You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mu...@apache.org on 2017/09/22 12:43:04 UTC
ambari git commit: AMBARI-21910 Ranger Usersync config to support
nested group evaluation for LDAP Sync source property (mugdha)
Repository: ambari
Updated Branches:
refs/heads/branch-2.6 29e6213d1 -> f5ec32912
AMBARI-21910 Ranger Usersync config to support nested group evaluation for LDAP Sync source property (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f5ec3291
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f5ec3291
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f5ec3291
Branch: refs/heads/branch-2.6
Commit: f5ec3291215aae8320f99b542be7648fec1b7fd1
Parents: 29e6213
Author: Mugdha Varadkar <mu...@apache.org>
Authored: Fri Sep 22 17:59:51 2017 +0530
Committer: Mugdha Varadkar <mu...@apache.org>
Committed: Fri Sep 22 18:12:22 2017 +0530
----------------------------------------------------------------------
.../RangerUsersyncConfigCalculation.java | 96 ++++++++++++++
.../RANGER/0.7.0/configuration/ranger-env.xml | 23 ++++
.../0.7.0/configuration/ranger-ugsync-site.xml | 7 ++
.../RANGER/0.7.0/themes/theme_version_5.json | 40 ++++++
.../HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml | 7 ++
.../stacks/HDP/2.6/upgrades/upgrade-2.6.xml | 8 ++
.../RangerUsersyncConfigCalculationTest.java | 126 +++++++++++++++++++
7 files changed, 307 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/f5ec3291/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java
new file mode 100644
index 0000000..3573748
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.upgrades;
+
+import java.text.MessageFormat;
+import java.util.Map;
+import java.util.concurrent.ConcurrentMap;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.actionmanager.HostRoleStatus;
+import org.apache.ambari.server.agent.CommandReport;
+import org.apache.ambari.server.serveraction.AbstractServerAction;
+import org.apache.ambari.server.state.Cluster;
+import org.apache.ambari.server.state.Clusters;
+import org.apache.ambari.server.state.Config;
+
+import com.google.inject.Inject;
+
+/**
+ * Computes Ranger Usersync ldap grouphierarchylevels property. This class is only used when upgrading from
+ * HDP-2.6.x to HDP-2.6.y.
+ */
+
+public class RangerUsersyncConfigCalculation extends AbstractServerAction {
+ private static final String RANGER_USERSYNC_CONFIG_TYPE = "ranger-ugsync-site";
+ private static final String RANGER_ENV_CONFIG_TYPE = "ranger-env";
+
+ @Inject
+ private Clusters m_clusters;
+
+ @Override
+ public CommandReport execute(ConcurrentMap<String, Object> requestSharedDataContext) throws AmbariException, InterruptedException {
+
+ String clusterName = getExecutionCommand().getClusterName();
+ Cluster cluster = m_clusters.getCluster(clusterName);
+ String outputMsg = "";
+
+ Config rangerUsersyncConfig = cluster.getDesiredConfigByType(RANGER_USERSYNC_CONFIG_TYPE);
+
+ if (null == rangerUsersyncConfig) {
+ return createCommandReport(0, HostRoleStatus.COMPLETED, "{}",
+ MessageFormat.format("Config type {0} not found, skipping updating property in same.", RANGER_USERSYNC_CONFIG_TYPE), "");
+ }
+
+ String ldapGroupHierarchy = "0";
+
+ if (rangerUsersyncConfig.getProperties().containsKey("ranger.usersync.ldap.grouphierarchylevels")) {
+ ldapGroupHierarchy = rangerUsersyncConfig.getProperties().get("ranger.usersync.ldap.grouphierarchylevels");
+ } else {
+ Map<String, String> targetRangerUsersyncConfig = rangerUsersyncConfig.getProperties();
+ targetRangerUsersyncConfig.put("ranger.usersync.ldap.grouphierarchylevels", ldapGroupHierarchy);
+ rangerUsersyncConfig.setProperties(targetRangerUsersyncConfig);
+ rangerUsersyncConfig.save();
+
+ outputMsg = outputMsg + MessageFormat.format("Successfully updated {0} config type.\n", RANGER_USERSYNC_CONFIG_TYPE);
+ }
+
+ Config rangerEnvConfig = cluster.getDesiredConfigByType(RANGER_ENV_CONFIG_TYPE);
