You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2018/11/22 11:50:15 UTC
[ambari] branch trunk updated: [AMBARI-24923] Create
tproxy-configuration category in Ambari Configurations data (#2645)
This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new fb70edd [AMBARI-24923] Create tproxy-configuration category in Ambari Configurations data (#2645)
fb70edd is described below
commit fb70eddf5000e9b86302f67404c68385eb1010bb
Author: Robert Levas <rl...@users.noreply.github.com>
AuthorDate: Thu Nov 22 06:50:11 2018 -0500
[AMBARI-24923] Create tproxy-configuration category in Ambari Configurations data (#2645)
* [AMBARI-24923] Create tproxy-configuration category in Ambari Configurations data
* [AMBARI-24923] Create tproxy-configuration category in Ambari Configurations data
---
.../AmbariServerConfigurationCategory.java | 9 +-
.../AmbariServerConfigurationKey.java | 155 ++++++++++++---------
.../configuration/ConfigurationPropertyType.java | 2 +-
.../internal/AmbariServerConfigurationHandler.java | 10 +-
.../internal/AmbariServerConfigurationUtils.java | 92 ++++++++++--
...erviceComponentConfigurationHandlerFactory.java | 5 +
.../ads/DefaultLdapAttributeDetectionService.java | 5 +-
.../AmbariServerConfigurationKeyTest.java | 60 ++++++++
.../AmbariServerConfigurationHandlerTest.java | 30 +++-
.../AmbariServerConfigurationUtilsTest.java | 129 +++++++++++++++++
10 files changed, 409 insertions(+), 88 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java
index aa166c7..520e472 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java
@@ -19,6 +19,8 @@
package org.apache.ambari.server.configuration;
import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* AmbariServerConfigurationCategory is an enumeration of the different Ambari server specific
@@ -26,8 +28,10 @@ import org.apache.commons.lang.StringUtils;
*/
public enum AmbariServerConfigurationCategory {
LDAP_CONFIGURATION("ldap-configuration"),
- SSO_CONFIGURATION("sso-configuration");
+ SSO_CONFIGURATION("sso-configuration"),
+ TPROXY_CONFIGURATION("tproxy-configuration");
+ private static final Logger LOG = LoggerFactory.getLogger(AmbariServerConfigurationCategory.class);
private final String categoryName;
AmbariServerConfigurationCategory(String categoryName) {
@@ -54,7 +58,8 @@ public enum AmbariServerConfigurationCategory {
}
}
- throw new IllegalArgumentException(String.format("Invalid Ambari server configuration category name: %s", categoryName));
+ LOG.warn("Invalid Ambari server configuration category: {}", categoryName);
+ return null;
}
/**
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
index 05caa75..5603d46 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
@@ -17,6 +17,10 @@ package org.apache.ambari.server.configuration;
import static org.apache.ambari.server.configuration.ConfigurationPropertyType.PASSWORD;
import static org.apache.ambari.server.configuration.ConfigurationPropertyType.PLAINTEXT;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
/**
* Constants representing supported LDAP related property names
*/
@@ -25,87 +29,98 @@ public enum AmbariServerConfigurationKey {
/* ********************************************************
* LDAP Configuration Keys
* ******************************************************** */
- AMBARI_MANAGES_LDAP_CONFIGURATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.manage_services", PLAINTEXT, "false", "A Boolean value indicating whether Ambari is to manage the LDAP configuration for services or not."),
- LDAP_ENABLED_SERVICES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.enabled_services", PLAINTEXT, null, "A comma-delimited list of services that are expected to be configured for LDAP. A \"*\" indicates all services."),
-
- LDAP_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.authentication.enabled", PLAINTEXT, "false", "An internal property used for unit testing and development purposes."),
- SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.server.host", PLAINTEXT, "localhost", "The LDAP URL host used for connecting to an LDAP server when authenticating users."),
- SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.server.port", PLAINTEXT, "33389", "The LDAP URL port used for connecting to an LDAP server when authenticating users."),
- SECONDARY_SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.secondary.server.host", PLAINTEXT, null, "A second LDAP URL host to use as a backup when authenticating users."),
- SECONDARY_SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.secondary.server.port", PLAINTEXT, null, "A second LDAP URL port to use as a backup when authenticating users."),
- USE_SSL(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.use_ssl", PLAINTEXT, "false", "Determines whether to use LDAP over SSL (LDAPS)."),
-
- TRUST_STORE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store", PLAINTEXT, "", ""), //TODO
- TRUST_STORE_TYPE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store.type", PLAINTEXT, null, "The type of truststore used by the 'javax.net.ssl.trustStoreType' property."),
- TRUST_STORE_PATH(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store.path", PLAINTEXT, null, "The location of the truststore to use when setting the 'javax.net.ssl.trustStore' property."),
- TRUST_STORE_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store.password", PASSWORD, null, "The password to use when setting the 'javax.net.ssl.trustStorePassword' property"),
- ANONYMOUS_BIND(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.anonymous_bind", PLAINTEXT, "true", "Determines whether LDAP requests can connect anonymously or if a managed user is required to connect."),
-
- BIND_DN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.bind_dn", PLAINTEXT, null, "The DN of the manager account to use when binding to LDAP if anonymous binding is disabled."),
- BIND_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.bind_password", PASSWORD, null, "The password for the manager account used to bind to LDAP if anonymous binding is disabled."),
