You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2018/04/20 13:56:13 UTC
[ambari] branch trunk updated: [AMBARI-23628] Enable Ambari SSO to
be enabled without impacting other service sso configs
This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 034199d [AMBARI-23628] Enable Ambari SSO to be enabled without impacting other service sso configs
034199d is described below
commit 034199d2d3fc8a838e33091cdae4a338f590bfd0
Author: Robert Levas <rl...@hortonworks.com>
AuthorDate: Thu Apr 19 17:35:46 2018 -0400
[AMBARI-23628] Enable Ambari SSO to be enabled without impacting other service sso configs
---
ambari-server/src/main/python/ambari-server.py | 10 +-
.../src/main/python/ambari_server/setupSso.py | 141 +++++++++++++++------
ambari-server/src/test/python/TestSetupSso.py | 41 +++---
3 files changed, 131 insertions(+), 61 deletions(-)
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index 2383086..b469087 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -568,19 +568,21 @@ def init_ldap_setup_parser_options(parser):
parser.add_option('--ldap-force-lowercase-usernames', default=None, help="Declares whether to force the ldap user name to be lowercase or leave as-is", dest="ldap_force_lowercase_usernames")
parser.add_option('--ldap-pagination-enabled', default=None, help="Determines whether results from LDAP are paginated when requested", dest="ldap_pagination_enabled")
parser.add_option('--ldap-force-setup', action="store_true", default=False, help="Forces the use of LDAP even if other (i.e. PAM) authentication method is configured already or if there is no authentication method configured at all", dest="ldap_force_setup")
- parser.add_option('--ambari-admin-username', default=None, help="Ambari Admin username for LDAP setup", dest="ambari_admin_username")
- parser.add_option('--ambari-admin-password', default=None, help="Ambari Admin password for LDAP setup", dest="ambari_admin_password")
+ parser.add_option('--ambari-admin-username', default=None, help="Ambari administrator username for accessing Ambari's REST API", dest="ambari_admin_username")
+ parser.add_option('--ambari-admin-password', default=None, help="Ambari administrator password for accessing Ambari's REST API", dest="ambari_admin_password")
@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
def init_setup_sso_options(parser):
parser.add_option('--sso-enabled', default=None, help="Indicates whether to enable/disable SSO", dest="sso_enabled")
+ parser.add_option('--sso-enabled-ambari', default=None, help="Indicates whether to enable/disable SSO authentication for Ambari, itself", dest='sso_enabled_ambari')
+ parser.add_option('--sso-manage-services', default=None, help="Indicates whether Ambari should manage the SSO configurations for specified services", dest='sso_manage_services')
parser.add_option('--sso-enabled-services', default=None, help="A comma separated list of services that are expected to be configured for SSO (you are allowed to use '*' to indicate ALL services)", dest='sso_enabled_services')
parser.add_option('--sso-provider-url', default=None, help="The URL of SSO provider; this must be provided when --sso-enabled is set to 'true'", dest="sso_provider_url")
parser.add_option('--sso-public-cert-file', default=None, help="The path where the public certificate PEM is located; this must be provided when --sso-enabled is set to 'true'", dest="sso_public_cert_file")
parser.add_option('--sso-jwt-cookie-name', default=None, help="The name of the JWT cookie", dest="sso_jwt_cookie_name")
parser.add_option('--sso-jwt-audience-list', default=None, help="A comma separated list of JWT audience(s)", dest="sso_jwt_audience_list")
- parser.add_option('--ambari-admin-username', default=None, help="Ambari Admin username for LDAP setup", dest="ambari_admin_username")
- parser.add_option('--ambari-admin-password', default=None, help="Ambari Admin password for LDAP setup", dest="ambari_admin_password")
+ parser.add_option('--ambari-admin-username', default=None, help="Ambari administrator username for accessing Ambari's REST API", dest="ambari_admin_username")
