You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by tb...@apache.org on 2015/06/20 19:37:33 UTC
ambari git commit: AMBARI-12032 - Add setup truststore and import
certificate option to ambari-server setup-security (tbeerbower)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1 80440d2b5 -> 92151c9a2
AMBARI-12032 - Add setup truststore and import certificate option to ambari-server setup-security (tbeerbower)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/92151c9a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/92151c9a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/92151c9a
Branch: refs/heads/branch-2.1
Commit: 92151c9a247babed9e089cca50f209a6ea5e0e14
Parents: 80440d2
Author: tbeerbower <tb...@hortonworks.com>
Authored: Sat Jun 20 13:35:49 2015 -0400
Committer: tbeerbower <tb...@hortonworks.com>
Committed: Sat Jun 20 13:37:21 2015 -0400
----------------------------------------------------------------------
ambari-server/src/main/python/ambari-server.py | 5 +-
.../src/main/python/ambari_server/setupHttps.py | 42 +++++++----------
.../src/test/python/TestAmbariServer.py | 49 +++++++++-----------
3 files changed, 44 insertions(+), 52 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/92151c9a/ambari-server/src/main/python/ambari-server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index 19b7138..f323487 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -35,7 +35,7 @@ from ambari_server.serverConfiguration import configDefaults, get_ambari_propert
from ambari_server.serverUtils import is_server_runing, refresh_stack_hash
from ambari_server.serverSetup import reset, setup, setup_jce_policy
from ambari_server.serverUpgrade import upgrade, upgrade_stack, set_current
-from ambari_server.setupHttps import setup_https
+from ambari_server.setupHttps import setup_https, setup_truststore
from ambari_server.setupActions import BACKUP_ACTION, LDAP_SETUP_ACTION, LDAP_SYNC_ACTION, PSTART_ACTION, \
REFRESH_STACK_HASH_ACTION, RESET_ACTION, RESTORE_ACTION, SETUP_ACTION, SETUP_SECURITY_ACTION, START_ACTION, \
@@ -191,6 +191,7 @@ def create_setup_security_actions(args):
['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key)],
['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
+ ['Import certificate to truststore.', UserActionRestart(setup_truststore)],
]
return action_list
@@ -200,6 +201,8 @@ def create_setup_security_actions(args):
['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key)],
['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
+ ['Setup truststore.', UserActionRestart(setup_truststore)],
+ ['Import certificate to truststore.', UserActionRestart(setup_truststore, True)],
]
return action_list
http://git-wip-us.apache.org/repos/asf/ambari/blob/92151c9a/ambari-server/src/main/python/ambari_server/setupHttps.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupHttps.py b/ambari-server/src/main/python/ambari_server/setupHttps.py
index fb0f725..c9fe421 100644
--- a/ambari-server/src/main/python/ambari_server/setupHttps.py
+++ b/ambari-server/src/main/python/ambari_server/setupHttps.py
@@ -450,7 +450,7 @@ def setup_https(args):
raise NonFatalException(warning)
-def setup_component_https(component, command, property, alias):
+def setup_truststore(import_cert=False):
if not get_silent():
jdk_path = find_jdk()
if jdk_path is None:
@@ -461,38 +461,30 @@ def setup_component_https(component, command, property, alias):
properties = get_ambari_properties()
- use_https = properties.get_property(property) in ['true']
+ if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
+ truststore_type = get_truststore_type(properties)
+ truststore_path = get_truststore_path(properties)
+ truststore_password = get_truststore_password(properties)
- if use_https:
- if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False):
- truststore_path = get_truststore_path(properties)
- truststore_password = get_truststore_password(properties)
+ if import_cert:
- run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
+ if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True):
- properties.process_pair(property, "false")
- else:
- return
- else:
- if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True):
- truststore_type = get_truststore_type(properties)
- truststore_path = get_truststore_path(properties)
- truststore_password = get_truststore_password(properties)
+ alias = get_validated_string_input("Please enter an alias for the certificate: ", "", None, None, False, False)
- run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
+ run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
- import_cert_path = get_validated_filepath_input( \
- "Enter path to " + component + " Certificate: ", \
- "Certificate not found")
+ import_cert_path = get_validated_filepath_input( \
+ "Enter path to certificate: ", \
+ "Certificate not found")
- run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
+ run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
- properties.process_pair(property, "true")
- else:
- return
+ else:
+ return
conf_file = find_properties_file()
f = open(conf_file, 'w')
- properties.store(f, "Changed by 'ambari-server " + command + "' command")
+ properties.store(f, "Changed by 'ambari-server setup-security' command")
else:
- print command + " is not enabled in silent mode."
+ print "setup-security is not enabled in silent mode."