-
- ATTR_DETECTION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.detection", PLAINTEXT, "", ""), //TODO
-
- DN_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.dn_attr", PLAINTEXT, "dn", "The attribute used for determining what the distinguished name property is."),
-
- USER_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.object_class", PLAINTEXT, "person", "The class to which user objects in LDAP belong."),
- USER_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.name_attr", PLAINTEXT, "uid", "The attribute used for determining the user name, such as 'uid'."),
- USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "", ""), //TODO
- USER_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.search_base", PLAINTEXT, "dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and groups. This is only used when LDAP authentication is enabled."),
- USER_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.search_user_base", PLAINTEXT, "ou=people,dc=ambari,dc=apache,dc=org", "The filter used when searching for users in LDAP."),
-
- GROUP_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.object_class", PLAINTEXT, "posixGroup", "Specifies the LDAP object class value that defines groups in the directory service."),
- GROUP_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.name_attr", PLAINTEXT, "cn", "The attribute used to determine the group name in LDAP."),
- GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.member_attr", PLAINTEXT, "member", "The LDAP attribute which identifies group membership."),
- GROUP_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.search_base", PLAINTEXT, "dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and groups. This is only used when LDAP authentication is enabled."),
- GROUP_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.search_group_base", PLAINTEXT, "ou=groups,dc=ambari,dc=apache,dc=org", "The filter used when searching for groups in LDAP."),
-
- USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.user_search_filter", PLAINTEXT, "(&({usernameAttribute}={0})(objectClass={userObjectClass}))", "A filter used to lookup a user in LDAP based on the Ambari user name."),
- USER_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.user_member_replace_pattern", PLAINTEXT, "", "Regex pattern to use when replacing the user member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: 'member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')"),
- USER_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.user_member_filter", PLAINTEXT, "", "Filter to use for syncing user members of a group from LDAP (by default it is not used). For example: (&(objectclass=posixaccount)(uid={member}))"),
-
- ALTERNATE_USER_SEARCH_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.alternate_user_search_enabled", PLAINTEXT, "false", "Determines whether a secondary (alternate) LDAP user search filer is used if the primary filter fails to find a user."),
- ALTERNATE_USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.alternate_user_search_filter", PLAINTEXT, "(&(userPrincipalName={0})(objectClass={userObjectClass}))", "An alternate LDAP user search filter which can be used if 'authentication.ldap.alternateUserSearchEnabled' is enabled and the primary filter fails to find a user."),
-
- GROUP_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_search_filter", PLAINTEXT, "", "The DN to use when searching for LDAP groups."),
- GROUP_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_member_replace_pattern", PLAINTEXT, "", "Regex pattern to use when replacing the group member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: 'member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')"),
- GROUP_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_member_filter", PLAINTEXT, "", "Filter to use for syncing group members of a group from LDAP. (by default it is not used). For example: (&(objectclass=posixgroup)(cn={member}))"),
- GROUP_MAPPING_RULES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_mapping_rules", PLAINTEXT, "Ambari Administrators", "A comma-separate list of groups which would give a user administrative access to Ambari when syncing from LDAP. This is only used when 'authorization.ldap.groupSearchFilter' is blank. For instance: Hadoop Admins, Hadoop Admins.*, DC Admins, .*Hadoop Operators"),
-
- FORCE_LOWERCASE_USERNAMES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.force_lowercase_usernames", PLAINTEXT, "", "Declares whether to force the ldap user name to be lowercase or leave as-is.\nThis is useful when local user names are expected to be lowercase but the LDAP user names are not."),
- REFERRAL_HANDLING(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.referrals", PLAINTEXT, "follow", "Determines whether to follow LDAP referrals to other URLs when the LDAP controller doesn't have the requested object."),
- PAGINATION_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.pagination_enabled", PLAINTEXT, "true", "Determines whether results from LDAP are paginated when requested."),
- COLLISION_BEHAVIOR(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.collision_behavior", PLAINTEXT, "convert", "Determines how to handle username collision while updating from LDAP."),
- DISABLE_ENDPOINT_IDENTIFICATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.disable_endpoint_identification", PLAINTEXT, "false", "Determines whether to disable endpoint identification (hostname verification) during SSL handshake while updating from LDAP."),
+ AMBARI_MANAGES_LDAP_CONFIGURATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.manage_services", PLAINTEXT, "false", "A Boolean value indicating whether Ambari is to manage the LDAP configuration for services or not.", false),
+ LDAP_ENABLED_SERVICES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.enabled_services", PLAINTEXT, null, "A comma-delimited list of services that are expected to be configured for LDAP. A \"*\" indicates all services.", false),
