Example 16 with KeytabCache
use of com.sequenceiq.freeipa.entity.KeytabCache in project cloudbreak by hortonworks.
the class KeytabCacheService method saveOrUpdate.
public KeytabCache saveOrUpdate(String environmentCrn, String principal, String hostname, String keytab) {
Optional<KeytabCache> keytabCache = findByEnvironmentCrnAndPrincipal(environmentCrn, principal);
if (keytabCache.isPresent()) {
KeytabCache cached = keytabCache.get();
if (Objects.equals(cached.getKeytab().getRaw(), keytab)) {
LOGGER.debug("Keytab exists in cache with the same value");
return cached;
} else {
LOGGER.debug("Keytab exists in cache with different value, updating");
cached.setKeytab(keytab);
return keytabCacheRepository.save(cached);
}
} else {
LOGGER.debug("Keytab doesn't exist in cache, saving.");
return save(environmentCrn, principal, hostname, keytab);
}
}
Also used :
KeytabCache(com.sequenceiq.freeipa.entity.KeytabCache)
Example 17 with KeytabCache
use of com.sequenceiq.freeipa.entity.KeytabCache in project cloudbreak by hortonworks.
the class KeytabCommonService method getExistingKeytab.
public KeytabCache getExistingKeytab(String environmentCrn, String canonicalPrincipal, String hostName, FreeIpaClient ipaClient) throws FreeIpaClientException, KeytabCreationException {
try {
Optional<KeytabCache> keytabCache = keytabCacheService.findByEnvironmentCrnAndPrincipal(environmentCrn, canonicalPrincipal);
if (keytabCache.isPresent()) {
LOGGER.debug("Returning keytab from cache");
return keytabCache.get();
} else {
LOGGER.debug("Keytab is not found in cache, fetching existing from FreeIPA");
Keytab keytab = ipaClient.getExistingKeytab(canonicalPrincipal);
return keytabCacheService.saveOrUpdate(environmentCrn, canonicalPrincipal, hostName, keytab.getKeytab());
}
} catch (RetryableFreeIpaClientException e) {
LOGGER.error(KEYTAB_FETCH_FAILED + " " + e.getLocalizedMessage(), e);
throw new RetryableFreeIpaClientException(KEYTAB_FETCH_FAILED, e, new KeytabCreationException(KEYTAB_FETCH_FAILED));
} catch (FreeIpaClientException e) {
LOGGER.error(KEYTAB_FETCH_FAILED + " " + e.getLocalizedMessage(), e);
throw new KeytabCreationException(KEYTAB_FETCH_FAILED);
}
}
Also used :
RetryableFreeIpaClientException(com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)
KeytabCache(com.sequenceiq.freeipa.entity.KeytabCache)
Keytab(com.sequenceiq.freeipa.client.model.Keytab)
KeytabCreationException(com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException)
FreeIpaClientException(com.sequenceiq.freeipa.client.FreeIpaClientException)
RetryableFreeIpaClientException(com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)
Example 18 with KeytabCache
use of com.sequenceiq.freeipa.entity.KeytabCache in project cloudbreak by hortonworks.
the class ServiceKeytabService method generateServiceKeytab.
public ServiceKeytabResponse generateServiceKeytab(ServiceKeytabRequest request, String accountId) throws FreeIpaClientException {
LOGGER.debug("Request to generate service keytab: {}", request);
Stack freeIpaStack = keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), accountId);
String realm = keytabCommonService.getRealm(freeIpaStack);
String principal = keytabCommonService.constructPrincipal(request.getServiceName(), request.getServerHostName(), realm);
Optional<KeytabCache> keytabCache = keytabCacheService.findByEnvironmentCrnAndPrincipal(request.getEnvironmentCrn(), principal);
if (request.getDoNotRecreateKeytab() && keytabCache.isPresent()) {
LOGGER.debug("Keytab is found in cache, using it");
return createServiceKeytabResponse(keytabCache.get());
} else {
LOGGER.debug("Keytab is not found in cache, or existing can't be reused.");
FreeIpaClient ipaClient = freeIpaClientFactory.getFreeIpaClientForStack(freeIpaStack);
if (!roleComponent.privilegesExist(request.getRoleRequest(), ipaClient)) {
throw new KeytabCreationException(PRIVILEGE_DOES_NOT_EXIST);
}
keytabCommonService.addHost(request.getServerHostName(), null, ipaClient);
com.sequenceiq.freeipa.client.model.Service service = addAndSetupService(request, realm, ipaClient);
KeytabCache serviceKeytab = fetchKeytabFromFreeIpa(request, ipaClient, service);
return createServiceKeytabResponse(serviceKeytab);
}
}
Also used :
KeytabCache(com.sequenceiq.freeipa.entity.KeytabCache)
FreeIpaClient(com.sequenceiq.freeipa.client.FreeIpaClient)
KeytabCreationException(com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException)
Stack(com.sequenceiq.freeipa.entity.Stack)
Aggregations
KeytabCache (com.sequenceiq.freeipa.entity.KeytabCache)18
FreeIpaClient (com.sequenceiq.freeipa.client.FreeIpaClient)11
Test (org.junit.jupiter.api.Test)11
Stack (com.sequenceiq.freeipa.entity.Stack)8
Host (com.sequenceiq.freeipa.client.model.Host)5
Secret (com.sequenceiq.cloudbreak.service.secret.domain.Secret)4
SecretResponse (com.sequenceiq.cloudbreak.service.secret.model.SecretResponse)4
HostKeytabRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabRequest)4
HostKeytabResponse (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.HostKeytabResponse)4
RoleRequest (com.sequenceiq.freeipa.api.v1.kerberosmgmt.model.RoleRequest)3
Keytab (com.sequenceiq.freeipa.client.model.Keytab)3
BadRequestException (com.sequenceiq.cloudbreak.common.exception.BadRequestException)2
KeytabCreationException (com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException)2
FreeIpaClientException (com.sequenceiq.freeipa.client.FreeIpaClientException)1
RetryableFreeIpaClientException (com.sequenceiq.freeipa.client.RetryableFreeIpaClientException)1
