You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2016/04/21 19:59:24 UTC
ambari git commit: AMBARI-16009. Regenerating keytabs on re-imaged
hosts results in error during 'Creating Principals' (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 5b5bf1a34 -> 783b4d392
AMBARI-16009. Regenerating keytabs on re-imaged hosts results in error during 'Creating Principals' (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/783b4d39
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/783b4d39
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/783b4d39
Branch: refs/heads/trunk
Commit: 783b4d39213b5819037f4eb707754a32eb722b71
Parents: 5b5bf1a
Author: Robert Levas <rl...@hortonworks.com>
Authored: Thu Apr 21 13:59:18 2016 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu Apr 21 13:59:18 2016 -0400
----------------------------------------------------------------------
.../kerberos/MITKerberosOperationHandler.java | 6 +-
.../MITKerberosOperationHandlerTest.java | 66 ++++++++++++++++++++
2 files changed, 70 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/783b4d39/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
index f48052f..57a36d9 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
@@ -192,9 +192,10 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
// If there is data from STDOUT, see if the following string exists:
// Principal "<principal>" created
String stdOut = result.getStdout();
+ String stdErr = result.getStderr();
if ((stdOut != null) && stdOut.contains(String.format("Principal \"%s\" created", principal))) {
return getKeyNumber(principal);
- } else if ((stdOut != null) && stdOut.contains(String.format("Principal or policy already exists while creating \"%s\"", principal))) {
+ } else if ((stdErr != null) && stdErr.contains(String.format("Principal or policy already exists while creating \"%s\"", principal))) {
throw new KerberosPrincipalAlreadyExistsException(principal);
} else {
LOG.error("Failed to execute kadmin query: add_principal -pw \"********\" {} {}\nSTDOUT: {}\nSTDERR: {}",
@@ -235,9 +236,10 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
ShellCommandUtil.Result result = invokeKAdmin(String.format("change_password -pw \"%s\" %s", password, principal));
String stdOut = result.getStdout();
+ String stdErr = result.getStderr();
if ((stdOut != null) && stdOut.contains(String.format("Password for \"%s\" changed", principal))) {
return getKeyNumber(principal);
- } else if ((stdOut != null) && stdOut.contains("Principal does not exist")) {
+ } else if ((stdErr != null) && stdErr.contains("Principal does not exist")) {
throw new KerberosPrincipalDoesNotExistException(principal);
} else {
LOG.error("Failed to execute kadmin query: change_password -pw \"********\" {} \nSTDOUT: {}\nSTDERR: {}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/783b4d39/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
index d15db17..36a4381 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
@@ -117,6 +117,39 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
}
}
+ @Test(expected = KerberosPrincipalDoesNotExistException.class)
+ public void testSetPrincipalPasswordPrincipalDoesNotExist() throws Exception {
+ MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
+ .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
+ .createNiceMock();
+
+ expect(handler.executeCommand(anyObject(String[].class)))
+ .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
+ @Override
+ public ShellCommandUtil.Result answer() throws Throwable {
+ ShellCommandUtil.Result result = createMock(ShellCommandUtil.Result.class);
+
+ expect(result.getExitCode()).andReturn(0).anyTimes();
+ expect(result.isSuccessful()).andReturn(true).anyTimes();
+ expect(result.getStderr())
+ .andReturn("change_password: Principal does not exist while changing password for \"nonexistant@EXAMPLE.COM\".")
+ .anyTimes();
+ expect(result.getStdout())
+ .andReturn("Authenticating as principal admin/admin with password.")
+ .anyTimes();
+
+ replay(result);
+ return result;
+ }
+ });
+
+ replayAll();
+
+ handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
+ handler.setPrincipalPassword("nonexistant@EXAMPLE.COM", "password");
+ handler.close();
+ }
+
@Test
public void testCreateServicePrincipal_AdditionalAttributes() throws Exception {
Method invokeKAdmin = MITKerberosOperationHandler.class.getDeclaredMethod("invokeKAdmin", String.class);
@@ -148,6 +181,39 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
Assert.assertTrue(query.getValue().contains(" " + KERBEROS_ENV_MAP.get(MITKerberosOperationHandler.KERBEROS_ENV_KDC_CREATE_ATTRIBUTES) + " "));
}
+ @Test(expected = KerberosPrincipalAlreadyExistsException.class)
+ public void testCreatePrincipalPrincipalAlreadyNotExists() throws Exception {
+ MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
+ .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
+ .createNiceMock();
+
+ expect(handler.executeCommand(anyObject(String[].class)))
+ .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
+ @Override
+ public ShellCommandUtil.Result answer() throws Throwable {
+ ShellCommandUtil.Result result = createMock(ShellCommandUtil.Result.class);
+
+ expect(result.getExitCode()).andReturn(0).anyTimes();
+ expect(result.isSuccessful()).andReturn(true).anyTimes();
+ expect(result.getStderr())
+ .andReturn("add_principal: Principal or policy already exists while creating \"existing@EXAMPLE.COM\".")
+ .anyTimes();
+ expect(result.getStdout())
+ .andReturn("Authenticating as principal admin/admin with password.")
+ .anyTimes();
+
+ replay(result);
+ return result;
+ }
+ });
+
+ replayAll();
+
+ handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
+ handler.createPrincipal("existing@EXAMPLE.COM", "password", false);
+ handler.close();
+ }
+
@Test
public void testCreateServicePrincipal_Exceptions() throws Exception {
MITKerberosOperationHandler handler = new MITKerberosOperationHandler();