From e3138acf62098b3e15ffe93d0699d0181e453c10 Mon Sep 17 00:00:00 2001
From: Nick Allen <nick@nickallen.org>
Date: Tue, 11 Sep 2018 15:01:35 -0400
Subject: [PATCH] METRON-1774 Allow user to configure JAAS client in Ambari

---
 .../configuration/metron-client-jaas-conf.xml | 61 +++++++++++++++++++
 .../METRON/CURRENT/metainfo.xml               |  1 +
 .../package/scripts/metron_security.py        |  4 +-
 .../package/scripts/params/params_linux.py    |  2 +
 .../package/templates/client_jaas.conf.j2     | 44 -------------
 5 files changed, 66 insertions(+), 46 deletions(-)
 create mode 100644 metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
 delete mode 100644 metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2

diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
new file mode 100644
index 0000000000..141a5eb6b4
--- /dev/null
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false" supports_adding_forbidden="true">
+  <property>
+    <name>content</name>
+    <display-name>metron_client_jaas template</display-name>
+    <description>Metron client JAAS configuration</description>
+    <value>
+StormClient {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=false
+   storeKey=false
+   useTicketCache=true
+   serviceName="nimbus"
+   principal="{{metron_principal_name}}";
+};
+Client {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="{{metron_keytab_path}}"
+   storeKey=true
+   useTicketCache=false
+   serviceName="zookeeper"
+   principal="{{metron_principal_name}}";
+};
+KafkaClient {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="{{metron_keytab_path}}"
+   storeKey=true
+   useTicketCache=false
+   serviceName="kafka"
+   principal="{{metron_principal_name}}";
+};
+   </value>
+    <value-attributes>
+      <type>content</type>
+      <show-property-name>false</show-property-name>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
index f83d93bb66..644ba9783f 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
@@ -471,6 +471,7 @@
         <config-type>kafka-broker</config-type>
         <config-type>kafka-env</config-type>
         <config-type>zeppelin-config</config-type>
+        <config-type>metron-client-jaas-conf</config-type>
       </configuration-dependencies>
       <restartRequiredAfterChange>true</restartRequiredAfterChange>
       <quickLinksConfigurations>
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
index 4f04daf362..d9486e8799 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
@@ -16,6 +16,7 @@
 
 import os.path
 from resource_management.core.source import Template
+from resource_management.core.source import InlineTemplate
 from resource_management.core.resources.system import Directory, File
 from resource_management.core import global_lock
 from resource_management.core.logger import Logger
@@ -46,7 +47,7 @@ def storm_security_setup(params):
                   )
 
         File(ambari_format('{client_jaas_path}'),
-             content=Template('client_jaas.conf.j2'),
+             content=InlineTemplate(params.metron_client_jaas_conf_template),
              owner=params.metron_user,
              group=params.metron_group,
              mode=0755
@@ -80,4 +81,3 @@ def kinit(kinit_path_local, keytab_path, principal_name, execute_user=None):
             Execute(kinitcmd, user=execute_user)
     finally:
         kinit_lock.release()
-
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
index 9be09f108f..0525c7ff97 100755
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
@@ -259,6 +259,8 @@
     kafka_principal_name = kafka_principal_raw.replace('_HOST', hostname_lowercase)
     kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab']
 
+    metron_client_jaas_conf_template = config['configurations']['metron-client-jaas-conf']['content']
+
     nimbus_seeds = config['configurations']['storm-site']['nimbus.seeds']
     # Check wether Solr mpack is installed
     if 'solr-config-env' in config['configurations']:
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2 b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
deleted file mode 100644
index c0a047e6de..0000000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-{#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#}
-
-StormClient {
-   com.sun.security.auth.module.Krb5LoginModule required
-   useKeyTab=false
-   storeKey=false
-   useTicketCache=true
-   serviceName="nimbus"
-   principal="{{metron_principal_name}}";
-};
-Client {
-   com.sun.security.auth.module.Krb5LoginModule required
-   useKeyTab=true
-   keyTab="{{metron_keytab_path}}"
-   storeKey=true
-   useTicketCache=false
-   serviceName="zookeeper"
-   principal="{{metron_principal_name}}";
-};
-KafkaClient {
-   com.sun.security.auth.module.Krb5LoginModule required
-   useKeyTab=true
-   keyTab="{{metron_keytab_path}}"
-   storeKey=true
-   useTicketCache=false
-   serviceName="kafka"
-   principal="{{metron_principal_name}}";
-};