You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sm...@apache.org on 2018/07/26 08:14:23 UTC
[ambari] branch branch-2.7 updated: AMBARI-24335. Updating service
metainfo to declare if Kerberos is required for SSO integration support
(#1887)
This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new 146eca0 AMBARI-24335. Updating service metainfo to declare if Kerberos is required for SSO integration support (#1887)
146eca0 is described below
commit 146eca02451b4d2bf92596cdf312c9d7dde9dd47
Author: Sandor Molnar <sm...@apache.org>
AuthorDate: Thu Jul 26 10:14:20 2018 +0200
AMBARI-24335. Updating service metainfo to declare if Kerberos is required for SSO integration support (#1887)
---
.../ambari/server/controller/ServiceResponse.java | 13 ++++++++++-
.../server/controller/StackServiceResponse.java | 10 +++++++++
.../internal/ServiceResourceProvider.java | 6 ++++++
.../internal/StackServiceResourceProvider.java | 7 +++++-
.../apache/ambari/server/state/ServiceImpl.java | 9 +++++++-
.../apache/ambari/server/state/ServiceInfo.java | 9 +++++++-
.../ambari/server/state/SingleSignOnInfo.java | 25 +++++++++++++++++++++-
.../ambari/server/stack/ServiceModuleTest.java | 10 +++++++--
.../ambari/server/state/ServiceInfoTest.java | 2 ++
9 files changed, 84 insertions(+), 7 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/ServiceResponse.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/ServiceResponse.java
index 2c6c4c4..7502f50 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/ServiceResponse.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/ServiceResponse.java
@@ -39,11 +39,13 @@ public class ServiceResponse {
private final boolean ssoIntegrationSupported;
private final boolean ssoIntegrationDesired;
private final boolean ssoIntegrationEnabled;
+ private final boolean ssoIntegrationRequiresKerberos;
public ServiceResponse(Long clusterId, String clusterName, String serviceName,
StackId desiredStackId, String desiredRepositoryVersion,
RepositoryVersionState repositoryVersionState, String desiredState,
- boolean credentialStoreSupported, boolean credentialStoreEnabled, boolean ssoIntegrationSupported, boolean ssoIntegrationDesired, boolean ssoIntegrationEnabled) {
+ boolean credentialStoreSupported, boolean credentialStoreEnabled, boolean ssoIntegrationSupported,
+ boolean ssoIntegrationDesired, boolean ssoIntegrationEnabled, boolean ssoIntegrationRequiresKerberos) {
this.clusterId = clusterId;
this.clusterName = clusterName;
this.serviceName = serviceName;
@@ -56,6 +58,7 @@ public class ServiceResponse {
this.desiredRepositoryVersion = desiredRepositoryVersion;
this.credentialStoreSupported = credentialStoreSupported;
this.credentialStoreEnabled = credentialStoreEnabled;
+ this.ssoIntegrationRequiresKerberos = ssoIntegrationRequiresKerberos;
}
@@ -259,6 +262,14 @@ public class ServiceResponse {
}
/**
+ * Indicates if Kerberos is required for SSO integration
+ */
+ @ApiModelProperty(name = "sso_integration_requires_kerberos")
+ public boolean isSsoIntegrationRequiresKerberos() {
+ return ssoIntegrationRequiresKerberos;
+ }
+
+ /**
* Interface to help correct Swagger documentation generation
*/
public interface ServiceResponseSwagger extends ApiModel {
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/StackServiceResponse.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/StackServiceResponse.java
index 503f56a..fda087a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/StackServiceResponse.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/StackServiceResponse.java
@@ -80,6 +80,7 @@ public class StackServiceResponse {
private boolean isSupportDeleteViaUI;
private final boolean ssoIntegrationSupported;
+ private final boolean ssoIntegrationRequiresKerberos;
/**
* Constructor.
