You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2016/04/25 21:03:11 UTC
Review Request 46654: Auth-to-local rule generation duplicates
default rules when adding case-insensitive default rules
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46654/
-----------------------------------------------------------
Review request for Ambari, Dmitro Lisnichenko, Jonathan Hurley, Laszlo Puskas, and Nate Cole.
Bugs: AMBARI-16023
https://issues.apache.org/jira/browse/AMBARI-16023
Repository: ambari
Description
-------
When re-generating auth-to-local rules where existing rules are already set, the default (or fallback) rule for the default and additional realms is duplicated but the extra instance(s) have the case-insensitive flag:
Example:
# Was
```
...
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
...
```
# Becomes}
```
...
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
...
```
*Steps to Reproduce*
1. Create cluster with (at least) HDFS
2. Enable Kerberos (do not check the box next to "Enable case insensitive username rules"; kerberos-env/case_insensitive_username_rules should be false
3. Edit Kerberos configuration and check "Enable case insensitive username rules" to set kerberos-env/case_insensitive_username_rules to true
4. Regenerate Keytabs
5. See duplicate entry in HDFS configs (core-site/hadoop.security.auth_to_local)
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 9d6db0a
ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java c88acc1
Diff: https://reviews.apache.org/r/46654/diff/
Testing
-------
Manually tested
Running org.apache.ambari.server.controller.AuthToLocalBuilderTest
Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.06 sec - in org.apache.ambari.server.controller.AuthToLocalBuilderTest
Results :
Tests run: 20, Failures: 0, Errors: 0, Skipped: 0
# Local test result: PENDING
# Jenkins test results: PENDING
Thanks,
Robert Levas
Re: Review Request 46654: Auth-to-local rule generation duplicates
default rules when adding case-insensitive default rules
Posted by Jonathan Hurley <jh...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46654/#review130603
-----------------------------------------------------------
Ship it!
Ship It!
- Jonathan Hurley
On April 25, 2016, 3:03 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46654/
> -----------------------------------------------------------
>
> (Updated April 25, 2016, 3:03 p.m.)
>
>
> Review request for Ambari, Dmitro Lisnichenko, Jonathan Hurley, Laszlo Puskas, and Nate Cole.
>
>
> Bugs: AMBARI-16023
> https://issues.apache.org/jira/browse/AMBARI-16023
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When re-generating auth-to-local rules where existing rules are already set, the default (or fallback) rule for the default and additional realms is duplicated but the extra instance(s) have the case-insensitive flag:
>
> Example:
> # Was
> ```
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> ...
> ```
> # Becomes}
> ```
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
> ...
> ```
>
> *Steps to Reproduce*
> 1. Create cluster with (at least) HDFS
> 2. Enable Kerberos (do not check the box next to "Enable case insensitive username rules"; kerberos-env/case_insensitive_username_rules should be false
> 3. Edit Kerberos configuration and check "Enable case insensitive username rules" to set kerberos-env/case_insensitive_username_rules to true
> 4. Regenerate Keytabs
> 5. See duplicate entry in HDFS configs (core-site/hadoop.security.auth_to_local)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 9d6db0a
> ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java c88acc1
>
> Diff: https://reviews.apache.org/r/46654/diff/
>
>
> Testing
> -------
>
> Manually tested
>
> Running org.apache.ambari.server.controller.AuthToLocalBuilderTest
> Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.06 sec - in org.apache.ambari.server.controller.AuthToLocalBuilderTest
>
> Results :
>
> Tests run: 20, Failures: 0, Errors: 0, Skipped: 0
>
> # Local test result: PENDING
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 46654: Auth-to-local rule generation duplicates
default rules when adding case-insensitive default rules
Posted by Dmitro Lisnichenko <dl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46654/#review130585
-----------------------------------------------------------
Ship it!
Ship It!
- Dmitro Lisnichenko
On April 25, 2016, 10:03 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46654/
> -----------------------------------------------------------
>
> (Updated April 25, 2016, 10:03 p.m.)
>
>
> Review request for Ambari, Dmitro Lisnichenko, Jonathan Hurley, Laszlo Puskas, and Nate Cole.
>
>
> Bugs: AMBARI-16023
> https://issues.apache.org/jira/browse/AMBARI-16023
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When re-generating auth-to-local rules where existing rules are already set, the default (or fallback) rule for the default and additional realms is duplicated but the extra instance(s) have the case-insensitive flag:
>
> Example:
> # Was
> ```
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> ...
> ```
> # Becomes}
> ```
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
> ...
> ```
>
> *Steps to Reproduce*
> 1. Create cluster with (at least) HDFS
> 2. Enable Kerberos (do not check the box next to "Enable case insensitive username rules"; kerberos-env/case_insensitive_username_rules should be false
> 3. Edit Kerberos configuration and check "Enable case insensitive username rules" to set kerberos-env/case_insensitive_username_rules to true
> 4. Regenerate Keytabs
> 5. See duplicate entry in HDFS configs (core-site/hadoop.security.auth_to_local)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 9d6db0a
> ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java c88acc1
>
> Diff: https://reviews.apache.org/r/46654/diff/
>
>
> Testing
> -------
>
> Manually tested
>
> Running org.apache.ambari.server.controller.AuthToLocalBuilderTest
> Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.06 sec - in org.apache.ambari.server.controller.AuthToLocalBuilderTest
>
> Results :
>
> Tests run: 20, Failures: 0, Errors: 0, Skipped: 0
>
> # Local test result: PENDING
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 46654: Auth-to-local rule generation duplicates
default rules when adding case-insensitive default rules
Posted by Laszlo Puskas <lp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46654/#review130606
-----------------------------------------------------------
Ship it!
Ship It!
- Laszlo Puskas
On April 25, 2016, 7:03 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46654/
> -----------------------------------------------------------
>
> (Updated April 25, 2016, 7:03 p.m.)
>
>
> Review request for Ambari, Dmitro Lisnichenko, Jonathan Hurley, Laszlo Puskas, and Nate Cole.
>
>
> Bugs: AMBARI-16023
> https://issues.apache.org/jira/browse/AMBARI-16023
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When re-generating auth-to-local rules where existing rules are already set, the default (or fallback) rule for the default and additional realms is duplicated but the extra instance(s) have the case-insensitive flag:
>
> Example:
> # Was
> ```
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> ...
> ```
> # Becomes}
> ```
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
> ...
> ```
>
> *Steps to Reproduce*
> 1. Create cluster with (at least) HDFS
> 2. Enable Kerberos (do not check the box next to "Enable case insensitive username rules"; kerberos-env/case_insensitive_username_rules should be false
> 3. Edit Kerberos configuration and check "Enable case insensitive username rules" to set kerberos-env/case_insensitive_username_rules to true
> 4. Regenerate Keytabs
> 5. See duplicate entry in HDFS configs (core-site/hadoop.security.auth_to_local)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java 9d6db0a
> ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java c88acc1
>
> Diff: https://reviews.apache.org/r/46654/diff/
>
>
> Testing
> -------
>
> Manually tested
>
> Running org.apache.ambari.server.controller.AuthToLocalBuilderTest
> Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.06 sec - in org.apache.ambari.server.controller.AuthToLocalBuilderTest
>
> Results :
>
> Tests run: 20, Failures: 0, Errors: 0, Skipped: 0
>
> # Local test result: PENDING
>
> # Jenkins test results: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>