+
+ LDAP_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.authentication.enabled", PLAINTEXT, "false", "An internal property used for unit testing and development purposes.", false),
+ SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.server.host", PLAINTEXT, "localhost", "The LDAP URL host used for connecting to an LDAP server when authenticating users.", false),
+ SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.server.port", PLAINTEXT, "33389", "The LDAP URL port used for connecting to an LDAP server when authenticating users.", false),
+ SECONDARY_SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.secondary.server.host", PLAINTEXT, null, "A second LDAP URL host to use as a backup when authenticating users.", false),
+ SECONDARY_SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.secondary.server.port", PLAINTEXT, null, "A second LDAP URL port to use as a backup when authenticating users.", false),
+ USE_SSL(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.use_ssl", PLAINTEXT, "false", "Determines whether to use LDAP over SSL (LDAPS).", false),
+
+ TRUST_STORE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store", PLAINTEXT, "", "", false), //TODO
+ TRUST_STORE_TYPE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store.type", PLAINTEXT, null, "The type of truststore used by the 'javax.net.ssl.trustStoreType' property.", false),
+ TRUST_STORE_PATH(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store.path", PLAINTEXT, null, "The location of the truststore to use when setting the 'javax.net.ssl.trustStore' property.", false),
+ TRUST_STORE_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.trust_store.password", PASSWORD, null, "The password to use when setting the 'javax.net.ssl.trustStorePassword' property", false),
+ ANONYMOUS_BIND(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.anonymous_bind", PLAINTEXT, "true", "Determines whether LDAP requests can connect anonymously or if a managed user is required to connect.", false),
+
+ BIND_DN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.bind_dn", PLAINTEXT, null, "The DN of the manager account to use when binding to LDAP if anonymous binding is disabled.", false),
+ BIND_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.bind_password", PASSWORD, null, "The password for the manager account used to bind to LDAP if anonymous binding is disabled.", false),
+
+ ATTR_DETECTION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.detection", PLAINTEXT, "", "", false), //TODO
+
+ DN_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.dn_attr", PLAINTEXT, "dn", "The attribute used for determining what the distinguished name property is.", false),
+
+ USER_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.object_class", PLAINTEXT, "person", "The class to which user objects in LDAP belong.", false),
+ USER_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.name_attr", PLAINTEXT, "uid", "The attribute used for determining the user name, such as 'uid'.", false),
+ USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "", "", false), //TODO
+ USER_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.user.search_base", PLAINTEXT, "dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and groups. This is only used when LDAP authentication is enabled.", false),
+ USER_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.search_user_base", PLAINTEXT, "ou=people,dc=ambari,dc=apache,dc=org", "The filter used when searching for users in LDAP.", false),
+
+ GROUP_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.object_class", PLAINTEXT, "posixGroup", "Specifies the LDAP object class value that defines groups in the directory service.", false),
+ GROUP_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.name_attr", PLAINTEXT, "cn", "The attribute used to determine the group name in LDAP.", false),
+ GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.member_attr", PLAINTEXT, "member", "The LDAP attribute which identifies group membership.", false),
+ GROUP_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.search_base", PLAINTEXT, "dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and groups. This is only used when LDAP authentication is enabled.", false),
+ GROUP_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.attributes.group.search_group_base", PLAINTEXT, "ou=groups,dc=ambari,dc=apache,dc=org", "The filter used when searching for groups in LDAP.", false),
+
+ USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.user_search_filter", PLAINTEXT, "(&({usernameAttribute}={0})(objectClass={userObjectClass}))", "A filter used to lookup a user in LDAP based on the Ambari user name.", false),
+ USER_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.user_member_replace_pattern", PLAINTEXT, "", "Regex pattern to use when replacing the user member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: 'member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')", false),
+ USER_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.user_member_filter", PLAINTEXT, "", "Filter to use for syncing user members of a group from LDAP (by default it is not used). For example: (&(objectclass=posixaccount)(uid={member}))", false),
+
+ ALTERNATE_USER_SEARCH_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.alternate_user_search_enabled", PLAINTEXT, "false", "Determines whether a secondary (alternate) LDAP user search filer is used if the primary filter fails to find a user.", false),
+ ALTERNATE_USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.alternate_user_search_filter", PLAINTEXT, "(&(userPrincipalName={0})(objectClass={userObjectClass}))", "An alternate LDAP user search filter which can be used if 'authentication.ldap.alternateUserSearchEnabled' is enabled and the primary filter fails to find a user.", false),
+
+ GROUP_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_search_filter", PLAINTEXT, "", "The DN to use when searching for LDAP groups.", false),
