You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2018/07/30 20:12:01 UTC
[jira] [Updated] (AMBARI-24384) Logic and declaration used to
determine if Kerberos is enabled for a service
[ https://issues.apache.org/jira/browse/AMBARI-24384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-24384:
----------------------------------
Description:
Add logic and declaration used to determine if Kerberos is enabled for a service.
To support a robust method to determine whether Kerberos is enabled or not, a new attribute should be added - {{kerberosEnabledTest}}.
The {{kerberosEnabledTest}} attribute is to contain a JSON document that can be _compiled_ into a {{org.apache.commons.collections.Predicate}} (ideally using {{org.apache.ambari.server.collections.PredicateUtils#fromJSON}}). For example
{code}
<sso>
<supported>true</supported>
<kerberosEnabledTest>
{
"equals": [
"service-properties/kerberos.enabled",
"true"
]
}
</kerberosEnabledTest>
{code}
{code}
<sso>
<supported>true</supported>
<kerberosEnabledTest>
{
"or": [
{
"equals": [
"oozie-site/oozie.authentication.type",
"kerberos"
]
},
{
"equals": [
"oozie-site/oozie.authentication.type",
"org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler"
]
}
]
}
</kerberosEnabledTest>
</sso>
{code}
The result of the test, is to be available via the services REST API:
{code:title=GET /api/v1/clusters/CLUSTERNAME/services/HDFS}
{
"href" : "http://ambari_host:8080/api/v1/clusters/CLUSTERNAME/services/HDFS",
"ServiceInfo" : {
...
"kerberos_enabled" : true,
...
},
...
}
{code}
was:
Add logic and declaration used to determine if Kerberos is enabled for a service.
To support a robust method to determine whether Kerberos is enabled or not, a new attribute should be added - {{kerberosEnabledTest}}.
The {{kerberosEnabledTest}} attribute is to contain a JSON document that can be _compiled_ into a {{org.apache.commons.collections.Predicate}} (ideally using {{org.apache.ambari.server.collections.PredicateUtils#fromJSON}}). For example
{code}
<sso>
<supported>true</supported>
<kerberosEnabledTest>
{
"equals": [
"service-properties/kerberos.enabled",
"true"
]
}
</kerberosEnabledTest>
{code}
{code}
<sso>
<supported>true</supported>
<kerberosEnabledTest>
{
"or": [
{
"equals": [
"oozie-site/oozie.authentication.type",
"kerberos"
]
},
{
"equals": [
"oozie-site/oozie.authentication.type",
"org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler"
]
}
]
}
</kerberosEnabledTest>
</sso>
{code}
> Logic and declaration used to determine if Kerberos is enabled for a service
> ----------------------------------------------------------------------------
>
> Key: AMBARI-24384
> URL: https://issues.apache.org/jira/browse/AMBARI-24384
> Project: Ambari
> Issue Type: Bug
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Major
>
> Add logic and declaration used to determine if Kerberos is enabled for a service.
> To support a robust method to determine whether Kerberos is enabled or not, a new attribute should be added - {{kerberosEnabledTest}}.
> The {{kerberosEnabledTest}} attribute is to contain a JSON document that can be _compiled_ into a {{org.apache.commons.collections.Predicate}} (ideally using {{org.apache.ambari.server.collections.PredicateUtils#fromJSON}}). For example
> {code}
> <sso>
> <supported>true</supported>
> <kerberosEnabledTest>
> {
> "equals": [
> "service-properties/kerberos.enabled",
> "true"
> ]
> }
> </kerberosEnabledTest>
> {code}
> {code}
> <sso>
> <supported>true</supported>
> <kerberosEnabledTest>
> {
> "or": [
> {
> "equals": [
> "oozie-site/oozie.authentication.type",
> "kerberos"
> ]
> },
> {
> "equals": [
> "oozie-site/oozie.authentication.type",
> "org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler"
> ]
> }
> ]
> }
> </kerberosEnabledTest>
> </sso>
> {code}
> The result of the test, is to be available via the services REST API:
> {code:title=GET /api/v1/clusters/CLUSTERNAME/services/HDFS}
> {
> "href" : "http://ambari_host:8080/api/v1/clusters/CLUSTERNAME/services/HDFS",
> "ServiceInfo" : {
> ...
> "kerberos_enabled" : true,
> ...
> },
> ...
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)