Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
apache
/
ambari
kopia lustrzana https://gitee.com/freeshow_me/ambari
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

AMBARI-15458. Get and use composite Kerberos Descriptor via the REST API (alexantonenko)

Alex Antonenko 9 lat temu
rodzic
cb3d49bb45
commit
f7cde0c7ab
8 zmienionych plików z 329 dodań i 395 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 3 0
      ambari-web/app/controllers/main/admin/kerberos.js
  2. 32 2
      ambari-web/app/controllers/main/admin/kerberos/step4_controller.js
  3. 2 2
      ambari-web/app/controllers/main/service/add_controller.js
  4. 1 28
      ambari-web/app/mixins/wizard/addSecurityConfigs.js
  5. 6 2
      ambari-web/app/utils/ajax/ajax.js
  6. 3 81
      ambari-web/test/controllers/main/admin/kerberos/step4_controller_test.js
  7. 1 1
      ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
  8. 281 279
      ambari-web/test/mock_data_setup/stack_descriptors.js

+ 3 - 0
ambari-web/app/controllers/main/admin/kerberos.js
Wyświetl plik 

@@ -35,6 +35,9 @@ App.MainAdminKerberosController = App.KerberosWizardStep4Controller.extend({
 
     'none': Em.I18n.t('admin.kerberos.wizard.step1.option.manual')
 
     'none': Em.I18n.t('admin.kerberos.wizard.step1.option.manual')
 
   },
 
   },
 
 
 
+  // use cluster descriptor instead of stack
 
+  loadStackDescriptorConfigs: Em.alias('loadClusterDescriptorConfigs'),
 
+
 
   getAddSecurityWizardStatus: function () {
 
   getAddSecurityWizardStatus: function () {
 
     return App.db.getSecurityWizardStatus();
 
     return App.db.getSecurityWizardStatus();
 
   },
 
   },

+ 32 - 2
ambari-web/app/controllers/main/admin/kerberos/step4_controller.js
Wyświetl plik 

@@ -36,13 +36,43 @@ App.KerberosWizardStep4Controller = App.WizardStep7Controller.extend(App.AddSecu
 
     }
 
     }
 
     var self = this;
 
     var self = this;
 
     this.clearStep();
 
     this.clearStep();
 
-    this.getDescriptorConfigs().then(function (properties) {
 
-      self.setStepConfigs(properties);
 
+    this.getDescriptor().then(function (properties) {
 
+      self.setStepConfigs(self.createServicesStackDescriptorConfigs(properties));
 
     }).always(function() {
 
     }).always(function() {
 
       self.set('isRecommendedLoaded', true);
 
       self.set('isRecommendedLoaded', true);
 
     });
 
     });
 
   },
 
   },
 
 
 
+  /**
 
+   * Get descriptor configs from API endpoint.
 
+   * On <b>Enable Kerberos</b> loads descriptor from cluster STACK resource.
 
+   * On <b>Add Service Wizard</b> first check for cluster's artifacts descriptor and
 
+   * save it presence status, then loads from cluster COMPOSITE resource.
 
+   * Check for cluster/artifacts/kerberos_descriptor is necessary to determine updating or creation
 
+   * kerberos descriptor.
 
+   *
 
+   * @returns {$.Deferred}
 
+   */
 
+  getDescriptor: function() {
 
+    var self = this;
 
+    var dfd = $.Deferred();
 
+    var successCallback = function(data) {
 
+      dfd.resolve(data);
 
+    };
 
+    if (this.get('isWithinAddService')) {
 
+      App.ajax.send({
 
+        sender: this,
 
+        name: 'admin.kerberize.cluster_descriptor_artifact'
 
+      }).always(function(data, status) {
 
+        self.storeClusterDescriptorStatus(status === 'success');
 
+        self.loadClusterDescriptorConfigs().then(successCallback);
 
+      });
 
+    } else {
 
+      this.loadStackDescriptorConfigs().then(successCallback);
 
+    }
 
+    return dfd.promise();
 
+  },
 
+
 
   /**
 
   /**
 
    * Create service config object for Kerberos service.
 
    * Create service config object for Kerberos service.
 
    *
 
    *

+ 2 - 2
ambari-web/app/controllers/main/service/add_controller.js
Wyświetl plik 

@@ -298,8 +298,8 @@ App.AddServiceController = App.WizardController.extend(App.AddSecurityConfigs, {
 
     var self = this,
 
     var self = this,
 
         dfd = $.Deferred();
 
         dfd = $.Deferred();
 
     if (App.get('isKerberosEnabled')) {
 
     if (App.get('isKerberosEnabled')) {
 
-      this.getDescriptorConfigs().then(function(properties) {
 
-        self.set('kerberosDescriptorConfigs', properties);
 
+      this.loadClusterDescriptorConfigs().then(function(properties) {
 
+        self.set('kerberosDescriptorConfigs', self.createServicesStackDescriptorConfigs(properties));
 
       }).always(function(){
 
       }).always(function(){
 
         dfd.resolve();
 
         dfd.resolve();
 
       });
 
       });

+ 1 - 28
ambari-web/app/mixins/wizard/addSecurityConfigs.js
Wyświetl plik 

@@ -57,33 +57,6 @@ App.AddSecurityConfigs = Em.Mixin.create({
 
     return configs;
 
     return configs;
 
   }.property('App.isHadoop22Stack'),
 
   }.property('App.isHadoop22Stack'),
 
 
 
-  /**
 
-   * Generate stack descriptor configs.
 
-   *  - Load kerberos artifacts from stack endpoint
 
-   *  - Load kerberos artifacts from cluster resource and merge them with stack descriptor.
 
-   * When cluster descriptor is absent then stack artifacts used.
 
-   *
 
-   * @returns {$.Deferred}
 
-   */
 
-  getDescriptorConfigs: function () {
 
-    var dfd = $.Deferred();
 
-    var self = this;
 
-    this.loadStackDescriptorConfigs().then(function(data) {
 
-      var stackArtifacts = data;
 
-      self.loadClusterDescriptorConfigs().then(function(clusterArtifacts) {
 
-        self.storeClusterDescriptorStatus(true);
 
-        dfd.resolve(self.createServicesStackDescriptorConfigs(objectUtils.deepMerge(data, clusterArtifacts)));
 
-      }, function() {
 
-        self.storeClusterDescriptorStatus(false);
 
-        dfd.resolve(self.createServicesStackDescriptorConfigs(stackArtifacts));
 
-      });
 
-    }, function() {
 
-      dfd.reject();
 
-    });
 
-    return dfd.promise();
 
-  },
 
-
 
-
 
   /**
 
   /**
 
    * Store status of kerberos descriptor located in cluster artifacts.
 
    * Store status of kerberos descriptor located in cluster artifacts.
 
    * This status needed for Add Service Wizard to select appropriate method to create
 
    * This status needed for Add Service Wizard to select appropriate method to create
 
@@ -106,7 +79,7 @@ App.AddSecurityConfigs = Em.Mixin.create({
 
     var self = this;
 
     var self = this;
 
     var configs = [];
 
     var configs = [];
 
     var clusterConfigs = [];
 
     var clusterConfigs = [];
 
-    var kerberosDescriptor = items.artifact_data;
 
+    var kerberosDescriptor = Em.get(items, 'KerberosDescriptor.kerberos_descriptor');
 
     this.set('kerberosDescriptor', kerberosDescriptor);
 
     this.set('kerberosDescriptor', kerberosDescriptor);
 
     // generate configs for root level properties object, currently realm, keytab_dir
 
     // generate configs for root level properties object, currently realm, keytab_dir
 
     clusterConfigs = clusterConfigs.concat(this.expandKerberosStackDescriptorProps(kerberosDescriptor.properties, 'Cluster', 'stackConfigs'));
 
     clusterConfigs = clusterConfigs.concat(this.expandKerberosStackDescriptorProps(kerberosDescriptor.properties, 'Cluster', 'stackConfigs'));

+ 6 - 2
ambari-web/app/utils/ajax/ajax.js
Wyświetl plik 

@@ -1523,13 +1523,17 @@ var urls = {
 
     'mock': '/data/wizard/kerberos/stack_descriptors.json'
 
     'mock': '/data/wizard/kerberos/stack_descriptors.json'
 
   },
 
   },
 
   'admin.kerberize.stack_descriptor': {
 
   'admin.kerberize.stack_descriptor': {
 
-    'real': '/stacks/{stackName}/versions/{stackVersionNumber}/artifacts/kerberos_descriptor?fields=artifact_data',
 
+    'real': '/clusters/{clusterName}/kerberos_descriptors/STACK',
 
     'mock': '/data/wizard/kerberos/stack_descriptors.json'
 
     'mock': '/data/wizard/kerberos/stack_descriptors.json'
 
