[ https://issues.apache.org/jira/browse/AMBARI-22560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar updated AMBARI-22560: ----------------------------------- Resolution: Fixed Status: Resolved (was: Patch Available) > Remove obsolete hack to set KDC admin credentials via Cluster session API > ------------------------------------------------------------------------- > > Key: AMBARI-22560 > URL: https://issues.apache.org/jira/browse/AMBARI-22560 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.2.0 > Reporter: Sandor Molnar > Assignee: Sandor Molnar > Priority: Minor > Labels: kdc_credentials, kerberos > Fix For: trunk > > Attachments: AMBARI_22560_patch, AMBARI_22560_trunk_02.patch > > > Remove hack to set KDC admin credential via the API to set session attribute > via the Cluster resource. > Near > *org/apache/ambari/server/controller/AmbariManagementControllerImpl.java:1469* > {code:java} > // TODO: Once the UI uses the Credential Resource API, remove this > block to _clean_ the > // TODO: session attributes and store any KDC administrator credentials > in the secure > // TODO: credential provider facility. > // For now, to keep things backwards compatible, get and remove the KDC > administrator credentials > // from the session attributes and store them in the > CredentialsProvider. The KDC administrator > // credentials are prefixed with kdc_admin/. The following attributes > are expected, if setting > // the KDC administrator credentials: > // kerberos_admin/principal > // kerberos_admin/password > if((sessionAttributes != null) && !sessionAttributes.isEmpty()) { > Map<String, Object> cleanedSessionAttributes = new HashMap<>(); > String principal = null; > char[] password = null; > for(Map.Entry<String,Object> entry: sessionAttributes.entrySet()) { > String name = entry.getKey(); > Object value = entry.getValue(); > if ("kerberos_admin/principal".equals(name)) { > if(value instanceof String) { > principal = (String)value; > } > } > else if ("kerberos_admin/password".equals(name)) { > if(value instanceof String) { > password = ((String) value).toCharArray(); > } > } else { > cleanedSessionAttributes.put(name, value); > } > } > if(principal != null) { > // The KDC admin principal exists... set the credentials in the > credentials store > credentialStoreService.setCredential(cluster.getClusterName(), > KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS, > new PrincipalKeyCredential(principal, password), > CredentialStoreType.TEMPORARY); > } > sessionAttributes = cleanedSessionAttributes; > } > // TODO: END > {code} > This is no longer needed once the UI uses the new Credential Resource REST > API - see AMBARI-13292 -- This message was sent by Atlassian JIRA (v6.4.14#64029)