----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60431/#review178966 -----------------------------------------------------------
Ship it! Ship It! - Sebastian Toader On June 26, 2017, 6:23 p.m., Attila Magyar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60431/ > ----------------------------------------------------------- > > (Updated June 26, 2017, 6:23 p.m.) > > > Review request for Ambari, Balázs Bence Sári, Jaimin Jetly, Laszlo Puskas, > Robert Levas, and Sebastian Toader. > > > Bugs: AMBARI-21343 > https://issues.apache.org/jira/browse/AMBARI-21343 > > > Repository: ambari > > > Description > ------- > > Upon removing a component from a host, the relevant Kerberos identities > should be removed as well. This includes any principals and keytab files. > Care must be taken not to remove any principals or keytab files that are > still in use in the cluster. > > > Entry point is KerberosIdentityCleaner>>componentRemoved. It removes all of > the identities of the uninstalled component, except the ones that are still > used by other services/components. > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java > e8c986b > > ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java > d000571 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > 802c93d > > ambari-server/src/main/java/org/apache/ambari/server/controller/OrderedRequestStageContainer.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java > 7824019 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/Component.java > PRE-CREATION > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java > 9755bd6 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java > 2112fcc > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java > ca9f013 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java > 86a5e01 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java > a606954 > > ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptor.java > 0f14ca6 > > ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java > PRE-CREATION > ambari-web/app/controllers/main/service/item.js 09c7a9c > > > Diff: https://reviews.apache.org/r/60431/diff/1/ > > > Testing > ------- > > Added new unittests > End to end tested manually: > > before all: > - created a cluster with oozie > - enabled kerberos > 1. > - removed oozie > - checked if oozie_server principal and keytab was removed, and other > identites weren't touched > 2. > - made the kdc admin credentials expired > - removed oozie > - supplied kdc admin credentials on the ui > - checked if oozie_server principal and keytab was removed > 3. > - added oozie_server principal to a kerberos.json of an other service (so > that the principal was shared) > - removed oozie > - checked if the oozie_server principal and keytab was NOT removed > > > Existing Tests: PENDING > > > Thanks, > > Attila Magyar > >