def _get_credentials(cluster): return [{ "alias": "kdc.admin.credential", "principal": kerberos.get_admin_principal(cluster), "key": kerberos.get_server_password(cluster), "type": "TEMPORARY" }]
def test_get_server_password(self, get_secret, store_secret, cluster_get_mock, cluster_update_mock): cl = mock.Mock(node_groups=[], cluster_configs={}, extra={}) ctx = context.ctx() cluster_get_mock.return_value = cl store_secret.return_value = 'secret-id' krb.get_server_password(cl) self.assertEqual(1, cluster_get_mock.call_count) self.assertEqual(1, cluster_update_mock.call_count) self.assertEqual( [mock.call(ctx, cl, {'extra': { 'admin-passwd-kdc': 'secret-id' }})], cluster_update_mock.call_args_list) self.assertEqual(1, get_secret.call_count) self.assertEqual(1, store_secret.call_count) cl = mock.Mock(node_groups=[], cluster_configs={}, extra=FakeObject({'admin-passwd-kdc': 'secret-id'})) cluster_get_mock.return_value = cl krb.get_server_password(cl) self.assertEqual(2, get_secret.call_count) self.assertEqual(1, store_secret.call_count) self.assertEqual(1, cluster_update_mock.call_count) cl = mock.Mock(node_groups=[], cluster_configs=FakeObject({ 'Existing KDC': True, 'Admin password': '******' }), extra=FakeObject({'admin-passwd-kdc': 'secret-id'})) cluster_get_mock.return_value = cl get_secret.return_value = 'THE BEST EVER' self.assertEqual('THE BEST EVER', krb.get_server_password(cl))
def test_get_server_password( self, get_secret, store_secret, cluster_get_mock, cluster_update_mock): cl = mock.Mock( node_groups=[], cluster_configs={}, extra={}) ctx = context.ctx() cluster_get_mock.return_value = cl store_secret.return_value = 'secret-id' krb.get_server_password(cl) self.assertEqual(1, cluster_get_mock.call_count) self.assertEqual(1, cluster_update_mock.call_count) self.assertEqual([ mock.call(ctx, cl, {'extra': {'admin-passwd-kdc': 'secret-id'}})], cluster_update_mock.call_args_list) self.assertEqual(1, get_secret.call_count) self.assertEqual(1, store_secret.call_count) cl = mock.Mock( node_groups=[], cluster_configs={}, extra=FakeObject({'admin-passwd-kdc': 'secret-id'})) cluster_get_mock.return_value = cl krb.get_server_password(cl) self.assertEqual(2, get_secret.call_count) self.assertEqual(1, store_secret.call_count) self.assertEqual(1, cluster_update_mock.call_count) cl = mock.Mock( node_groups=[], cluster_configs=FakeObject({ 'Existing KDC': True, 'Admin password': '******'}), extra=FakeObject({'admin-passwd-kdc': 'secret-id'})) cluster_get_mock.return_value = cl get_secret.return_value = 'THE BEST EVER' self.assertEqual('THE BEST EVER', krb.get_server_password(cl))
def push_kerberos_configs(self, cluster): manager = self.pu.get_manager(cluster) kdc_host = kerberos.get_kdc_host(cluster, manager) security_realm = kerberos.get_realm_name(cluster) username = "******" % (kerberos.get_admin_principal(cluster), kerberos.get_realm_name(cluster)) password = kerberos.get_server_password(cluster) api = self.get_api_client(cluster) cm = api.get_cloudera_manager() cm.update_config({'SECURITY_REALM': security_realm, 'KDC_HOST': kdc_host}) self.import_admin_credentials(cm, username, password) self.configure_for_kerberos(cluster) self.deploy_configs(cluster)
def _regenerate_keytabs(cluster): with _get_ambari_client(cluster) as client: alias = "kdc.admin.credential" try: client.get_credential(cluster.name, alias) except ambari_client.AmbariNotFound: # credentials are missing data = { 'Credential': { "principal": kerberos.get_admin_principal(cluster), "key": kerberos.get_server_password(cluster), "type": "TEMPORARY" } } client.import_credential(cluster.name, alias, data) req_id = client.regenerate_keytabs(cluster.name) client.wait_ambari_request(req_id, cluster.name)