+ parser.add_option('--ambari-admin-password', default=None, help="Ambari administrator password for accessing Ambari's REST API", dest="ambari_admin_password")
@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
def init_pam_setup_parser_options(parser):
diff --git a/ambari-server/src/main/python/ambari_server/setupSso.py b/ambari-server/src/main/python/ambari_server/setupSso.py
index 33ff78c..93eedab 100644
--- a/ambari-server/src/main/python/ambari_server/setupSso.py
+++ b/ambari-server/src/main/python/ambari_server/setupSso.py
@@ -30,7 +30,7 @@ from ambari_server.serverUtils import is_server_runing, get_ambari_admin_usernam
from ambari_server.setupSecurity import REGEX_TRUE_FALSE
from ambari_server.userInput import get_validated_string_input, get_YN_input, get_multi_line_input
-AMBARI_JWT_AUTH_ENBABLED = "ambari.sso.authentication.enabled"
+AMBARI_SSO_AUTH_ENABLED = "ambari.sso.authentication.enabled"
SSO_MANAGE_SERVICES = "ambari.sso.manage_services"
SSO_ENABLED_SERVICES = "ambari.sso.enabled_services"
SSO_PROVIDER_URL = "ambari.sso.provider.url"
@@ -69,6 +69,10 @@ def validate_options(options):
errors.append("Missing option: --sso-public-cert-file")
if options.sso_provider_url and not re.match(REGEX_URL, options.sso_provider_url):
errors.append("Invalid --sso-provider-url")
+ if options.sso_enabled_ambari and not re.match(REGEX_TRUE_FALSE, options.sso_enabled_ambari):
+ errors.append("--sso-enabled-ambari should be to either 'true' or 'false'")
+ if options.sso_manage_services and not re.match(REGEX_TRUE_FALSE, options.sso_manage_services):
+ errors.append("--sso-manage-services should be to either 'true' or 'false'")
if len(errors) > 0:
error_msg = "The following errors occurred while processing your request: {0}"
@@ -78,7 +82,7 @@ def validate_options(options):
def populate_sso_provider_url(options, properties):
if not options.sso_provider_url:
provider_url = get_value_from_dictionary(properties, SSO_PROVIDER_URL, SSO_PROVIDER_URL_DEFAULT)
- provider_url = get_validated_string_input("Provider URL ({0}):".format(provider_url), provider_url, REGEX_URL,
+ provider_url = get_validated_string_input("Provider URL ({0}): ".format(provider_url), provider_url, REGEX_URL,
"Invalid provider URL", False)
else:
provider_url = options.sso_provider_url
@@ -88,7 +92,7 @@ def populate_sso_provider_url(options, properties):
def populate_sso_public_cert(options, properties):
if not options.sso_public_cert_file:
cert = get_value_from_dictionary(properties, SSO_CERTIFICATE)
- get_cert = True if not cert else get_YN_input("The SSO provider's public certificate has already set. Do you want to change it [y/n] (n): ", False)
+ get_cert = True if not cert else get_YN_input("The SSO provider's public certificate has already set. Do you want to change it [y/n] (n)? ", False)
if get_cert:
cert_string = get_multi_line_input("Public Certificate PEM")
@@ -103,7 +107,7 @@ def populate_sso_public_cert(options, properties):
def populate_jwt_cookie_name(options, properties):
if not options.sso_jwt_cookie_name and (not options.sso_provider_url or not options.sso_public_cert_file):
cookie_name = get_value_from_dictionary(properties, JWT_COOKIE_NAME, JWT_COOKIE_NAME_DEFAULT)
- cookie_name = get_validated_string_input("JWT Cookie name ({0}):".format(cookie_name), cookie_name, REGEX_ANYTHING,
+ cookie_name = get_validated_string_input("JWT Cookie name ({0}): ".format(cookie_name), cookie_name, REGEX_ANYTHING,
"Invalid cookie name", False)
else:
cookie_name = options.sso_jwt_cookie_name if options.sso_jwt_cookie_name else JWT_COOKIE_NAME_DEFAULT
@@ -114,13 +118,23 @@ def populate_jwt_cookie_name(options, properties):
def populate_jwt_audiences(options, properties):
if options.sso_jwt_audience_list is None and (not options.sso_provider_url or not options.sso_public_cert_file):
audiences = get_value_from_dictionary(properties, JWT_AUDIENCES, JWT_AUDIENCES_DEFAULT)
- audiences = get_validated_string_input("JWT audiences list (comma-separated), empty for any ({0}):".format(audiences), audiences,
