You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2017/12/01 08:57:00 UTC
[jira] [Updated] (AMBARI-22560) Remove obsolete hack to set KDC
admin credentials via Cluster session API
[ https://issues.apache.org/jira/browse/AMBARI-22560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar updated AMBARI-22560:
-----------------------------------
Attachment: AMBARI_22560_patch
> Remove obsolete hack to set KDC admin credentials via Cluster session API
> -------------------------------------------------------------------------
>
> Key: AMBARI-22560
> URL: https://issues.apache.org/jira/browse/AMBARI-22560
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.2.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Minor
> Labels: kdc_credentials, kerberos
> Fix For: trunk
>
> Attachments: AMBARI_22560_patch
>
>
> Remove hack to set KDC admin credential via the API to set session attribute via the Cluster resource.
> Near *org/apache/ambari/server/controller/AmbariManagementControllerImpl.java:1469*
> {code:java}
> // TODO: Once the UI uses the Credential Resource API, remove this block to _clean_ the
> // TODO: session attributes and store any KDC administrator credentials in the secure
> // TODO: credential provider facility.
> // For now, to keep things backwards compatible, get and remove the KDC administrator credentials
> // from the session attributes and store them in the CredentialsProvider. The KDC administrator
> // credentials are prefixed with kdc_admin/. The following attributes are expected, if setting
> // the KDC administrator credentials:
> // kerberos_admin/principal
> // kerberos_admin/password
> if((sessionAttributes != null) && !sessionAttributes.isEmpty()) {
> Map<String, Object> cleanedSessionAttributes = new HashMap<>();
> String principal = null;
> char[] password = null;
> for(Map.Entry<String,Object> entry: sessionAttributes.entrySet()) {
> String name = entry.getKey();
> Object value = entry.getValue();
> if ("kerberos_admin/principal".equals(name)) {
> if(value instanceof String) {
> principal = (String)value;
> }
> }
> else if ("kerberos_admin/password".equals(name)) {
> if(value instanceof String) {
> password = ((String) value).toCharArray();
> }
> } else {
> cleanedSessionAttributes.put(name, value);
> }
> }
> if(principal != null) {
> // The KDC admin principal exists... set the credentials in the credentials store
> credentialStoreService.setCredential(cluster.getClusterName(),
> KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
> new PrincipalKeyCredential(principal, password), CredentialStoreType.TEMPORARY);
> }
> sessionAttributes = cleanedSessionAttributes;
> }
> // TODO: END
> {code}
> This is no longer needed once the UI uses the new Credential Resource REST API - see AMBARI-13292
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)