+ GROUP_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_member_replace_pattern", PLAINTEXT, "", "Regex pattern to use when replacing the group member attribute ID value with a placeholder. This is used in cases where a UID of an LDAP member is not a full CN or unique ID (e.g.: 'member: <SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')", false),
+ GROUP_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_member_filter", PLAINTEXT, "", "Filter to use for syncing group members of a group from LDAP. (by default it is not used). For example: (&(objectclass=posixgroup)(cn={member}))", false),
+ GROUP_MAPPING_RULES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.group_mapping_rules", PLAINTEXT, "Ambari Administrators", "A comma-separate list of groups which would give a user administrative access to Ambari when syncing from LDAP. This is only used when 'authorization.ldap.groupSearchFilter' is blank. For instance: Hadoop Admins, Hadoop Admins.*, DC Admins, .*Hadoop Operators", false),
+
+ FORCE_LOWERCASE_USERNAMES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.force_lowercase_usernames", PLAINTEXT, "", "Declares whether to force the ldap user name to be lowercase or leave as-is.\nThis is useful when local user names are expected to be lowercase but the LDAP user names are not.", false),
+ REFERRAL_HANDLING(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.referrals", PLAINTEXT, "follow", "Determines whether to follow LDAP referrals to other URLs when the LDAP controller doesn't have the requested object.", false),
+ PAGINATION_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.pagination_enabled", PLAINTEXT, "true", "Determines whether results from LDAP are paginated when requested.", false),
+ COLLISION_BEHAVIOR(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.collision_behavior", PLAINTEXT, "convert", "Determines how to handle username collision while updating from LDAP.", false),
+ DISABLE_ENDPOINT_IDENTIFICATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.advanced.disable_endpoint_identification", PLAINTEXT, "false", "Determines whether to disable endpoint identification (hostname verification) during SSL handshake while updating from LDAP.", false),
/* ********************************************************
* SSO Configuration Keys
* ******************************************************** */
- SSO_MANAGE_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.manage_services", PLAINTEXT, "false", "A Boolean value indicating whether Ambari is to manage the SSO configuration for services or not."),
- SSO_ENABLED_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.enabled_services", PLAINTEXT, null, "A comma-delimited list of services that are expected to be configured for SSO. A \"*\" indicates all services."),
+ SSO_MANAGE_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.manage_services", PLAINTEXT, "false", "A Boolean value indicating whether Ambari is to manage the SSO configuration for services or not.", false),
+ SSO_ENABLED_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.enabled_services", PLAINTEXT, null, "A comma-delimited list of services that are expected to be configured for SSO. A \"*\" indicates all services.", false),
+
+ SSO_PROVIDER_URL(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.provider.url", PLAINTEXT, null, "The URL for SSO provider to use in the absence of a JWT token when handling a JWT request.", false),
+ SSO_PROVIDER_CERTIFICATE(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.provider.certificate", PLAINTEXT, null, "The x509 certificate containing the public key to use when verifying the authenticity of a JWT token from the SSO provider.", false),
+ SSO_PROVIDER_ORIGINAL_URL_PARAM_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.provider.originalUrlParamName", PLAINTEXT, "originalUrl", "The original URL to use when constructing the URL for SSO provider.", false),
- SSO_PROVIDER_URL(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.provider.url", PLAINTEXT, null, "The URL for SSO provider to use in the absence of a JWT token when handling a JWT request."),
- SSO_PROVIDER_CERTIFICATE(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.provider.certificate", PLAINTEXT, null, "The x509 certificate containing the public key to use when verifying the authenticity of a JWT token from the SSO provider."),
- SSO_PROVIDER_ORIGINAL_URL_PARAM_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.provider.originalUrlParamName", PLAINTEXT, "originalUrl", "The original URL to use when constructing the URL for SSO provider."),
+ SSO_JWT_AUDIENCES(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.jwt.audiences", PLAINTEXT, null, "A list of the JWT audiences expected. Leaving this blank will allow for any audience.", false),
+ SSO_JWT_COOKIE_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.jwt.cookieName", PLAINTEXT, "hadoop-jwt", "The name of the cookie which will be used to extract the JWT token from the request.", false),
- SSO_JWT_AUDIENCES(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.jwt.audiences", PLAINTEXT, null, "A list of the JWT audiences expected. Leaving this blank will allow for any audience."),
- SSO_JWT_COOKIE_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.jwt.cookieName", PLAINTEXT, "hadoop-jwt", "The name of the cookie which will be used to extract the JWT token from the request."),
+ SSO_AUTHENTICATION_ENABLED(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.authentication.enabled", PLAINTEXT, "false", "Determines whether to use JWT authentication when logging into Ambari.", false),
- SSO_AUTHENTICATION_ENABLED(AmbariServerConfigurationCategory.SSO_CONFIGURATION, "ambari.sso.authentication.enabled", PLAINTEXT, "false", "Determines whether to use JWT authentication when logging into Ambari.");
+ /* ********************************************************
+ * Trusted Proxy Configuration Keys
