Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.4.0
-
None
Description
When requesting a Kerberos Descriptor via the REST API, 'when' clauses should optionally be processed. If elected to be processed, identities that contain when clauses will be included or excluded from the resulting descriptor based on the result of the evaluation.
In the event of an add service scenario, the services being added should be able to be specified so that they can be included in the data used for when-clause evaluation.
Solution
Add GET directives to specify whether when clauses are to be evaluated (or not) while building the Kerberos Descriptor using the following API call:
GET /api/v1/clusters/CLUSTER_NAME/kerberos_descriptors/COMPOSITE?evaluate_when=true
If new services are being added, the additional_services directive should be added to the request so the evaluation can be preformed on the future set of services, which may evaluate differently then the current set of services.
GET /api/v1/clusters/CLUSTER_NAME/kerberos_descriptors/COMPOSITE?evaluate_when=true@additional_services=HIVE,TEZ,PIG
Attachments
Attachments
Issue Links
- links to