You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2018/04/19 16:44:46 UTC
[ambari] branch trunk updated: [AMBARI-23622] JWT cookie name and
audiences not queried for during ambari-server setup-sso
This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 7887a2f [AMBARI-23622] JWT cookie name and audiences not queried for during ambari-server setup-sso
7887a2f is described below
commit 7887a2f11312c9ac796c4a0c1946a2e89deeedab
Author: Robert Levas <rl...@hortonworks.com>
AuthorDate: Thu Apr 19 09:19:51 2018 -0400
[AMBARI-23622] JWT cookie name and audiences not queried for during ambari-server setup-sso
---
ambari-server/src/main/python/ambari-server.py | 4 ++--
ambari-server/src/main/python/ambari_server/setupSso.py | 11 ++++++-----
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index 6e4192a..2383086 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -577,8 +577,8 @@ def init_setup_sso_options(parser):
parser.add_option('--sso-enabled-services', default=None, help="A comma separated list of services that are expected to be configured for SSO (you are allowed to use '*' to indicate ALL services)", dest='sso_enabled_services')
parser.add_option('--sso-provider-url', default=None, help="The URL of SSO provider; this must be provided when --sso-enabled is set to 'true'", dest="sso_provider_url")
parser.add_option('--sso-public-cert-file', default=None, help="The path where the public certificate PEM is located; this must be provided when --sso-enabled is set to 'true'", dest="sso_public_cert_file")
- parser.add_option('--sso-jwt-cookie-name', default="hadoop-jwt", help="The name of the JWT cookie", dest="sso_jwt_cookie_name")
- parser.add_option('--sso-jwt-audience-list', default="", help="A comma separated list of JWT audience(s)", dest="sso_jwt_audience_list")
+ parser.add_option('--sso-jwt-cookie-name', default=None, help="The name of the JWT cookie", dest="sso_jwt_cookie_name")
+ parser.add_option('--sso-jwt-audience-list', default=None, help="A comma separated list of JWT audience(s)", dest="sso_jwt_audience_list")
parser.add_option('--ambari-admin-username', default=None, help="Ambari Admin username for LDAP setup", dest="ambari_admin_username")
parser.add_option('--ambari-admin-password', default=None, help="Ambari Admin password for LDAP setup", dest="ambari_admin_password")
diff --git a/ambari-server/src/main/python/ambari_server/setupSso.py b/ambari-server/src/main/python/ambari_server/setupSso.py
index faae031..33ff78c 100644
--- a/ambari-server/src/main/python/ambari_server/setupSso.py
+++ b/ambari-server/src/main/python/ambari_server/setupSso.py
@@ -42,6 +42,7 @@ JWT_COOKIE_NAME = "ambari.sso.jwt.cookieName"
SSO_PROVIDER_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl"
SSO_PROVIDER_URL_DEFAULT = "https://knox.example.com:8443/gateway/knoxsso/api/v1/websso"
JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt"
+JWT_AUDIENCES_DEFAULT = ""
CERTIFICATE_HEADER = "-----BEGIN CERTIFICATE-----"
CERTIFICATE_FOOTER = "-----END CERTIFICATE-----"
@@ -100,23 +101,23 @@ def populate_sso_public_cert(options, properties):
def populate_jwt_cookie_name(options, properties):
- if not options.sso_jwt_cookie_name:
+ if not options.sso_jwt_cookie_name and (not options.sso_provider_url or not options.sso_public_cert_file):
cookie_name = get_value_from_dictionary(properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT)
cookie_name = get_validated_string_input("JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING,
"Invalid cookie name", False)
else:
- cookie_name = options.sso_jwt_cookie_name
+ cookie_name = options.sso_jwt_cookie_name if options.sso_jwt_cookie_name else JWT_COOKIE_NAME_DEFAULT
properties[JWT_COOKIE_NAME] = cookie_name
def populate_jwt_audiences(options, properties):
- if options.sso_jwt_audience_list is None:
- audiences = get_value_from_dictionary(properties, JWT_AUDIENCES)
+ if options.sso_jwt_audience_list is None and (not options.sso_provider_url or not options.sso_public_cert_file):
+ audiences = get_value_from_dictionary(properties, JWT_AUDIENCES, JWT_AUDIENCES_DEFAULT)
audiences = get_validated_string_input("JWT audiences list (comma-separated), empty for any ({0}):".format(audiences), audiences,
REGEX_ANYTHING, "Invalid value", False)
else:
- audiences = options.sso_jwt_audience_list
+ audiences = options.sso_jwt_audience_list if options.sso_jwt_audience_list else JWT_AUDIENCES_DEFAULT
properties[JWT_AUDIENCES] = audiences
--
To stop receiving notification emails like this one, please contact
rlevas@apache.org.