You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by dm...@apache.org on 2016/04/15 16:01:58 UTC
[2/2] ambari git commit: AMBARI-15911. Choose Authorization [Hive]'
with value None was added after upgrade,
but should has value according to security type (after upgrade secured cluster
from 1.7.0, 2.0.1, 2.0.2 etc) to 2.2.2.0] (dgrinenko via dlysnichen
AMBARI-15911. Choose Authorization [Hive]' with value None was added after upgrade, but should has value according to security type (after upgrade secured cluster from 1.7.0,2.0.1, 2.0.2 etc) to 2.2.2.0] (dgrinenko via dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fdf6eb8a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fdf6eb8a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fdf6eb8a
Branch: refs/heads/trunk
Commit: fdf6eb8a6c80316de0e6ed738a29c22b2f2d831f
Parents: 0f299a5
Author: Lisnichenko Dmitro <dl...@hortonworks.com>
Authored: Fri Apr 15 17:02:08 2016 +0300
Committer: Lisnichenko Dmitro <dl...@hortonworks.com>
Committed: Fri Apr 15 17:02:08 2016 +0300
----------------------------------------------------------------------
.../server/upgrade/AbstractUpgradeCatalog.java | 8 +-
.../server/upgrade/UpgradeCatalog210.java | 36 ++++++---
.../server/upgrade/UpgradeCatalog220.java | 2 +-
.../server/upgrade/UpgradeCatalog210Test.java | 77 ++++++++++++++++++++
4 files changed, 107 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/fdf6eb8a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
index f0fc245..ecd8e3d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
@@ -191,18 +191,18 @@ public abstract class AbstractUpgradeCatalog implements UpgradeCatalog {
return doc;
}
- protected static boolean isRangerPluginEnabled(Cluster cluster) {
- boolean isRangerPluginEnabled = false;
+ protected static boolean isRangerKnoxPluginEnabled(Cluster cluster) {
+ boolean isRangerKnoxPluginEnabled = false;
if (cluster != null) {
Config rangerKnoxPluginProperties = cluster.getDesiredConfigByType(CONFIGURATION_TYPE_RANGER_KNOX_PLUGIN_PROPERTIES);
if (rangerKnoxPluginProperties != null) {
String rangerKnoxPluginEnabled = rangerKnoxPluginProperties.getProperties().get(PROPERTY_RANGER_KNOX_PLUGIN_ENABLED);
if (StringUtils.isNotEmpty(rangerKnoxPluginEnabled)) {
- isRangerPluginEnabled = rangerKnoxPluginEnabled.toLowerCase().equals("yes");
+ isRangerKnoxPluginEnabled = "yes".equalsIgnoreCase(rangerKnoxPluginEnabled);
}
}
}
- return isRangerPluginEnabled;
+ return isRangerKnoxPluginEnabled;
}
protected static class VersionComparator implements Comparator<UpgradeCatalog> {
http://git-wip-us.apache.org/repos/asf/ambari/blob/fdf6eb8a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
index 74f4994..72ae7b4 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java
@@ -1408,14 +1408,11 @@ public class UpgradeCatalog210 extends AbstractUpgradeCatalog {
&& RangerHiveConfig.getProperties().get("ranger-hive-plugin-enabled").equalsIgnoreCase("yes")) {
newHiveEnvProperties.put("hive_security_authorization", "Ranger");
newHiveServerProperties.put("hive.security.authorization.enabled", "true");
- } else {
- newHiveEnvProperties.put("hive_security_authorization", "None");
}
boolean updateProperty = cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive_security_authorization");
updateConfigurationPropertiesForCluster(cluster, "hive-env", newHiveEnvProperties, updateProperty, true);
updateConfigurationPropertiesForCluster(cluster, "hiveserver2-site", newHiveServerProperties, updateProperty, true);
- updateConfigurationPropertiesForCluster(cluster, "ranger-hive-plugin-properties", new HashMap<String, String>(),
- removeRangerHiveProperties, false, true);
+ removeConfigurationPropertiesFromCluster(cluster, "ranger-hive-plugin-properties", removeRangerHiveProperties);
}
}
}
@@ -1524,6 +1521,13 @@ public class UpgradeCatalog210 extends AbstractUpgradeCatalog {
if (clusterMap != null && !clusterMap.isEmpty()) {
