[jira] [Work logged] (KNOX-474) Improved Kerberos config validation and diagnostics at startup

[ASF GitHub Bot (JIRA)]

     [ 
https://issues.apache.org/jira/browse/KNOX-474?focusedWorklogId=207477&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-207477
 ]

ASF GitHub Bot logged work on KNOX-474:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 04/Mar/19 22:32
            Start Date: 04/Mar/19 22:32
    Worklog Time Spent: 10m 
      Work Description: rlevas commented on pull request #62: KNOX-474 - Added 
Kerberos related configuration validation at gateway startup time
URL: https://github.com/apache/knox/pull/62#discussion_r262271888
 
 

 ##########
 File path: 
gateway-server/src/main/java/org/apache/knox/gateway/config/impl/GatewayConfigImpl.java
 ##########
 @@ -235,8 +238,35 @@
       "NAMENODE", "JOBTRACKER", "WEBHDFS", "WEBHCAT",
       "OOZIE", "WEBHBASE", "HIVE", "RESOURCEMANAGER");
 
-  public GatewayConfigImpl() {
+  public GatewayConfigImpl() throws GatewayConfigurationException {
     init();
+    validate();
+  }
+
+  private void validate() throws GatewayConfigurationException {
 
 Review comment:
   It seems like this would be better done right before it is used.  Like in 
`org.apache.knox.gateway.GatewayServer#configureKerberosSecurity`.  I guess for 
code reuse, this might be ok. However, the KnoxCLI will unnecessarily fail if 
all is not setup properly for the Gateway.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 207477)
    Time Spent: 0.5h  (was: 20m)

> Improved Kerberos config validation and diagnostics at startup
> --------------------------------------------------------------
>
>                 Key: KNOX-474
>                 URL: https://issues.apache.org/jira/browse/KNOX-474
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.4.0
>            Reporter: Kevin Minder
>            Assignee: Sandor Molnar
>            Priority: Major
>              Labels: security
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> In gateway-site.xml, if gateway.hadoop.kerberos.secured=true
> # Complain or fail to start if there is a kinited principal.
> # Complain or fail to start if the file referenced via 
> java.security.krb5.conf cannot be read.
> # Complain or fail to start if the file referenced via 
> java.security.auth.login.config cannot be read.
> # Read the file referenced via java.security.auth.login.config complain or 
> fail to start if the keyTab file referenced in the 
> com.sun.security.jgss.initiate section there cannot be read.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)