   },
 
   },
 
-  'admin.kerberize.cluster_descriptor': {
 
+  'admin.kerberize.cluster_descriptor_artifact': {
 
     'real': '/clusters/{clusterName}/artifacts/kerberos_descriptor?fields=artifact_data',
 
     'real': '/clusters/{clusterName}/artifacts/kerberos_descriptor?fields=artifact_data',
 
     'mock': '/data/wizard/kerberos/stack_descriptors.json'
 
     'mock': '/data/wizard/kerberos/stack_descriptors.json'
 
   },
 
   },
 
+  'admin.kerberize.cluster_descriptor': {
 
+    'real': '/clusters/{clusterName}/kerberos_descriptors/COMPOSITE',
 
+    'mock': '/data/wizard/kerberos/stack_descriptors.json'
 
+  },
 
   'admin.kerberos.cluster.artifact.create': {
 
   'admin.kerberos.cluster.artifact.create': {
 
     'type': 'POST',
 
     'type': 'POST',
 
     'real': '/clusters/{clusterName}/artifacts/{artifactName}',
 
     'real': '/clusters/{clusterName}/artifacts/{artifactName}',

+ 3 - 81
ambari-web/test/controllers/main/admin/kerberos/step4_controller_test.js
Wyświetl plik 

@@ -204,7 +204,7 @@ describe('App.KerberosWizardStep4Controller', function() {
 
             name: 'addServiceController',
 
             name: 'addServiceController',
 
             getDBProperty: function() {
 
             getDBProperty: function() {
 
               return Em.A([
 
               return Em.A([
 
-                Em.Object.create({ name: 'realm', value: 'realm_value' }),
 
+                Em.Object.create({ name: 'realm', value: 'realm_value' })
 
               ]);
 
               ]);
 
             },
 
             },
 
             loadCachedStepConfigValues : function() {
 
             loadCachedStepConfigValues : function() {
 
@@ -290,14 +290,14 @@ describe('App.KerberosWizardStep4Controller', function() {
 
         this.wizardController = App.AddServiceController.create({});
 
         this.wizardController = App.AddServiceController.create({});
 
         controller.set('wizardController', this.wizardController);
 
         controller.set('wizardController', this.wizardController);
 
         sinon.stub(controller, 'clearStep').returns(true);
 
         sinon.stub(controller, 'clearStep').returns(true);
 
-        sinon.stub(controller, 'getDescriptorConfigs').returns((new $.Deferred()).resolve(true).promise());
 
+
 
         sinon.stub(controller, 'setStepConfigs').returns(true);
 
         sinon.stub(controller, 'setStepConfigs').returns(true);
 
         sinon.stub(App.router, 'send').withArgs('next');
 
         sinon.stub(App.router, 'send').withArgs('next');
 
       });
 
       });
 
 
 
       afterEach(function() {
 
       afterEach(function() {
 
         controller.clearStep.restore();
 
         controller.clearStep.restore();
 
-        controller.getDescriptorConfigs.restore();
 
+
 
         controller.setStepConfigs.restore();
 
         controller.setStepConfigs.restore();
 
         App.router.send.restore();
 
         App.router.send.restore();
 
       });
 
       });
 
@@ -341,82 +341,4 @@ describe('App.KerberosWizardStep4Controller', function() {
 
       });
 
       });
 
     });
 
     });
 
   });
 
   });
 
-
 
-  describe('#getDescriptorConfigs', function() {
 
-    describe('Within Add Service', function () {
 
-      var controller;
 
-      beforeEach(function () {
 
-        controller = App.KerberosWizardStep4Controller.create({
 
-          wizardController: Em.Object.create({
 
-            name: 'addServiceController',
 
-            setDBProperty: sinon.spy()
 
-          })
 
-        });
 
-        this.loadStackDescriptorStub = sinon.stub(controller, 'loadStackDescriptorConfigs').returns($.Deferred().resolve().promise());
 
-        this.loadClusterDescriptorStub = sinon.stub(controller, 'loadClusterDescriptorConfigs');
 
-        sinon.stub(controller, 'createServicesStackDescriptorConfigs', Em.K);
 
-      });
 
-
 
-      afterEach(function() {
 
-        this.loadStackDescriptorStub.restore();
 
-        this.loadClusterDescriptorStub.restore();
 
-        controller.createServicesStackDescriptorConfigs.restore();
 
-        controller.destroy();
 
-        controller = null;
 
-      });
 
