You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2017/07/17 16:20:36 UTC
[18/26] ambari git commit: Revert: BUG-78694. LDAP sync requires user
to be root
Revert: BUG-78694. LDAP sync requires user to be root
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/805dbe42
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/805dbe42
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/805dbe42
Branch: refs/heads/branch-feature-AMBARI-21348
Commit: 805dbe42a0c809faacf8b86c769199c300eac1b9
Parents: aa729a5
Author: Eugene Chekanskiy <ec...@hortonworks.com>
Authored: Sun Jul 16 20:37:52 2017 +0300
Committer: Eugene Chekanskiy <ec...@hortonworks.com>
Committed: Sun Jul 16 20:37:52 2017 +0300
----------------------------------------------------------------------
.../src/main/python/ambari_server/setupSecurity.py | 4 ++++
ambari-server/src/test/python/TestAmbariServer.py | 13 ++++++++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/805dbe42/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index f175d7c..ea3b9e5 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -275,6 +275,10 @@ class LdapSyncOptions:
#
def sync_ldap(options):
logger.info("Sync users and groups with configured LDAP.")
+ if not is_root():
+ err = 'Ambari-server sync-ldap should be run with ' \
+ 'root-level privileges'
+ raise FatalException(4, err)
properties = get_ambari_properties()
http://git-wip-us.apache.org/repos/asf/ambari/blob/805dbe42/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index fb0bb70..1ac77ab2 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -7747,12 +7747,13 @@ class TestAmbariServer(TestCase):
@patch("urllib2.urlopen")
@patch("urllib2.Request")
@patch("base64.encodestring")
+ @patch("ambari_server.setupSecurity.is_root")
@patch("ambari_server.setupSecurity.is_server_runing")
@patch("ambari_server.setupSecurity.get_ambari_properties")
@patch("ambari_server.setupSecurity.get_validated_string_input")
@patch("ambari_server.setupSecurity.logger")
def test_sync_ldap_forbidden(self, logger_mock, get_validated_string_input_method, get_ambari_properties_method,
- is_server_runing_method,
+ is_server_runing_method, is_root_method,
encodestring_method, request_constructor, urlopen_method):
options = self._create_empty_options_mock()
@@ -7761,6 +7762,16 @@ class TestAmbariServer(TestCase):
options.ldap_sync_users = None
options.ldap_sync_groups = None
+ is_root_method.return_value = False
+ try:
+ sync_ldap(options)
+ self.fail("Should throw exception if not root")
+ except FatalException as fe:
+ # Expected
+ self.assertTrue("root-level" in fe.reason)
+ pass
+ is_root_method.return_value = True
+
is_server_runing_method.return_value = (None, None)
try:
sync_ldap(options)