You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2017/11/30 12:07:00 UTC

[jira] [Created] (AMBARI-22560) Remove obsolete hack to set KDC admin credentials via Cluster session API

Sandor Molnar created AMBARI-22560:
--------------------------------------

             Summary: Remove obsolete hack to set KDC admin credentials via Cluster session API
                 Key: AMBARI-22560
                 URL: https://issues.apache.org/jira/browse/AMBARI-22560
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.2.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
            Priority: Minor
             Fix For: trunk


Remove hack to set KDC admin credential via the API to set session attribute via the Cluster resource.
Near *org/apache/ambari/server/controller/AmbariManagementControllerImpl.java:1469*

{code:java}
      // TODO: Once the UI uses the Credential Resource API, remove this block to _clean_ the
      // TODO: session attributes and store any KDC administrator credentials in the secure
      // TODO: credential provider facility.
      // For now, to keep things backwards compatible, get and remove the KDC administrator credentials
      // from the session attributes and store them in the CredentialsProvider. The KDC administrator
      // credentials are prefixed with kdc_admin/. The following attributes are expected, if setting
      // the KDC administrator credentials:
      //    kerberos_admin/principal
      //    kerberos_admin/password
      if((sessionAttributes != null) && !sessionAttributes.isEmpty()) {
        Map<String, Object> cleanedSessionAttributes = new HashMap<>();
        String principal = null;
        char[] password = null;

        for(Map.Entry<String,Object> entry: sessionAttributes.entrySet()) {
          String name = entry.getKey();
          Object value = entry.getValue();

          if ("kerberos_admin/principal".equals(name)) {
            if(value instanceof String) {
              principal = (String)value;
            }
          }
          else if ("kerberos_admin/password".equals(name)) {
            if(value instanceof String) {
              password = ((String) value).toCharArray();
            }
          } else {
            cleanedSessionAttributes.put(name, value);
          }
        }

        if(principal != null) {
          // The KDC admin principal exists... set the credentials in the credentials store
          credentialStoreService.setCredential(cluster.getClusterName(),
              KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
              new PrincipalKeyCredential(principal, password), CredentialStoreType.TEMPORARY);
        }

        sessionAttributes = cleanedSessionAttributes;
      }
      // TODO: END
{code}


This is no longer needed once the UI uses the new Credential Resource REST API - see  AMBARI-13292



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)