You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/10/02 05:29:57 UTC
Review Request 38947: Kerberos: Retain KDC admin credentials
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38947/
-----------------------------------------------------------
Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Nettleton, and Vitalyi Brodetskyi.
Bugs: AMBARI-13292
https://issues.apache.org/jira/browse/AMBARI-13292
Repository: ambari
Description
-------
Enhance the Kerberos backend to allow for the retention of KDC administrative credentials. Once securely stored, users may opt to remove the stored credentials.
See AMBARI-13214 for information on the relevant API calls.
The alias name for the KDC administrator credential should be *kdc.admin.credential*
For example:
# Create Credential Resource
```
POST /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{
"Credential" : {
"principal" : "admin/admin@EXAMPLE.COM",
"key" : "h4d00p&!",
"type" : "persisted"
}
}
```
# Update Credential Resource
```
PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{
"Credential" : {
"key" : "newpassword",
"type" : "temporary"
}
}
```
# Get Credential Resource
```
GET /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
```
# Delete Credential Resource
```
DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
```
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 436fa3c
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java c39485b
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d428174
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java fb21883
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java a173e08
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java c8b8ca6
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java c861b45
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java 6f36bf5
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 7144ad0
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 7bad60a
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java dbcdf3e
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java b91bbbc
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 2c5c4e0
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 2c41b54
Diff: https://reviews.apache.org/r/38947/diff/
Testing
-------
Tested manually
# Local test results: PASSED
# Jenkins test results: PENDING
Thanks,
Robert Levas
Re: Review Request 38947: Kerberos: Retain KDC admin credentials
Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38947/#review101324
-----------------------------------------------------------
Ship it!
Ship It!
- Jonathan Hurley
On Oct. 1, 2015, 11:43 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38947/
> -----------------------------------------------------------
>
> (Updated Oct. 1, 2015, 11:43 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Nettleton, and Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-13292
> https://issues.apache.org/jira/browse/AMBARI-13292
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Enhance the Kerberos backend to allow for the retention of KDC administrative credentials. Once securely stored, users may opt to remove the stored credentials.
>
> See AMBARI-13214 for information on the relevant API calls.
>
> The alias name for the KDC administrator credential should be *kdc.admin.credential*
>
> For example:
>
> # Create Credential Resource
> ```
> POST /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {
> "Credential" : {
> "principal" : "admin/admin@EXAMPLE.COM",
> "key" : "h4d00p&!",
> "type" : "persisted"
> }
> }
> ```
>
> # Update Credential Resource
> ```
> PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {
> "Credential" : {
> "key" : "newpassword",
> "type" : "temporary"
> }
> }
> ```
>
> # Get Credential Resource
> ```
> GET /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> ```
>
> # Delete Credential Resource
> ```
> DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 436fa3c
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java c39485b
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d428174
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java fb21883
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java a173e08
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java c8b8ca6
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java c861b45
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java 6f36bf5
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 7144ad0
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 7bad60a
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java dbcdf3e
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java b91bbbc
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 2c5c4e0
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 2c41b54
>
> Diff: https://reviews.apache.org/r/38947/diff/
>
>
> Testing
> -------
>
> Tested manually
>
> # Local test results: PASSED
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 38947: Kerberos: Retain KDC admin credentials
Posted by Nate Cole <nc...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38947/#review101498
-----------------------------------------------------------
Ship it!
Ship It!
- Nate Cole
On Oct. 1, 2015, 11:43 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38947/
> -----------------------------------------------------------
>
> (Updated Oct. 1, 2015, 11:43 p.m.)
>
>
> Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Nettleton, and Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-13292
> https://issues.apache.org/jira/browse/AMBARI-13292
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Enhance the Kerberos backend to allow for the retention of KDC administrative credentials. Once securely stored, users may opt to remove the stored credentials.
>
> See AMBARI-13214 for information on the relevant API calls.
>
> The alias name for the KDC administrator credential should be *kdc.admin.credential*
>
> For example:
>
> # Create Credential Resource
> ```
> POST /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {
> "Credential" : {
> "principal" : "admin/admin@EXAMPLE.COM",
> "key" : "h4d00p&!",
> "type" : "persisted"
> }
> }
> ```
>
> # Update Credential Resource
> ```
> PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {
> "Credential" : {
> "key" : "newpassword",
> "type" : "temporary"
> }
> }
> ```
>
> # Get Credential Resource
> ```
> GET /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> ```
>
> # Delete Credential Resource
> ```
> DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> ```
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 436fa3c
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java c39485b
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d428174
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java fb21883
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java a173e08
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java c8b8ca6
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java c861b45
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java 6f36bf5
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 7144ad0
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 7bad60a
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java dbcdf3e
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java b91bbbc
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 2c5c4e0
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 2c41b54
>
> Diff: https://reviews.apache.org/r/38947/diff/
>
>
> Testing
> -------
>
> Tested manually
>
> # Local test results: PASSED
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 38947: Kerberos: Retain KDC admin credentials
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38947/
-----------------------------------------------------------
(Updated Oct. 1, 2015, 11:43 p.m.)
Review request for Ambari, Jonathan Hurley, Nate Cole, Robert Nettleton, and Vitalyi Brodetskyi.
Bugs: AMBARI-13292
https://issues.apache.org/jira/browse/AMBARI-13292
Repository: ambari
Description
-------
Enhance the Kerberos backend to allow for the retention of KDC administrative credentials. Once securely stored, users may opt to remove the stored credentials.
See AMBARI-13214 for information on the relevant API calls.
The alias name for the KDC administrator credential should be *kdc.admin.credential*
For example:
# Create Credential Resource
```
POST /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{
"Credential" : {
"principal" : "admin/admin@EXAMPLE.COM",
"key" : "h4d00p&!",
"type" : "persisted"
}
}
```
# Update Credential Resource
```
PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{
"Credential" : {
"key" : "newpassword",
"type" : "temporary"
}
}
```
# Get Credential Resource
```
GET /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
```
# Delete Credential Resource
```
DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
```
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java 436fa3c
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java c39485b
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java d428174
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java fb21883
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredential.java a173e08
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java c8b8ca6
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java c861b45
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java 6f36bf5
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java 7144ad0
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java 7bad60a
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java dbcdf3e
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java b91bbbc
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 2c5c4e0
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java 2c41b54
Diff: https://reviews.apache.org/r/38947/diff/
Testing
-------
Tested manually
# Local test results: PASSED
# Jenkins test results: PENDING
Thanks,
Robert Levas