Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-1579

Add basic HTTP auth to Oozie CLI

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Patch Available
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: trunk
    • Component/s: client
    • Labels:
      None

      Description

      This proposed change adds Basic HTTP Auth functionality to the Oozie CLI. This would never be used in a usual Oozie installation because Oozie servers support token-based authentication: Pseudo/Simple Auth and Kerberos.

      Basic HTTP Auth is needed in the Oozie CLI for when the Oozie service is placed behind a gateway that uses Basic HTTP Auth over SSL. It is assumed that the Oozie service is running with authorization turned off, because the gateway is handling authorization. Once the user authenticates himself to the gateway, the request is forwarded through the gateway to the oozie service.

      This had to be implemented outside of the custom authentication framework provided by Oozie because basic auth requires adding a request property to each connection created. It's completely possible that there is a cleaner way of implementing this, if so please let me know!

      Two additions were implemented in the CLI:

      • Indication to use Basic Auth. This is done by specifying BASIC as the argument to the -auth argument.
      • Configuration of Basic Auth.
        • Introduction of -username and -password command line arguments.
        • If the auth mode is BASIC, only -username is provided, and the OOZIEPASSWORD environment variable is set, the OOZIEPASSWORD environment variable will be used for the password.
        • If mode is BASIC and only -username is provided, and OOZIEPASSWORD is undefined, the user will be prompted for the password, and the shell facilities for masking input will be used.

        Attachments

        1. OOZIE-1579.trunk.patch
          10 kB
          David Wannemacher
        2. OOZIE-1579.trunk.2.patch
          11 kB
          David Wannemacher

          Activity

            People

            • Assignee:
              dwann David Wannemacher
              Reporter:
              dwann David Wannemacher
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: