apache
/
ambari
mirrorاز https://gitee.com/freeshow_me/ambari


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305
							/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements. See the NOTICE file distributed with this
 * work for additional information regarding copyright ownership. The ASF
 * licenses this file to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

var App = require('app');

/** @module utils.credentials **/

/**
 * Credential Resource format.
 * @typedef {object} credentialResourceObject
 * @property {string} principal user principal name
 * @property {string} key user password
 * @property {string} type type of credential store e.g. <b>persistent</b> or <b>temporary</b>
 */
module.exports = {

  STORE_TYPES: {
    TEMPORARY: 'temporary',
    PERSISTENT: 'persisted',
    PERSISTENT_KEY: 'persistent',
    TEMPORARY_KEY: 'temporary',
    PERSISTENT_PATH: 'storage.persistent',
    TEMPORARY_PATH: 'storage.temporary'
  },

  ALIAS: {
    KDC_CREDENTIALS: 'kdc.admin.credential'
  },

  /**
   * Store credentials to server
   *
   * @member utils.credentials
   * @param {string} clusterName cluster name
   * @param {string} alias credential alias name e.g. "kdc.admin.credentials"
   * @param {credentialResourceObject} resource resource info to set e.g.
   * <code>
   * {
   *   principal: "USERNAME",
   *   key: "SecretKey",
   *   type: "persisted"
   * }
   * </code>
   *
   * Where:
   * <ul>
   *   <li>principal: the principal (or username) part of the credential to store</li>
   *   <li>key: the secret key part of the credential to store</li>
   *   <li>type: declares the storage facility type: "persisted" or "temporary"</li>
   * </ul>
   * @returns {$.Deferred} promise object
   */
  createCredentials: function(clusterName, alias, resource) {
    return App.ajax.send({
      sender: this,
      name: 'credentials.create',
      data: {
        clusterName: clusterName,
        resource: resource,
        alias: alias
      },
      error: 'createCredentialsErrorCallback'
    });
  },

  credentialsSuccessCallback: function(data, opt, params) {
    params.callback(data.items.length ? data.items.mapProperty('Credential') : []);
  },

  createCredentialsErrorCallback: function(req, ajaxOpts, error) {
  },

  /**
   * @see createCredentials
   * @member utils.credentials
   * @param {string} clusterName
   * @param {string} alias
   * @param {credentialResourceObject} resource
   * @returns {$.Deferred} promise object
   */
  createOrUpdateCredentials: function(clusterName, alias, resource) {
    var self = this;
    var dfd = $.Deferred();
    this.getCredential(clusterName, alias).then(function() {
      // update previously stored credentials
      self.updateCredentials(clusterName, alias, resource).always(function() {
        var status = arguments[1];
        var result = arguments[2];
        dfd.resolve(status === "success", result);
      });
    }, function() {
      // create credentials if they not exist
      self.createCredentials(clusterName, alias, resource).always(function() {
        var status = arguments[1];
        var result = arguments[2];
        dfd.resolve(status === "success", result);
      });
    });
    return dfd.promise();
  },

  /**
   * Retrieve single credential from cluster by specified alias name
   *
   * @member utils.credentials
   * @param {string} clusterName cluster name
   * @param {string} alias credential alias name e.g. "kdc.admin.credentials"
   * @param {function} [callback] success callback to invoke, credential will be passed to first argument
   * @returns {$.Deferred} promise object
   */
  getCredential: function(clusterName, alias, callback) {
    return App.ajax.send({
      sender: this,
      name: 'credentials.get',
      data: {
        clusterName: clusterName,
        alias: alias,
        callback: callback
      },
      success: 'getCredentialSuccessCallback',
      error: 'getCredentialErrorCallback'
    });
  },

  getCredentialSuccessCallback: function(data, opt, params) {
    if (params.callback) {
      params.callback(Em.getWithDefault(data, 'Credential', null));
    }
  },

  getCredentialErrorCallback: function() {},

  /**
   * Update credential by alias and cluster name
   *
   * @see createCredentials
   * @param {string} clusterName
   * @param {string} alias
   * @param {object} resource
   * @returns {$.Deferred} promise object
   */
  updateCredentials: function(clusterName, alias, resource) {
    return App.ajax.send({
      sender: this,
      name: 'credentials.update',
      data: {
        clusterName: clusterName,
        alias: alias,
        resource: resource
      }
    });
  },

