[AMBARI-16437] Add conditional constraints for Kerberos identities to control when they are created - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.4.0
Fix Version/s: 2.4.0
Component/s: ambari-server
Labels:
- kerberos
- kerberos_descriptor

Description

Add conditional constraints for Kerberos identities to control when they are created. For example if Kerberos Identity should only be created (and distributed) for a component when some other component or service is installed.

An example of this would be

{
  "name": "/HIVE/HIVE_SERVER/hive_server_hive",
  "principal": {
    "configuration": "hive-interactive-site/hive.llap.daemon.service.principal"
  },
  "keytab": {
    "configuration": "hive-interactive-site/hive.llap.daemon.keytab.file"
  },
  "when" : {
      "contains" : ["services", "HIVE"]
  }
}

Note the "when" clause. This indicates that this identity should only be processed when the set of services contains "HIVE". An alternative to this would be to test the set of components for a certain component.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-16437_trunk_01.patch
26/May/16 23:32
112 kB
Robert Levas
AMBARI-16437_trunk_02.patch
27/May/16 19:56
113 kB
Robert Levas
AMBARI-16437_trunk_03.patch
27/May/16 23:53
114 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/May/16 18:42

Updated:: 28/May/16 13:47

Resolved:: 28/May/16 12:20