You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "John Speidel (JIRA)" <ji...@apache.org> on 2015/02/14 23:28:11 UTC

[jira] [Resolved] (AMBARI-9640) Allow the KDC admin credentials stored in session to be validated via the REST API

     [ https://issues.apache.org/jira/browse/AMBARI-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

John Speidel resolved AMBARI-9640.
----------------------------------
    Resolution: Fixed

merged to trunk

> Allow the KDC admin credentials stored in session to be validated via the REST API
> ----------------------------------------------------------------------------------
>
>                 Key: AMBARI-9640
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9640
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server, security
>            Reporter: John Speidel
>            Assignee: John Speidel
>            Priority: Critical
>             Fix For: 2.0.0
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Based on my conversation with [~rlevas] I understand that the UI wants an api that indicates whether the kdc admin credentials are set in session at the time of the call and that they are valid.  
> Based on this requirement I am proposing adding this information as part of the kerberos service.
> Specifically, the properties, "Services/attributes/kdc_validation_result" and "Services/attributes/kdc_validation_failure_details" will be added to the response.
> GET api/v1/clusters/c1/services/KERBEROS
> {code}
> {
>   "href" : "http://172.18.192.1:8080/api/v1/clusters/c1/services/KERBEROS",
>   "ServiceInfo" : {
>     "cluster_name" : "c1",
>     "maintenance_state" : "OFF",
>     "service_name" : "KERBEROS",
>     "state" : "INSTALLED"
>   },
>   "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "OK"
>     }
>   }
> }
> {code}
> In the case of missing credentials:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "MISSING_CREDENTIALS",
>       "kdc_validation_failure_details" : "Missing KDC administrator credentials.\nThe KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:\n{\n  \"session_attributes\" : {\n    \"kerberos_admin\" : {\"principal\" : \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n  }\n}"
>     }
>   }
> }
> {code}
> For invalid credentials:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "INVALID_CREDENTIALS",
>       "kdc_validation_failure_details" : "Invalid KDC administrator credentials.\nThe KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:\n{\n  \"session_attributes\" : {\n    \"kerberos_admin\" : {\"principal\" : \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n  }\n}"
>     }
>   }
> }
> {code}
> For bad configuration:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "INVALID_CONFIGURATION",
>       "kdc_validation_failure_details" : "The 'kerberos-env/kdc_type' value must be set to a valid KDC type"
>     }
>   }
> }
> {code}
> And for all other errors:
> {code}
> {
>    ...
>    "Services" : {
>     "attributes" : {
>       "kdc_validation_result" : "VALIDATION_ERROR",
>       "kdc_validation_failure_details" : "..."
>     }
>   }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)