You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Sandor Magyari <sm...@hortonworks.com> on 2017/04/20 16:00:14 UTC
Re: Review Request 57610: Filter out kerberos rules in exported
blueprint
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57610/#review172506
-----------------------------------------------------------
I've suggested using the thread local but overall looking at the patch now, it seems to me a litle bit overcomplicated.
May be it would much more simplier if we could pass authToLocal properties to KerberosAuthToLocalRulesFilter directly to the constructor. So instead of creating a static list of filters, we could create this list of filters (exportPropertyFilters) in doFilterPriorToExport method before filtering code - as it's not used anywhere else - where you can easily get authToLocal properties for the given cluster then pass it to KerberosAuthToLocalRulesFilter instance through the constructor. So I think actually we don't need to keep the list of filters statically all the time, we can create the list just for the time of export filtering.
- Sandor Magyari
On April 18, 2017, 9:13 p.m., Amruta Borkar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57610/
> -----------------------------------------------------------
>
> (Updated April 18, 2017, 9:13 p.m.)
>
>
> Review request for Ambari, Di Li, Robert Levas, Robert Nettleton, and Sandor Magyari.
>
>
> Bugs: AMBARI-20366
> https://issues.apache.org/jira/browse/AMBARI-20366
>
>
> Repository: ambari
>
>
> Description
> -------
>
> If blueprint is exported from a kerberos enabled cluster Kerberos rules export principal names which contain cluster name and Realm, this patch filter out kerberos rules properties so that hardcoded cluster name and realm are not exported.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java bb771a54a6
> ambari-server/src/test/java/org/apache/ambari/server/api/query/render/ClusterBlueprintRendererTest.java 13db5f8b56
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java 5c1836a87d
>
>
> Diff: https://reviews.apache.org/r/57610/diff/4/
>
>
> Testing
> -------
>
> Tested manually.
> Modified test cases.
>
>
> Thanks,
>
> Amruta Borkar
>
>
Re: Review Request 57610: Filter out kerberos rules in exported
blueprint
Posted by Amruta Borkar <ar...@us.ibm.com>.
> On April 20, 2017, 4 p.m., Sandor Magyari wrote:
> > I've suggested using the thread local but overall looking at the patch now, it seems to me a litle bit overcomplicated.
> > May be it would much more simplier if we could pass authToLocal properties to KerberosAuthToLocalRulesFilter directly to the constructor. So instead of creating a static list of filters, we could create this list of filters (exportPropertyFilters) in doFilterPriorToExport method before filtering code - as it's not used anywhere else - where you can easily get authToLocal properties for the given cluster then pass it to KerberosAuthToLocalRulesFilter instance through the constructor. So I think actually we don't need to keep the list of filters statically all the time, we can create the list just for the time of export filtering.
Hello Sandor,
Could you please review the updated patch?
- Amruta
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57610/#review172506
-----------------------------------------------------------
On April 30, 2017, 4:03 a.m., Amruta Borkar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57610/
> -----------------------------------------------------------
>
> (Updated April 30, 2017, 4:03 a.m.)
>
>
> Review request for Ambari, Di Li, Robert Levas, Robert Nettleton, and Sandor Magyari.
>
>
> Bugs: AMBARI-20366
> https://issues.apache.org/jira/browse/AMBARI-20366
>
>
> Repository: ambari
>
>
> Description
> -------
>
> If blueprint is exported from a kerberos enabled cluster Kerberos rules export principal names which contain cluster name and Realm, this patch filter out kerberos rules properties so that hardcoded cluster name and realm are not exported.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java 7381387b53
> ambari-server/src/test/java/org/apache/ambari/server/api/query/render/ClusterBlueprintRendererTest.java 13db5f8b56
> ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java 8ff70a1d46
>
>
> Diff: https://reviews.apache.org/r/57610/diff/5/
>
>
> Testing
> -------
>
> Tested manually.
> Modified test cases.
>
>
> Thanks,
>
> Amruta Borkar
>
>