----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60431/ -----------------------------------------------------------
(Updated June 28, 2017, 8:06 a.m.) Review request for Ambari, Balázs Bence Sári, Jaimin Jetly, Laszlo Puskas, Robert Levas, and Sebastian Toader. Changes ------- added missing copyrights and javadocs Bugs: AMBARI-21343 https://issues.apache.org/jira/browse/AMBARI-21343 Repository: ambari Description ------- Upon removing a component from a host, the relevant Kerberos identities should be removed as well. This includes any principals and keytab files. Care must be taken not to remove any principals or keytab files that are still in use in the cluster. Entry point is KerberosIdentityCleaner>>componentRemoved. It removes all of the identities of the uninstalled component, except the ones that are still used by other services/components. Diffs (updated) ----- ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java e8c986b ambari-server/src/main/java/org/apache/ambari/server/controller/DeleteIdentityHandler.java PRE-CREATION ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java d000571 ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java e4b70fd ambari-server/src/main/java/org/apache/ambari/server/controller/OrderedRequestStageContainer.java PRE-CREATION ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleaner.java PRE-CREATION ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java 7824019 ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/Component.java PRE-CREATION ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 0b845d9 ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java 9755bd6 ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java 2112fcc ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosComponentDescriptor.java ca9f013 ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java 86a5e01 ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java a606954 ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptor.java 0f14ca6 ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java PRE-CREATION ambari-web/app/controllers/main/service/item.js 09c7a9c Diff: https://reviews.apache.org/r/60431/diff/6/ Changes: https://reviews.apache.org/r/60431/diff/5-6/ Testing ------- Added new unittests End to end tested manually: before all: - created a cluster with oozie - enabled kerberos 1. - removed oozie - checked if oozie_server principal and keytab was removed, and other identites weren't touched 2. - made the kdc admin credentials expired - removed oozie - supplied kdc admin credentials on the ui - checked if oozie_server principal and keytab was removed 3. - added oozie_server principal to a kerberos.json of an other service (so that the principal was shared) - removed oozie - checked if the oozie_server principal and keytab was NOT removed 4. - disabled kerberos - removed oozie - checked that there was no identity deletion attempt Existing Tests: Results : Tests run: 4790, Failures: 0, Errors: 0, Skipped: 35 Ran 244 tests in 7.122s OK ---------------------------------------------------------------------- Total run:1146 Total errors:0 Total failures:0 OK Thanks, Attila Magyar