You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by al...@apache.org on 2016/04/13 14:48:41 UTC

[2/3] ambari git commit: AMBARI-15838. Kerberos : Referencing an identity across service's kerberos files is not honored and hangs at 'configure identities'. (alexantonenko)

AMBARI-15838. Kerberos : Referencing an identity across service's kerberos files is not honored and hangs at 'configure identities'. (alexantonenko)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9f803fe9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9f803fe9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9f803fe9

Branch: refs/heads/trunk
Commit: 9f803fe9aca0c5817179f8f5a0bffc5ea1723d12
Parents: b3a9a7c
Author: Alex Antonenko <hi...@gmail.com>
Authored: Tue Apr 12 18:18:17 2016 +0300
Committer: Alex Antonenko <hi...@gmail.com>
Committed: Wed Apr 13 15:48:35 2016 +0300

----------------------------------------------------------------------
 .../app/mixins/wizard/addSecurityConfigs.js     | 53 +++++++++++++++++---
 .../mixins/wizard/addSeccurityConfigs_test.js   | 18 +++++--
 2 files changed, 61 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/9f803fe9/ambari-web/app/mixins/wizard/addSecurityConfigs.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/mixins/wizard/addSecurityConfigs.js b/ambari-web/app/mixins/wizard/addSecurityConfigs.js
index a829cb6..09fa561 100644
--- a/ambari-web/app/mixins/wizard/addSecurityConfigs.js
+++ b/ambari-web/app/mixins/wizard/addSecurityConfigs.js
@@ -245,13 +245,49 @@ App.AddSecurityConfigs = Em.Mixin.create({
    */
   processConfigReferences: function (kerberosDescriptor, configs) {
     var identities = kerberosDescriptor.identities;
-    identities = identities.concat(kerberosDescriptor.services.map(function (service) {
-      if (service.components && !!service.components.length) {
-        identities = identities.concat(service.components.mapProperty('identities').reduce(function (p, c) {
-          return p.concat(c);
-        }, []));
-        return identities;
+
+    /**
+     * Returns indentity object with additional attribute `referencePath`.
+     * Reference path depends on how deep identity is. Each level separated by `/` sign.
+     *
+     * @param {object} identity
+     * @param {string} [prefix=false] prefix to append e.g. 'SERVICE_NAME'
+     * @returns {object} identity object
+     */
+    var setReferencePath = function(identity, prefix) {
+      var name = Em.getWithDefault(identity, 'name', false);
+      if (name) {
+        if (prefix) {
+          name = prefix + '/' + name;
+        }
+        identity.referencePath = name;
       }
+      return identity;
+    };
+
+    // map all identities and add attribute `referencePath`
+    // `referencePath` is a path to identity it can be 1-3 levels
+    // 1 for "/global" identity e.g. `/spnego`
+    // 2 for "/SERVICE/identity"
+    // 3 for "/SERVICE/COMPONENT/identity"
+    identities = identities.map(function(i) {
+      return setReferencePath(i);
+    })
+    .concat(kerberosDescriptor.services.map(function (service) {
+      var serviceName = Em.getWithDefault(service, 'name', false);
+      var serviceIdentities = Em.getWithDefault(service, 'identities', []).map(function(i) {
+        return setReferencePath(i, serviceName);
+      });
+      var componentIdentities = Em.getWithDefault(service || {}, 'components', []).map(function(i) {
+        var componentName = Em.getWithDefault(i, 'name', false);
+        return Em.getWithDefault(i, 'identities', []).map(function(componentIdentity) {
+          return setReferencePath(componentIdentity, serviceName + '/' + componentName);
+        });
+      }).reduce(function(p, c) {
+        return p.concat(c);
+      }, []);
+      serviceIdentities.pushObjects(componentIdentities);
+      return serviceIdentities;
     }).reduce(function (p, c) {
       return p.concat(c);
     }, []));
@@ -260,7 +296,10 @@ App.AddSecurityConfigs = Em.Mixin.create({
     configs.forEach(function (item) {
       var reference = item.get('referenceProperty');
       if (!!reference) {
-        var identity = identities.findProperty('name', reference.split(':')[0])[reference.split(':')[1]];
+        // first find identity by `name`
+        // if not found try to find by `referencePath`
+        var identity = Em.getWithDefault(identities.findProperty('name', reference.split(':')[0]) || {}, reference.split(':')[1], false) ||
+              Em.getWithDefault(identities.findProperty('referencePath', reference.split(':')[0]) || {}, reference.split(':')[1], false);
         if (identity && !!identity.configuration) {
           item.set('observesValueFrom', identity.configuration.split('/')[1]);
         } else {

http://git-wip-us.apache.org/repos/asf/ambari/blob/9f803fe9/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
----------------------------------------------------------------------
diff --git a/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js b/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
index e923144..ea44dcf 100644
--- a/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
+++ b/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
@@ -222,7 +222,12 @@ describe('App.AddSecurityConfigs', function () {
           name: 'SERVICE',
           identities: [
             { name: '/spnego' },
-            { name: '/hdfs' }
+            { name: '/hdfs' },
+            {
+              name: 'service_identity',
+              keytab: { configuration: 'service-site/service.keytab' },
+              principal: { configuration: 'service-site/service.principal' }
+            }
           ]
         },
         {
@@ -247,6 +252,7 @@ describe('App.AddSecurityConfigs', function () {
         }
       ]
     };
+
     var configs = Em.A([
       generateProperty('spnego_inherited_keytab', 'spnego:keytab'),
       generateProperty('spnego_inherited_principal', 'spnego:principal'),
@@ -255,8 +261,12 @@ describe('App.AddSecurityConfigs', function () {
       generateProperty('component_prop1_inherited_principal', 'component_prop1:principal'),
       generateProperty('component_prop1_inherited_keytab', 'component_prop1:keytab'),
       generateProperty('component_prop2_inherited_keytab', 'component_prop2:keytab'),
-      generateProperty('component_prop2_inherited_principal', 'component_prop2:principal')
+      generateProperty('component_prop2_inherited_principal', 'component_prop2:principal'),
+      generateProperty('component_prop2_inherited_principal', 'component_prop2:principal'),
+      generateProperty('component_prop3_inherited_principal', 'SERVICE2/COMPONENT/component_prop2:principal'),
+      generateProperty('service_prop1_inherited_principal', 'SERVICE/service_identity:principal')
     ]);
+
     var tests = [
       { name: 'spnego_inherited_keytab', e: 'spnego_keytab' },
       { name: 'spnego_inherited_principal', e: 'spnego_principal' },
@@ -265,7 +275,9 @@ describe('App.AddSecurityConfigs', function () {
       { name: 'component_prop1_inherited_keytab', e: 'component.keytab' },
       { name: 'component_prop1_inherited_principal', e: 'component_prop1_principal' },
       { name: 'component_prop2_inherited_keytab', e: 'component2.keytab' },
-      { name: 'component_prop2_inherited_principal', e: 'component2.principal' }
+      { name: 'component_prop2_inherited_principal', e: 'component2.principal' },
+      { name: 'component_prop3_inherited_principal', e: 'component2.principal' },
+      { name: 'service_prop1_inherited_principal', e: 'service.principal' }
     ];
     before(function() {
       controller.processConfigReferences(descriptor, configs);