+ audiences = get_validated_string_input("JWT audiences list (comma-separated), empty for any ({0}): ".format(audiences), audiences,
REGEX_ANYTHING, "Invalid value", False)
else:
audiences = options.sso_jwt_audience_list if options.sso_jwt_audience_list else JWT_AUDIENCES_DEFAULT
properties[JWT_AUDIENCES] = audiences
-
+
+def populate_ambari_requires_sso(options, properties):
+ if options.sso_enabled_ambari is None:
+ enabled = get_boolean_from_dictionary(properties, AMBARI_SSO_AUTH_ENABLED, False)
+ enabled = get_YN_input("Use SSO for Ambari [y/n] ({0})? ".format('y' if enabled else 'n'), enabled)
+ else:
+ enabled = 'true' == options.sso_enabled_ambari
+
+ properties[AMBARI_SSO_AUTH_ENABLED] = 'true' if enabled else 'false'
+
+
def get_eligible_services(properties, admin_login, admin_password, cluster_name):
print_info_msg("Fetching SSO enabled services")
@@ -129,7 +143,7 @@ def get_eligible_services(properties, admin_login, admin_password, cluster_name)
response_code, json_data = get_json_via_rest_api(properties, admin_login, admin_password,
FETCH_SERVICES_FOR_SSO_ENTRYPOINT % safe_cluster_name)
- services = [SERVICE_NAME_AMBARI]
+ services = []
if json_data and 'items' in json_data:
items = json_data['items']
@@ -137,31 +151,68 @@ def get_eligible_services(properties, admin_login, admin_password, cluster_name)
for item in items:
services.append(item['ServiceInfo']['service_name'])
- print_info_msg('Found SSO enabled services: %s' % ', '.join(services))
+ if len(services) > 0:
+ print_info_msg('Found SSO enabled services: %s' % ', '.join(services))
+ else:
+ print_info_msg('No SSO enabled services were found')
return services
-def get_services_requires_sso(options, ambari_properties, admin_login, admin_password):
+def populate_service_management(options, properties, ambari_properties, admin_login, admin_password):
if not options.sso_enabled_services:
- configure_for_all_services = get_YN_input("Use SSO for all services [y/n] (n): ", False)
- if configure_for_all_services:
- services = [WILDCARD_FOR_ALL_SERVICES]
+ if not options.sso_manage_services:
+ manage_services = get_boolean_from_dictionary(properties, SSO_MANAGE_SERVICES, False)
+ manage_services = get_YN_input("Manage SSO configurations for eligible services [y/n] ({0})? ".format('y' if manage_services else 'n'), manage_services)
else:
- services = []
- cluster_name = get_cluster_name(ambari_properties, admin_login, admin_password)
-
- if cluster_name:
- eligible_services = get_eligible_services(ambari_properties, admin_login, admin_password, cluster_name)
- if eligible_services:
- for service in eligible_services:
- question = "Use SSO for {0} [y/n] (y): ".format(service)
- if get_YN_input(question, True):
- services.append(service)
+ manage_services = 'true' == options.sso_manage_services
+
+ if not options.sso_provider_url:
+ stored_manage_services = get_boolean_from_dictionary(properties, SSO_MANAGE_SERVICES, False)
+ print("Manage SSO configurations for eligible services [y/n] ({0})? {1}"
+ .format('y' if stored_manage_services else 'n', 'y' if manage_services else 'n'))
+
+ if manage_services:
+ enabled_services = get_value_from_dictionary(properties, SSO_ENABLED_SERVICES, "").upper().split(',')
+
+ all = "*" in enabled_services
+ configure_for_all_services = get_YN_input(" Use SSO for all services [y/n] ({0})? ".format('y' if all else 'n'), all)
+ if configure_for_all_services:
+ services = WILDCARD_FOR_ALL_SERVICES
+ else:
+ cluster_name = get_cluster_name(ambari_properties, admin_login, admin_password)
+
+ if cluster_name:
+ eligible_services = get_eligible_services(ambari_properties, admin_login, admin_password, cluster_name)
+
+ if eligible_services and len(eligible_services) > 0:
+ service_list = []
+
+ for service in eligible_services:
+ enabled = service.upper() in enabled_services
+ question = " Use SSO for {0} [y/n] ({1})? ".format(service, 'y' if enabled else 'n')
+ if get_YN_input(question, enabled):
+ service_list.append(service)
+
+ services = ','.join(service_list)
+ else:
+ print (" There are no eligible services installed.")
