def _get_credentials(cluster):
return [{
"alias": "kdc.admin.credential",
"principal": kerberos.get_admin_principal(cluster),
"key": kerberos.get_server_password(cluster),
"type": "TEMPORARY"
}]
def test_get_server_password(self, get_secret, store_secret,
cluster_get_mock, cluster_update_mock):
cl = mock.Mock(node_groups=[], cluster_configs={}, extra={})
ctx = context.ctx()
cluster_get_mock.return_value = cl
store_secret.return_value = 'secret-id'
krb.get_server_password(cl)
self.assertEqual(1, cluster_get_mock.call_count)
self.assertEqual(1, cluster_update_mock.call_count)
self.assertEqual(
[mock.call(ctx, cl, {'extra': {
'admin-passwd-kdc': 'secret-id'
}})], cluster_update_mock.call_args_list)
self.assertEqual(1, get_secret.call_count)
self.assertEqual(1, store_secret.call_count)
cl = mock.Mock(node_groups=[],
cluster_configs={},
extra=FakeObject({'admin-passwd-kdc': 'secret-id'}))
cluster_get_mock.return_value = cl
krb.get_server_password(cl)
self.assertEqual(2, get_secret.call_count)
self.assertEqual(1, store_secret.call_count)
self.assertEqual(1, cluster_update_mock.call_count)
cl = mock.Mock(node_groups=[],
cluster_configs=FakeObject({
'Existing KDC':
True,
'Admin password':
'******'
}),
extra=FakeObject({'admin-passwd-kdc': 'secret-id'}))
cluster_get_mock.return_value = cl
get_secret.return_value = 'THE BEST EVER'
self.assertEqual('THE BEST EVER', krb.get_server_password(cl))
def test_get_server_password(
self, get_secret, store_secret, cluster_get_mock,
cluster_update_mock):
cl = mock.Mock(
node_groups=[], cluster_configs={}, extra={})
ctx = context.ctx()
cluster_get_mock.return_value = cl
store_secret.return_value = 'secret-id'
krb.get_server_password(cl)
self.assertEqual(1, cluster_get_mock.call_count)
self.assertEqual(1, cluster_update_mock.call_count)
self.assertEqual([
mock.call(ctx, cl, {'extra': {'admin-passwd-kdc': 'secret-id'}})],
cluster_update_mock.call_args_list)
self.assertEqual(1, get_secret.call_count)
self.assertEqual(1, store_secret.call_count)
cl = mock.Mock(
node_groups=[], cluster_configs={},
extra=FakeObject({'admin-passwd-kdc': 'secret-id'}))
cluster_get_mock.return_value = cl
krb.get_server_password(cl)
self.assertEqual(2, get_secret.call_count)
self.assertEqual(1, store_secret.call_count)
self.assertEqual(1, cluster_update_mock.call_count)
cl = mock.Mock(
node_groups=[], cluster_configs=FakeObject({
'Existing KDC': True, 'Admin password': '******'}),
extra=FakeObject({'admin-passwd-kdc': 'secret-id'}))
cluster_get_mock.return_value = cl
get_secret.return_value = 'THE BEST EVER'
self.assertEqual('THE BEST EVER', krb.get_server_password(cl))
def push_kerberos_configs(self, cluster):
manager = self.pu.get_manager(cluster)
kdc_host = kerberos.get_kdc_host(cluster, manager)
security_realm = kerberos.get_realm_name(cluster)
username = "******" % (kerberos.get_admin_principal(cluster),
kerberos.get_realm_name(cluster))
password = kerberos.get_server_password(cluster)
api = self.get_api_client(cluster)
cm = api.get_cloudera_manager()
cm.update_config({'SECURITY_REALM': security_realm,
'KDC_HOST': kdc_host})
self.import_admin_credentials(cm, username, password)
self.configure_for_kerberos(cluster)
self.deploy_configs(cluster)
def push_kerberos_configs(self, cluster):
manager = self.pu.get_manager(cluster)
kdc_host = kerberos.get_kdc_host(cluster, manager)
security_realm = kerberos.get_realm_name(cluster)
username = "******" % (kerberos.get_admin_principal(cluster),
kerberos.get_realm_name(cluster))
password = kerberos.get_server_password(cluster)
api = self.get_api_client(cluster)
cm = api.get_cloudera_manager()
cm.update_config({'SECURITY_REALM': security_realm,
'KDC_HOST': kdc_host})
self.import_admin_credentials(cm, username, password)
self.configure_for_kerberos(cluster)
self.deploy_configs(cluster)
def _regenerate_keytabs(cluster):
with _get_ambari_client(cluster) as client:
alias = "kdc.admin.credential"
try:
client.get_credential(cluster.name, alias)
except ambari_client.AmbariNotFound:
# credentials are missing
data = {
'Credential': {
"principal": kerberos.get_admin_principal(cluster),
"key": kerberos.get_server_password(cluster),
"type": "TEMPORARY"
}
}
client.import_credential(cluster.name, alias, data)
req_id = client.regenerate_keytabs(cluster.name)
client.wait_ambari_request(req_id, cluster.name)
