AMBARI-8704. Kerberos wizard: Update the cluster with the configured identities on "Kerberize Cluster" page.(jaimin)

ambari-web/app/assets/data/wizard/kerberos/stack_descriptors.json

@@ -1,189 +1,195 @@
 {
-  "properties": {
-    "realm": "${cluster-env/kerberos_domain}",
-    "keytab_dir": "/etc/security/keytabs"
-  },
-  "identities": [
-    {
-      "name": "spnego",
-      "principal": {
-        "value": "HTTP/_HOST@${realm}"
+  "Versions": {
+    "stack_name": "HDP",
+    "stack_version": "2.2",
+    "kerberos_descriptor": {
+      "properties": {
+        "realm": "${cluster-env/kerberos_domain}",
+        "keytab_dir": "/etc/security/keytabs"
       },
-      "keytab": {
-        "file": "${keytab_dir}/spnego.service.keytab",
-        "owner": {
-          "name": "root",
-          "access": "r"
-        },
-        "group": {
-          "name": "${cluster-env/user_group}",
-          "access": "r"
-        }
-      }
-    }
-  ],
-  "configurations": [
-    {
-      "core-site": {
-        "hadoop.security.authentication": "kerberos",
-        "hadoop.rpc.protection": "authentication; integrity; privacy",
-        "hadoop.security.authorization": "true"
-      }
-    }
-  ],
-  "services": [
-    {
-      "name": "HDFS",
-      "components": [
+      "identities": [
         {
-          "name": "NAMENODE",
-          "identities": [
-            {
-              "name": "namenode_nn",
-              "principal": {
-                "value": "nn/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/nn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.keytab.file"
-              }
+          "name": "spnego",
+          "principal": {
+            "value": "HTTP/_HOST@${realm}"
+          },
+          "keytab": {
+            "file": "${keytab_dir}/spnego.service.keytab",
+            "owner": {
+              "name": "root",
+              "access": "r"
             },
-            {
-              "name": "namenode_host",
-              "principal": {
-                "value": "host/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/host.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.keytab.file"
-              }
-            },
-            {
-              "name": "/spnego",
-              "principal": {
-                "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
-              },
-              "keytab": {
-                "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
-              }
+            "group": {
+              "name": "${cluster-env/user_group}",
+              "access": "r"
             }
-          ]
-        },
+          }
+        }
+      ],
+      "configurations": [
+        {
+          "core-site": {
+            "hadoop.security.authentication": "kerberos",
+            "hadoop.rpc.protection": "authentication; integrity; privacy",
+            "hadoop.security.authorization": "true"
+          }
+        }
+      ],
+      "services": [
         {
-          "name": "DATANODE",
-          "identities": [
+          "name": "HDFS",
+          "components": [
             {
-              "name": "datanode_dn",
-              "principal": {
-                "value": "dn/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/dn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
+              "name": "NAMENODE",
+              "identities": [
+                {
+                  "name": "namenode_nn",
+                  "principal": {
+                    "value": "nn/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/nn.service.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
+                  }
                 },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
+                {
+                  "name": "namenode_host",
+                  "principal": {
+                    "value": "host/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/host.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
+                  }
                 },
-                "configuration": "hdfs-site/dfs.namenode.keytab.file"
-              }
+                {
+                  "name": "/spnego",
+                  "principal": {
+                    "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
+                  },
+                  "keytab": {
+                    "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
+                  }
+                }
+              ]
             },
             {
-              "name": "datanode_host",
-              "principal": {
-                "value": "host/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/host.keytab.file",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
-              }
-            }
-          ]
-        },
-        {
-          "name": "SECONDARY_NAMENODE",
-          "identities": [
-            {
-              "name": "secondary_namenode_nn",
-              "principal": {
-                "value": "nn/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/snn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
+              "name": "DATANODE",
+              "identities": [
+                {
+                  "name": "datanode_dn",
+                  "principal": {
+                    "value": "dn/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/dn.service.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
+                  }
                 },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
-              }
+                {
+                  "name": "datanode_host",
+                  "principal": {
+                    "value": "host/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/host.keytab.file",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
+                  }
+                }
+              ]
             },
             {
-              "name": "secondary_namenode_host",
-              "principal": {
-                "value": "host/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/host.keytab.file",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
+              "name": "SECONDARY_NAMENODE",
+              "identities": [
+                {
+                  "name": "secondary_namenode_nn",
+                  "principal": {
+                    "value": "nn/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/snn.service.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
+                  }
                 },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
+                {
+                  "name": "secondary_namenode_host",
+                  "principal": {
+                    "value": "host/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/host.keytab.file",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
+                  }
                 },
-                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
-              }
-            },
-            {
-              "name": "/spnego",
-              "principal": {
-                "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
-              },
-              "keytab": {
-                "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
-              }
+                {
+                  "name": "/spnego",
+                  "principal": {
+                    "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
+                  },
+                  "keytab": {
+                    "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
+                  }
+                }
+              ]
             }
           ]
         }
       ]
     }
-  ]
+  }
 }
 