@@ -117,6 +118,7 @@ public class StackServiceResponse {
credentialStoreEnabled = service.isCredentialStoreEnabled();
isSupportDeleteViaUI = service.isSupportDeleteViaUI();
ssoIntegrationSupported = service.isSingleSignOnSupported();
+ ssoIntegrationRequiresKerberos = service.isKerberosRequiredForSingleSignOnIntegration();
}
@ApiModelProperty(name = "selection")
@@ -343,6 +345,14 @@ public class StackServiceResponse {
return ssoIntegrationSupported;
}
+ /**
+ * Indicates if Kerberos is required for SSO integration
+ */
+ @ApiModelProperty(name = "sso_integration_requires_kerberos")
+ public boolean isSsoIntegrationRequiresKerberos() {
+ return ssoIntegrationRequiresKerberos;
+ }
+
public interface StackServiceResponseSwagger extends ApiModel {
@ApiModelProperty(name = "StackServices")
public StackServiceResponse getStackServiceResponse();
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
index 4946f33..cb9ef00 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceResourceProvider.java
@@ -130,6 +130,9 @@ public class ServiceResourceProvider extends AbstractControllerResourceProvider
private static final String SSO_INTEGRATION_DESIRED_PROPERTY_ID = PropertyHelper.getPropertyId(
"ServiceInfo", "sso_integration_desired");
+ private static final String SSO_INTEGRATION_REQUIRES_KERBEROS_PROPERTY_ID = PropertyHelper.getPropertyId(
+ "ServiceInfo", "sso_integration_requires_kerberos");
+
protected static final String SERVICE_REPOSITORY_STATE = "ServiceInfo/repository_state";
//Parameters from the predicate
@@ -172,6 +175,7 @@ public class ServiceResourceProvider extends AbstractControllerResourceProvider
PROPERTY_IDS.add(SSO_INTEGRATION_SUPPORTED_PROPERTY_ID);
PROPERTY_IDS.add(SSO_INTEGRATION_ENABLED_PROPERTY_ID);
PROPERTY_IDS.add(SSO_INTEGRATION_DESIRED_PROPERTY_ID);
+ PROPERTY_IDS.add(SSO_INTEGRATION_REQUIRES_KERBEROS_PROPERTY_ID);
// keys
KEY_PROPERTY_IDS.put(Resource.Type.Service, SERVICE_SERVICE_NAME_PROPERTY_ID);
@@ -295,6 +299,8 @@ public class ServiceResourceProvider extends AbstractControllerResourceProvider
response.isSsoIntegrationEnabled(), requestedIds);
setResourceProperty(resource, SSO_INTEGRATION_DESIRED_PROPERTY_ID,
response.isSsoIntegrationDesired(), requestedIds);
+ setResourceProperty(resource, SSO_INTEGRATION_REQUIRES_KERBEROS_PROPERTY_ID,
+ response.isSsoIntegrationRequiresKerberos(), requestedIds);
Map<String, Object> serviceSpecificProperties = getServiceSpecificProperties(
response.getClusterName(), response.getServiceName(), requestedIds);
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackServiceResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackServiceResourceProvider.java
index a6a63fe..fee94cb 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackServiceResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/StackServiceResourceProvider.java
@@ -105,6 +105,9 @@ public class StackServiceResourceProvider extends ReadOnlyResourceProvider {
private static final String SSO_INTEGRATION_SUPPORTED_PROPERTY_ID = PropertyHelper.getPropertyId(
"StackServices", "sso_integration_supported");
+ private static final String SSO_INTEGRATION_REQUIRES_KERBEROS_PROPERTY_ID = PropertyHelper.getPropertyId(
+ "StackServices", "sso_integration_requires_kerberos");
+
/**
* The key property ids for a StackVersion resource.
*/
@@ -136,7 +139,8 @@ public class StackServiceResourceProvider extends ReadOnlyResourceProvider {
CREDENTIAL_STORE_REQUIRED,
CREDENTIAL_STORE_ENABLED,
SUPPORT_DELETE_VIA_UI,
- SSO_INTEGRATION_SUPPORTED_PROPERTY_ID);
+ SSO_INTEGRATION_SUPPORTED_PROPERTY_ID,
+ SSO_INTEGRATION_REQUIRES_KERBEROS_PROPERTY_ID);
/**
* KerberosServiceDescriptorFactory used to create KerberosServiceDescriptor instances
@@ -244,6 +248,7 @@ public class StackServiceResourceProvider extends ReadOnlyResourceProvider {
response.isSupportDeleteViaUI(), requestedIds);
setResourceProperty(resource, SSO_INTEGRATION_SUPPORTED_PROPERTY_ID, response.isSsoIntegrationSupported(), requestedIds);
+ setResourceProperty(resource, SSO_INTEGRATION_REQUIRES_KERBEROS_PROPERTY_ID, response.isSsoIntegrationRequiresKerberos(), requestedIds);
return resource;
}
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java
index 3d81b55..eaf9206 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java
@@ -83,6 +83,7 @@ public class ServiceImpl implements Service {
private boolean isCredentialStoreRequired;