-
 
-      var cases = [
 
-        {
 
-          wizardController: 'addServiceController',
 
-          clusterDescriptorExists: false,
 
-          m: 'Within Add Service, Cluster Descriptor not exists. Should be reflected in wizard controller',
 
-          e: {
 
-            setDBPropertyCalled: true,
 
-            setDBPropertyCalledWith: ['isClusterDescriptorExists', false]
 
-          }
 
-        },
 
-        {
 
-          wizardController: 'addServiceController',
 
-          clusterDescriptorExists: true,
 
-          m: 'Within Add Service, Cluster Descriptor is present. Should be reflected in wizard controller',
 
-          e: {
 
-            setDBPropertyCalled: true,
 
-            setDBPropertyCalledWith: ['isClusterDescriptorExists', true]
 
-          }
 
-        },
 
-        {
 
-          wizardController: 'notAddService',
 
-          clusterDescriptorExists: true,
 
-          m: 'Within another controller, nothing to store',
 
-          e: {
 
-            setDBPropertyCalled: false
 
-          }
 
-        }
 
-      ];
 
-
 
-      cases.forEach(function(test) {
 
-        describe(test.m, function () {
 
-
 
-          beforeEach(function () {
 
-            controller.get('wizardController').set('name', test.wizardController);
 
-            this.loadClusterDescriptorStub.returns(test.clusterDescriptorExists ?
 
-              $.Deferred().resolve().promise() :
 
-              $.Deferred().reject().promise());
 
-            controller.getDescriptorConfigs();
 
-          });
 
-
 
-          if (test.e.setDBPropertyCalled) {
 
-            it('setDBProperty is called with valid arguments', function () {
 
-              expect(controller.get('wizardController').setDBProperty.args[0]).to.be.eql(test.e.setDBPropertyCalledWith);
 
-            });
 
-          }
 
-          else {
 
-            it('setDBProperty is not called', function () {
 
-              expect(controller.get('wizardController').setDBProperty.called).to.be.false;
 
-            });
 
-          }
 
-        });
 
-      })
 
-    });
 
-  });
 
 });
 
 });

+ 1 - 1
ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
Wyświetl plik 

@@ -18,7 +18,7 @@
 
 
 
 var App = require('app');
 
 var App = require('app');
 
 var stackDescriptorData = require('test/mock_data_setup/stack_descriptors');
 
 var stackDescriptorData = require('test/mock_data_setup/stack_descriptors');
 
-var stackDescriptor = stackDescriptorData.artifact_data;
 
+var stackDescriptor = stackDescriptorData.KerberosDescriptor.kerberos_descriptor;
 
 
 
 require('mixins/wizard/addSecurityConfigs');
 
 require('mixins/wizard/addSecurityConfigs');

+ 281 - 279
ambari-web/test/mock_data_setup/stack_descriptors.js
Wyświetl plik 

@@ -22,319 +22,321 @@ module.exports = {
 
     "stack_name": "HDP",
 
     "stack_name": "HDP",
 
     "stack_version": "2.2"
 
     "stack_version": "2.2"
 
   },
 
   },
 
-  "artifact_data": {
 
-    "properties": {
 
-      "realm": "${cluster-env/kerberos_domain}",
 
-      "keytab_dir": "/etc/security/keytabs"
 
-    },
 
-    "identities": [
 
-      {
 
-        "principal": {
 
-          "value": "HTTP/_HOST@${realm}",
 
-          "configuration": null
 
-        },
 
-        "name": "spnego",
 
-        "keytab": {
 
-          "file": "${keytab_dir}/spnego.service.keytab",
 
-          "owner": {
 
-            "name": "root",
 
-            "access": "r"
 
+  "KerberosDescriptor": {
 
+    "kerberos_descriptor": {
 
+      "properties": {
 
+        "realm": "${cluster-env/kerberos_domain}",
 
+        "keytab_dir": "/etc/security/keytabs"
 
+      },
 
+      "identities": [
 
+        {
 
+          "principal": {
 
+            "value": "HTTP/_HOST@${realm}",
 
+            "configuration": null
 
           },
 
           },
 
-          "configuration": null,
 
-          "group": {
 
-            "name": "${hadoop-env/user_group}",
 
-            "access": "r"
 
+          "name": "spnego",
 
+          "keytab": {
 
+            "file": "${keytab_dir}/spnego.service.keytab",
 
+            "owner": {
 
+              "name": "root",
 
+              "access": "r"
 