ambari-web/app/controllers/main/admin/kerberos/step2_controller.js

@@ -211,9 +211,18 @@ App.KerberosWizardStep2Controller = App.WizardStep7Controller.extend({
         properties[_configProperty.name] = _configProperty.value;
       }
     }, this);
+    this.tweakKdcTypeValue(properties);
     return {"type": site, "tag": tag, "properties": properties};
   },
 
+  tweakKdcTypeValue: function(properties) {
+    if (properties['kdc_type'] === Em.I18n.t('admin.kerberos.wizard.step1.option.kdc')) {
+      properties['kdc_type'] = "mit-kdc";
+    } else if (properties['kdc_type'] === Em.I18n.t('admin.kerberos.wizard.step1.option.ad')) {
+      properties['kdc_type'] = "active-directory";
+    }
+  },
+
   /**
    * puts kerberos admin credentials in the live cluster session
    * @returns {*} jqXHr

ambari-web/app/controllers/main/admin/kerberos/step4_controller.js

@@ -109,8 +109,10 @@ App.KerberosWizardStep4Controller = App.WizardStep7Controller.extend(App.AddSecu
   },
   
   saveConfigurations: function() {
+    var kerberosDescriptor = this.get('kerberosDescriptor');
     var configs = this.get('stepConfigs')[0].get('configs');
-    this.get('wizardController').setDBProperty('kerberosDescriptorConfigs', configs);
-    this.set('wizardController.content.kerberosDescriptorConfigs', configs);
+    this.updateKerberosDescriptor(kerberosDescriptor, configs);
+    this.get('wizardController').setDBProperty('kerberosDescriptorConfigs', kerberosDescriptor);
+    this.set('wizardController.content.kerberosDescriptorConfigs', kerberosDescriptor);
   }
 });

ambari-web/app/controllers/main/admin/kerberos/step5_controller.js

@@ -20,13 +20,20 @@ App.KerberosWizardStep5Controller = App.KerberosProgressPageController.extend({
   name: 'kerberosWizardStep5Controller',
   clusterDeployState: 'KERBEROS_DEPLOY',
   isSingleRequestPage: true,
-  request: {
-    name: 'KERBERIZE_CLUSTER',
-    ajaxName: 'kerberize.cluster',
-    //Placeholder for the data that needs to be send with the kerberize cluster API call
-    ajaxData: {
-      context: Em.I18n.t('requestInfo.kerberizeCluster')
+  request: function() {
+    var self = this;
+    return {
+      name: 'KERBERIZE_CLUSTER',
+      ajaxName: 'admin.kerberize.cluster',
+      ajaxData: {
+        data: {
+          kerberos_descriptor: self.get('content.kerberosDescriptorConfigs')
+        }
+      }
     }
-  },
+  }.property('content.kerberosDescriptorConfigs'),
+
+  contextForPollingRequest: Em.I18n.t('requestInfo.kerberizeCluster'),
+
   commands: []
-});
+});

ambari-web/app/mixins/wizard/addSecurityConfigs.js

@@ -25,6 +25,8 @@ var App = require('app');
  */
 App.AddSecurityConfigs = Em.Mixin.create({
 
