You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sm...@apache.org on 2018/11/19 14:54:46 UTC
[ambari] branch trunk updated: AMBARI-24913. New LDAP related
properties to indicate if Ambari should manage LDAP configuration for
certain services (#2629)
This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 153d5f9 AMBARI-24913. New LDAP related properties to indicate if Ambari should manage LDAP configuration for certain services (#2629)
153d5f9 is described below
commit 153d5f96cf1c1c68084d308bb98314b3d5231153
Author: Sandor Molnar <sm...@apache.org>
AuthorDate: Mon Nov 19 15:54:41 2018 +0100
AMBARI-24913. New LDAP related properties to indicate if Ambari should manage LDAP configuration for certain services (#2629)
---
.../AmbariServerConfigurationKey.java | 3 +
.../AmbariServerLDAPConfigurationHandler.java | 2 +-
.../ldap/domain/AmbariLdapConfiguration.java | 8 ++
.../ambari/server/upgrade/UpgradeCatalog270.java | 8 ++
.../main/resources/stacks/ambari_configuration.py | 59 ++++++++++++
.../server/upgrade/UpgradeCatalog270Test.java | 3 +
.../src/test/python/TestAmbariConfiguration.py | 104 +++++++++++++++++++++
7 files changed, 186 insertions(+), 1 deletion(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
index 8599a0d0..05caa75 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
@@ -25,6 +25,9 @@ public enum AmbariServerConfigurationKey {
/* ********************************************************
* LDAP Configuration Keys
* ******************************************************** */
+ AMBARI_MANAGES_LDAP_CONFIGURATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.manage_services", PLAINTEXT, "false", "A Boolean value indicating whether Ambari is to manage the LDAP configuration for services or not."),
+ LDAP_ENABLED_SERVICES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.enabled_services", PLAINTEXT, null, "A comma-delimited list of services that are expected to be configured for LDAP. A \"*\" indicates all services."),
+
LDAP_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.authentication.enabled", PLAINTEXT, "false", "An internal property used for unit testing and development purposes."),
SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.server.host", PLAINTEXT, "localhost", "The LDAP URL host used for connecting to an LDAP server when authenticating users."),
SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, "ambari.ldap.connectivity.server.port", PLAINTEXT, "33389", "The LDAP URL port used for connecting to an LDAP server when authenticating users."),
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java
index f08c1de..2cc79b2 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java
@@ -66,7 +66,7 @@ public class AmbariServerLDAPConfigurationHandler extends AmbariServerStackAdvis
public void updateComponentCategory(String categoryName, Map<String, String> properties, boolean removePropertiesIfNotSpecified) throws AmbariException {
super.updateComponentCategory(categoryName, properties, removePropertiesIfNotSpecified);
final AmbariLdapConfiguration ldapConfiguration = new AmbariLdapConfiguration(getConfigurationProperties(AmbariServerConfigurationCategory.LDAP_CONFIGURATION.getCategoryName()));
- if (ldapConfiguration.ldapEnabled()) {
+ if (ldapConfiguration.isAmbariManagesLdapConfiguration()) {
processClusters(LDAP_CONFIGURATIONS);
}
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
index c55f337..0647138 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
@@ -71,6 +71,14 @@ public class AmbariLdapConfiguration {
this.configurationMap = configuration;
}
+ public boolean isAmbariManagesLdapConfiguration() {
+ return Boolean.valueOf(configValue(AmbariServerConfigurationKey.AMBARI_MANAGES_LDAP_CONFIGURATION));
+ }
+
+ public String getLdapEnabledServices() {
+ return configValue(AmbariServerConfigurationKey.LDAP_ENABLED_SERVICES);
