This is an automated email from the ASF dual-hosted git repository. amagyar pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new 4243e33 AMBARI-22977. NullPointerException in KerberosHelperImpl.addIdentities (amagyar) 4243e33 is described below commit 4243e3367df2c9826bc94b8584ec0f12d6f6c4be Author: Attila Magyar <amag...@hortonworks.com> AuthorDate: Tue Feb 13 18:41:35 2018 +0100 AMBARI-22977. NullPointerException in KerberosHelperImpl.addIdentities (amagyar) --- .../org/apache/ambari/server/controller/KerberosHelperImpl.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java index 2a30da4..605767f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java @@ -1553,6 +1553,10 @@ public class KerberosHelperImpl implements KerberosHelper { keytabFileGroupAccess = variableReplacementHelper.replaceVariables(keytabDescriptor.getGroupAccess(), configurations); keytabFileConfiguration = variableReplacementHelper.replaceVariables(keytabDescriptor.getConfiguration(), configurations); } + if (keytabFileOwnerName == null || keytabFileGroupName == null) { + LOG.warn("Missing owner ({}) or group name ({}) of kerberos descriptor {}", keytabFileOwnerName, keytabFileGroupName, keytabDescriptor.getName()); + } + // Evaluate the principal "pattern" found in the record to generate the "evaluated principal" // by replacing the _HOST and _REALM variables. String evaluatedPrincipal = principal.replace("_HOST", hostname).replace("_REALM", realm); @@ -1598,7 +1602,7 @@ public class KerberosHelperImpl implements KerberosHelper { // TODO probably fail on group difference. Some services can inject its principals to same keytab, but // TODO with different owners, so make sure that keytabs are accessible through group acls // TODO this includes same group name and group 'r' mode - if (!resolvedKeytab.getGroupName().equals(sameKeytab.getGroupName())) { + if (!StringUtils.equals(resolvedKeytab.getGroupName(), sameKeytab.getGroupName())) { if (differentOwners) { LOG.error(warnTemplate, keytabFilePath, hostname, "groups", sameKeytab.getGroupName(), @@ -1611,7 +1615,7 @@ public class KerberosHelperImpl implements KerberosHelper { sameKeytab.getGroupName()); } } - if (!resolvedKeytab.getGroupAccess().equals(sameKeytab.getGroupAccess())) { + if (!StringUtils.equals(resolvedKeytab.getGroupAccess(), sameKeytab.getGroupAccess())) { if (differentOwners) { if (!sameKeytab.getGroupAccess().contains("r")) { LOG.error("Keytab '{}' on host '{}' referenced by multiple identities which have different owners," + -- To stop receiving notification emails like this one, please contact amag...@apache.org.