+
+ if (null == rangerEnvConfig) {
+ return createCommandReport(0, HostRoleStatus.COMPLETED, "{}",
+ MessageFormat.format("Config type {0} not found, skipping updating property in same.", RANGER_ENV_CONFIG_TYPE), "");
+ }
+
+ String enableSyncNestedGroup = "false";
+
+ if (!ldapGroupHierarchy.equals("0") ) {
+ enableSyncNestedGroup = "true";
+ }
+
+ Map<String, String> targetRangerEnvConfig = rangerEnvConfig.getProperties();
+ targetRangerEnvConfig.put("is_nested_groupsync_enabled", enableSyncNestedGroup);
+ rangerEnvConfig.setProperties(targetRangerEnvConfig);
+ rangerEnvConfig.save();
+
+ outputMsg = outputMsg + MessageFormat.format("Successfully updated {0} config type.\n", RANGER_ENV_CONFIG_TYPE);
+
+ return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", outputMsg, "");
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/f5ec3291/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml
index 627216e..dfc9ca9 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml
@@ -47,4 +47,27 @@
</value-attributes>
<on-ambari-upgrade add="true"/>
</property>
+ <property>
+ <name>is_nested_groupsync_enabled</name>
+ <display-name>Sync Nested Groups</display-name>
+ <description/>
+ <value>false</value>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/f5ec3291/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
index a994856..6c244f2 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
@@ -72,4 +72,11 @@
</depends-on>
<on-ambari-upgrade add="true"/>
</property>
+ <property>
+ <name>ranger.usersync.ldap.grouphierarchylevels</name>
+ <display-name>Group Hierarchy Levels</display-name>
+ <value>0</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/f5ec3291/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json
index 8068a38..ed073b4 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json
@@ -9,6 +9,34 @@
"subsection-tab-name": "ldap-common-configs"
},
{
+ "config": "ranger-env/is_nested_groupsync_enabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.grouphierarchylevels",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/is_nested_groupsync_enabled"
+ ],
+ "if": "${ranger-env/is_nested_groupsync_enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
"config": "ranger-env/ranger-nifi-plugin-enabled",
"subsection-name": "section-ranger-plugin-row1-col1",
"depends-on": [
@@ -38,6 +66,18 @@
}
},
{
+ "config": "ranger-env/is_nested_groupsync_enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.grouphierarchylevels",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
"config": "ranger-env/ranger-nifi-plugin-enabled",
"widget": {
"type": "toggle"
http://git-wip-us.apache.org/repos/asf/ambari/blob/f5ec3291/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
index 535ac2e..c023778 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml
@@ -394,6 +394,13 @@
<task xsi:type="configure" id="hdp_2_6_0_0_spark2_thriftserver"/>
</execute-stage>
+ <!-- RANGER -->
+ <execute-stage service="RANGER" component="RANGER_USERSYNC" title="Enabling Nested Group Sync for Ranger">
+ <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerUsersyncConfigCalculation">
+ <summary>Enabling Nested Group Sync for Ranger</summary>
+ </task>
+ </execute-stage>
+
</group>
http://git-wip-us.apache.org/repos/asf/ambari/blob/f5ec3291/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
index 74271cc..3d7573d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml
@@ -555,6 +555,14 @@
</component>
<component name="RANGER_USERSYNC">
+ <pre-upgrade>
+ <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerUsersyncConfigCalculation">
+ <summary>Enabling Nested Group Sync for Ranger</summary>
+ </task>
+ </pre-upgrade>
+
+ <pre-downgrade /> <!-- no-op to prevent config changes on downgrade -->
+
<upgrade>
<task xsi:type="restart-task" />
</upgrade>
http://git-wip-us.apache.org/repos/asf/ambari/blob/f5ec3291/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java