+            },
 
+            "configuration": null,
 
+            "group": {
 
+              "name": "${hadoop-env/user_group}",
 
+              "access": "r"
 
+            }
 
           }
 
           }
 
-        }
 
-      },
 
-      {
 
-        "principal": {
 
-          "value": "hdfs@${realm}",
 
-          "configuration": "cluster-env/hdfs_principal_name"
 
         },
 
         },
 
-        "name": "hdfs",
 
-        "keytab": {
 
-          "file": "${keytab_dir}/hdfs.headless.keytab",
 
-          "owner": {
 
-            "name": "root",
 
-            "access": "r"
 
+        {
 
+          "principal": {
 
+            "value": "hdfs@${realm}",
 
+            "configuration": "cluster-env/hdfs_principal_name"
 
           },
 
           },
 
-          "configuration": "hadoop-env/hdfs_user_keytab",
 
-          "group": {
 
-            "name": "${cluster-env/user_group}",
 
-            "access": "r"
 
+          "name": "hdfs",
 
+          "keytab": {
 
+            "file": "${keytab_dir}/hdfs.headless.keytab",
 
+            "owner": {
 
+              "name": "root",
 
+              "access": "r"
 
+            },
 
+            "configuration": "hadoop-env/hdfs_user_keytab",
 
+            "group": {
 
+              "name": "${cluster-env/user_group}",
 
+              "access": "r"
 
+            }
 
           }
 
           }
 
-        }
 
-      },
 
-      {
 
-        "principal": {
 
-          "value": "hbase@${realm}",
 
-          "configuration": "hbase-env/hbase_principal_name"
 
         },
 
         },
 
-        "name": "hbase",
 
-        "keytab": {
 
-          "file": "${keytab_dir}/hbase.headless.keytab",
 
-          "owner": {
 
-            "name": "root",
 
-            "access": "r"
 
+        {
 
+          "principal": {
 
+            "value": "hbase@${realm}",
 
+            "configuration": "hbase-env/hbase_principal_name"
 
           },
 
           },
 
-          "configuration": "hbase-env/hbase_user_keytab",
 
-          "group": {
 
-            "name": "${cluster-env/user_group}",
 
-            "access": "r"
 
+          "name": "hbase",
 
+          "keytab": {
 
+            "file": "${keytab_dir}/hbase.headless.keytab",
 
+            "owner": {
 
+              "name": "root",
 
+              "access": "r"
 
+            },
 
+            "configuration": "hbase-env/hbase_user_keytab",
 
+            "group": {
 
+              "name": "${cluster-env/user_group}",
 
+              "access": "r"
 
+            }
 
           }
 
           }
 
-        }
 
-      },
 
-      {
 
-        "principal": {
 
-          "value": "ambari-qa@${realm}",
 
-          "configuration": "cluster-env/smokeuser_principal_name"
 
         },
 
         },
 
-        "name": "smokeuser",
 
-        "keytab": {
 
-          "file": "${keytab_dir}/smokeuser.headless.keytab",
 
-          "owner": {
 
-            "name": "root",
 
-            "access": "r"
 
+        {
 
+          "principal": {
 
+            "value": "ambari-qa@${realm}",
 
+            "configuration": "cluster-env/smokeuser_principal_name"
 
           },
 
           },
 
-          "configuration": "cluster-env/smokeuser_keytab",
 
-          "group": {
 
-            "name": "${cluster-env/user_group}",
 
-            "access": "r"
 
+          "name": "smokeuser",
 
+          "keytab": {
 
+            "file": "${keytab_dir}/smokeuser.headless.keytab",
 
+            "owner": {
 
+              "name": "root",
 
+              "access": "r"
 
+            },
 
+            "configuration": "cluster-env/smokeuser_keytab",
 
+            "group": {
 
+              "name": "${cluster-env/user_group}",
 
+              "access": "r"
 
+            }
 
           }
 
           }
 
         }
 
         }
 
-      }
 
-    ],
 
-    "configurations": [
 
-      {
 
-        "core-site": {
 
-          "hadoop.security.authentication": "kerberos",
 
-          "hadoop.rpc.protection": "authentication; integrity; privacy",
 
-          "hadoop.security.authorization": "true"
 
+      ],
 
+      "configurations": [
 
+        {
 
+          "core-site": {
 
+            "hadoop.security.authentication": "kerberos",
 
+            "hadoop.rpc.protection": "authentication; integrity; privacy",
 
+            "hadoop.security.authorization": "true"
 