+ }
+
public boolean ldapEnabled() {
return Boolean.valueOf(configValue(AmbariServerConfigurationKey.LDAP_ENABLED));
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
index 43a3d5f..6ba4ce2 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
@@ -1683,6 +1683,14 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog {
populateConfigurationToBeMoved(propertiesToBeMoved, null, AmbariServerConfigurationKey.SSO_MANAGE_SERVICES, "true");
populateConfigurationToBeMoved(propertiesToBeMoved, null, AmbariServerConfigurationKey.SSO_ENABLED_SERVICES, "AMBARI");
}
+ } else if (AmbariServerConfigurationKey.LDAP_ENABLED == key) {
+ populateConfigurationToBeMoved(propertiesToBeMoved, oldPropertyName, key, propertyValue);
+
+ if ("true".equalsIgnoreCase(propertyValue)) {
+ // Add the new properties to tell Ambari that LDAP is enabled:
+ populateConfigurationToBeMoved(propertiesToBeMoved, null, AmbariServerConfigurationKey.AMBARI_MANAGES_LDAP_CONFIGURATION, "true");
+ populateConfigurationToBeMoved(propertiesToBeMoved, null, AmbariServerConfigurationKey.LDAP_ENABLED_SERVICES, "AMBARI");
+ }
} else {
populateConfigurationToBeMoved(propertiesToBeMoved, oldPropertyName, key, propertyValue);
}
diff --git a/ambari-server/src/main/resources/stacks/ambari_configuration.py b/ambari-server/src/main/resources/stacks/ambari_configuration.py
index 9104c32..ece7387 100644
--- a/ambari-server/src/main/resources/stacks/ambari_configuration.py
+++ b/ambari-server/src/main/resources/stacks/ambari_configuration.py
@@ -487,3 +487,62 @@ class AmbariLDAPConfiguration:
:return: How to handle username collision while updating from LDAP or None if ldap-configuration/ambari.ldap.advanced.collision_behavior is not specified
'''
return _get_from_dictionary(self.ldap_properties, 'ambari.ldap.advanced.collision_behavior')
+
+ def is_managing_services(self):
+ """
+ Tests the configuration data to determine if Ambari should be configuring services to enable LDAP integration.
+
+ The relevant property is "ldap-configuration/ambari.ldap.manage_services", which is expected
+ to be a "true" or "false".
+
+ :return: True, if Ambari should manage services' LDAP configurations
+ """
+ return "true" == _get_from_dictionary(self.ldap_properties, "ambari.ldap.manage_services")
+
+ def get_services_to_enable(self):
+ """
+ Safely gets the list of services that Ambari should enabled for LDAP.
+
+ The returned value is a list of the relevant service names converted to lowercase.
+
+ :return: a list of service names converted to lowercase
+ """
+ ldap_enabled_services = _get_from_dictionary(self.ldap_properties, "ambari.ldap.enabled_services")
+
+ return [x.strip().lower() for x in ldap_enabled_services.strip().split(",")] \
+ if ldap_enabled_services \
+ else []
+
+ def should_enable_ldap(self, service_name):
+ """
+ Tests the configuration data to determine if the specified service should be configured by
+ Ambari to enable LDAP integration.
+
+ The relevant property is "ldap-configuration/ambari.ldap.enabled_services", which is expected
+ to be a comma-delimited list of services to be enabled or '*' indicating ALL installed services.
+
+ :param service_name: the name of the service to test
+ :return: True, if LDAP should be enabled; False, otherwise
+ """
+ if self.is_managing_services():
+ services_to_enable = self.get_services_to_enable()
+ return "*" in services_to_enable or service_name.lower() in services_to_enable
+ else:
+ return False
+
+ def should_disable_ldap(self, service_name):
+ """
+ Tests the configuration data to determine if the specified service should be configured by
+ Ambari to disable LDAP integration.
+
+ The relevant property is "ldap-configuration/ambari.ldap.enabled_services", which is expected
+ to be a comma-delimited list of services to be enabled or '*' indicating ALL installed services.