for (final Cluster cluster : clusterMap.values()) {
String content = null;
+ String hive_server2_auth = "";
+ if (cluster.getDesiredConfigByType("hive-site") != null &&
+ cluster.getDesiredConfigByType("hive-site").getProperties().containsKey("hive.server2.authentication")) {
+
+ hive_server2_auth = cluster.getDesiredConfigByType("hive-site").getProperties().get("hive.server2.authentication");
+ }
+
if(cluster.getDesiredConfigByType("hive-env") != null) {
Map<String, String> hiveEnvProps = new HashMap<String, String>();
Set<String> hiveServerSiteRemoveProps = new HashSet<String>();
@@ -1540,22 +1544,32 @@ public class UpgradeCatalog210 extends AbstractUpgradeCatalog {
if (!cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive.metastore.heapsize")) {
hiveEnvProps.put("hive.metastore.heapsize", "1024");
}
- if (cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive_security_authorization") &&
- "none".equalsIgnoreCase(cluster.getDesiredConfigByType("hive-env").getProperties().get("hive_security_authorization"))) {
+
+ boolean isHiveSecurityAuthPresent = cluster.getDesiredConfigByType("hive-env").getProperties().containsKey("hive_security_authorization");
+ String hiveSecurityAuth="";
+
+ if ("kerberos".equalsIgnoreCase(hive_server2_auth) && cluster.getServices().containsKey("KERBEROS")){
+ hiveSecurityAuth = "SQLStdAuth";
+ isHiveSecurityAuthPresent = true;
+ hiveEnvProps.put("hive_security_authorization", hiveSecurityAuth);
+ } else {
+ if (isHiveSecurityAuthPresent) {
+ hiveSecurityAuth = cluster.getDesiredConfigByType("hive-env").getProperties().get("hive_security_authorization");
+ }
+ }
+
+ if (isHiveSecurityAuthPresent && "none".equalsIgnoreCase(hiveSecurityAuth)) {
hiveServerSiteRemoveProps.add("hive.security.authorization.manager");
hiveServerSiteRemoveProps.add("hive.security.authenticator.manager");
}
updateConfigurationPropertiesForCluster(cluster, "hive-env", hiveEnvProps, true, true);
- updateConfigurationPropertiesForCluster(cluster, "hiveserver2-site", new HashMap<String, String>(), hiveServerSiteRemoveProps, false, true);
+ removeConfigurationPropertiesFromCluster(cluster, "hiveserver2-site", hiveServerSiteRemoveProps);
}
if(cluster.getDesiredConfigByType("hive-site") != null) {
Set<String> hiveSiteRemoveProps = new HashSet<String>();
Map<String, String> hiveSiteAddProps = new HashMap<String, String>();
- String hive_server2_auth = "";
- if (cluster.getDesiredConfigByType("hive-site").getProperties().containsKey("hive.server2.authentication")) {
- hive_server2_auth = cluster.getDesiredConfigByType("hive-site").getProperties().get("hive.server2.authentication");
- }
+
if (!"pam".equalsIgnoreCase(hive_server2_auth)) {
hiveSiteRemoveProps.add("hive.server2.authentication.pam.services");
} else {
http://git-wip-us.apache.org/repos/asf/ambari/blob/fdf6eb8a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
index 40dcd2f..0eef4f1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
@@ -383,7 +383,7 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
if (!authorizationProviderExists) {
NodeList nodeList = root.getElementsByTagName("gateway");
if (nodeList != null && nodeList.getLength() > 0) {
- boolean rangerPluginEnabled = isRangerPluginEnabled(cluster);
+ boolean rangerPluginEnabled = isRangerKnoxPluginEnabled(cluster);
Node gatewayNode = nodeList.item(0);
Element newProvider = topologyXml.createElement("provider");
http://git-wip-us.apache.org/repos/asf/ambari/blob/fdf6eb8a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java
index 6795f1e..f0ec36f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog210Test.java
@@ -57,6 +57,7 @@ import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.api.services.AmbariMetaInfo;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.ConfigurationRequest;
import org.apache.ambari.server.controller.ServiceConfigVersionResponse;
import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo;
@@ -89,6 +90,7 @@ import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory;