+ * ******************************************************** */
+ TPROXY_AUTHENTICATION_ENABLED(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION, "ambari.tproxy.authentication.enabled", PLAINTEXT, "false", "Determines whether to allow a proxy user to specifiy a proxied user when logging into Ambari.", false),
+ TPROXY_ALLOWED_HOSTS(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION, "ambari\\.tproxy\\.proxyuser\\..+\\.hosts", PLAINTEXT, "*", "List of hosts from which trusted-proxy user can connect.", true),
+ TPROXY_ALLOWED_USERS(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION, "ambari\\.tproxy\\.proxyuser\\..+\\.users", PLAINTEXT, "*", "List of users which the trusted-proxy user can proxy for.", true),
+ TPROXY_ALLOWED_GROUPS(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION, "ambari\\.tproxy\\.proxyuser\\..+\\.groups", PLAINTEXT, "*", "List of groups which the trusted-proxy user can proxy user for.", true);
+ private static final Logger LOG = LoggerFactory.getLogger(AmbariServerConfigurationKey.class);
private final AmbariServerConfigurationCategory configurationCategory;
private final String propertyName;
private final ConfigurationPropertyType configurationPropertyType;
private final String defaultValue;
private final String description;
+ private final boolean regex;
- AmbariServerConfigurationKey(AmbariServerConfigurationCategory configurationCategory, String propName, ConfigurationPropertyType configurationPropertyType, String defaultValue, String description) {
+ AmbariServerConfigurationKey(AmbariServerConfigurationCategory configurationCategory, String propName, ConfigurationPropertyType configurationPropertyType, String defaultValue, String description, boolean regex) {
this.configurationCategory = configurationCategory;
this.propertyName = propName;
this.configurationPropertyType = configurationPropertyType;
this.defaultValue = defaultValue;
this.description = description;
+ this.regex = regex;
}
public AmbariServerConfigurationCategory getConfigurationCategory() {
@@ -128,15 +143,23 @@ public enum AmbariServerConfigurationKey {
return description;
}
+ public boolean isRegex() {
+ return regex;
+ }
+
public static AmbariServerConfigurationKey translate(AmbariServerConfigurationCategory category, String keyName) {
- for (AmbariServerConfigurationKey key : values()) {
- if (key.configurationCategory.equals(category) && key.propertyName.equals(keyName)) {
- return key;
+ if (category != null && StringUtils.isNotEmpty(keyName)) {
+ for (AmbariServerConfigurationKey key : values()) {
+ if (key.configurationCategory.equals(category)) {
+ if ((key.regex && keyName.matches(key.propertyName)) || key.propertyName.equals(keyName)) {
+ return key;
+ }
+ }
}
}
String categoryName = (category == null) ? "null" : category.getCategoryName();
- throw new IllegalArgumentException(String.format("Invalid Ambari server configuration key: %s:%s", categoryName, keyName));
-
+ LOG.warn("Invalid Ambari server configuration key: {}:{}", categoryName, keyName);
+ return null;
}
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java
index 2e61c19..736a7ad 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java
@@ -18,5 +18,5 @@ package org.apache.ambari.server.configuration;
* Constants representing types for AMBARI-level properties that are being stored in the DB
*/
public enum ConfigurationPropertyType {
- PLAINTEXT, PASSWORD;
+ PLAINTEXT, PASSWORD, UNKNOWN;
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java
index a9890c3..6d331ab 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java
@@ -32,6 +32,7 @@ import java.util.stream.Collectors;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.api.services.RootServiceComponentConfiguration;
+import org.apache.ambari.server.configuration.AmbariServerConfigurationKey;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.events.AmbariConfigurationChangedEvent;
@@ -114,7 +115,14 @@ public class AmbariServerConfigurationHandler extends RootServiceComponentConfig
final Iterator<Map.Entry<String, String>> propertiesIterator = properties.entrySet().iterator();
while (propertiesIterator.hasNext()) {
Map.Entry<String, String> property = propertiesIterator.next();
- if (AmbariServerConfigurationUtils.isPassword(categoryName, property.getKey())) {
+
+ // Ensure the incoming property is valid
+ AmbariServerConfigurationKey key = AmbariServerConfigurationUtils.getConfigurationKey(categoryName, property.getKey());
+ if(key == null) {
+ throw new IllegalArgumentException(String.format("Invalid Ambari server configuration key: %s:%s", categoryName, property.getKey()));
+ }
+
+ if (AmbariServerConfigurationUtils.isPassword(key)) {
final String passwordFileOrCredentialStoreAlias = fetchPasswordFileNameOrCredentialStoreAlias(categoryName, property.getKey());
if (StringUtils.isNotBlank(passwordFileOrCredentialStoreAlias)) { //if blank -> this is the first time setup; we simply need to store the alias/file name
if (updatePasswordIfNeeded(categoryName, property.getKey(), property.getValue())) {
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java
index 104acd6..7d9c50e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java
@@ -28,33 +28,80 @@ import org.apache.ambari.server.configuration.ConfigurationPropertyType;
public class AmbariServerConfigurationUtils {
/**
+ * Returns the relevant {@link AmbariServerConfigurationKey}
+ *
* @param category the name of the category
* @param propertyName the name of the property
- * @return the type of the given category/property if such category/property
+ * @return the {@link AmbariServerConfigurationKey representing the given category/property if such category/property
* exists; {@code null} otherwise
- * @throws IllegalStateException if there is no property found with the given name
+ */
+ public static AmbariServerConfigurationKey getConfigurationKey(String category, String propertyName) {
+ return getConfigurationKey(AmbariServerConfigurationCategory.translate(category), propertyName);
