You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "John Speidel (JIRA)" <ji...@apache.org> on 2015/02/14 01:10:11 UTC
[jira] [Created] (AMBARI-9640) Allow the KDC admin credentials
stored in session to be validated via the REST API
John Speidel created AMBARI-9640:
------------------------------------
Summary: Allow the KDC admin credentials stored in session to be validated via the REST API
Key: AMBARI-9640
URL: https://issues.apache.org/jira/browse/AMBARI-9640
Project: Ambari
Issue Type: Task
Components: ambari-server, security
Reporter: John Speidel
Assignee: John Speidel
Priority: Critical
Fix For: 2.0.0
Based on my conversation with [~rlevas] I understand that the UI wants an api that indicates whether the kdc admin credentials are set in session at the time of the call and that they are valid.
Based on this requirement I am proposing adding this information as part of the kerberos service.
Specifically, the properties, "Services/attributes/kdc_validation_result" and "Services/attributes/kdc_validation_failure_details" will be added to the response.
GET api/v1/clusters/c1/services/KERBEROS
{code}
{
"href" : "http://172.18.192.1:8080/api/v1/clusters/c1/services/KERBEROS",
"ServiceInfo" : {
"cluster_name" : "c1",
"maintenance_state" : "OFF",
"service_name" : "KERBEROS",
"state" : "INSTALLED"
},
"Services" : {
"attributes" : {
"kdc_validation_result" : "OK"
}
}
}
{code}
In the case of missing credentials:
{code}
{
...
"Services" : {
"attributes" : {
"kdc_validation_result" : "MISSING_CREDENTIALS",
"kdc_validation_failure_details" : "Missing KDC administrator credentials.\nThe KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:\n{\n \"session_attributes\" : {\n \"kerberos_admin\" : {\"principal\" : \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n }\n}"
}
}
}
{code}
For invalid credentials:
{code}
{
...
"Services" : {
"attributes" : {
"kdc_validation_result" : "INVALID_CREDENTIALS",
"kdc_validation_failure_details" : "Invalid KDC administrator credentials.\nThe KDC administrator credentials must be set in session by updating the relevant Cluster resource.This may be done by issuing a PUT to the api/v1/clusters/(cluster name) API entry point with the following payload:\n{\n \"session_attributes\" : {\n \"kerberos_admin\" : {\"principal\" : \"(PRINCIPAL)\", \"password\" : \"(PASSWORD)\"}\n }\n}"
}
}
}
{code}
For bad configuration:
{code}
{
...
"Services" : {
"attributes" : {
"kdc_validation_result" : "INVALID_CONFIGURATION",
"kdc_validation_failure_details" : "The 'kerberos-env/kdc_type' value must be set to a valid KDC type"
}
}
}
{code}
And for all other errors:
{code}
{
...
"Services" : {
"attributes" : {
"kdc_validation_result" : "VALIDATION_ERROR",
"kdc_validation_failure_details" : "..."
}
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)