You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2018/04/19 16:44:46 UTC

[ambari] branch trunk updated: [AMBARI-23622] JWT cookie name and audiences not queried for during ambari-server setup-sso

This is an automated email from the ASF dual-hosted git repository.

rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 7887a2f  [AMBARI-23622] JWT cookie name and audiences not queried for during ambari-server setup-sso
7887a2f is described below

commit 7887a2f11312c9ac796c4a0c1946a2e89deeedab
Author: Robert Levas <rl...@hortonworks.com>
AuthorDate: Thu Apr 19 09:19:51 2018 -0400

    [AMBARI-23622] JWT cookie name and audiences not queried for during ambari-server setup-sso
---
 ambari-server/src/main/python/ambari-server.py          |  4 ++--
 ambari-server/src/main/python/ambari_server/setupSso.py | 11 ++++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index 6e4192a..2383086 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -577,8 +577,8 @@ def init_setup_sso_options(parser):
   parser.add_option('--sso-enabled-services', default=None, help="A comma separated list of services that are expected to be configured for SSO (you are allowed to use '*' to indicate ALL services)", dest='sso_enabled_services')
   parser.add_option('--sso-provider-url', default=None, help="The URL of SSO provider; this must be provided when --sso-enabled is set to 'true'", dest="sso_provider_url")
   parser.add_option('--sso-public-cert-file', default=None, help="The path where the public certificate PEM is located; this must be provided when --sso-enabled is set to 'true'", dest="sso_public_cert_file")
-  parser.add_option('--sso-jwt-cookie-name', default="hadoop-jwt", help="The name of the JWT cookie", dest="sso_jwt_cookie_name")
-  parser.add_option('--sso-jwt-audience-list', default="", help="A comma separated list of JWT audience(s)", dest="sso_jwt_audience_list")
+  parser.add_option('--sso-jwt-cookie-name', default=None, help="The name of the JWT cookie", dest="sso_jwt_cookie_name")
+  parser.add_option('--sso-jwt-audience-list', default=None, help="A comma separated list of JWT audience(s)", dest="sso_jwt_audience_list")
   parser.add_option('--ambari-admin-username', default=None, help="Ambari Admin username for LDAP setup", dest="ambari_admin_username")
   parser.add_option('--ambari-admin-password', default=None, help="Ambari Admin password for LDAP setup", dest="ambari_admin_password")
 
diff --git a/ambari-server/src/main/python/ambari_server/setupSso.py b/ambari-server/src/main/python/ambari_server/setupSso.py
index faae031..33ff78c 100644
--- a/ambari-server/src/main/python/ambari_server/setupSso.py
+++ b/ambari-server/src/main/python/ambari_server/setupSso.py
@@ -42,6 +42,7 @@ JWT_COOKIE_NAME = "ambari.sso.jwt.cookieName"
 SSO_PROVIDER_ORIGINAL_URL_QUERY_PARAM_DEFAULT = "originalUrl"
 SSO_PROVIDER_URL_DEFAULT = "https://knox.example.com:8443/gateway/knoxsso/api/v1/websso"
 JWT_COOKIE_NAME_DEFAULT = "hadoop-jwt"
+JWT_AUDIENCES_DEFAULT = ""
 
 CERTIFICATE_HEADER = "-----BEGIN CERTIFICATE-----"
 CERTIFICATE_FOOTER = "-----END CERTIFICATE-----"
@@ -100,23 +101,23 @@ def populate_sso_public_cert(options, properties):
 
 
 def populate_jwt_cookie_name(options, properties):
-  if not options.sso_jwt_cookie_name:
+  if not options.sso_jwt_cookie_name and (not options.sso_provider_url or not options.sso_public_cert_file):
     cookie_name = get_value_from_dictionary(properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT)
     cookie_name = get_validated_string_input("JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING,
                                          "Invalid cookie name", False)
   else:
-    cookie_name = options.sso_jwt_cookie_name
+    cookie_name = options.sso_jwt_cookie_name if options.sso_jwt_cookie_name else JWT_COOKIE_NAME_DEFAULT
 
   properties[JWT_COOKIE_NAME] = cookie_name
 
 
 def populate_jwt_audiences(options, properties):
-  if options.sso_jwt_audience_list is None:
-    audiences = get_value_from_dictionary(properties, JWT_AUDIENCES)
+  if options.sso_jwt_audience_list is None and (not options.sso_provider_url or not options.sso_public_cert_file):
+    audiences = get_value_from_dictionary(properties, JWT_AUDIENCES, JWT_AUDIENCES_DEFAULT)
     audiences = get_validated_string_input("JWT audiences list (comma-separated), empty for any ({0}):".format(audiences), audiences,
                                         REGEX_ANYTHING, "Invalid value", False)
   else:
-    audiences = options.sso_jwt_audience_list
+    audiences = options.sso_jwt_audience_list if options.sso_jwt_audience_list else JWT_AUDIENCES_DEFAULT
 
   properties[JWT_AUDIENCES] = audiences
   

-- 
To stop receiving notification emails like this one, please contact
rlevas@apache.org.