AMBARI-16009. Regenerating keytabs on re-imaged hosts results in error during 'Creating Principals' (rlevas)

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java

@@ -192,9 +192,10 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
       // If there is data from STDOUT, see if the following string exists:
       //    Principal "<principal>" created
       String stdOut = result.getStdout();
+      String stdErr = result.getStderr();
       if ((stdOut != null) && stdOut.contains(String.format("Principal \"%s\" created", principal))) {
         return getKeyNumber(principal);
-      } else if ((stdOut != null) && stdOut.contains(String.format("Principal or policy already exists while creating \"%s\"", principal))) {
+      } else if ((stdErr != null) && stdErr.contains(String.format("Principal or policy already exists while creating \"%s\"", principal))) {
         throw new KerberosPrincipalAlreadyExistsException(principal);
       } else {
         LOG.error("Failed to execute kadmin query: add_principal -pw \"********\" {} {}\nSTDOUT: {}\nSTDERR: {}",
@@ -235,9 +236,10 @@ public class MITKerberosOperationHandler extends KerberosOperationHandler {
       ShellCommandUtil.Result result = invokeKAdmin(String.format("change_password -pw \"%s\" %s", password, principal));
 
       String stdOut = result.getStdout();
+      String stdErr = result.getStderr();
       if ((stdOut != null) && stdOut.contains(String.format("Password for \"%s\" changed", principal))) {
         return getKeyNumber(principal);
-      } else if ((stdOut != null) && stdOut.contains("Principal does not exist")) {
+      } else if ((stdErr != null) && stdErr.contains("Principal does not exist")) {
         throw new KerberosPrincipalDoesNotExistException(principal);
       } else {
         LOG.error("Failed to execute kadmin query: change_password -pw \"********\" {} \nSTDOUT: {}\nSTDERR: {}",

ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java

@@ -117,6 +117,39 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
     }
   }
 
+  @Test(expected = KerberosPrincipalDoesNotExistException.class)
+  public void testSetPrincipalPasswordPrincipalDoesNotExist() throws Exception {
+    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
+        .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
+        .createNiceMock();
+
+    expect(handler.executeCommand(anyObject(String[].class)))
+        .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
+          @Override
+          public ShellCommandUtil.Result answer() throws Throwable {
+            ShellCommandUtil.Result result = createMock(ShellCommandUtil.Result.class);
+
+            expect(result.getExitCode()).andReturn(0).anyTimes();
+            expect(result.isSuccessful()).andReturn(true).anyTimes();
+            expect(result.getStderr())
+                .andReturn("change_password: Principal does not exist while changing password for \"nonexistant@EXAMPLE.COM\".")
+                .anyTimes();
+            expect(result.getStdout())
+                .andReturn("Authenticating as principal admin/admin with password.")
+                .anyTimes();
+
+            replay(result);
+            return result;
+          }
+        });
+
+    replayAll();
+
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.setPrincipalPassword("nonexistant@EXAMPLE.COM", "password");
+    handler.close();
+  }
+
   @Test
   public void testCreateServicePrincipal_AdditionalAttributes() throws Exception {
     Method invokeKAdmin = MITKerberosOperationHandler.class.getDeclaredMethod("invokeKAdmin", String.class);
@@ -148,6 +181,39 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
     Assert.assertTrue(query.getValue().contains(" " + KERBEROS_ENV_MAP.get(MITKerberosOperationHandler.KERBEROS_ENV_KDC_CREATE_ATTRIBUTES) + " "));
   }
 
+  @Test(expected = KerberosPrincipalAlreadyExistsException.class)
+  public void testCreatePrincipalPrincipalAlreadyNotExists() throws Exception {
+    MITKerberosOperationHandler handler = createMockBuilder(MITKerberosOperationHandler.class)
+        .addMockedMethod(KerberosOperationHandler.class.getDeclaredMethod("executeCommand", String[].class))
+        .createNiceMock();
+
+    expect(handler.executeCommand(anyObject(String[].class)))
+        .andAnswer(new IAnswer<ShellCommandUtil.Result>() {
+          @Override
+          public ShellCommandUtil.Result answer() throws Throwable {
+            ShellCommandUtil.Result result = createMock(ShellCommandUtil.Result.class);
+
+            expect(result.getExitCode()).andReturn(0).anyTimes();
+            expect(result.isSuccessful()).andReturn(true).anyTimes();
+            expect(result.getStderr())
+                .andReturn("add_principal: Principal or policy already exists while creating \"existing@EXAMPLE.COM\".")
+                .anyTimes();
+            expect(result.getStdout())
+                .andReturn("Authenticating as principal admin/admin with password.")
+                .anyTimes();
+
+            replay(result);
+            return result;
+          }
+        });
+
+    replayAll();
+
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.createPrincipal("existing@EXAMPLE.COM", "password", false);
+    handler.close();
+  }
+
   @Test
   public void testCreateServicePrincipal_Exceptions() throws Exception {
     MITKerberosOperationHandler handler = new MITKerberosOperationHandler();