You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/01/27 19:21:33 UTC
ambari git commit: AMBARI-9324. Kerberos: when unable to connect to
KDC admin, need to inform user (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk cb1cd6b0d -> 39a8b24c4
AMBARI-9324. Kerberos: when unable to connect to KDC admin, need to inform user (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/39a8b24c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/39a8b24c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/39a8b24c
Branch: refs/heads/trunk
Commit: 39a8b24c4b15801eb692e0cd2c95bcf98e92d64b
Parents: cb1cd6b
Author: Robert Levas <rl...@hortonworks.com>
Authored: Tue Jan 27 13:21:20 2015 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Tue Jan 27 13:21:20 2015 -0500
----------------------------------------------------------------------
.../server/controller/KerberosHelper.java | 15 ++++-
.../kerberos/MITKerberosOperationHandler.java | 22 ++++---
.../MITKerberosOperationHandlerTest.java | 66 ++++++++++++++++++++
3 files changed, 91 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/39a8b24c/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index ea977ce..c537498 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -444,8 +444,19 @@ public class KerberosHelper {
e
);
} catch (KerberosKDCConnectionException e) {
- throw new AmbariException("Failed to connect to KDC - " + e.getMessage() + "\n" +
- "Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.",
+ throw new IllegalArgumentException(
+ "Failed to connect to KDC - " + e.getMessage() + "\n" +
+ "Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.",
+ e);
+ } catch (KerberosRealmException e) {
+ throw new IllegalArgumentException(
+ "Failed to find a KDC for the specified realm - " + e.getMessage() + "\n" +
+ "Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.",
+ e);
+ } catch (KerberosLDAPContainerException e) {
+ throw new IllegalArgumentException(
+ "The principal container was not specified\n" +
+ "Set the 'container_dn' value in the kerberos-env configuration to correct this issue.",
e);
} catch (KerberosOperationException e) {
throw new AmbariException(e.getMessage(), e);
http://git-wip-us.apache.org/repos/asf/ambari/blob/39a8b24c/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
index 7425f1a..b81fa59 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
@@ -124,7 +124,7 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
*
* @param principal a String containing the principal add
* @param password a String containing the password to use when creating the principal
- * @param service a boolean value indicating whether the principal is to be created as a service principal or not
+ * @param service a boolean value indicating whether the principal is to be created as a service principal or not
* @return an Integer declaring the generated key number
* @throws KerberosKDCConnectionException if a connection to the KDC cannot be made
* @throws KerberosAdminAuthenticationException if the administrator credentials fail to authenticate
@@ -348,27 +348,28 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
StringBuilder cleanCommand = new StringBuilder();
Iterator<String> iterator = command.iterator();
- if(iterator.hasNext())
+ if (iterator.hasNext()) {
cleanCommand.append(iterator.next());
+ }
- while(iterator.hasNext()){
+ while (iterator.hasNext()) {
String part = iterator.next();
cleanCommand.append(' ');
- if(part.contains(" ")) {
+ if (part.contains(" ")) {
cleanCommand.append('"');
cleanCommand.append(part);
cleanCommand.append('"');
- }
- else {
+ } else {
cleanCommand.append(part);
}
- if("-w".equals(part)) {
+ if ("-w".equals(part)) {
// Skip the password and use "********" instead
- if(iterator.hasNext())
+ if (iterator.hasNext()) {
iterator.next();
+ }
cleanCommand.append(" ********");
}
}
@@ -387,13 +388,14 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
// Did we fail to connect to the KDC?
else if (stdErr.contains("Cannot contact any KDC")) {
throw new KerberosKDCConnectionException(stdErr);
- }
- else if (stdErr.contains("Cannot resolve network address for admin server in requested realm while initializing kadmin interface")) {
+ } else if (stdErr.contains("Cannot resolve network address for admin server in requested realm while initializing kadmin interface")) {
throw new KerberosKDCConnectionException(stdErr);
}
// Was the realm invalid?
else if (stdErr.contains("Missing parameters in krb5.conf required for kadmin client")) {
throw new KerberosRealmException(stdErr);
+ } else if (stdErr.contains("Cannot find KDC for requested realm while initializing kadmin interface")) {
+ throw new KerberosRealmException(stdErr);
} else {
throw new KerberosOperationException("Unexpected error condition executing the kadmin command");
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/39a8b24c/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
index d997159..41d98b4 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
@@ -205,6 +205,39 @@ public class MITKerberosOperationHandlerTest extends EasyMockSupport {
handler.close();
}
+ @Test(expected = KerberosRealmException.class)
+ public void testTestAdministratorCredentialsInvalidRealm2() throws Exception {
+ MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
+ .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
+ .createNiceMock();
+
+ expect(handler.executeCommand(anyObject(String[].class)))
+ .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
+ @Override
+ public ShellCommandUtil.Result answer() throws Throwable {
+ ShellCommandUtil.Result result = createMock(ShellCommandUtil.Result.class);
+
+ expect(result.getExitCode()).andReturn(1).anyTimes();
+ expect(result.isSuccessful()).andReturn(false).anyTimes();
+ expect(result.getStderr())
+ .andReturn("kadmin: Cannot find KDC for requested realm while initializing kadmin interface")
+ .anyTimes();
+ expect(result.getStdout())
+ .andReturn("Authenticating as principal admin/admin with password.")
+ .anyTimes();
+
+ replay(result);
+ return result;
+ }
+ });
+
+ replayAll();
+
+ handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD, null), DEFAULT_REALM, null);
+ handler.testAdministratorCredentials();
+ handler.close();
+ }
+
@Test(expected = KerberosKDCConnectionException.class)
public void testTestAdministratorCredentialsKDCConnectionException() throws Exception {
MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
@@ -238,6 +271,39 @@ public class MITKerberosOperationHandlerTest extends EasyMockSupport {
handler.close();
}
+ @Test(expected = KerberosKDCConnectionException.class)
+ public void testTestAdministratorCredentialsKDCConnectionException2() throws Exception {
+ MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
+ .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
+ .createNiceMock();
+
+ expect(handler.executeCommand(anyObject(String[].class)))
+ .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
+ @Override
+ public ShellCommandUtil.Result answer() throws Throwable {
+ ShellCommandUtil.Result result = createMock(ShellCommandUtil.Result.class);
+
+ expect(result.getExitCode()).andReturn(1).anyTimes();
+ expect(result.isSuccessful()).andReturn(false).anyTimes();
+ expect(result.getStderr())
+ .andReturn("kadmin: Cannot resolve network address for admin server in requested realm while initializing kadmin interface")
+ .anyTimes();
+ expect(result.getStdout())
+ .andReturn("Authenticating as principal admin/admin with password.")
+ .anyTimes();
+
+ replay(result);
+ return result;
+ }
+ });
+
+ replayAll();
+
+ handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD, null), DEFAULT_REALM, null);
+ handler.testAdministratorCredentials();
+ handler.close();
+ }
+
@Test
public void testTestAdministratorCredentialsNotFound() throws Exception {
MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)