You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2015/10/02 01:42:26 UTC
[jira] [Commented] (AMBARI-13214) Create a credentials resource
used to securely set, update, and remove credentials used by Ambari
[ https://issues.apache.org/jira/browse/AMBARI-13214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14940600#comment-14940600 ]
Hudson commented on AMBARI-13214:
---------------------------------
SUCCESS: Integrated in Ambari-branch-2.1 #627 (See [https://builds.apache.org/job/Ambari-branch-2.1/627/])
AMBARI-13214. Create a credentials resource used to securely set, (rlevas: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=7a9623800b8a82e3927c08c8d059f61807869c3a])
* ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImpl.java
* ambari-server/src/main/java/org/apache/ambari/server/security/credential/PrincipalKeyCredential.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStoreService.java
* ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/AbstractCredentialStore.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreType.java
* ambari-server/src/main/java/org/apache/ambari/server/api/resources/CredentialResourceDefinition.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
* ambari-server/docs/api/v1/index.md
* ambari-server/docs/api/v1/credential-delete.md
* ambari-server/src/main/java/org/apache/ambari/server/security/credential/InvalidCredentialValueException.java
* ambari-server/src/main/java/org/apache/ambari/server/security/credential/Credential.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStore.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
* ambari-server/docs/api/v1/credential-list.md
* ambari-server/docs/api/v1/credential-update.md
* ambari-server/docs/api/v1/credential-get.md
* ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
* ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
* ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreTest.java
* ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
* ambari-server/src/main/java/org/apache/ambari/server/api/services/CredentialService.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/CredentialResourceProvider.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStore.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialProvider.java
* ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/CredentialStoreService.java
* ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
* ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
* ambari-server/src/main/java/org/apache/ambari/server/security/encryption/FileBasedCredentialStore.java
* ambari-server/src/main/java/org/apache/ambari/server/security/credential/GenericKeyCredential.java
* ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
* ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceTest.java
* ambari-server/docs/api/v1/credential-resources.md
* ambari-server/src/main/java/org/apache/ambari/server/security/credential/CredentialFactory.java
* ambari-server/docs/api/v1/credential-create.md
* ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
* ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/ClusterResponse.java
* ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
> Create a credentials resource used to securely set, update, and remove credentials used by Ambari
> -------------------------------------------------------------------------------------------------
>
> Key: AMBARI-13214
> URL: https://issues.apache.org/jira/browse/AMBARI-13214
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.3
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: security
> Fix For: 2.1.3
>
> Attachments: AMBARI-13214_branch-2.1_01.patch, AMBARI-13214_trunk_01.patch
>
>
> Storage of the credentials is to be done using the existing _secure_ credentials provider API which already exits within Ambari. See {{org.apache.ambari.server.security.encryption.CredentialStoreService}} and {{org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl}}.
> Credential may be stored in either Ambari's persistent or temporary secure storage facilities.
> *Test capabilities*
> * Request
> {noformat}GET api/v1/clusters/{CLUSTER_NAME}{noformat}
> * Responses
> {code:title=200 OK}
> {
> ...
> "credential_store_properties" : {
> "storage.persistent" : "true",
> "storage.temporary" : "true"
> },
> ...
> }
> {code}
> *Setting the credentials*
> * Request
> {noformat}POST /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> {code:title=payload}
> {
> "Credential" : {
> "principal" : "USERNAME",
> "key" : "SECRET",
> "type" : "persisted"
> }
> }
> {code}
> Where:
> ** principal: the principal (or username) part of the credential to store
> ** key: the secret key part of the credential to store
> ** type: declares the storage facility type: persisted or temporary
> * Responses
> {code:title=200 OK}
> <empty>
> {code}
> {code:title=400 Bad Request}
> {
> "status": 400,
> "message": "Cannot persist credential in Ambari's secure credential store since secure storage has not yet be configured. Use ambari-server setup-security to enable this feature."
> }
> {code}
> {code:title=403 Forbidden}
> {
> "status": 403,
> "message": "You do not have permissions to access this resource."
> }
> {code}
> *Updating the credentials*
> * Request
> {noformat}PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> {code:title=payload}
> {
> "Credential" : {
> "principal" : "USERNAME",
> "key" : "SECRET1",
> "type" : "persisted"
> }
> }
> {code}
> Where:
> ** principal: the principal (or username) part of the credential to store
> ** key: the secret key part of the credential to store
> ** type: declares the storage facility type: persisted or temporary
> * Responses
> {code:title=200 OK}
> <empty>
> {code}
> {code:title=400 Bad Request}
> {
> "status": 400,
> "message": "Cannot persist credential in Ambari's secure credential store since secure storage has not yet be configured. Use ambari-server setup-security to enable this feature."
> }
> {code}
> {code:title=403 Forbidden}
> {
> "status": 403,
> "message": "You do not have permissions to access this resource."
> }
> {code}
> *Removing the credentials*
> * Request
> {noformat}DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> * Responses
> {code:title=200 OK}
> <empty>
> {code}
> {code:title=404 Not Found}
> {
> "status": 404,
> "message": "Not Found"
> }
> {code}
> {code:title=403 Forbidden}
> {
> "status": 403,
> "message": "You do not have permissions to access this resource."
> }
> {code}
> *Listing credentials*
> * Request
> {noformat}GET /api/v1/clusters/{CLUSTER_NAME}/credentials{noformat}
> * Responses
> {code:title=200 OK}
> {
> "href" : "http://host:8080/api/v1/clusters/c1/credentials",
> "items" : [
> {
> "href" : "http://host:8080/api/v1/clusters/c1/credentials/kdc.admin.credentials",
> "Credential" : {
> "alias" : "kdc.admin.credentials",
> "cluster_name" : "c1"
> }
> },
> {
> "href" : "http://host:8080/api/v1/clusters/c1/credentials/service.admin.credentials",
> "Credential" : {
> "alias" : "service.admin.credentials",
> "cluster_name" : "c1"
> }
> }
> ]
> }
> {code}
> {code:title=404 Not Found}
> {
> "status": 404,
> "message": "Not Found"
> }
> {code}
> {code:title=403 Forbidden}
> {
> "status": 403,
> "message": "You do not have permissions to access this resource."
> }
> {code}
> *Retrieving credentials*
> * Request
> {noformat}GET /api/v1/clusters/{CLUSTER_NAME}/credentials/{ALIAS}{noformat}
> * Responses
> {code:title=200 OK}
> {
> "href" : "http://host:8080/api/v1/clusters/c1/credentials/kdc.admin.credentials",
> "Credential" : {
> "alias" : "kdc.admin.credentials",
> "cluster_name" : "c1",
> "type" : "persisted"
> }
> }
> {code}
> {code:title=404 Not Found}
> {
> "status": 404,
> "message": "Not Found"
> }
> {code}
> {code:title=403 Forbidden}
> {
> "status": 403,
> "message": "You do not have permissions to access this resource."
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)