You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2017/01/27 18:17:50 UTC

[39/49] ambari git commit: AMBARI-19704 Enable Group Sync when Incremental sync is enabled for Ranger Usersync (mugdha)

AMBARI-19704 Enable Group Sync when Incremental sync is enabled for Ranger Usersync (mugdha)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9ebe1701
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9ebe1701
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9ebe1701

Branch: refs/heads/branch-dev-patch-upgrade
Commit: 9ebe17013bab33eceec5ff2009a87da68c135ef2
Parents: a1f625f
Author: Mugdha Varadkar <mu...@apache.org>
Authored: Wed Jan 25 17:04:37 2017 +0530
Committer: Mugdha Varadkar <mu...@apache.org>
Committed: Fri Jan 27 15:19:19 2017 +0530

----------------------------------------------------------------------
 .../0.7.0/configuration/ranger-ugsync-site.xml  | 33 ++++++++++
 .../stacks/HDP/2.6/services/stack_advisor.py    | 36 ++++++++++-
 .../stacks/2.6/common/test_stack_advisor.py     | 67 ++++++++++++++++++++
 3 files changed, 134 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/9ebe1701/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
index 775b5ca..15ee9fd 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml
@@ -39,4 +39,37 @@
     </value-attributes>
     <on-ambari-upgrade add="true"/>
   </property>
+
+  <property>
+    <name>ranger.usersync.group.searchenabled</name>
+    <display-name>Enable Group Sync</display-name>
+    <value>false</value>
+    <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
+    # valid values: true, false
+    # any value other than true would be treated as false
+    # default value: false"</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-ugsync-site</type>
+        <name>ranger.usersync.ldap.deltasync</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/9ebe1701/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
index 465f218..957d625 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
@@ -32,7 +32,8 @@ class HDP26StackAdvisor(HDP25StackAdvisor):
       childRecommendConfDict = {
           "DRUID": self.recommendDruidConfigurations,
           "ATLAS": self.recommendAtlasConfigurations,
-          "TEZ": self.recommendTezConfigurations
+          "TEZ": self.recommendTezConfigurations,
+          "RANGER": self.recommendRangerConfigurations
       }
       parentRecommendConfDict.update(childRecommendConfDict)
       return parentRecommendConfDict
@@ -185,7 +186,8 @@ class HDP26StackAdvisor(HDP25StackAdvisor):
       childValidators = {
           "DRUID": {"druid-env": self.validateDruidEnvConfigurations,
                     "druid-historical": self.validateDruidHistoricalConfigurations,
-                    "druid-broker": self.validateDruidBrokerConfigurations}
+                    "druid-broker": self.validateDruidBrokerConfigurations},
+          "RANGER": {"ranger-ugsync-site": self.validateRangerUsersyncConfigurations}
       }
       self.mergeValidators(parentValidators, childValidators)
       return parentValidators
@@ -246,3 +248,33 @@ class HDP26StackAdvisor(HDP25StackAdvisor):
     tez_jvm_updated_opts = tez_jvm_opts + jvmGCParams + "{{heap_dump_opts}}"
     putTezProperty('tez.task.launch.cmd-opts', tez_jvm_updated_opts)
     Logger.info("Updated 'tez-site' config 'tez.task.launch.cmd-opts' as : {0}".format(tez_jvm_updated_opts))
+
+  def recommendRangerConfigurations(self, configurations, clusterData, services, hosts):
+    super(HDP26StackAdvisor, self).recommendRangerConfigurations(configurations, clusterData, services, hosts)
+
+    putRangerUgsyncSite = self.putProperty(configurations, 'ranger-ugsync-site', services)
+
+    delta_sync_enabled = False
+    if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.ldap.deltasync' in services['configurations']['ranger-ugsync-site']['properties']:
+      delta_sync_enabled = services['configurations']['ranger-ugsync-site']['properties']['ranger.usersync.ldap.deltasync'] == "true"
+
+    if delta_sync_enabled:
+      putRangerUgsyncSite("ranger.usersync.group.searchenabled", "true")
+    else:
+      putRangerUgsyncSite("ranger.usersync.group.searchenabled", "false")
+
+  def validateRangerUsersyncConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
+    ranger_usersync_properties = properties
+    validationItems = []
+
+    delta_sync_enabled = 'ranger.usersync.ldap.deltasync' in ranger_usersync_properties \
+      and ranger_usersync_properties['ranger.usersync.ldap.deltasync'].lower() == 'true'
+    group_sync_enabled = 'ranger.usersync.group.searchenabled' in ranger_usersync_properties \
+      and ranger_usersync_properties['ranger.usersync.group.searchenabled'].lower() == 'true'
+
+    if delta_sync_enabled and not group_sync_enabled:
+      validationItems.append({"config-name": "ranger.usersync.group.searchenabled",
+                            "item": self.getWarnItem(
+                            "Need to set ranger.usersync.group.searchenabled as true, as ranger.usersync.ldap.deltasync is enabled")})
+
+    return self.toConfigurationValidationProblems(validationItems, "ranger-ugsync-site")

http://git-wip-us.apache.org/repos/asf/ambari/blob/9ebe1701/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py
index de0b00f..b7f8cbb 100644
--- a/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py
@@ -713,6 +713,73 @@ class TestHDP26StackAdvisor(TestCase):
     self.stackAdvisor.recommendAtlasConfigurations(configurations, clusterData, services, None)
     self.assertEquals(configurations, expected)
 
+  def test_recommendRangerConfigurations(self):
+    clusterData = {}
+    services = {
+      "Versions" : {
+        "stack_version" : "2.6",
+        },
+      "services":  [
+        {
+          "StackServices": {
+            "service_name": "RANGER",
+          "service_version": "0.7.0.2.6"
+          },
+          "components": [
+            {
+              "StackServiceComponents": {
+                "component_name": "RANGER_ADMIN",
+                "hostnames": ["host1"]
+              }
+            }
+          ]
+        },
+      ],
+      "configurations": {
+        "ranger-ugsync-site": {
+          "properties": {
+            "ranger.usersync.ldap.deltasync": "true",
+            "ranger.usersync.group.searchenabled": "false"
+            }
+        }
+      }
+    }
+
+    expected = {
+      'ranger-admin-site': {
+        'properties': {
+          'ranger.audit.solr.zookeepers': 'NONE', 
+          'ranger.audit.source.type': 'solr'
+        }
+      }, 
+      'admin-properties': {
+        'properties': {
+          'policymgr_external_url': 'http://host1:6080'
+        }
+      }, 
+      'ranger-tagsync-site': {
+        'properties': {}
+      }, 
+      'tagsync-application-properties': {
+        'properties': {} 
+      }, 
+      'ranger-env': {
+        'properties': {
+          'ranger-storm-plugin-enabled': 'No'
+        }
+      }, 
+      'ranger-ugsync-site': {
+        'properties': {
+          'ranger.usersync.group.searchenabled': 'true'
+        }
+      }
+    }
+
+    recommendedConfigurations = {}
+
+    self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
+    self.assertEquals(recommendedConfigurations, expected)
+
 def load_json(self, filename):
   file = os.path.join(self.testDirectory, filename)
   with open(file, 'rb') as f: