You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/10/02 20:39:38 UTC
[27/50] [abbrv] ambari git commit: AMBARI-22072. Allow for backward
compatibility in how identity references are specified (rlevas)
AMBARI-22072. Allow for backward compatibility in how identity references are specified (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7950e3c1
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7950e3c1
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7950e3c1
Branch: refs/heads/branch-feature-AMBARI-20859
Commit: 7950e3c1166d51501c3baf7b0cd1d363f2426703
Parents: f744a36
Author: Robert Levas <rl...@hortonworks.com>
Authored: Thu Sep 28 16:36:43 2017 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu Sep 28 16:36:43 2017 -0400
----------------------------------------------------------------------
.../AbstractKerberosDescriptorContainer.java | 26 ++++++++-
.../state/kerberos/KerberosDescriptor.java | 3 +-
.../state/kerberos/KerberosDescriptorTest.java | 56 ++++++++++++++++++++
3 files changed, 83 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/7950e3c1/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
index 4255dd1..9ddb941 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
@@ -855,7 +855,31 @@ public abstract class AbstractKerberosDescriptorContainer extends AbstractKerber
if (identity != null) {
KerberosIdentityDescriptor referencedIdentity;
try {
- referencedIdentity = getReferencedIdentityDescriptor(identity.getReference());
+ if (identity.getReference() != null) {
+ referencedIdentity = getReferencedIdentityDescriptor(identity.getReference());
+ } else {
+ // For backwards compatibility, see if the identity's name indicates a reference...
+ referencedIdentity = getReferencedIdentityDescriptor(identity.getName());
+
+ if(referencedIdentity != null) {
+ // Calculate the path to this identity descriptor for logging purposes.
+ // Examples:
+ // /
+ // /SERVICE
+ // /SERVICE/COMPONENT
+ StringBuilder path = new StringBuilder();
+ AbstractKerberosDescriptor parent = identity.getParent();
+ while(parent != null && (parent.getName() != null)) {
+ path.insert(0, parent.getName());
+ path.insert(0, '/');
+ parent = parent.getParent();
+ }
+
+ // Log this since it is deprecated...
+ LOG.warn("Referenced identities should be declared using the identity's \"reference\" attribute, not the identity's \"name\" attribute." +
+ " This is a deprecated feature. Problems may occur in the future unless this is corrected: {}:{}", path, identity.getName());
+ }
+ }
} catch (AmbariException e) {
throw new AmbariException(String.format("Invalid Kerberos identity reference: %s", identity.getReference()), e);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7950e3c1/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
index 0c7a9a9..b2b9a60 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
@@ -456,7 +456,8 @@ public class KerberosDescriptor extends AbstractKerberosDescriptorContainer {
private static void collectFromIdentities(String service, String component, Collection<KerberosIdentityDescriptor> identities, Map<String, String> result) {
for (KerberosIdentityDescriptor each : identities) {
- if (each.getPrincipalDescriptor() != null && !each.getReferencedServiceName().isPresent()) {
+ if (each.getPrincipalDescriptor() != null && !each.getReferencedServiceName().isPresent() &&
+ !each.getName().startsWith("/")) {
String path = StringUtils.isBlank(component)
? String.format("%s/%s", service, each.getName())
: String.format("%s/%s/%s", service, component, each.getName());
http://git-wip-us.apache.org/repos/asf/ambari/blob/7950e3c1/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
index d0d57d5..d6bef02 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
@@ -59,6 +59,41 @@ public class KerberosDescriptorTest {
" ]" +
"}";
+ private static final String JSON_VALUE_IDENTITY_REFERENCES =
+ "{" +
+ " \"identities\": [" +
+ " {" +
+ " \"keytab\": {" +
+ " \"file\": \"${keytab_dir}/spnego.service.keytab\"" +
+ " }," +
+ " \"name\": \"spnego\"," +
+ " \"principal\": {" +
+ " \"type\": \"service\"," +
+ " \"value\": \"HTTP/_HOST@${realm}\"" +
+ " }" +
+ " }" +
+ " ]," +
+ " \"services\": [" +
+ " {" +
+ " \"identities\": [" +
+ " {" +
+ " \"name\": \"service1_spnego\"," +
+ " \"reference\": \"/spnego\"" +
+ " }" +
+ " ]," +
+ " \"name\": \"SERVICE1\"" +
+ " }," +
+ " {" +
+ " \"identities\": [" +
+ " {" +
+ " \"name\": \"/spnego\"" +
+ " }" +
+ " ]," +
+ " \"name\": \"SERVICE2\"" +
+ " }" +
+ " ]" +
+ "}";
+
private static final Map<String, Object> MAP_VALUE;
static {
@@ -502,4 +537,25 @@ public class KerberosDescriptorTest {
Assert.assertEquals("service2_component1@${realm}", principalsPerComponent.get("SERVICE2/SERVICE2_COMPONENT1/service2_component1_identity"));
Assert.assertEquals("service1@${realm}", principalsPerComponent.get("SERVICE1/service1_identity"));
}
+
+ @Test
+ public void testIdentityReferences() throws Exception {
+ KerberosDescriptor kerberosDescriptor = KERBEROS_DESCRIPTOR_FACTORY.createInstance(JSON_VALUE_IDENTITY_REFERENCES);
+ KerberosServiceDescriptor serviceDescriptor;
+ List<KerberosIdentityDescriptor> identities;
+
+ // Reference is determined using the "reference" attribute
+ serviceDescriptor = kerberosDescriptor.getService("SERVICE1");
+ identities = serviceDescriptor.getIdentities(true, null);
+ Assert.assertEquals(1, identities.size());
+ Assert.assertEquals("service1_spnego", identities.get(0).getName());
+ Assert.assertEquals("/spnego", identities.get(0).getReference());
+
+ // Reference is determined using the "name" attribute
+ serviceDescriptor = kerberosDescriptor.getService("SERVICE2");
+ identities = serviceDescriptor.getIdentities(true, null);
+ Assert.assertEquals(1, identities.size());
+ Assert.assertEquals("/spnego", identities.get(0).getName());
+ Assert.assertNull(identities.get(0).getReference());
+ }
}
\ No newline at end of file