+  kerberosDescriptor: {},
+
   secureProperties: function () {
     if (App.get('isHadoop2Stack')) {
       return require('data/HDP2/secure_properties').configProperties;
@@ -401,14 +403,15 @@ App.AddSecurityConfigs = Em.Mixin.create({
     var self = this;
     var configs = [];
     var clusterConfigs = [];
-    
+    var kerberosDescriptor = items.Versions.kerberos_descriptor;
+    this.set('kerberosDescriptor', kerberosDescriptor);
     // generate configs for root level properties object, currently realm, keytab_dir
-    clusterConfigs = clusterConfigs.concat(this.expandKerberosStackDescriptorProps(items.properties));
+    clusterConfigs = clusterConfigs.concat(this.expandKerberosStackDescriptorProps(kerberosDescriptor.properties));
     // generate configs for root level identities object, currently spnego property
-    clusterConfigs = clusterConfigs.concat(this.createConfigsByIdentities(items.identities, 'Cluster'));
+    clusterConfigs = clusterConfigs.concat(this.createConfigsByIdentities(kerberosDescriptor.identities, 'Cluster'));
     clusterConfigs.setEach('serviceName', 'Cluster');
     // generate properties for services object
-    items.services.forEach(function(service) {
+    kerberosDescriptor.services.forEach(function(service) {
       var serviceName = service.name;
       service.components.forEach(function(component) {
         var componentName = component.name;
@@ -465,8 +468,8 @@ App.AddSecurityConfigs = Em.Mixin.create({
    */
   parseIdentityObject: function(identity) {
     var result = [];
-    var keys = Em.keys(identity);
-    var name = identity[keys.shift()];
+    var name = identity.name;
+    var keys = Em.keys(identity).without('name');
     keys.forEach(function(item) {
       var configObject = {};
       var prop = identity[item];
@@ -504,6 +507,47 @@ App.AddSecurityConfigs = Em.Mixin.create({
 
     return configs;
   },
+
+  /**
+   * update the kerberos descriptor to be put on cluster resource with user customizations
+   * @param kerberosDescriptor {Object}
+   * @param configs {Object}
+   */
+  updateKerberosDescriptor: function(kerberosDescriptor, configs) {
+    configs.forEach(function(_config){
+      if (Object.keys(kerberosDescriptor.properties).contains(_config.name)) {
+        for (var key in kerberosDescriptor.properties) {
+          if (key === _config.name) {
+            kerberosDescriptor.properties[key] =  _config.value;
+          }
+        }
+      } else if (_config.name.endsWith('_principal') || _config.name.endsWith('_keytab')) {
+        var identities = kerberosDescriptor.identities;
+        identities.forEach(function(_identity){
+          if (_config.name.startsWith(_identity.name)) {
+            if (_config.name.endsWith('_principal')) {
+              _identity.principal.value =  _config.value;
+            } else if (_config.name.endsWith('_keytab')) {
+              _identity.keytab.file =  _config.value;
+            }
+          }
+        },this);
+      }  else {
+        kerberosDescriptor.services.forEach(function(_service) {
+          _service.components.forEach(function(_component){
+            _component.identities.forEach(function(_identity){
+              if (_identity.principal && _identity.principal.configuration && _identity.principal.configuration.endsWith(_config.name)) {
+                _identity.principal.value = _config.value;
+              } else if (_identity.keytab && _identity.keytab.configuration && _identity.keytab.configuration.endsWith(_config.name)) {
+                _identity.keytab.file = _config.value;
+              }
+            },this);
+          }, this);
+        },this);
+      }
+    }, this);
+  },
+
   /**
    * Make request for stack descriptor configs.
    *
@@ -512,7 +556,11 @@ App.AddSecurityConfigs = Em.Mixin.create({
   loadStackDescriptorConfigs: function() {
     return App.ajax.send({
       sender: this,
-      name: 'admin.kerberize.stack_descriptor'
+      name: 'admin.kerberize.stack_descriptor',
+      data: {
+        stackName: App.get('currentStackName'),
+        stackVersionNumber: App.get('currentStackVersionNumber')
+      }
     });
   }
 });

ambari-web/app/mixins/wizard/wizardProgressPageController.js

@@ -55,7 +55,7 @@ App.wizardProgressPageControllerMixin = Em.Mixin.create({
       this.initStep();
     } else {
       var runningOperations = App.router.get('backgroundOperationsController.services').filterProperty('isRunning');
-      var currentOperation = runningOperations.findProperty('name', this.request.ajaxData.context);
+      var currentOperation = runningOperations.findProperty('name', this.contextForPollingRequest);
       if (!currentOperation) {
         this.submitRequest().done(function (data) {
           if (data) {
@@ -110,8 +110,8 @@ App.wizardProgressPageControllerMixin = Em.Mixin.create({
     var dfd;
     var self = this;
     dfd = App.ajax.send({
-      name: self.request.ajaxName,
-      data: self.request.ajaxData,
+      name: self.get('request.ajaxName'),
+      data: self.get('request.ajaxData'),
       sender: this
     });
     return dfd.promise();