  /**
   * Get credenial list from server by specified cluster name
   *
   * @param {string} clusterName cluster name
   * @param {function} callback
   * @returns {$.Deferred} promise object
   */
  credentials: function(clusterName, callback) {
    return App.ajax.send({
      sender: this,
      name: 'credentials.list',
      data: {
        clusterName: clusterName,
        callback: callback
      },
      success: 'credentialsSuccessCallback'
    });
  },

  /**
   * Remove credential from server by specified cluster name and alias
   *
   * @param {string} clusterName cluster name
   * @param {string} alias credential alias name e.g. "kdc.admin.credentials"
   */
  removeCredentials: function(clusterName, alias) {
    return App.ajax.send({
      sender: this,
      name: 'credentials.delete',
      data: {
        clusterName: clusterName,
        alias: alias
      }
    });
  },

  /**
   * Get info regarding credential storage type like <code>persistent</code> and <code>temporary</code>
   *
   * @param {string} clusterName cluster name
   * @param {function} callback
   * @returns {$.Deferred} promise object
   */
  storageInfo: function(clusterName, callback) {
    return App.ajax.send({
      sender: this,
      name: 'credentials.store.info',
      data: {
        clusterName: clusterName,
        callback: callback
      },
      success: 'storageInfoSuccessCallback'
    });
  },

  storageInfoSuccessCallback: function(json, opt, params, request) {
    if (json.Clusters) {
      var storage = Em.getWithDefault(json, 'Clusters.credential_store_properties', {});
      var storeTypesObject = {};

      storeTypesObject[this.STORE_TYPES.PERSISTENT_KEY] = storage[this.STORE_TYPES.PERSISTENT_PATH] === "true";
      storeTypesObject[this.STORE_TYPES.TEMPORARY_KEY] = storage[this.STORE_TYPES.TEMPORARY_PATH] === "true";
      params.callback(storeTypesObject);
    } else {
      params.callback(null);
    }
  },

  /**
   * Resolves promise with <code>true</code> value if secure store is persistent
   *
   * @param {string} clusterName
   * @returns {$.Deferred} promise object
   */
  isStorePersisted: function(clusterName) {
    return this.storeTypeStatus(clusterName, this.STORE_TYPES.PERSISTENT_KEY);
  },

  /**
   * Resolves promise with <code>true</code> value if secure store is temporary
   *
   * @param {string} clusterName
   * @returns {$.Deferred} promise object
   */
  isStoreTemporary: function(clusterName) {
    return this.storeTypeStatus(clusterName, this.STORE_TYPES.TEMPORARY_KEY);
  },

  /**
   * Get store type value for specified cluster and store type e.g. <b>persistent</b> or <b>temporary</b>
   *
   * @member utils.credentials
   * @param {string} clusterName
   * @param {string} type store type e.g. <b>persistent</b> or <b>temporary</b>
   * @returns {$.Deferred} promise object
   */
  storeTypeStatus: function(clusterName, type) {
    var dfd = $.Deferred();
    this.storageInfo(clusterName, function(storage) {
      dfd.resolve(Em.get(storage, type));
    }).fail(function(error) {
      dfd.reject(error);
    });
    return dfd.promise();
  },

  /**
   * Generate payload for storing credential.
   *
   * @member utils.credentials
   * @param {string} principal principal name
   * @param {string} key secret key
   * @param {string} type storage type e.g. <b>persisted</b>, <b>temporary</b>
   * @returns {credentialResourceObject} resource template
   */
  createCredentialResource: function(principal, key, type) {
    return {
      principal: principal,
      key: key,
      type: type
    };
  },

  /**
   * Check that KDC credentials stored as <b>persisted</b> and not <b>temporary</b> from specified credentials list.
   *
   * @member utils.credentials
   * @param {object[]} credentials credentials list retrieved from API @see credentials
   * @returns {boolean} <code>true</code> if credentials are persisted
   */
  isKDCCredentialsPersisted: function(credentials) {
    var kdcCredentials = credentials.findProperty('alias', this.ALIAS.KDC_CREDENTIALS);
    if (kdcCredentials) {
      return Em.getWithDefault(kdcCredentials, 'type', this.STORE_TYPES.TEMPORARY) === this.STORE_TYPES.PERSISTENT;
    }
    return false;
  }
};