+ services = ""
+ else:
+ services = ""
+ else:
+ services = ""
else:
- services = options.sso_enabled_services.upper().split(',') if options.sso_enabled_services else []
+ if options.sso_manage_services:
+ manage_services = 'true' == options.sso_manage_services
+ else:
+ manage_services = True
+
+ services = options.sso_enabled_services.upper() if options.sso_enabled_services else ""
+
+ properties[SSO_MANAGE_SERVICES] = 'true' if manage_services else "false"
+ properties[SSO_ENABLED_SERVICES] = services
- return services
def get_sso_properties(properties, admin_login, admin_password):
print_info_msg("Fetching SSO configuration from DB")
@@ -181,6 +232,11 @@ def get_sso_properties(properties, admin_login, admin_password):
else:
return {}
+
+def remove_sso_conf(ambari_properties, admin_login, admin_password):
+ perform_changes_via_rest_api(ambari_properties, admin_login, admin_password, SSO_CONFIG_API_ENTRYPOINT, 'DELETE')
+
+
def update_sso_conf(ambari_properties, sso_configuration_properties, admin_login, admin_password):
request_data = {
"Configuration": {
@@ -210,38 +266,40 @@ def setup_sso(options):
properties = get_sso_properties(ambari_properties, admin_login, admin_password)
if not options.sso_enabled:
- sso_enabled = get_value_from_dictionary(properties, SSO_MANAGE_SERVICES, None)
- if sso_enabled:
- sso_status = "enabled" if sso_enabled == "true" else "disabled"
+ ambari_auth_enabled = get_value_from_dictionary(properties, AMBARI_SSO_AUTH_ENABLED)
+ manage_services = get_value_from_dictionary(properties, SSO_MANAGE_SERVICES)
+
+ if ambari_auth_enabled or manage_services:
+ if (ambari_auth_enabled and 'true' == ambari_auth_enabled) or \
+ (manage_services and 'true' == manage_services):
+ sso_status = "enabled"
+ else:
+ sso_status = "disabled"
else:
sso_status = "not configured"
sys.stdout.write("\nSSO is currently %s\n" % sso_status)
if sso_status == "enabled":
enable_sso = not get_YN_input("Do you want to disable SSO authentication [y/n] (n)? ", False)
+ elif get_YN_input("Do you want to configure SSO authentication [y/n] (y)? ", True):
+ enable_sso = True
else:
- if get_YN_input("Do you want to configure SSO authentication [y/n] (y)? ", True):
- enable_sso = True
- else:
- return False
+ return False
else:
enable_sso = options.sso_enabled == 'true'
- services = None
if enable_sso:
populate_sso_provider_url(options, properties)
populate_sso_public_cert(options, properties)
+ populate_ambari_requires_sso(options, properties)
+ populate_service_management(options, properties, ambari_properties, admin_login, admin_password)
populate_jwt_cookie_name(options, properties)
populate_jwt_audiences(options, properties)
- services = get_services_requires_sso(options, ambari_properties, admin_login, admin_password)
- enable_jwt_auth = services and (WILDCARD_FOR_ALL_SERVICES in services or SERVICE_NAME_AMBARI in services)
- properties[AMBARI_JWT_AUTH_ENBABLED] = "true" if enable_jwt_auth else "false"
- properties[SSO_MANAGE_SERVICES] = "true" if enable_sso else "false"
- properties[SSO_ENABLED_SERVICES] = ','.join(services) if services else ""
+ update_sso_conf(ambari_properties, properties, admin_login, admin_password)
+ else:
+ remove_sso_conf(ambari_properties, admin_login, admin_password)
- update_sso_conf(ambari_properties, properties, admin_login, admin_password)
- pass
else:
warning = "setup-sso is not enabled in silent mode."