+ }
+
+ /**
+ * Returns the relevant {@link AmbariServerConfigurationKey}
+ *
+ * @param category the {@link AmbariServerConfigurationCategory}
+ * @param propertyName the name of the property
+ * @return the {@link AmbariServerConfigurationKey representing the given category/property if such category/property
+ * exists; {@code null} otherwise
+ */
+ public static AmbariServerConfigurationKey getConfigurationKey(AmbariServerConfigurationCategory category, String propertyName) {
+ return AmbariServerConfigurationKey.translate(category, propertyName);
+ }
+
+ /**
+ * Returns the {@link ConfigurationPropertyType} for the specified Ambari Server configuration property
+ *
+ * @param category the name of the category
+ * @param propertyName the name of the property
+ * @return the type of the given category/property if such category/property
+ * exists; {@link ConfigurationPropertyType#UNKNOWN} otherwise
*/
public static ConfigurationPropertyType getConfigurationPropertyType(String category, String propertyName) {
- return getConfigurationPropertyType(AmbariServerConfigurationCategory.translate(category), propertyName);
+ return getConfigurationPropertyType(getConfigurationKey(category, propertyName));
}
/**
+ * Returns the {@link ConfigurationPropertyType} for the specified Ambari Server configuration property
+ *
* @param category the category
* @param propertyName the name of the property
* @return the type of the given category/property if such category/property
- * exists; {@code null} otherwise
- * @throws IllegalStateException if there is no property found with the given name
+ * exists; {@link ConfigurationPropertyType#UNKNOWN} otherwise
*/
public static ConfigurationPropertyType getConfigurationPropertyType(AmbariServerConfigurationCategory category, String propertyName) {
- return AmbariServerConfigurationKey.translate(category, propertyName).getConfigurationPropertyType();
+ return getConfigurationPropertyType(getConfigurationKey(category, propertyName));
+ }
+
+ /**
+ * Returns the {@link ConfigurationPropertyType} for the specified Ambari Server configuration property
+ *
+ * @param configurationKey a {@link AmbariServerConfigurationKey}
+ * @return the type of the given category/property if such category/property
+ * exists; {@link ConfigurationPropertyType#UNKNOWN} otherwise
+ */
+ private static ConfigurationPropertyType getConfigurationPropertyType(AmbariServerConfigurationKey configurationKey) {
+ return (configurationKey == null) ? ConfigurationPropertyType.UNKNOWN : configurationKey.getConfigurationPropertyType();
}
/**
* @param category the name of the category
* @param propertyName the name of the property
* @return the String representation of the type if such category/property
- * exists; {@code null} otherwise * @throws IllegalStateException if
- * there is no property found with the given name
+ * exists; {@code null} otherwise
+ */
+ public static String getConfigurationPropertyTypeName(AmbariServerConfigurationCategory category, String propertyName) {
+ final ConfigurationPropertyType configurationPropertyType = getConfigurationPropertyType(category, propertyName);
+ return configurationPropertyType == null ? null : configurationPropertyType.name();
+ }
+
+ /**
+ * @param category the name of the category
+ * @param propertyName the name of the property
+ * @return the String representation of the type if such category/property
+ * exists; {@code null} otherwise
*/
public static String getConfigurationPropertyTypeName(String category, String propertyName) {
final ConfigurationPropertyType configurationPropertyType = getConfigurationPropertyType(category, propertyName);
@@ -62,18 +109,37 @@ public class AmbariServerConfigurationUtils {
}
/**
- * Indicates whether the given property's type is
- * <p>
- * {@link ConfigurationPropertyType#PASSWORD}
+ * Indicates whether the given property's type is a {@link ConfigurationPropertyType#PASSWORD}
*
* @param category the name of the category
* @param propertyName the name of the property
* @return {@code true} in case the given property's type is
* {@link ConfigurationPropertyType#PASSWORD}; {@code false} otherwise
- * @throws IllegalStateException if there is no property found with the given name
*/
public static boolean isPassword(String category, String propertyName) {
- return ConfigurationPropertyType.PASSWORD.equals(getConfigurationPropertyType(category, propertyName));
+ return isPassword(getConfigurationKey(category, propertyName));
}
+ /**
+ * Indicates whether the given property's type is a {@link ConfigurationPropertyType#PASSWORD}
+ *
+ * @param category the name of the category
+ * @param propertyName the name of the property
+ * @return {@code true} in case the given property's type is
+ * {@link ConfigurationPropertyType#PASSWORD}; {@code false} otherwise
+ */
+ public static boolean isPassword(AmbariServerConfigurationCategory category, String propertyName) {
+ return isPassword(getConfigurationKey(category, propertyName));
+ }
+
+ /**
+ * Indicates whether the given property's type is a {@link ConfigurationPropertyType#PASSWORD}
+ *
+ * @param configurationKey the Ambari Server configiration key
+ * @return {@code true} in case the given property's type is
+ * {@link ConfigurationPropertyType#PASSWORD}; {@code false} otherwise
+ */
+ public static boolean isPassword(AmbariServerConfigurationKey configurationKey) {
+ return ConfigurationPropertyType.PASSWORD.equals(getConfigurationPropertyType(configurationKey));
+ }
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java
index 309785d..b0bf0cf 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java
@@ -41,6 +41,9 @@ public class RootServiceComponentConfigurationHandlerFactory {
@Inject
private AmbariServerSSOConfigurationHandler ssoConfigurationHandler;
+ @Inject
+ private AmbariServerConfigurationHandler tproxyConfigurationHandler;
+
/**
* Returns the internal configuration handler used to support various configuration storage facilities.
