Examples with KeytabCreationException com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException used on opensource projects

Example 6 with KeytabCreationException

use of com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException in project cloudbreak by hortonworks.

the class KerberosMgmtVaultComponent method getSecretResponseForPrincipal.

public SecretResponse getSecretResponseForPrincipal(ServiceKeytabRequest request, String accountId, String principal) {
    try {
        String path = new VaultPathBuilder().withSecretType(VaultPathBuilder.SecretType.SERVICE_KEYTAB).withAccountId(accountId).withSubType(VaultPathBuilder.SecretSubType.SERVICE_PRINCIPAL).withEnvironmentCrn(request.getEnvironmentCrn()).withClusterCrn(request.getClusterCrn()).withServerHostName(request.getServerHostName()).withServiceName(request.getServiceName()).build();
        String secret = secretService.put(path, principal);
        return stringToSecretResponseConverter.convert(secret);
    } catch (Exception exception) {
        LOGGER.warn("Failure while updating vault.", exception);
        throw new KeytabCreationException(VAULT_UPDATE_FAILED);
    }
}

Example 7 with KeytabCreationException

use of com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException in project cloudbreak by hortonworks.

the class KeytabCommonService method getExistingKeytab.

public KeytabCache getExistingKeytab(String environmentCrn, String canonicalPrincipal, String hostName, FreeIpaClient ipaClient) throws FreeIpaClientException, KeytabCreationException {
    try {
        Optional<KeytabCache> keytabCache = keytabCacheService.findByEnvironmentCrnAndPrincipal(environmentCrn, canonicalPrincipal);
        if (keytabCache.isPresent()) {
            LOGGER.debug("Returning keytab from cache");
            return keytabCache.get();
        } else {
            LOGGER.debug("Keytab is not found in cache, fetching existing from FreeIPA");
            Keytab keytab = ipaClient.getExistingKeytab(canonicalPrincipal);
            return keytabCacheService.saveOrUpdate(environmentCrn, canonicalPrincipal, hostName, keytab.getKeytab());
        }
    } catch (RetryableFreeIpaClientException e) {
        LOGGER.error(KEYTAB_FETCH_FAILED + " " + e.getLocalizedMessage(), e);
        throw new RetryableFreeIpaClientException(KEYTAB_FETCH_FAILED, e, new KeytabCreationException(KEYTAB_FETCH_FAILED));
    } catch (FreeIpaClientException e) {
        LOGGER.error(KEYTAB_FETCH_FAILED + " " + e.getLocalizedMessage(), e);
        throw new KeytabCreationException(KEYTAB_FETCH_FAILED);
    }
}

Example 8 with KeytabCreationException

use of com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException in project cloudbreak by hortonworks.

the class KeytabCommonService method fetchOrCreateHost.

private Host fetchOrCreateHost(String hostname, FreeIpaClient ipaClient) throws FreeIpaClientException {
    try {
        Optional<Host> optionalHost = fetchHostIfExists(hostname, ipaClient);
        LOGGER.debug("Fetch host: {}", optionalHost);
        return optionalHost.isEmpty() ? ipaClient.addHost(hostname) : optionalHost.get();
    } catch (RetryableFreeIpaClientException e) {
        throw e;
    } catch (FreeIpaClientException e) {
        if (FreeIpaClientExceptionUtil.isDuplicateEntryException(e)) {
            LOGGER.debug("Host [{}] was already created while trying to create it", hostname);
            return ipaClient.showHost(hostname);
        } else {
            LOGGER.error(HOST_CREATION_FAILED + " " + e.getLocalizedMessage(), e);
            throw new KeytabCreationException(HOST_CREATION_FAILED);
        }
    }
}

Example 9 with KeytabCreationException

use of com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException in project cloudbreak by hortonworks.

the class ServiceKeytabService method generateServiceKeytab.

public ServiceKeytabResponse generateServiceKeytab(ServiceKeytabRequest request, String accountId) throws FreeIpaClientException {
    LOGGER.debug("Request to generate service keytab: {}", request);
    Stack freeIpaStack = keytabCommonService.getFreeIpaStackWithMdcContext(request.getEnvironmentCrn(), accountId);
    String realm = keytabCommonService.getRealm(freeIpaStack);
    String principal = keytabCommonService.constructPrincipal(request.getServiceName(), request.getServerHostName(), realm);
    Optional<KeytabCache> keytabCache = keytabCacheService.findByEnvironmentCrnAndPrincipal(request.getEnvironmentCrn(), principal);
    if (request.getDoNotRecreateKeytab() && keytabCache.isPresent()) {
        LOGGER.debug("Keytab is found in cache, using it");
        return createServiceKeytabResponse(keytabCache.get());
    } else {
        LOGGER.debug("Keytab is not found in cache, or existing can't be reused.");
        FreeIpaClient ipaClient = freeIpaClientFactory.getFreeIpaClientForStack(freeIpaStack);
        if (!roleComponent.privilegesExist(request.getRoleRequest(), ipaClient)) {
            throw new KeytabCreationException(PRIVILEGE_DOES_NOT_EXIST);
        }
        keytabCommonService.addHost(request.getServerHostName(), null, ipaClient);
        com.sequenceiq.freeipa.client.model.Service service = addAndSetupService(request, realm, ipaClient);
        KeytabCache serviceKeytab = fetchKeytabFromFreeIpa(request, ipaClient, service);
        return createServiceKeytabResponse(serviceKeytab);
    }
}

Example 10 with KeytabCreationException

use of com.sequenceiq.freeipa.kerberosmgmt.exception.KeytabCreationException in project cloudbreak by hortonworks.

the class ServiceKeytabService method addAndSetupService.

private com.sequenceiq.freeipa.client.model.Service addAndSetupService(ServiceKeytabRequest request, String realm, FreeIpaClient ipaClient) throws FreeIpaClientException, KeytabCreationException {
    String canonicalPrincipal = keytabCommonService.constructPrincipal(request.getServiceName(), request.getServerHostName(), realm);
    try {
        com.sequenceiq.freeipa.client.model.Service service = createOrGetService(canonicalPrincipal, ipaClient);
        addAliasToService(request, realm, ipaClient, canonicalPrincipal, service);
        allowServiceKeytabRetrieval(service.getKrbcanonicalname(), ipaClient);
        roleComponent.addRoleAndPrivileges(Optional.of(service), Optional.empty(), request.getRoleRequest(), ipaClient);
        return service;
    } catch (RetryableFreeIpaClientException e) {
        LOGGER.error(SERVICE_PRINCIPAL_CREATION_FAILED + ' ' + e.getLocalizedMessage(), e);
        throw new RetryableFreeIpaClientException(SERVICE_PRINCIPAL_CREATION_FAILED, e, new KeytabCreationException(SERVICE_PRINCIPAL_CREATION_FAILED));
    } catch (FreeIpaClientException e) {
        LOGGER.error(SERVICE_PRINCIPAL_CREATION_FAILED + ' ' + e.getLocalizedMessage(), e);
        throw new KeytabCreationException(SERVICE_PRINCIPAL_CREATION_FAILED);
    }
}