+          }
 
         }
 
         }
 
-      }
 
-    ],
 
-    "services": [
 
-      {
 
-        "name": "HDFS",
 
-        "components": [
 
-          {
 
-            "name": "NAMENODE",
 
-            "identities": [
 
-              {
 
-                "name": "namenode_nn",
 
-                "principal": {
 
-                  "value": "nn/_HOST@${realm}",
 
-                  "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
 
-                },
 
-                "keytab": {
 
-                  "file": "${keytab_dir}/nn.service.keytab",
 
-                  "owner": {
 
-                    "name": "${hadoop-env/hdfs_user}",
 
-                    "access": "r"
 
+      ],
 
+      "services": [
 
+        {
 
+          "name": "HDFS",
 
+          "components": [
 
+            {
 
+              "name": "NAMENODE",
 
+              "identities": [
 
+                {
 
+                  "name": "namenode_nn",
 
+                  "principal": {
 
+                    "value": "nn/_HOST@${realm}",
 
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
 
                   },
 
                   },
 
-                  "group": {
 
-                    "name": "${cluster-env/user_group}",
 
-                    "access": ""
 
-                  },
 
-                  "configuration": "hdfs-site/dfs.namenode.keytab.file"
 
-                }
 
-              },
 
-              {
 
-                "name": "namenode_host",
 
-                "principal": {
 
-                  "value": "host/_HOST@${realm}",
 
-                  "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
 
+                  "keytab": {
 
+                    "file": "${keytab_dir}/nn.service.keytab",
 
+                    "owner": {
 
+                      "name": "${hadoop-env/hdfs_user}",
 
+                      "access": "r"
 
+                    },
 
+                    "group": {
 
+                      "name": "${cluster-env/user_group}",
 
+                      "access": ""
 
+                    },
 
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
 
+                  }
 
                 },
 
                 },
 
-                "keytab": {
 
-                  "file": "${keytab_dir}/host.keytab",
 
-                  "owner": {
 
-                    "name": "${hadoop-env/hdfs_user}",
 
-                    "access": "r"
 
-                  },
 
-                  "group": {
 
-                    "name": "${cluster-env/user_group}",
 
-                    "access": ""
 
+                {
 
+                  "name": "namenode_host",
 
+                  "principal": {
 
+                    "value": "host/_HOST@${realm}",
 
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
 
                   },
 
                   },
 
-                  "configuration": "hdfs-site/dfs.namenode.keytab.file"
 
-                }
 
-              },
 
-              {
 
-                "name": "/spnego",
 
-                "principal": {
 
-                  "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
 
-                },
 
-                "keytab": {
 
-                  "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
 
-                }
 
-              }
 
-            ]
 
-          },
 
-          {
 
-            "name": "DATANODE",
 
-            "identities": [
 
-              {
 
-                "name": "datanode_dn",
 
-                "principal": {
 
-                  "value": "dn/_HOST@${realm}",
 
-                  "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
 
+                  "keytab": {
 
+                    "file": "${keytab_dir}/host.keytab",
 
+                    "owner": {
 
+                      "name": "${hadoop-env/hdfs_user}",
 
+                      "access": "r"
 
+                    },
 
+                    "group": {
 
+                      "name": "${cluster-env/user_group}",
 
+                      "access": ""
 
+                    },
 
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
 
+                  }
 
                 },
 
                 },
 
-                "keytab": {
 
-                  "file": "${keytab_dir}/dn.service.keytab",
 
-                  "owner": {
 
-                    "name": "${hadoop-env/hdfs_user}",
 
-                    "access": "r"
 
-                  },
 
-                  "group": {
 
-                    "name": "${cluster-env/user_group}",
 
-                    "access": ""
 
+                {
 
+                  "name": "/spnego",
 
+                  "principal": {
 
+                    "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
 
                   },
 
                   },
 
-                  "configuration": "hdfs-site/dfs.namenode.keytab.file"
 
+                  "keytab": {
 
+                    "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
 
+                  }
 
                 }
 
                 }
 
-              },
 
-              {
 
-                "name": "datanode_host",
 
-                "principal": {
 
-                  "value": "host/_HOST@${realm}",
 
-                  "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
 
-                },
 
-                "keytab": {
 
-                  "file": "${keytab_dir}/host.keytab.file",
 
-                  "owner": {
 
-                    "name": "${hadoop-env/hdfs_user}",
 
-                    "access": "r"
 
