Repository: ambari Updated Branches: refs/heads/branch-2.5 2461ddbcd -> 80d804849
AMBARI-21238. Kafka userprincipal to shortname is not using AUTH_TO_LOCAL rules for authorization (echekanskiy) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/80d80484 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/80d80484 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/80d80484 Branch: refs/heads/branch-2.5 Commit: 80d8048496080b84a90dac822948d1ae6d39bf80 Parents: 2461ddb Author: Eugene Chekanskiy <echekans...@hortonworks.com> Authored: Wed Jun 14 16:34:48 2017 +0300 Committer: Eugene Chekanskiy <echekans...@hortonworks.com> Committed: Wed Jun 14 16:34:48 2017 +0300 ---------------------------------------------------------------------- .../ambari/server/controller/AuthToLocalBuilder.java | 10 ++++++++-- .../resources/common-services/KAFKA/0.9.0/kerberos.json | 3 +++ .../resources/stacks/HDP/2.5/services/KAFKA/kerberos.json | 3 +++ 3 files changed, 14 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/80d80484/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java index 1fb912e..7e706ff 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java @@ -242,6 +242,9 @@ public class AuthToLocalBuilder implements Cloneable { case SPACES: stringBuilder.append(" "); break; + case COMMA: + stringBuilder.append(","); + break; default: throw new UnsupportedOperationException(String.format("The auth-to-local rule concatenation type is not supported: %s", concatenationType.name())); @@ -661,8 +664,11 @@ public class AuthToLocalBuilder implements Cloneable { /** * Each rule is appended to the set of rules using a space - the ruleset exists on a single line */ - SPACES; - + SPACES, + /** + * Each rule is appended to the set of rules using comma - the ruleset exists on a single line. + */ + COMMA; /** * Translate a string declaring a concatenation type to the enumerated value. * <p/> http://git-wip-us.apache.org/repos/asf/ambari/blob/80d80484/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json index 60fa959..3512656 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json @@ -18,6 +18,9 @@ } } ], + "auth_to_local_properties" : [ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], "components": [ { "name": "KAFKA_BROKER", http://git-wip-us.apache.org/repos/asf/ambari/blob/80d80484/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json index 501f969..be64e70 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json @@ -28,6 +28,9 @@ } } ], + "auth_to_local_properties" : [ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], "components": [ { "name": "KAFKA_BROKER",