You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2017/11/30 12:07:00 UTC
[jira] [Created] (AMBARI-22560) Remove obsolete hack to set KDC
admin credentials via Cluster session API
Sandor Molnar created AMBARI-22560:
--------------------------------------
Summary: Remove obsolete hack to set KDC admin credentials via Cluster session API
Key: AMBARI-22560
URL: https://issues.apache.org/jira/browse/AMBARI-22560
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.2.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Priority: Minor
Fix For: trunk
Remove hack to set KDC admin credential via the API to set session attribute via the Cluster resource.
Near *org/apache/ambari/server/controller/AmbariManagementControllerImpl.java:1469*
{code:java}
// TODO: Once the UI uses the Credential Resource API, remove this block to _clean_ the
// TODO: session attributes and store any KDC administrator credentials in the secure
// TODO: credential provider facility.
// For now, to keep things backwards compatible, get and remove the KDC administrator credentials
// from the session attributes and store them in the CredentialsProvider. The KDC administrator
// credentials are prefixed with kdc_admin/. The following attributes are expected, if setting
// the KDC administrator credentials:
// kerberos_admin/principal
// kerberos_admin/password
if((sessionAttributes != null) && !sessionAttributes.isEmpty()) {
Map<String, Object> cleanedSessionAttributes = new HashMap<>();
String principal = null;
char[] password = null;
for(Map.Entry<String,Object> entry: sessionAttributes.entrySet()) {
String name = entry.getKey();
Object value = entry.getValue();
if ("kerberos_admin/principal".equals(name)) {
if(value instanceof String) {
principal = (String)value;
}
}
else if ("kerberos_admin/password".equals(name)) {
if(value instanceof String) {
password = ((String) value).toCharArray();
}
} else {
cleanedSessionAttributes.put(name, value);
}
}
if(principal != null) {
// The KDC admin principal exists... set the credentials in the credentials store
credentialStoreService.setCredential(cluster.getClusterName(),
KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
new PrincipalKeyCredential(principal, password), CredentialStoreType.TEMPORARY);
}
sessionAttributes = cleanedSessionAttributes;
}
// TODO: END
{code}
This is no longer needed once the UI uses the new Credential Resource REST API - see AMBARI-13292
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)