-                  },
 
-                  "group": {
 
-                    "name": "${cluster-env/user_group}",
 
-                    "access": ""
 
+              ]
 
+            },
 
+            {
 
+              "name": "DATANODE",
 
+              "identities": [
 
+                {
 
+                  "name": "datanode_dn",
 
+                  "principal": {
 
+                    "value": "dn/_HOST@${realm}",
 
+                    "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
 
                   },
 
                   },
 
-                  "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
 
-                }
 
-              }
 
-            ]
 
-          },
 
-          {
 
-            "name": "SECONDARY_NAMENODE",
 
-            "identities": [
 
-              {
 
-                "name": "secondary_namenode_nn",
 
-                "principal": {
 
-                  "value": "nn/_HOST@${realm}",
 
-                  "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
 
+                  "keytab": {
 
+                    "file": "${keytab_dir}/dn.service.keytab",
 
+                    "owner": {
 
+                      "name": "${hadoop-env/hdfs_user}",
 
+                      "access": "r"
 
+                    },
 
+                    "group": {
 
+                      "name": "${cluster-env/user_group}",
 
+                      "access": ""
 
+                    },
 
+                    "configuration": "hdfs-site/dfs.namenode.keytab.file"
 
+                  }
 
                 },
 
                 },
 
-                "keytab": {
 
-                  "file": "${keytab_dir}/snn.service.keytab",
 
-                  "owner": {
 
-                    "name": "${hadoop-env/hdfs_user}",
 
-                    "access": "r"
 
+                {
 
+                  "name": "datanode_host",
 
+                  "principal": {
 
+                    "value": "host/_HOST@${realm}",
 
+                    "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
 
                   },
 
                   },
 
-                  "group": {
 
-                    "name": "${cluster-env/user_group}",
 
-                    "access": ""
 
-                  },
 
-                  "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
 
+                  "keytab": {
 
+                    "file": "${keytab_dir}/host.keytab.file",
 
+                    "owner": {
 
+                      "name": "${hadoop-env/hdfs_user}",
 
+                      "access": "r"
 
+                    },
 
+                    "group": {
 
+                      "name": "${cluster-env/user_group}",
 
+                      "access": ""
 
+                    },
 
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
 
+                  }
 
                 }
 
                 }
 
-              },
 
-              {
 
-                "name": "secondary_namenode_host",
 
-                "principal": {
 
-                  "value": "host/_HOST@${realm}",
 
-                  "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
 
-                },
 
-                "keytab": {
 
-                  "file": "${keytab_dir}/host.keytab.file",
 
-                  "owner": {
 
-                    "name": "${hadoop-env/hdfs_user}",
 
-                    "access": "r"
 
+              ]
 
+            },
 
+            {
 
+              "name": "SECONDARY_NAMENODE",
 
+              "identities": [
 
+                {
 
+                  "name": "secondary_namenode_nn",
 
+                  "principal": {
 
+                    "value": "nn/_HOST@${realm}",
 
+                    "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
 
                   },
 
                   },
 
-                  "group": {
 
-                    "name": "${cluster-env/user_group}",
 
-                    "access": ""
 
+                  "keytab": {
 
+                    "file": "${keytab_dir}/snn.service.keytab",
 
+                    "owner": {
 
+                      "name": "${hadoop-env/hdfs_user}",
 
+                      "access": "r"
 
+                    },
 
+                    "group": {
 
+                      "name": "${cluster-env/user_group}",
 
+                      "access": ""
 
+                    },
 
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
 
+                  }
 
+                },
 
+                {
 
+                  "name": "secondary_namenode_host",
 
+                  "principal": {
 
+                    "value": "host/_HOST@${realm}",
 
+                    "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
 
                   },
 
                   },
 
-                  "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
 
-                }
 
-              },
 
-              {
 
-                "name": "/spnego",
 
-                "principal": {
 
-                  "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
 
+                  "keytab": {
 
+                    "file": "${keytab_dir}/host.keytab.file",
 
+                    "owner": {
 
+                      "name": "${hadoop-env/hdfs_user}",
 
+                      "access": "r"
 
+                    },
 
+                    "group": {
 
+                      "name": "${cluster-env/user_group}",
 
+                      "access": ""
 
+                    },
 
+                    "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
 
+                  }
 
                 },
 
                 },
 
-                "keytab": {
 
-                  "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
 
+                {
 
+                  "name": "/spnego",
 
+                  "principal": {
 
+                    "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
 
+                  },
 
+                  "keytab": {
 
+                    "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
 
+                  }
 
                 }
 
                 }
 
+              ]
 
