org.apache.ambari.server.serveraction.kerberos

Class CreatePrincipalsServerAction

java.lang.Object

org.apache.ambari.server.serveraction.AbstractServerAction

org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

org.apache.ambari.server.serveraction.kerberos.CreatePrincipalsServerAction

All Implemented Interfaces:

ServerAction

public class CreatePrincipalsServerAction
extends KerberosServerAction

CreatePrincipalsServerAction is a ServerAction implementation that creates principals as instructed.

This class mainly relies on the KerberosServerAction to iterate through metadata identifying the Kerberos principals that need to be created. For each identity in the metadata, this implementation's KerberosServerAction.processIdentity(ResolvedKerberosPrincipal, KerberosOperationHandler, Map, boolean, Map) is invoked attempting the creation of the relevant principal.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CreatePrincipalsServerAction.CreatePrincipalResult CreatePrincipalResult holds values created as a result of creating a principal in a KDC.

Nested classes/interfaces inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

KerberosServerAction.KerberosCommandParameters, KerberosServerAction.OperationType

Field Summary

Fields inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

AUTHENTICATED_USER_NAME, DATA_DIRECTORY, DATA_DIRECTORY_PREFIX, DEFAULT_REALM, HOST_FILTER, IDENTITY_FILTER, INCLUDE_AMBARI_IDENTITY, KDC_TYPE, KEYTAB_CONTENT_BASE64, OPERATION_TYPE, PRECONFIGURE_SERVICES, SERVICE_COMPONENT_FILTER, UPDATE_CONFIGURATION_NOTE, UPDATE_CONFIGURATION_POLICY

Fields inherited from class org.apache.ambari.server.serveraction.AbstractServerAction

actionLog, gson

Fields inherited from interface org.apache.ambari.server.serveraction.ServerAction

ACTION_NAME, ACTION_USER_NAME, DEFAULT_LONG_RUNNING_TASK_TIMEOUT_SECONDS, WRAPPED_CLASS_NAME

Constructor Summary

Constructors

Constructor and Description
CreatePrincipalsServerAction()

Method Summary

Modifier and Type	Method and Description
CreatePrincipalsServerAction.CreatePrincipalResult	createPrincipal(String principal, boolean isServicePrincipal, Map<String,String> kerberosConfiguration, KerberosOperationHandler kerberosOperationHandler, boolean regenerateKeytabs, ActionLog actionLog) Creates a principal in the relevant KDC
CommandReport	execute(ConcurrentMap<String,Object> requestSharedDataContext) Called to execute this action.
protected CommandReport	processIdentity(ResolvedKerberosPrincipal resolvedPrincipal, KerberosOperationHandler operationHandler, Map<String,String> kerberosConfiguration, boolean includedInFilter, Map<String,Object> requestSharedDataContext) For each identity, generate a unique password, and create a new or update an existing principal in an assumed to be configured KDC.

Methods inherited from class org.apache.ambari.server.serveraction.kerberos.KerberosServerAction

ambariServerHostID, deleteDataDirectory, getCluster, getClusterName, getClusters, getCommandParameterValue, getCommandPreconfigureType, getConfigurationProperties, getDataDirectoryPath, getDataDirectoryPath, getDefaultRealm, getHostFilter, getIdentityFilter, getKDCType, getOperationType, getPrincipalKeyNumberMap, getPrincipalPasswordMap, getServiceComponentFilter, getUpdateConfigurationPolicy, hasHostFilters, processIdentities, pruneServiceFilter, setPrincipalPasswordMap

Methods inherited from class org.apache.ambari.server.serveraction.AbstractServerAction

auditLog, createCommandReport, createCompletedCommandReport, getCommandParameters, getCommandParameterValue, getExecutionCommand, getHostRoleCommand, setExecutionCommand, setHostRoleCommand

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CreatePrincipalsServerAction

public CreatePrincipalsServerAction()

Method Detail

execute

public CommandReport execute(ConcurrentMap<String,Object> requestSharedDataContext)
                      throws org.apache.ambari.server.AmbariException,
                             InterruptedException

Called to execute this action. Upon invocation, calls KerberosServerAction.processIdentities(java.util.Map) to iterate through the Kerberos identity metadata and call KerberosServerAction.processIdentities(java.util.Map) for each identity to process.

Parameters:

requestSharedDataContext - a Map to be used as shared data among all ServerActions related to a given request

Returns:

a CommandReport indicating the result of this action

Throws:

org.apache.ambari.server.AmbariException

InterruptedException

processIdentity

protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedPrincipal,
                                        KerberosOperationHandler operationHandler,
                                        Map<String,String> kerberosConfiguration,
                                        boolean includedInFilter,
                                        Map<String,Object> requestSharedDataContext)
                                 throws org.apache.ambari.server.AmbariException

For each identity, generate a unique password, and create a new or update an existing principal in an assumed to be configured KDC.

If a password has not been previously created for the current evaluatedPrincipal, create a "secure" password using SecurePasswordHelper.createSecurePassword(). Then if the principal does not exist in the KDC, create it using the generated password; else if it does exist update its password. Finally store the generated password in the shared principal-to-password map and store the new key numbers in the shared principal-to-key_number map so that subsequent process may use the data if necessary.

Specified by:

processIdentity in class KerberosServerAction

Parameters:

resolvedPrincipal - a ResolvedKerberosPrincipal object to process

operationHandler - a KerberosOperationHandler used to perform Kerberos-related tasks for specific Kerberos implementations (MIT, Active Directory, etc...)

kerberosConfiguration - a Map of configuration properties from kerberos-env

includedInFilter - a Boolean value indicating whather the principal is included in the current filter or not

requestSharedDataContext - a Map to be used as shared data among all ServerActions related to a given request @return a CommandReport, indicating an error condition; or null, indicating a success condition

Throws:

org.apache.ambari.server.AmbariException - if an error occurs while processing the identity record

createPrincipal

public CreatePrincipalsServerAction.CreatePrincipalResult createPrincipal(String principal,
                                                                          boolean isServicePrincipal,
                                                                          Map<String,String> kerberosConfiguration,
                                                                          KerberosOperationHandler kerberosOperationHandler,
                                                                          boolean regenerateKeytabs,
                                                                          ActionLog actionLog)

Creates a principal in the relevant KDC

Parameters:

principal - the principal name to create

isServicePrincipal - true if the principal is a service principal; false if the principal is a user principal

kerberosConfiguration - the kerberos-env configuration properties

kerberosOperationHandler - the KerberosOperationHandler for the relevant KDC

regenerateKeytabs - true if this was triggered in response to regenerating keytab files; false otherwise

actionLog - the logger (may be null if no logging is desired)

Returns:

a CreatePrincipalResult containing the generated password and key number value