You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by John Speidel <js...@hortonworks.com> on 2015/02/10 23:42:44 UTC
Review Request 30849: Preserve kerberos auth_to_local rules when
scaling kerberized cluster
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30849/
-----------------------------------------------------------
Review request for Ambari and Robert Levas.
Bugs: AMBARI-9022
https://issues.apache.org/jira/browse/AMBARI-9022
Repository: ambari
Description
-------
When scaling a kerberized cluster need to ensure that existing auth_to_local rules are preserved.
Also, need to properly order all rules in the property from most to least specific.
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 6017bed
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ce319e6
ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java fbb8ba1
Diff: https://reviews.apache.org/r/30849/diff/
Testing
-------
Functional tests:
added Oozie to existing cluster
Unit Tests:
-New unit tests
-All tests pass
Thanks,
John Speidel
Re: Review Request 30849: Preserve kerberos auth_to_local rules when
scaling kerberized cluster
Posted by John Speidel <js...@hortonworks.com>.
> On Feb. 11, 2015, 1:33 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java, line 80
> > <https://reviews.apache.org/r/30849/diff/1/?file=860548#file860548line80>
> >
> > It seems like this method should be named `addRules` or `addExistingRules` since it's behavior is significantly different than the `addRule` method.
agreed, had meant to do that and had forgotten. Thanks for pointing this out.
> On Feb. 11, 2015, 1:33 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java, line 139
> > <https://reviews.apache.org/r/30849/diff/1/?file=860548#file860548line139>
> >
> > You left `String` capitalized here but changed other instances to `string`.... just an observation...
good catch, made consistent
> On Feb. 11, 2015, 1:33 a.m., Robert Levas wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java, line 392
> > <https://reviews.apache.org/r/30849/diff/1/?file=860548#file860548line392>
> >
> > Would `org.apache.ambari.server.serveraction.kerberos.DeconstructedPrincipal` work rather than this inner class?
I didn't know that this class existed. Yes, I would like to converge these but at this time since they do differ slightly I will file a Jira to converge these for 2.1.
- John
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30849/#review71890
-----------------------------------------------------------
On Feb. 10, 2015, 10:42 p.m., John Speidel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30849/
> -----------------------------------------------------------
>
> (Updated Feb. 10, 2015, 10:42 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-9022
> https://issues.apache.org/jira/browse/AMBARI-9022
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When scaling a kerberized cluster need to ensure that existing auth_to_local rules are preserved.
> Also, need to properly order all rules in the property from most to least specific.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 6017bed
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ce319e6
> ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java fbb8ba1
>
> Diff: https://reviews.apache.org/r/30849/diff/
>
>
> Testing
> -------
>
> Functional tests:
> added Oozie to existing cluster
>
> Unit Tests:
> -New unit tests
> -All tests pass
>
>
> Thanks,
>
> John Speidel
>
>
Re: Review Request 30849: Preserve kerberos auth_to_local rules when
scaling kerberized cluster
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30849/#review71890
-----------------------------------------------------------
Ship it!
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
<https://reviews.apache.org/r/30849/#comment117807>
It seems like this method should be named `addRules` or `addExistingRules` since it's behavior is significantly different than the `addRule` method.
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
<https://reviews.apache.org/r/30849/#comment117822>
You left `String` capitalized here but changed other instances to `string`.... just an observation...
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
<https://reviews.apache.org/r/30849/#comment117823>
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
<https://reviews.apache.org/r/30849/#comment117818>
Would `org.apache.ambari.server.serveraction.kerberos.DeconstructedPrincipal` work rather than this inner class?
- Robert Levas
On Feb. 10, 2015, 5:42 p.m., John Speidel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30849/
> -----------------------------------------------------------
>
> (Updated Feb. 10, 2015, 5:42 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-9022
> https://issues.apache.org/jira/browse/AMBARI-9022
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When scaling a kerberized cluster need to ensure that existing auth_to_local rules are preserved.
> Also, need to properly order all rules in the property from most to least specific.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 6017bed
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ce319e6
> ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java fbb8ba1
>
> Diff: https://reviews.apache.org/r/30849/diff/
>
>
> Testing
> -------
>
> Functional tests:
> added Oozie to existing cluster
>
> Unit Tests:
> -New unit tests
> -All tests pass
>
>
> Thanks,
>
> John Speidel
>
>
Re: Review Request 30849: Preserve kerberos auth_to_local rules when
scaling kerberized cluster
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30849/#review71948
-----------------------------------------------------------
Ship it!
Nice implemention. Your head must hurt after that recursive `compareTo` method.
- Robert Levas
On Feb. 10, 2015, 9:17 p.m., John Speidel wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30849/
> -----------------------------------------------------------
>
> (Updated Feb. 10, 2015, 9:17 p.m.)
>
>
> Review request for Ambari and Robert Levas.
>
>
> Bugs: AMBARI-9022
> https://issues.apache.org/jira/browse/AMBARI-9022
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When scaling a kerberized cluster need to ensure that existing auth_to_local rules are preserved.
> Also, need to properly order all rules in the property from most to least specific.
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 6017bed
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ce319e6
> ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/core-site.xml 1146ffd
> ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java fbb8ba1
>
> Diff: https://reviews.apache.org/r/30849/diff/
>
>
> Testing
> -------
>
> Functional tests:
> added Oozie to existing cluster
>
> Unit Tests:
> -New unit tests
> -All tests pass
>
>
> Thanks,
>
> John Speidel
>
>
Re: Review Request 30849: Preserve kerberos auth_to_local rules when
scaling kerberized cluster
Posted by John Speidel <js...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30849/
-----------------------------------------------------------
(Updated Feb. 11, 2015, 2:17 a.m.)
Review request for Ambari and Robert Levas.
Changes
-------
Changes to resolve reviewer issues and concerns.
Also, handle case where existing rule contains a wildcard realm '.*'
Removed default auth_to_local rules, except for "DEFAULT" from stack.
Bugs: AMBARI-9022
https://issues.apache.org/jira/browse/AMBARI-9022
Repository: ambari
Description
-------
When scaling a kerberized cluster need to ensure that existing auth_to_local rules are preserved.
Also, need to properly order all rules in the property from most to least specific.
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 6017bed
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ce319e6
ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/core-site.xml 1146ffd
ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java fbb8ba1
Diff: https://reviews.apache.org/r/30849/diff/
Testing
-------
Functional tests:
added Oozie to existing cluster
Unit Tests:
-New unit tests
-All tests pass
Thanks,
John Speidel