http://git-wip-us.apache.org/repos/asf/ambari/blob/92151c9a/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index 4e5d044..430fa60 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -83,7 +83,7 @@ with patch("platform.linux_distribution", return_value = os_distro_value):
run_stack_upgrade, run_metainfo_upgrade, run_schema_upgrade, move_user_custom_actions
from ambari_server.setupHttps import is_valid_https_port, setup_https, import_cert_and_key_action, get_fqdn, \
generate_random_string, get_cert_info, COMMON_NAME_ATTR, is_valid_cert_exp, NOT_AFTER_ATTR, NOT_BEFORE_ATTR, \
- SSL_DATE_FORMAT, import_cert_and_key, is_valid_cert_host, setup_component_https, \
+ SSL_DATE_FORMAT, import_cert_and_key, is_valid_cert_host, setup_truststore, \
SRVR_ONE_WAY_SSL_PORT_PROPERTY, SRVR_TWO_WAY_SSL_PORT_PROPERTY, GANGLIA_HTTPS
from ambari_server.setupSecurity import adjust_directory_permissions, get_alias_string, get_ldap_event_spec_names, sync_ldap, LdapSyncOptions, \
configure_ldap_password, setup_ldap, REGEX_HOSTNAME_PORT, REGEX_TRUE_FALSE, REGEX_ANYTHING, setup_master_key, \
@@ -285,11 +285,11 @@ class TestAmbariServer(TestCase):
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup_ambari_krb5_jaas")
@patch.object(_ambari_server_, "setup_master_key")
- @patch("ambari_server.setupHttps.setup_component_https")
+ @patch.object(_ambari_server_, "setup_truststore")
@patch.object(_ambari_server_, "setup_https")
@patch.object(_ambari_server_, "get_validated_string_input")
def test_setup_security(self, get_validated_string_input_mock, setup_https_mock,
- setup_component_https_mock, setup_master_key_mock,
+ setup_truststore_mock, setup_master_key_mock,
setup_ambari_krb5_jaas_mock):
args = {}
@@ -304,6 +304,14 @@ class TestAmbariServer(TestCase):
get_validated_string_input_mock.return_value = '3'
_ambari_server_.setup_security(args)
self.assertTrue(setup_ambari_krb5_jaas_mock.called)
+
+ get_validated_string_input_mock.return_value = '4'
+ _ambari_server_.setup_security(args)
+ self.assertTrue(setup_truststore_mock.called)
+
+ get_validated_string_input_mock.return_value = '5'
+ _ambari_server_.setup_security(args)
+ self.assertTrue(setup_truststore_mock.called)
pass
@@ -1378,6 +1386,7 @@ class TestAmbariServer(TestCase):
pass
@patch("ambari_server.setupHttps.get_validated_filepath_input")
+ @patch("ambari_server.setupHttps.get_validated_string_input")
@patch("ambari_server.setupHttps.run_os_command")
@patch("ambari_server.setupHttps.get_truststore_type")
@patch("__builtin__.open")
@@ -1389,11 +1398,12 @@ class TestAmbariServer(TestCase):
@patch("ambari_server.setupHttps.get_YN_input")
@patch("ambari_server.setupHttps.get_ambari_properties")
@patch("ambari_server.setupHttps.find_jdk")
- def test_setup_component_https(self, find_jdk_mock, get_ambari_properties_mock, get_YN_input_mock,
+ def test_setup_truststore(self, find_jdk_mock, get_ambari_properties_mock, get_YN_input_mock,
get_truststore_path_mock, get_truststore_password_mock,
get_delete_cert_command_mock, run_component_https_cmd_mock,
find_properties_file_mock, open_mock,
get_truststore_type_mock, run_os_command_mock,
+ get_validated_string_input_mock,
get_validated_filepath_input_mock):
out = StringIO.StringIO()
sys.stdout = out
@@ -1403,34 +1413,23 @@ class TestAmbariServer(TestCase):
alias = "alias"
#Silent mode
set_silent(True)
- setup_component_https(component, command, property, alias)
- self.assertEqual('command is not enabled in silent mode.\n', out.getvalue())
+ setup_truststore()
+ self.assertEqual('setup-security is not enabled in silent mode.\n', out.getvalue())
sys.stdout = sys.__stdout__
#Verbouse mode and jdk_path is None
set_silent(False)
p = get_ambari_properties_mock.return_value
- # Use ssl
- p.get_property.side_effect = ["true"]
# Dont disable ssl
get_YN_input_mock.side_effect = [False]
- setup_component_https(component, command, property, alias)
- self.assertTrue(p.get_property.called)
- self.assertTrue(get_YN_input_mock.called)
- p.get_property.reset_mock()
- get_YN_input_mock.reset_mock()
- # Dont use ssl
- p.get_property.side_effect = ["false"]
- # Dont enable ssl
- get_YN_input_mock.side_effect = [False]
- setup_component_https(component, command, property, alias)
- self.assertTrue(p.get_property.called)
+ get_validated_string_input_mock.return_value = "alias"
+ setup_truststore()
self.assertTrue(get_YN_input_mock.called)
p.get_property.reset_mock()
get_YN_input_mock.reset_mock()
# Cant find jdk
find_jdk_mock.return_value = None
try:
- setup_component_https(component, command, property, alias)
+ setup_truststore()
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -1440,13 +1439,12 @@ class TestAmbariServer(TestCase):
#Verbouse mode and jdk_path is not None (use_https = true)
find_jdk_mock.return_value = "/jdk_path"
p.get_property.side_effect = ["true"]
- get_YN_input_mock.side_effect = [True]
+ get_YN_input_mock.side_effect = [True,True]
get_truststore_path_mock.return_value = "/truststore_path"
get_truststore_password_mock.return_value = "/truststore_password"
get_delete_cert_command_mock.return_value = "rm -f"
- setup_component_https(component, command, property, alias)
+ setup_truststore(True)
- self.assertTrue(p.process_pair.called)
self.assertTrue(get_truststore_path_mock.called)
self.assertTrue(get_truststore_password_mock.called)
self.assertTrue(get_delete_cert_command_mock.called)
@@ -1464,10 +1462,9 @@ class TestAmbariServer(TestCase):
p.store.reset_mock()
#Verbouse mode and jdk_path is not None (use_https = false) and import cert
p.get_property.side_effect = ["false"]
- get_YN_input_mock.side_effect = [True]
- setup_component_https(component, command, property, alias)
+ get_YN_input_mock.side_effect = [True,True]
+ setup_truststore(True)
- self.assertTrue(p.process_pair.called)
self.assertTrue(get_truststore_type_mock.called)
self.assertTrue(get_truststore_path_mock.called)
self.assertTrue(get_truststore_password_mock.called)