private final boolean ssoIntegrationSupported;
private final String ssoEnabledConfiguration;
+ private final boolean ssoRequiresKerberos;
private AmbariMetaInfo ambariMetaInfo;
private AtomicReference<MaintenanceState> maintenanceState = new AtomicReference<>();
@@ -150,6 +151,7 @@ public class ServiceImpl implements Service {
isCredentialStoreRequired = sInfo.isCredentialStoreRequired();
ssoIntegrationSupported = sInfo.isSingleSignOnSupported();
ssoEnabledConfiguration = sInfo.getSingleSignOnEnabledConfiguration();
+ ssoRequiresKerberos = sInfo.isKerberosRequiredForSingleSignOnIntegration();
persist(serviceEntity);
}
@@ -199,6 +201,7 @@ public class ServiceImpl implements Service {
displayName = sInfo.getDisplayName();
ssoIntegrationSupported = sInfo.isSingleSignOnSupported();
ssoEnabledConfiguration = sInfo.getSingleSignOnEnabledConfiguration();
+ ssoRequiresKerberos = sInfo.isKerberosRequiredForSingleSignOnIntegration();
}
@@ -377,7 +380,7 @@ public class ServiceImpl implements Service {
ServiceResponse r = new ServiceResponse(cluster.getClusterId(), cluster.getClusterName(),
getName(), desiredStackId, desiredRespositoryVersion.getVersion(), getRepositoryState(),
getDesiredState().toString(), isCredentialStoreSupported(), isCredentialStoreEnabled(),
- ssoIntegrationSupported, isSsoIntegrationDesired(), isSsoIntegrationEnabled());
+ ssoIntegrationSupported, isSsoIntegrationDesired(), isSsoIntegrationEnabled(), isKerberosRequredForSsoIntegration());
r.setDesiredRepositoryVersionId(desiredRespositoryVersion.getId());
@@ -717,6 +720,10 @@ public class ServiceImpl implements Service {
return ssoEnabledConfiguration != null && ssoEnabledConfiguration.split("/").length == 2;
}
+ private boolean isKerberosRequredForSsoIntegration() {
+ return ssoRequiresKerberos;
+ }
+
private String ssoEnabledConfigValue() {
String configType = ssoEnabledConfiguration.split("/")[0];
String propertyName = ssoEnabledConfiguration.split("/")[1];
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceInfo.java b/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceInfo.java
index 58f6bbb..2636a39 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceInfo.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceInfo.java
@@ -456,7 +456,7 @@ public class ServiceInfo implements Validable {
return properties;
}
- public void setProperties(List properties) {
+ public void setProperties(List<PropertyInfo> properties) {
this.properties = properties;
}
@@ -657,6 +657,13 @@ public class ServiceInfo implements Validable {
return singleSignOnInfo != null ? singleSignOnInfo.getEnabledConfiguration() : null;
}
+ /**
+ * @return the boolean flag is Kerberos is required for SSO integration
+ */
+ public boolean isKerberosRequiredForSingleSignOnIntegration() {
+ return singleSignOnInfo != null && singleSignOnInfo.isKerberosRequired();
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/SingleSignOnInfo.java b/ambari-server/src/main/java/org/apache/ambari/server/state/SingleSignOnInfo.java
index ecaa504..d78fc86 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/SingleSignOnInfo.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/SingleSignOnInfo.java
@@ -54,6 +54,12 @@ public class SingleSignOnInfo {
private String enabledConfiguration = null;
/**
+ * Indicates if Kerberos is required for SSO integration (<code>true</code>) or not (<code>false</code>)
+ */
+ @XmlElement(name = "kerberosRequired")
+ private Boolean kerberosRequired = Boolean.FALSE;
+
+ /**
* Default constructor
*/
public SingleSignOnInfo() {
@@ -65,10 +71,12 @@ public class SingleSignOnInfo {
*
* @param supported true if SSO integration is supported; false otherwise
* @param enabledConfiguration the configuration that can be used to determine if SSO integration has been enabled
+ * @param kerberosRequired <code>true</code> if Kerberos is required for SSO integration; <code>false</code> otherwise
*/
- public SingleSignOnInfo(Boolean supported, String enabledConfiguration) {
+ public SingleSignOnInfo(Boolean supported, String enabledConfiguration, Boolean kerberosRequired) {
this.supported = supported;
this.enabledConfiguration = enabledConfiguration;
+ this.kerberosRequired = kerberosRequired;
}
/**
@@ -119,6 +127,20 @@ public class SingleSignOnInfo {
}
/**
+ * @return the flag is Kerberos is required for SSO integration