*
@@ -56,6 +59,8 @@ public class RootServiceComponentConfigurationHandlerFactory {
return ldapConfigurationHandler;
} else if (AmbariServerConfigurationCategory.SSO_CONFIGURATION.getCategoryName().equals(categoryName)) {
return ssoConfigurationHandler;
+ } else if (AmbariServerConfigurationCategory.TPROXY_CONFIGURATION.getCategoryName().equals(categoryName)) {
+ return tproxyConfigurationHandler;
} else {
return defaultConfigurationHandler;
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
index eb7a79b..a6050ac 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
@@ -155,7 +155,10 @@ public class DefaultLdapAttributeDetectionService implements LdapAttributeDetect
for (Map.Entry<String, String> detecteMapEntry : detectedAttributes.entrySet()) {
LOG.info("Setting detected configuration value: [{}] - > [{}]", detecteMapEntry.getKey(), detecteMapEntry.getValue());
- ambariLdapConfiguration.setValueFor(AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, detecteMapEntry.getKey()), detecteMapEntry.getValue());
+ AmbariServerConfigurationKey key = AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, detecteMapEntry.getKey());
+ if(key != null) {
+ ambariLdapConfiguration.setValueFor(key, detecteMapEntry.getValue());
+ }
}
}
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKeyTest.java b/ambari-server/src/test/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKeyTest.java
new file mode 100644
index 0000000..ff92b82
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKeyTest.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.configuration;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class AmbariServerConfigurationKeyTest {
+
+ @Test
+ public void testTranslateNullCategory() {
+ Assert.assertNull(AmbariServerConfigurationKey.translate(null, "some.property"));
+ }
+
+ @Test
+ public void testTranslateNullPropertyName() {
+ Assert.assertNull(AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, null));
+ }
+
+ @Test
+ public void testTranslateInvalidPropertyName() {
+ Assert.assertNull(AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "invalid_property_name"));
+ }
+
+ @Test
+ public void testTranslateExpected() {
+ Assert.assertSame(AmbariServerConfigurationKey.LDAP_ENABLED,
+ AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, AmbariServerConfigurationKey.LDAP_ENABLED.key()));
+ }
+
+ @Test
+ public void testTranslateRegex() {
+ AmbariServerConfigurationKey keyWithRegex = AmbariServerConfigurationKey.TPROXY_ALLOWED_HOSTS;
+ Assert.assertTrue(keyWithRegex.isRegex());
+
+ Assert.assertSame(keyWithRegex,
+ AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(), "ambari.tproxy.proxyuser.knox.hosts"));
+ Assert.assertSame(keyWithRegex,
+ AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(), "ambari.tproxy.proxyuser.not.knox.hosts"));
+
+ AmbariServerConfigurationKey translatedKey = AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(), "ambari.tproxy.proxyuser.not.knox.groups");
+ Assert.assertNotNull(translatedKey);
+ Assert.assertNotSame(keyWithRegex, translatedKey);
+
+ Assert.assertNull(AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(), "ambari.tproxy.proxyuser.not.knox.invalid"));
+ }
+
+}
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java
index 4c0082e..25ce41d 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java
@@ -22,10 +22,12 @@ package org.apache.ambari.server.controller.internal;
import static org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.LDAP_CONFIGURATION;
import static org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.SSO_CONFIGURATION;
+import static org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.TPROXY_CONFIGURATION;
import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.LDAP_ENABLED;
import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.SERVER_HOST;
import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.SSO_ENABLED_SERVICES;
import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.SSO_MANAGE_SERVICES;
+import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.TPROXY_AUTHENTICATION_ENABLED;
import static org.easymock.EasyMock.anyObject;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
@@ -58,13 +60,24 @@ public class AmbariServerConfigurationHandlerTest extends EasyMockSupport {
ssoEntities.add(createEntity(SSO_CONFIGURATION.getCategoryName(), SSO_MANAGE_SERVICES.key(), "true"));
ssoEntities.add(createEntity(SSO_CONFIGURATION.getCategoryName(), SSO_ENABLED_SERVICES.key(), "AMBARI,SERVICE1"));
- List<AmbariConfigurationEntity> allEntities = new ArrayList<>(ssoEntities);
- allEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(), LDAP_ENABLED.key(), "true"));
- allEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(), SERVER_HOST.key(), "host1"));
+ List<AmbariConfigurationEntity> ldapEntities = new ArrayList<>();
+ ldapEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(), LDAP_ENABLED.key(), "true"));
+ ldapEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(), SERVER_HOST.key(), "host1"));
+
+ List<AmbariConfigurationEntity> tproxyEntities = new ArrayList<>();
+ tproxyEntities.add(createEntity(TPROXY_CONFIGURATION.getCategoryName(), TPROXY_AUTHENTICATION_ENABLED.key(), "true"));
+ tproxyEntities.add(createEntity(TPROXY_CONFIGURATION.getCategoryName(), "ambari.tproxy.proxyuser.knox.hosts", "host1"));
+
+ List<AmbariConfigurationEntity> allEntities = new ArrayList<>();
+ allEntities.addAll(ssoEntities);
+ allEntities.addAll(ldapEntities);
+ allEntities.addAll(tproxyEntities);
AmbariConfigurationDAO ambariConfigurationDAO = createMock(AmbariConfigurationDAO.class);
expect(ambariConfigurationDAO.findAll()).andReturn(allEntities).once();
expect(ambariConfigurationDAO.findByCategory(SSO_CONFIGURATION.getCategoryName())).andReturn(ssoEntities).once();
+ expect(ambariConfigurationDAO.findByCategory(LDAP_CONFIGURATION.getCategoryName())).andReturn(ldapEntities).once();
+ expect(ambariConfigurationDAO.findByCategory(TPROXY_CONFIGURATION.getCategoryName())).andReturn(tproxyEntities).once();
expect(ambariConfigurationDAO.findByCategory("invalid category")).andReturn(null).once();
AmbariEventPublisher publisher = createMock(AmbariEventPublisher.class);
@@ -75,14 +88,23 @@ public class AmbariServerConfigurationHandlerTest extends EasyMockSupport {
replayAll();
Map<String, RootServiceComponentConfiguration> allConfigurations = handler.getComponentConfigurations(null);
- Assert.assertEquals(2, allConfigurations.size());
+ Assert.assertEquals(3, allConfigurations.size());
Assert.assertTrue(allConfigurations.containsKey(SSO_CONFIGURATION.getCategoryName()));
Assert.assertTrue(allConfigurations.containsKey(LDAP_CONFIGURATION.getCategoryName()));
+ Assert.assertTrue(allConfigurations.containsKey(TPROXY_CONFIGURATION.getCategoryName()));
Map<String, RootServiceComponentConfiguration> ssoConfigurations = handler.getComponentConfigurations(SSO_CONFIGURATION.getCategoryName());
Assert.assertEquals(1, ssoConfigurations.size());
Assert.assertTrue(ssoConfigurations.containsKey(SSO_CONFIGURATION.getCategoryName()));
+ Map<String, RootServiceComponentConfiguration> ldapConfigurations = handler.getComponentConfigurations(LDAP_CONFIGURATION.getCategoryName());
+ Assert.assertEquals(1, ldapConfigurations.size());
