings if any.
+
+
+def list_aliases_from_credential_store(provider_path, cs_lib_path, java_home, jdk_location):
+    downloadjar(cs_lib_path, jdk_location)
+
+    # Execute a get command on the CredentialUtil CLI to list all the aliases
+    java_bin = '{java_home}/bin/java'.format(java_home=java_home)
+    cmd = (java_bin, '-cp', cs_lib_path, credential_util_cmd, 'list', '-provider', provider_path)
+    cmd_result, std_out_msg  = checked_call(cmd)
+    std_out_lines = std_out_msg.split('\n')
+    return(removeloglines(std_out_lines)[1:]) # Get the last line of the output, to skip warnings if any.
+
+
+def delete_alias_from_credential_store(alias, provider_path, cs_lib_path, java_home, jdk_location):
+    downloadjar(cs_lib_path, jdk_location)
+
+    #Execute the creation and overwrite password
+    java_bin = '{java_home}/bin/java'.format(java_home=java_home)
+    cmd = (java_bin, '-cp', cs_lib_path, credential_util_cmd, 'delete', alias, '-provider', provider_path, '-f')
+    Execute(cmd)
+
+
+def create_password_in_credential_store(alias, provider_path, cs_lib_path, java_home, jdk_location, password):
+    downloadjar(cs_lib_path, jdk_location)
+
+    #Execute the creation and overwrite password
+    java_bin = '{java_home}/bin/java'.format(java_home=java_home)
+    cmd = (java_bin, '-cp', cs_lib_path, credential_util_cmd, 'create', alias, '-value', PasswordString(password) ,'-provider', provider_path, '-f')
+    Execute(cmd)

-- 
To stop receiving notification emails like this one, please contact
amagyar@apache.org.