[37/55] [abbrv] ambari git commit: AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)

Tue, 29 Nov 2016 09:56:46 -0800 

AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via 
rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/cad0130d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/cad0130d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/cad0130d

Branch: refs/heads/branch-feature-AMBARI-18634
Commit: cad0130d9d4a64a6bda1992758c5c7c05e06b39e
Parents: 255725d
Author: Shi Wang <cntj...@gmail.com>
Authored: Mon Nov 28 12:39:05 2016 -0500
Committer: Robert Levas <rle...@hortonworks.com>
Committed: Mon Nov 28 12:39:10 2016 -0500

----------------------------------------------------------------------
 .../common-services/HDFS/2.1.0.2.0/kerberos.json          |  2 +-
 .../HIVE/0.12.0.2.0/package/scripts/webhcat.py            | 10 ----------
 .../resources/stacks/HDP/2.5/services/HDFS/kerberos.json  |  2 +-
 .../test/python/stacks/2.0.6/HIVE/test_webhcat_server.py  |  4 ----
 4 files changed, 2 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json 
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index e8c96cb..f30c9e4 100644
--- 
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++ 
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -56,7 +56,7 @@
                 },
                 "group": {
                   "name": "${cluster-env/user_group}",
-                  "access": "r"
+                  "access": ""
                 },
                 "configuration": "hadoop-env/hdfs_user_keytab"
               }

http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
index a7feb60..00b057c 100644
--- 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
+++ 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
@@ -70,16 +70,6 @@ def webhcat():
             group=params.user_group,
             cd_access="a")
 
-  if params.security_enabled:
-    kinit_if_needed = format("{kinit_path_local} -kt {hdfs_user_keytab} 
{hdfs_principal_name};")
-  else:
-    kinit_if_needed = ""
-
-  if kinit_if_needed:
-    Execute(kinit_if_needed,
-            user=params.webhcat_user,
-            path='/bin'
-    )
 
   # Replace _HOST with hostname in relevant principal-related properties
   webhcat_site = params.config['configurations']['webhcat-site'].copy()

http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json 
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
index 974a69c..9000e95 100644
--- 
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
+++ 
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
@@ -66,7 +66,7 @@
                 },
                 "group": {
                   "name": "${cluster-env/user_group}",
-                  "access": "r"
+                  "access": ""
                 },
                 "configuration": "hadoop-env/hdfs_user_keytab"
               }

http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py 
b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
index 2b26dd8..8df6295 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
@@ -252,10 +252,6 @@ class TestWebHCatServer(RMFTestCase):
                               create_parents = True,
                               cd_access = 'a'
                               )
-    self.assertResourceCalled('Execute', '/usr/bin/kinit -kt 
/etc/security/keytabs/hdfs.headless.keytab hdfs;',
-                              path = ['/bin'],
-                              user = 'hcat',
-                              )
     self.assertResourceCalled('XmlConfig', 'webhcat-site.xml',
                               owner = 'hcat',
                               group = 'hadoop',

Reply via email to