+ */
+ public boolean isKerberosRequired() {
+ return Boolean.TRUE.equals(kerberosRequired);
+ }
+
+ /**
+ * Sets the flag is Kerberos is required for SSO integration
+ */
+ public void setKerberosRequired(Boolean kerberosRequired) {
+ this.kerberosRequired = kerberosRequired;
+ }
+
+ /**
* String representation of this object
*
* @return a string
@@ -128,6 +150,7 @@ public class SingleSignOnInfo {
return MoreObjects.toStringHelper(this)
.add("supported", supported)
.add("enabledConfiguration", enabledConfiguration)
+ .add("kerberosRequired", kerberosRequired)
.toString();
}
}
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java b/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java
index ee36443..d236ef8 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java
@@ -1077,8 +1077,8 @@ public class ServiceModuleTest {
*/
@Test
public void testResolve_SingleSignOnInfo() throws Exception {
- SingleSignOnInfo singleSignOnInfoChild = new SingleSignOnInfo(false, null);
- SingleSignOnInfo singleSignOnInfoParent = new SingleSignOnInfo(true, "config-type/property_name");
+ SingleSignOnInfo singleSignOnInfoChild = new SingleSignOnInfo(false, null, true);
+ SingleSignOnInfo singleSignOnInfoParent = new SingleSignOnInfo(true, "config-type/property_name", false);
ServiceInfo childInfo = new ServiceInfo();
ServiceInfo parentInfo = new ServiceInfo();
ServiceModule serviceModule;
@@ -1093,6 +1093,8 @@ public class ServiceModuleTest {
assertEquals(singleSignOnInfoChild.isSupported(), serviceInfo.getSingleSignOnInfo().isSupported());
assertEquals(singleSignOnInfoChild.getSupported(), serviceInfo.getSingleSignOnInfo().getSupported());
assertEquals(singleSignOnInfoChild.getEnabledConfiguration(), serviceInfo.getSingleSignOnInfo().getEnabledConfiguration());
+ assertEquals(singleSignOnInfoChild.isKerberosRequired(), serviceInfo.isKerberosRequiredForSingleSignOnIntegration());
+ assertEquals(singleSignOnInfoChild.isKerberosRequired(), serviceInfo.getSingleSignOnInfo().isKerberosRequired());
// specified in parent only, parent wins
childInfo.setSingleSignOnInfo(null);
@@ -1103,6 +1105,8 @@ public class ServiceModuleTest {
assertEquals(singleSignOnInfoParent.isSupported(), serviceInfo.getSingleSignOnInfo().isSupported());
assertEquals(singleSignOnInfoParent.getSupported(), serviceInfo.getSingleSignOnInfo().getSupported());
assertEquals(singleSignOnInfoParent.getEnabledConfiguration(), serviceInfo.getSingleSignOnInfo().getEnabledConfiguration());
+ assertEquals(singleSignOnInfoParent.isKerberosRequired(), serviceInfo.isKerberosRequiredForSingleSignOnIntegration());
+ assertEquals(singleSignOnInfoParent.isKerberosRequired(), serviceInfo.getSingleSignOnInfo().isKerberosRequired());
// specified in both, child wins
childInfo.setSingleSignOnInfo(singleSignOnInfoChild);
@@ -1113,6 +1117,8 @@ public class ServiceModuleTest {
assertEquals(singleSignOnInfoChild.isSupported(), serviceInfo.getSingleSignOnInfo().isSupported());
assertEquals(singleSignOnInfoChild.getSupported(), serviceInfo.getSingleSignOnInfo().getSupported());
assertEquals(singleSignOnInfoChild.getEnabledConfiguration(), serviceInfo.getSingleSignOnInfo().getEnabledConfiguration());
+ assertEquals(singleSignOnInfoChild.isKerberosRequired(), serviceInfo.isKerberosRequiredForSingleSignOnIntegration());
+ assertEquals(singleSignOnInfoChild.isKerberosRequired(), serviceInfo.getSingleSignOnInfo().isKerberosRequired());
}
@Test
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/ServiceInfoTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/ServiceInfoTest.java
index e5843ce..2da5f96 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/state/ServiceInfoTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/state/ServiceInfoTest.java
@@ -726,6 +726,7 @@ public class ServiceInfoTest {
" <sso>" +
" <supported>true</supported>" +
" <enabledConfiguration>config-type/property_name</enabledConfiguration>" +
+ " <kerberosRequired>true</kerberosRequired> " +
" </sso>" +
" </service>" +
" </services>" +
@@ -739,6 +740,7 @@ public class ServiceInfoTest {
assertTrue(singleSignOnInfo.isSupported());
assertEquals(Boolean.TRUE, singleSignOnInfo.getSupported());
assertEquals("config-type/property_name", singleSignOnInfo.getEnabledConfiguration());
+ assertTrue(singleSignOnInfo.isKerberosRequired());
// Explicit SSO setting (false)
serviceInfoXml =