+ Assert.assertTrue(ldapConfigurations.containsKey(LDAP_CONFIGURATION.getCategoryName()));
+
+ Map<String, RootServiceComponentConfiguration> tproxyConfigurations = handler.getComponentConfigurations(TPROXY_CONFIGURATION.getCategoryName());
+ Assert.assertEquals(1, tproxyConfigurations.size());
+ Assert.assertTrue(tproxyConfigurations.containsKey(TPROXY_CONFIGURATION.getCategoryName()));
+
Map<String, RootServiceComponentConfiguration> invalidConfigurations = handler.getComponentConfigurations("invalid category");
Assert.assertNull(invalidConfigurations);
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtilsTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtilsTest.java
new file mode 100644
index 0000000..4fe250f
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtilsTest.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import static org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.TPROXY_CONFIGURATION;
+import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.BIND_PASSWORD;
+import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.TPROXY_ALLOWED_GROUPS;
+import static org.apache.ambari.server.configuration.AmbariServerConfigurationKey.TPROXY_AUTHENTICATION_ENABLED;
+import static org.apache.ambari.server.configuration.ConfigurationPropertyType.PASSWORD;
+import static org.apache.ambari.server.configuration.ConfigurationPropertyType.UNKNOWN;
+
+import org.apache.ambari.server.configuration.AmbariServerConfigurationCategory;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class AmbariServerConfigurationUtilsTest {
+
+ @Test
+ public void testGetConfigurationKey() {
+ Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED,
+ AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(), TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED,
+ AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(), TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS,
+ AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), TPROXY_ALLOWED_GROUPS.key()));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS,
+ AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.knox.groups"));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS,
+ AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.not.knox.groups"));
+ Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "invalid.tproxy.proxyuser.not.knox.groups"));
+
+ Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey((AmbariServerConfigurationCategory) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey((String) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey("invalid", TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_CONFIGURATION.getCategoryName(), null));
+ Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_CONFIGURATION.getCategoryName(), "invalid"));
+ }
+
+ @Test
+ public void testGetConfigurationPropertyType() {
+ Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(), TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(), TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), TPROXY_ALLOWED_GROUPS.key()));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.knox.groups"));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.not.knox.groups"));
+ Assert.assertSame(UNKNOWN, AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "invalid.tproxy.proxyuser.not.knox.groups"));
+
+ Assert.assertSame(UNKNOWN, AmbariServerConfigurationUtils.getConfigurationPropertyType((AmbariServerConfigurationCategory) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertSame(UNKNOWN, AmbariServerConfigurationUtils.getConfigurationPropertyType((String) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertSame(UNKNOWN, AmbariServerConfigurationUtils.getConfigurationPropertyType("invalid", TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ Assert.assertSame(UNKNOWN, AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_CONFIGURATION.getCategoryName(), null));
+ Assert.assertSame(UNKNOWN, AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_CONFIGURATION.getCategoryName(), "invalid"));
+ }
+
+ @Test
+ public void testGetConfigurationPropertyTypeName() {
+ Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType().name(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(), TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType().name(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(), TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType().name(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), TPROXY_ALLOWED_GROUPS.key()));
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType().name(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.knox.groups"));
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType().name(),
+ AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.not.knox.groups"));
+ Assert.assertEquals(UNKNOWN.name(), AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "invalid.tproxy.proxyuser.not.knox.groups"));
+
+ Assert.assertEquals(UNKNOWN.name(), AmbariServerConfigurationUtils.getConfigurationPropertyTypeName((AmbariServerConfigurationCategory) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertEquals(UNKNOWN.name(), AmbariServerConfigurationUtils.getConfigurationPropertyTypeName((String) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertEquals(UNKNOWN.name(), AmbariServerConfigurationUtils.getConfigurationPropertyTypeName("invalid", TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ Assert.assertEquals(UNKNOWN.name(), AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_CONFIGURATION.getCategoryName(), null));
+ Assert.assertEquals(UNKNOWN.name(), AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_CONFIGURATION.getCategoryName(), "invalid"));
+ }
+
+ @Test
+ public void isPassword() {
+ Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType() == PASSWORD,
+ AmbariServerConfigurationUtils.isPassword(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(), TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType() == PASSWORD,
+ AmbariServerConfigurationUtils.isPassword(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(), TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType() == PASSWORD,
+ AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), TPROXY_ALLOWED_GROUPS.key()));
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType() == PASSWORD,
+ AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.knox.groups"));
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType() == PASSWORD,
+ AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "ambari.tproxy.proxyuser.not.knox.groups"));
+
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(), "invalid.tproxy.proxyuser.not.knox.groups"));
+
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword((AmbariServerConfigurationCategory) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword((String) null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword("invalid", TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword(TPROXY_CONFIGURATION.getCategoryName(), null));
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword(TPROXY_CONFIGURATION.getCategoryName(), "invalid"));
+
+ // This is known to be a password
+ Assert.assertTrue(AmbariServerConfigurationUtils.isPassword(BIND_PASSWORD));
+ }
+}
\ No newline at end of file