raise NonFatalException(warning)
@@ -263,3 +321,8 @@ def ensure_complete_cert(cert_string):
def get_value_from_dictionary(properties, key, default_value=None):
return properties[key] if properties and key in properties else default_value
+
+def get_boolean_from_dictionary(properties, key, default_value=False):
+ value = get_value_from_dictionary(properties, key, None)
+ return 'true' == value.lower() if value else default_value
+
diff --git a/ambari-server/src/test/python/TestSetupSso.py b/ambari-server/src/test/python/TestSetupSso.py
index d57fc1b..ddc7e37 100644
--- a/ambari-server/src/test/python/TestSetupSso.py
+++ b/ambari-server/src/test/python/TestSetupSso.py
@@ -69,12 +69,11 @@ with patch.object(platform, "linux_distribution", return_value = MagicMock(retur
with patch("__builtin__.open"):
from ambari_commons.exceptions import FatalException, NonFatalException
from ambari_server.properties import Properties
- from ambari_server.setupSso import setup_sso, AMBARI_JWT_AUTH_ENBABLED, \
+ from ambari_server.setupSso import setup_sso, AMBARI_SSO_AUTH_ENABLED, \
SSO_PROVIDER_URL, SSO_CERTIFICATE, JWT_COOKIE_NAME, JWT_AUDIENCES, \
SSO_ENABLED_SERVICES, SSO_MANAGE_SERVICES
class TestSetupSso(unittest.TestCase):
-
@patch("ambari_server.setupSso.is_server_runing")
def test_sso_setup_should_fail_if_server_is_not_running(self, is_server_runing_mock):
out = StringIO.StringIO()
@@ -114,7 +113,6 @@ class TestSetupSso(unittest.TestCase):
pass
-
@patch("ambari_server.setupSso.get_silent")
@patch("ambari_server.setupSso.is_server_runing")
def test_invalid_sso_enabled_cli_option_should_result_in_error(self, is_server_runing_mock, get_silent_mock):
@@ -137,7 +135,6 @@ class TestSetupSso(unittest.TestCase):
pass
-
@patch("ambari_server.setupSso.get_silent")
@patch("ambari_server.setupSso.is_server_runing")
def test_missing_sso_provider_url_cli_option_when_enabling_sso_should_result_in_error(self, is_server_runing_mock, get_silent_mock):
@@ -161,7 +158,6 @@ class TestSetupSso(unittest.TestCase):
pass
-
@patch("ambari_server.setupSso.get_silent")
@patch("ambari_server.setupSso.is_server_runing")
def test_missing_sso_public_cert_file_cli_option_when_enabling_sso_should_result_in_error(self, is_server_runing_mock, get_silent_mock):
@@ -185,7 +181,6 @@ class TestSetupSso(unittest.TestCase):
pass
-
@patch("ambari_server.setupSso.get_silent")
@patch("ambari_server.setupSso.is_server_runing")
def test_invalid_sso_provider_url_cli_option_when_enabling_sso_should_result_in_error(self, is_server_runing_mock, get_silent_mock):
@@ -263,6 +258,8 @@ class TestSetupSso(unittest.TestCase):
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
+ options.sso_enabled_ambari = 'true'
+ options.sso_manage_services = 'true'
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
@@ -277,7 +274,7 @@ class TestSetupSso(unittest.TestCase):
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
- self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], sso_enabled)
+ self.assertEqual(ssoProperties[AMBARI_SSO_AUTH_ENABLED], sso_enabled)
self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url)
self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data)
self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name)
@@ -286,7 +283,6 @@ class TestSetupSso(unittest.TestCase):
sys.stdout = sys.__stdout__
pass
-
@patch("ambari_server.setupSso.perform_changes_via_rest_api")
@patch("ambari_server.setupSso.get_ambari_properties")
@patch("ambari_server.setupSso.get_silent")
@@ -335,16 +331,13 @@ class TestSetupSso(unittest.TestCase):