ambari-web/app/utils/ajax/ajax.js

@@ -1294,17 +1294,17 @@ var urls = {
     }
   },
   'admin.kerberize.cluster': {
-    'type': 'POST',
+    'type': 'PUT',
     'real': '/clusters/{clusterName}',
     'mock': '/data/wizard/kerberos/kerberize_cluster.json',
-    'format' : function () {
+    'format' : function (data) {
       return {
-        data: '{"RequestInfo": {"context" :"' + Em.I18n.t('requestInfo.kerberizeCluster') + '"}'
+        data: JSON.stringify(data.data)
       }
     }
   },
   'admin.kerberize.stack_descriptor': {
-    'real': '',
+    'real': '/stacks/{stackName}/versions/{stackVersionNumber}?fields=Versions/kerberos_descriptor',
     'mock': '/data/wizard/kerberos/stack_descriptors.json'
   },
   'admin.poll.kerberize.cluster.request': {

ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js

@@ -18,6 +18,7 @@
 
 var App = require('app');
 var stackDescriptorData = require('test/mock_data_setup/stack_descriptors');
+var stackDescriptor = stackDescriptorData.Versions.kerberos_descriptor;
 
 require('mixins/wizard/addSecurityConfigs');
 
@@ -359,7 +360,7 @@ describe('App.AddSecurityConfigs', function () {
   });
 
   describe('#expandKerberosStackDescriptorProps', function() {
-    var result = controller.expandKerberosStackDescriptorProps(stackDescriptorData.properties);
+    var result = controller.expandKerberosStackDescriptorProps(stackDescriptor.properties);
     var testCases = [
       {
         property: 'realm',
@@ -389,7 +390,7 @@ describe('App.AddSecurityConfigs', function () {
   });
 
   describe('#createConfigsByIdentity', function() {
-    var identitiesData = stackDescriptorData.services[0].components[0].identities;
+    var identitiesData = stackDescriptor.services[0].components[0].identities;
     var tests = [
       {
         property: 'dfs.namenode.kerberos.principal',
@@ -421,7 +422,7 @@ describe('App.AddSecurityConfigs', function () {
   describe('#parseIdentityObject', function() {
     var testCases = [
       {
-        identity: stackDescriptorData.services[0].components[0].identities[0],
+        identity: stackDescriptor.services[0].components[0].identities[0],
         tests: [
           {
             property: 'dfs.namenode.kerberos.principal',
@@ -435,10 +436,10 @@ describe('App.AddSecurityConfigs', function () {
               { key: 'value', value: '${keytab_dir}/nn.service.keytab' }
             ]
           }
-        ],
+        ]
       },
       {
-        identity: stackDescriptorData.services[0].components[0].identities[1],
+        identity: stackDescriptor.services[0].components[0].identities[1],
         tests: [
           {
             property: 'dfs.namenode.kerberos.https.principal',
@@ -446,10 +447,10 @@ describe('App.AddSecurityConfigs', function () {
               { key: 'filename', value: 'hdfs-site' }
             ]
           }
-        ],
+        ]
       },
       {
-        identity: stackDescriptorData.identities[0],
+        identity: stackDescriptor.identities[0],
         tests: [
           {
             property: 'spnego_principal',
@@ -461,7 +462,7 @@ describe('App.AddSecurityConfigs', function () {
         ]
       },
       {
-        identity: stackDescriptorData.identities[0],
+        identity: stackDescriptor.identities[0],
         tests: [
           {
             property: 'spnego_keytab',