+
+ :param service_name: the name of the service to test
+ :return: True, if LDAP should be disabled; False, otherwise
+ """
+ if self.is_managing_services():
+ services_to_enable = self.get_services_to_enable()
+ return "*" not in services_to_enable and service_name.lower() not in services_to_enable
+ else:
+ return False
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
index 6fa317b..d83b99b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
@@ -1267,6 +1267,9 @@ public class UpgradeCatalog270Test {
expect(entityManager.find(anyObject(), anyObject())).andReturn(null).anyTimes();
final Map<String, String> properties = new HashMap<>();
properties.put(AmbariServerConfigurationKey.LDAP_ENABLED.key(), "true");
+ properties.put(AmbariServerConfigurationKey.AMBARI_MANAGES_LDAP_CONFIGURATION.key(), "true");
+ properties.put(AmbariServerConfigurationKey.LDAP_ENABLED_SERVICES.key(), "AMBARI");
+
expect(ambariConfigurationDao.reconcileCategory(AmbariServerConfigurationCategory.LDAP_CONFIGURATION.getCategoryName(), properties, false)).andReturn(true).once();
replay(entityManager, ambariConfigurationDao);
diff --git a/ambari-server/src/test/python/TestAmbariConfiguration.py b/ambari-server/src/test/python/TestAmbariConfiguration.py
index 58062e1..fd2bc7b 100644
--- a/ambari-server/src/test/python/TestAmbariConfiguration.py
+++ b/ambari-server/src/test/python/TestAmbariConfiguration.py
@@ -404,3 +404,107 @@ class TestAmbariConfiguration(TestCase):
self.assertTrue(ambari_ldap_details.is_ldap_alternate_user_search_enabled())
self.assertEquals(ambari_ldap_details.get_alternate_user_search_filter(), "alternate_user_search_filter")
self.assertEquals(ambari_ldap_details.get_sync_collision_handling_behavior(), "collision_behavior")
+
+ def testAmbariNotMangingLdapConfiguration(self):
+ ## Case 1: missing the boolean flag indicating that Ambari manages LDAP configuration
+ services_json = {
+ "ambari-server-configuration": {
+ "ldap-configuration": {
+ "ambari.ldap.enabled_services": "AMBARI"
+ }
+ }
+ }
+
+ ambari_configuration = self.ambari_configuration_class(services_json)
+ self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+ ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+ self.assertIsNotNone(ambari_ldap_details)
+ self.assertFalse(ambari_ldap_details.is_managing_services())
+ self.assertFalse(ambari_ldap_details.should_enable_ldap("AMBARI"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+
+ ## Case 2: setting the boolean flag to false indicating that Ambari shall NOT manage LDAP configuration
+ services_json = {
+ "ambari-server-configuration": {
+ "ldap-configuration": {
+ "ambari.ldap.manage_services": "false",
+ "ambari.ldap.enabled_services": "AMBARI, RANGER"
+ }
+ }
+ }
+
+ ambari_configuration = self.ambari_configuration_class(services_json)
+ self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+ ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+ self.assertIsNotNone(ambari_ldap_details)
+ self.assertFalse(ambari_ldap_details.is_managing_services())
+ self.assertFalse(ambari_ldap_details.should_enable_ldap("AMBARI"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+ self.assertFalse(ambari_ldap_details.should_enable_ldap("RANGER"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("RANGER"))
+
+ ## Case 3: setting the boolean flag to false indicating that Ambari shall NOT manage LDAP configuration and indicating it should be done for ALL services
+ services_json = {
+ "ambari-server-configuration": {
+ "ldap-configuration": {
+ "ambari.ldap.manage_services": "false",
+ "ambari.ldap.enabled_services": "*"
+ }
+ }
+ }
+
+ ambari_configuration = self.ambari_configuration_class(services_json)
+ self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+ ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+ self.assertIsNotNone(ambari_ldap_details)
+ self.assertFalse(ambari_ldap_details.is_managing_services())
+ self.assertFalse(ambari_ldap_details.should_enable_ldap("AMBARI"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+ self.assertFalse(ambari_ldap_details.should_enable_ldap("RANGER"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("RANGER"))
+
+ def testAmbariMangingLdapConfiguration(self):
+ ## Case 1: setting the boolean flag to false indicating that Ambari shall manage LDAP configuration for AMBARI and RANGER
+ services_json = {
+ "ambari-server-configuration": {
+ "ldap-configuration": {
+ "ambari.ldap.manage_services": "true",
+ "ambari.ldap.enabled_services": "AMBARI, RANGER"
+ }
+ }
+ }
+
+ ambari_configuration = self.ambari_configuration_class(services_json)
+ self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+ ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+ self.assertIsNotNone(ambari_ldap_details)
+ self.assertTrue(ambari_ldap_details.is_managing_services())
+ self.assertTrue(ambari_ldap_details.should_enable_ldap("AMBARI"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+ self.assertTrue(ambari_ldap_details.should_enable_ldap("RANGER"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("RANGER"))
+
+ ## Case 2: setting the boolean flag to false indicating that Ambari shall manage LDAP configuration for ALL services
+ services_json = {
+ "ambari-server-configuration": {
+ "ldap-configuration": {
+ "ambari.ldap.manage_services": "true",
+ "ambari.ldap.enabled_services": "*"
+ }
+ }
+ }
+
+ ambari_configuration = self.ambari_configuration_class(services_json)
+ self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+ ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+ self.assertIsNotNone(ambari_ldap_details)
+ self.assertTrue(ambari_ldap_details.is_managing_services())
+ self.assertTrue(ambari_ldap_details.should_enable_ldap("AMBARI"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+ self.assertTrue(ambari_ldap_details.should_enable_ldap("HDFS"))
+ self.assertFalse(ambari_ldap_details.should_disable_ldap("HDFS"))