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
- requestData = args[5]
- self.assertTrue(isinstance(requestData, dict))
- ssoProperties = requestData['Configuration']['properties']
- self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "false")
- self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], "false")
+ requestMethod = args[4]
+ self.assertTrue(isinstance(requestMethod, str))
+ self.assertEqual(requestMethod, "DELETE")
sys.stdout = sys.__stdout__
pass
-
@patch("ambari_server.setupSso.perform_changes_via_rest_api")
@patch("ambari_server.setupSso.get_YN_input")
@patch("ambari_server.setupSso.get_ambari_properties")
@@ -377,7 +370,11 @@ class TestSetupSso(unittest.TestCase):
get_ambari_properties_mock.return_value = Properties()
def yn_input_side_effect(*args, **kwargs):
- if 'all services' in args[0]:
+ if 'Manage SSO configurations' in args[0]:
+ return True
+ elif 'Manage SSO configurations' in args[0]:
+ return True
+ elif 'all services' in args[0]:
return True
else:
raise Exception("ShouldNotBeInvoked") # only the 'Use SSO for all services' question should be asked for now
@@ -392,6 +389,8 @@ class TestSetupSso(unittest.TestCase):
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
+ options.sso_enabled_ambari = 'true'
+ options.sso_manage_services = 'true'
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
@@ -405,7 +404,7 @@ class TestSetupSso(unittest.TestCase):
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
- self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], sso_enabled)
+ self.assertEqual(ssoProperties[AMBARI_SSO_AUTH_ENABLED], sso_enabled)
self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url)
self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data)
self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name)
@@ -459,6 +458,8 @@ class TestSetupSso(unittest.TestCase):
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
+ options.sso_enabled_ambari = sso_enabled
+ options.sso_manage_services = 'true'
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
@@ -472,7 +473,7 @@ class TestSetupSso(unittest.TestCase):
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
- self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], sso_enabled)
+ self.assertEqual(ssoProperties[AMBARI_SSO_AUTH_ENABLED], sso_enabled)
self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url)
self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data)
self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name)
@@ -572,6 +573,8 @@ class TestSetupSso(unittest.TestCase):
options = self._create_empty_options_mock()
options.sso_enabled = 'true'
+ options.sso_enabled_ambari = 'true'
+ options.sso_manage_services = 'true'
options.sso_provider_url = 'http://testHost:8080'
options.sso_public_cert_file = '/test/file/path'
options.sso_jwt_cookie_name = 'test_cookie'
@@ -586,7 +589,7 @@ class TestSetupSso(unittest.TestCase):
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "true")
- self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES], "AMBARI,HDFS,ZOOKEPER")
+ self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES], "HDFS,ZOOKEPER")
sys.stdout = sys.__stdout__
pass
@@ -594,6 +597,8 @@ class TestSetupSso(unittest.TestCase):
def _create_empty_options_mock(self):
options = MagicMock()
options.sso_enabled = None
+ options.sso_enabled_ambari = None
+ options.sso_manage_services = None
options.sso_enabled_services = None
options.sso_provider_url = None
options.sso_public_cert_file = None
--
To stop receiving notification emails like this one, please contact
rlevas@apache.org.