You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2018/07/30 20:12:01 UTC

[jira] [Updated] (AMBARI-24384) Logic and declaration used to determine if Kerberos is enabled for a service

     [ https://issues.apache.org/jira/browse/AMBARI-24384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas updated AMBARI-24384:
----------------------------------
    Description: 
Add logic and declaration used to determine if Kerberos is enabled for a service.

To support a robust method to determine whether Kerberos is enabled or not, a new attribute should be added - {{kerberosEnabledTest}}.  

The {{kerberosEnabledTest}} attribute is to contain a JSON document that can be _compiled_ into a {{org.apache.commons.collections.Predicate}} (ideally using {{org.apache.ambari.server.collections.PredicateUtils#fromJSON}}).  For example

{code}
<sso>
  <supported>true</supported>
  <kerberosEnabledTest>
    {
      "equals": [
        "service-properties/kerberos.enabled",
        "true"
      ]
    }
</kerberosEnabledTest>
{code}

{code}
<sso>
  <supported>true</supported>
  <kerberosEnabledTest>
    {
      "or": [
        {
          "equals": [
            "oozie-site/oozie.authentication.type",
            "kerberos"
          ]
        },
        {
          "equals": [
            "oozie-site/oozie.authentication.type",
            "org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler"
          ]
        }
      ]
    }
  </kerberosEnabledTest>
</sso>
{code}

The result of the test, is to be available via the services REST API:

{code:title=GET /api/v1/clusters/CLUSTERNAME/services/HDFS}
{
  "href" : "http://ambari_host:8080/api/v1/clusters/CLUSTERNAME/services/HDFS",
  "ServiceInfo" : {
    ...
    "kerberos_enabled" : true,
    ...
   },
   ...
}
{code}




  was:
Add logic and declaration used to determine if Kerberos is enabled for a service.

To support a robust method to determine whether Kerberos is enabled or not, a new attribute should be added - {{kerberosEnabledTest}}.  

The {{kerberosEnabledTest}} attribute is to contain a JSON document that can be _compiled_ into a {{org.apache.commons.collections.Predicate}} (ideally using {{org.apache.ambari.server.collections.PredicateUtils#fromJSON}}).  For example

{code}
<sso>
  <supported>true</supported>
  <kerberosEnabledTest>
    {
      "equals": [
        "service-properties/kerberos.enabled",
        "true"
      ]
    }
</kerberosEnabledTest>
{code}

{code}
<sso>
  <supported>true</supported>
  <kerberosEnabledTest>
    {
      "or": [
        {
          "equals": [
            "oozie-site/oozie.authentication.type",
            "kerberos"
          ]
        },
        {
          "equals": [
            "oozie-site/oozie.authentication.type",
            "org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler"
          ]
        }
      ]
    }
  </kerberosEnabledTest>
</sso>
{code}








> Logic and declaration used to determine if Kerberos is enabled for a service
> ----------------------------------------------------------------------------
>
>                 Key: AMBARI-24384
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24384
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Major
>
> Add logic and declaration used to determine if Kerberos is enabled for a service.
> To support a robust method to determine whether Kerberos is enabled or not, a new attribute should be added - {{kerberosEnabledTest}}.  
> The {{kerberosEnabledTest}} attribute is to contain a JSON document that can be _compiled_ into a {{org.apache.commons.collections.Predicate}} (ideally using {{org.apache.ambari.server.collections.PredicateUtils#fromJSON}}).  For example
> {code}
> <sso>
>   <supported>true</supported>
>   <kerberosEnabledTest>
>     {
>       "equals": [
>         "service-properties/kerberos.enabled",
>         "true"
>       ]
>     }
> </kerberosEnabledTest>
> {code}
> {code}
> <sso>
>   <supported>true</supported>
>   <kerberosEnabledTest>
>     {
>       "or": [
>         {
>           "equals": [
>             "oozie-site/oozie.authentication.type",
>             "kerberos"
>           ]
>         },
>         {
>           "equals": [
>             "oozie-site/oozie.authentication.type",
>             "org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler"
>           ]
>         }
>       ]
>     }
>   </kerberosEnabledTest>
> </sso>
> {code}
> The result of the test, is to be available via the services REST API:
> {code:title=GET /api/v1/clusters/CLUSTERNAME/services/HDFS}
> {
>   "href" : "http://ambari_host:8080/api/v1/clusters/CLUSTERNAME/services/HDFS",
>   "ServiceInfo" : {
>     ...
>     "kerberos_enabled" : true,
>     ...
>    },
>    ...
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)