import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
import org.apache.ambari.server.state.stack.OsFamily;
import org.easymock.Capture;
+import org.easymock.CaptureType;
import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.junit.After;
@@ -468,6 +470,81 @@ public class UpgradeCatalog210Test {
}
@Test
+ public void testUpdateHiveConfigsWithKerberos() throws Exception {
+ EasyMockSupport easyMockSupport = new EasyMockSupport();
+ final ConfigHelper mockConfigHelper = easyMockSupport.createMock(ConfigHelper.class);
+ final AmbariManagementController mockAmbariManagementController = easyMockSupport.createNiceMock(AmbariManagementController.class);
+
+ final Clusters mockClusters = easyMockSupport.createStrictMock(Clusters.class);
+ final Cluster mockClusterExpected = easyMockSupport.createNiceMock(Cluster.class);
+ final Config mockHiveEnv = easyMockSupport.createNiceMock(Config.class);
+ final Config mockHiveSite = easyMockSupport.createNiceMock(Config.class);
+ final Config mockHiveServerSite = easyMockSupport.createNiceMock(Config.class);
+
+ final Map<String, String> propertiesExpectedHiveEnv = new HashMap<String, String>();
+ final Map<String, String> propertiesExpectedHiveSite = new HashMap<String, String>() {{
+ put("hive.server2.authentication", "kerberos");
+ }};
+ final Map<String, String> propertiesExpectedHiveServerSite = new HashMap<String, String>() {{
+ }};
+ final Map<String, Service> servicesExpected = new HashMap<String, Service>(){{
+ put("KERBEROS", null);
+ }};
+
+ final Injector mockInjector = Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ bind(AmbariManagementController.class).toInstance(mockAmbariManagementController);
+ bind(ConfigHelper.class).toInstance(mockConfigHelper);
+ bind(Clusters.class).toInstance(mockClusters);
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ }
+ });
+
+ final UpgradeCatalog210 upgradeCatalog210 = mockInjector.getInstance(UpgradeCatalog210.class);
+
+ expect(mockAmbariManagementController.getClusters()).andReturn(mockClusters).once();
+ expect(mockClusters.getClusters()).andReturn(new HashMap<String, Cluster>() {{
+ put("normal", mockClusterExpected);
+ }}).once();
+
+ Capture<Map<String,String>> configCreation = Capture.newInstance(CaptureType.ALL);
+
+ expect(mockClusterExpected.getDesiredConfigByType("hive-env")).andReturn(mockHiveEnv).atLeastOnce();
+ expect(mockClusterExpected.getDesiredConfigByType("hiveserver2-site")).andReturn(mockHiveServerSite).atLeastOnce();
+ expect(mockHiveEnv.getProperties()).andReturn(propertiesExpectedHiveEnv).anyTimes();
+ expect(mockHiveServerSite.getProperties()).andReturn(propertiesExpectedHiveServerSite).anyTimes();
+
+ expect(mockClusterExpected.getDesiredConfigByType("hive-site")).andReturn(mockHiveSite).atLeastOnce();
+ expect(mockHiveSite.getProperties()).andReturn(propertiesExpectedHiveSite).anyTimes();
+ expect(mockClusterExpected.getServices()).andReturn(servicesExpected).atLeastOnce();
+ expect(mockAmbariManagementController.createConfig((Cluster)anyObject(),
+ anyString(),
+ capture(configCreation),
+ anyString(),
+ (Map<String, Map<String, String>>)anyObject())).andReturn(null).atLeastOnce();
+
+ easyMockSupport.replayAll();
+ upgradeCatalog210.updateHiveConfigs();
+ easyMockSupport.verifyAll();
+
+ Assert.assertEquals(2, configCreation.getValues().size());
+
+ boolean hiveSecFound = false;
+
+ for (Map<String, String> cfg: configCreation.getValues()){
+ if (cfg.containsKey("hive_security_authorization")) {
+ hiveSecFound = true;
+ Assert.assertTrue("sqlstdauth".equalsIgnoreCase(cfg.get("hive_security_authorization")));
+ break;
+ }
+ }
+
+ Assert.assertTrue(hiveSecFound);
+ }
+
+ @Test
public void TestUpdateHiveEnvContent() {
EasyMockSupport easyMockSupport = new EasyMockSupport();
final AmbariManagementController mockAmbariManagementController = easyMockSupport.createNiceMock(AmbariManagementController.class);