You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/02/28 15:11:00 UTC

[jira] [Commented] (NIFI-7018) Add kerberos password property to NiFi HDFS components

    [ https://issues.apache.org/jira/browse/NIFI-7018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17047726#comment-17047726 ] 

ASF subversion and git services commented on NIFI-7018:
-------------------------------------------------------

Commit 614136ce51638fc8ca28cab47d4e5bfa253b6cc4 in nifi's branch refs/heads/master from jstorck
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=614136c ]

NIFI-7018: Initial commit of processors extending AbstractHadoopProcessor supporting kerberos passwords
AbstractHadoopProcessor will always authenticate the principal with a KerberosUser implementation and a UGI will be acquired from the Subject associated with the KerberosUser implementation
AbstractHadoopProcessor's getUserGroupInformation method will now attempt to check the TGT and relogin if a KerberosUser impelmentation is available, otherwise it will return the UGI referenced in the HdfsResource instance
Updated AbstractHadoopProcessor's customValidate method to consider the provided password and updated validation failure explanations when a KerberosCredentialsService is specified together with a principal, password, or keytab
Added toString method override to AbstractKerberosUser
Updated Hive/HBase components to be compatible with the KerberosProperties.validatePrincipalWithKeytabOrPassword method
Fixed null ComponentLog in GetHDFSSequenceFileTest

Added package-protected accessor method (getAllowExplicitKeytabEnvironmentVariable) to AbstractHadoopProcessor for determining if the environment variable "NIFI_ALLOW_EXPLICIT_KEYTAB" has been set
AbstractHadoopProcessor will now only fail validation when the NIFI_ALLOW_EXPLICIT_KEYTAB environment variable is set to false if a keytab is provided to allow the user to specify a principal and password
Added AbstractHadoopProcessorSpec to verify validation of principal/keytab/password/kerberos credential service combinations

This closes #4095.


> Add kerberos password property to NiFi HDFS components
> ------------------------------------------------------
>
>                 Key: NIFI-7018
>                 URL: https://issues.apache.org/jira/browse/NIFI-7018
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Extensions
>            Reporter: Jeff Storck
>            Assignee: Jeff Storck
>            Priority: Major
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> In addition to the principal/keytab and KerberosCredentialsService options for accessing kerberized HDFS endpoints from NiFi HDFS components, a password field should be added.
> Components should validate that only one set of options should be configured:
>  * principal and keytab
>  * principal and password
>  * KerberosCredentialsService



--
This message was sent by Atlassian Jira
(v8.3.4#803005)