new file mode 100644
index 0000000..427fb33
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.serveraction.upgrades;
+
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
+import static org.easymock.EasyMock.replay;
+
+import java.lang.reflect.Field;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.ambari.server.actionmanager.ExecutionCommandWrapper;
+import org.apache.ambari.server.actionmanager.HostRoleCommand;
+import org.apache.ambari.server.agent.CommandReport;
+import org.apache.ambari.server.agent.ExecutionCommand;
+import org.apache.ambari.server.state.Cluster;
+import org.apache.ambari.server.state.Clusters;
+import org.apache.ambari.server.state.Config;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import com.google.inject.Injector;
+
+public class RangerUsersyncConfigCalculationTest {
+
+ private Injector m_injector;
+ private Clusters m_clusters;
+ private Field m_clusterField;
+
+ @Before
+ public void setup() throws Exception {
+ m_injector = createMock(Injector.class);
+ m_clusters = createMock(Clusters.class);
+ Cluster cluster = createMock(Cluster.class);
+
+ Map<String, String> mockRangerUsersyncProperties = new HashMap<String, String>() {
+ {
+ put("ranger.usersync.ldap.grouphierarchylevels", "2");
+ }
+ };
+
+ Map<String, String> mockRangerEnvProperties = new HashMap<String, String>();
+
+ Config rangerUsersyncConfig = createMock(Config.class);
+ expect(rangerUsersyncConfig.getType()).andReturn("ranger-ugsync-site").anyTimes();
+ expect(rangerUsersyncConfig.getProperties()).andReturn(mockRangerUsersyncProperties).anyTimes();
+
+ Config rangerEnvConfig = createMock(Config.class);
+ expect(rangerEnvConfig.getType()).andReturn("ranger-env").anyTimes();
+ expect(rangerEnvConfig.getProperties()).andReturn(mockRangerEnvProperties).anyTimes();
+
+ rangerEnvConfig.setProperties(anyObject(Map.class));
+ expectLastCall().atLeastOnce();
+
+ rangerEnvConfig.save();
+ expectLastCall().atLeastOnce();
+
+ expect(cluster.getDesiredConfigByType("ranger-ugsync-site")).andReturn(rangerUsersyncConfig).atLeastOnce();
+ expect(cluster.getDesiredConfigByType("ranger-env")).andReturn(rangerEnvConfig).atLeastOnce();
+ expect(m_clusters.getCluster((String) anyObject())).andReturn(cluster).anyTimes();
+ expect(m_injector.getInstance(Clusters.class)).andReturn(m_clusters).atLeastOnce();
+
+ replay(m_injector, m_clusters, cluster, rangerUsersyncConfig, rangerEnvConfig);
+
+ m_clusterField = RangerUsersyncConfigCalculation.class.getDeclaredField("m_clusters");
+ m_clusterField.setAccessible(true);
+
+ }
+
+ @Test
+ public void testAction() throws Exception {
+
+ Map<String, String> commandParams = new HashMap<String, String>();
+ commandParams.put("clusterName", "cl1");
+
+ ExecutionCommand executionCommand = new ExecutionCommand();
+ executionCommand.setCommandParams(commandParams);
+ executionCommand.setClusterName("cl1");
+
+ HostRoleCommand hrc = createMock(HostRoleCommand.class);
+ expect(hrc.getRequestId()).andReturn(1L).anyTimes();
+ expect(hrc.getStageId()).andReturn(2L).anyTimes();
+ expect(hrc.getExecutionCommandWrapper()).andReturn(new ExecutionCommandWrapper(executionCommand)).anyTimes();
+ replay(hrc);
+
+ RangerUsersyncConfigCalculation action = new RangerUsersyncConfigCalculation();
+ m_clusterField.set(action, m_clusters);
+
+ action.setExecutionCommand(executionCommand);
+ action.setHostRoleCommand(hrc);
+
+ CommandReport report = action.execute(null);
+ Assert.assertNotNull(report);
+
+ Cluster cl = m_clusters.getCluster("cl1");
+ Config config = cl.getDesiredConfigByType("ranger-env");
+
+ Map<String, String> map = config.getProperties();
+
+ Assert.assertTrue(map.containsKey("is_nested_groupsync_enabled"));
+ Assert.assertEquals("true", map.get("is_nested_groupsync_enabled"));
+
+ report = action.execute(null);
+ Assert.assertNotNull(report);
+
+ }
+}
\ No newline at end of file