+            }
 
+          ]
 
+        },
 
+        {
 
+          "name": "FALCON",
 
+          "identities": [
 
+            {
 
+              "name": "/spnego"
 
+            },
 
+            {
 
+              "name": "/smokeuser"
 
+            },
 
+            {
 
+              "name": "/hdfs"
 
+            }
 
+          ],
 
+          "configurations": [
 
+            {
 
+              "falcon-startup.properties": {
 
+                "*.falcon.http.authentication.type": "kerberos",
 
+                "*.falcon.authentication.type": "kerberos",
 
+                "*.dfs.namenode.kerberos.principal": "nn/_HOST@${realm}"
 
               }
 
               }
 
-            ]
 
-          }
 
-        ]
 
-      },
 
-      {
 
-        "name": "FALCON",
 
-        "identities": [
 
-          {
 
-            "name": "/spnego"
 
-          },
 
-          {
 
-            "name": "/smokeuser"
 
-          },
 
-          {
 
-            "name": "/hdfs"
 
-          }
 
-        ],
 
-        "configurations": [
 
-          {
 
-            "falcon-startup.properties": {
 
-              "*.falcon.http.authentication.type": "kerberos",
 
-              "*.falcon.authentication.type": "kerberos",
 
-              "*.dfs.namenode.kerberos.principal": "nn/_HOST@${realm}"
 
             }
 
             }
 
-          }
 
-        ],
 
-        "components": [
 
-          {
 
-            "name": "FALCON_SERVER",
 
-            "identities": [
 
-              {
 
-                "principal": {
 
-                  "value": "falcon/${host}@${realm}",
 
-                  "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal"
 
-                },
 
-                "name": "falcon_server",
 
-                "keytab": {
 
-                  "file": "${keytab_dir}/falcon.service.keytab",
 
-                  "owner": {
 
-                    "name": "${falcon-env/falcon_user}",
 
-                    "access": "r"
 
+          ],
 
+          "components": [
 
+            {
 
+              "name": "FALCON_SERVER",
 
+              "identities": [
 
+                {
 
+                  "principal": {
 
+                    "value": "falcon/${host}@${realm}",
 
+                    "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal"
 
                   },
 
                   },
 
-                  "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab",
 
-                  "group": {
 
-                    "name": "${cluster-env/user_group}",
 
-                    "access": ""
 
+                  "name": "falcon_server",
 
+                  "keytab": {
 
+                    "file": "${keytab_dir}/falcon.service.keytab",
 
+                    "owner": {
 
+                      "name": "${falcon-env/falcon_user}",
 
+                      "access": "r"
 
+                    },
 
+                    "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab",
 
+                    "group": {
 
+                      "name": "${cluster-env/user_group}",
 
+                      "access": ""
 
+                    }
 
                   }
 
                   }
 
-                }
 
-              },
 
-              {
 
-                "principal": {
 
-                  "value": "HTTP/${host}@${realm}",
 
-                  "configuration": "falcon-startup.properties/oozie.authentication.kerberos.principal"
 
                 },
 
                 },
 
-                "name": "/spnego",
 
-                "keytab": {
 
-                  "file": null,
 
-                  "owner": {
 
-                    "name": null,
 
-                    "access": null
 
+                {
 
+                  "principal": {
 
+                    "value": "HTTP/${host}@${realm}",
 
+                    "configuration": "falcon-startup.properties/oozie.authentication.kerberos.principal"
 
                   },
 
                   },
 
-                  "configuration": "falcon-startup.properties/oozie.authentication.kerberos.keytab",
 
-                  "group": {
 
-                    "name": null,
 
-                    "access": null
 
+                  "name": "/spnego",
 
+                  "keytab": {
 
+                    "file": null,
 
+                    "owner": {
 
+                      "name": null,
 
+                      "access": null
 
+                    },
 
+                    "configuration": "falcon-startup.properties/oozie.authentication.kerberos.keytab",
 
+                    "group": {
 
+                      "name": null,
 
+                      "access": null
 
+                    }
 
                   }
 
                   }
 
                 }
 
                 }
 
-              }
 
-            ]
 
-          }
 
-        ]
 
-      }
 
-    ]
 
+              ]
 
+            }
 
+          ]
 
+        }
 
+      ]
 
+    }
 
   }
 
   }
 
 };
 
 };