ambari-web/test/mock_data_setup/stack_descriptors.js

@@ -17,190 +17,197 @@
  */
 
 module.exports = {
-  "properties": {
-    "realm": "${cluster-env/kerberos_domain}",
-    "keytab_dir": "/etc/security/keytabs"
-  },
-  "identities": [
-    {
-      "name": "spnego",
-      "principal": {
-        "value": "HTTP/_HOST@${realm}"
+  "href": "http://162.216.148.139:8080/api/v1/stacks/HDP/versions/2.2?fields=Versions/kerberos_descriptor",
+  "Versions": {
+    "stack_name": "HDP",
+    "stack_version": "2.2",
+    "kerberos_descriptor": {
+      "properties": {
+        "realm": "${cluster-env/kerberos_domain}",
+        "keytab_dir": "/etc/security/keytabs"
       },
-      "keytab": {
-        "file": "${keytab_dir}/spnego.service.keytab",
-        "owner": {
-          "name": "root",
-          "access": "r"
-        },
-        "group": {
-          "name": "${cluster-env/user_group}",
-          "access": "r"
-        }
-      }
-    }
-  ],
-  "configurations": [
-    {
-      "core-site": {
-        "hadoop.security.authentication": "kerberos",
-        "hadoop.rpc.protection": "authentication; integrity; privacy",
-        "hadoop.security.authorization": "true"
-      }
-    }
-  ],
-  "services": [
-    {
-      "name": "HDFS",
-      "components": [
+      "identities": [
         {
-          "name": "NAMENODE",
-          "identities": [
-            {
-              "name": "namenode_nn",
-              "principal": {
-                "value": "nn/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/nn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.keytab.file"
-              }
+          "name": "spnego",
+          "principal": {
+            "value": "HTTP/_HOST@${realm}"
+          },
+          "keytab": {
+            "file": "${keytab_dir}/spnego.service.keytab",
+            "owner": {
+              "name": "root",
+              "access": "r"
             },
-            {
-              "name": "namenode_host",
-              "principal": {
-                "value": "host/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/host.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.keytab.file"
-              }
-            },
-            {
-              "name": "/spnego",
-              "principal": {
-                "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
-              },
-              "keytab": {
-                "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
-              }
+            "group": {
+              "name": "${cluster-env/user_group}",
+              "access": "r"
             }
-          ]
-        },
+          }
+        }
+      ],
+      "configurations": [
+        {
+          "core-site": {
+            "hadoop.security.authentication": "kerberos",
+            "hadoop.rpc.protection": "authentication; integrity; privacy",
+            "hadoop.security.authorization": "true"
+          }
+        }
+      ],
+      "services": [
         {
-          "name": "DATANODE",
-          "identities": [
+          "name": "HDFS",
+          "components": [
             {
-              "name": "datanode_dn",
-              "principal": {
-                "value": "dn/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/dn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
+              "name": "NAMENODE",
+              "identities": [
+                {
+                  "name": "namenode_nn",
+                  "principal": {
+                    "value": "nn/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/nn.service.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
+                  }
                 },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
+                {
+                  "name": "namenode_host",
+                  "principal": {
+                    "value": "host/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/host.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
+                  }
                 },
-                "configuration": "hdfs-site/dfs.namenode.keytab.file"
-              }
+                {
+                  "name": "/spnego",
+                  "principal": {
+                    "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
+                  },
+                  "keytab": {
+                    "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
+                  }
+                }
+              ]
             },
             {
-              "name": "datanode_host",
-              "principal": {
-                "value": "host/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/host.keytab.file",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
-              }
-            }
-          ]
-        },
-        {
-          "name": "SECONDARY_NAMENODE",
-          "identities": [
-            {
-              "name": "secondary_namenode_nn",
-              "principal": {
-                "value": "nn/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/snn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
+              "name": "DATANODE",
+              "identities": [
+                {
+                  "name": "datanode_dn",
+                  "principal": {
+                    "value": "dn/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/dn.service.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
+                  }
                 },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
-              }
+                {
+                  "name": "datanode_host",
+                  "principal": {
+                    "value": "host/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/host.keytab.file",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
+                  }
+                }
+              ]
             },
             {
-              "name": "secondary_namenode_host",
-              "principal": {
-                "value": "host/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/host.keytab.file",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
+              "name": "SECONDARY_NAMENODE",
+              "identities": [
+                {
+                  "name": "secondary_namenode_nn",
+                  "principal": {
+                    "value": "nn/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/snn.service.keytab",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
+                  }
                 },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
+                {
+                  "name": "secondary_namenode_host",
+                  "principal": {
+                    "value": "host/_HOST@${realm}",
+                    "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
+                  },
+                  "keytab": {
+                    "file": "${keytab_dir}/host.keytab.file",
+                    "owner": {
+                      "name": "${hadoop-env/hdfs_user}",
+                      "access": "r"
+                    },
+                    "group": {
+                      "name": "${cluster-env/user_group}",
+                      "access": ""
+                    },
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
+                  }
                 },
-                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
-              }
-            },
-            {
-              "name": "/spnego",
-              "principal": {
-                "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
-              },
-              "keytab": {
-                "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
-              }
+                {
+                  "name": "/spnego",
+                  "principal": {
+                    "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
+                  },
+                  "keytab": {
+                    "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
+                  }
+                }
+              ]
             }
           ]
         }
       ]
     }
-  ]
+  }
 };