You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by lp...@apache.org on 2017/10/13 15:54:44 UTC
[16/33] ambari git commit: AMBARI-21307 LDAP config rest service
implementation extends the ambari config rest implementaiton
AMBARI-21307 LDAP config rest service implementation extends the ambari config rest implementaiton
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d062cf05
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d062cf05
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d062cf05
Branch: refs/heads/feature-branch-AMBARI-21307
Commit: d062cf05e4947e3b728b1495e4c19da5fc2cafc7
Parents: 5b7c55f
Author: lpuskas <lp...@apache.org>
Authored: Mon Aug 21 15:53:45 2017 +0200
Committer: lpuskas <lp...@apache.org>
Committed: Fri Oct 13 17:20:50 2017 +0200
----------------------------------------------------------------------
.../services/ldap/LdapConfigurationService.java | 208 +++++++++++++++++++
.../api/services/ldap/LdapRestService.java | 149 -------------
2 files changed, 208 insertions(+), 149 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d062cf05/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapConfigurationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapConfigurationService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapConfigurationService.java
new file mode 100644
index 0000000..52244bc
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapConfigurationService.java
@@ -0,0 +1,208 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services.ldap;
+
+import java.util.Set;
+
+import javax.inject.Inject;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import org.apache.ambari.annotations.ApiIgnore;
+import org.apache.ambari.server.StaticallyInject;
+import org.apache.ambari.server.api.services.AmbariConfigurationService;
+import org.apache.ambari.server.api.services.Result;
+import org.apache.ambari.server.api.services.ResultImpl;
+import org.apache.ambari.server.api.services.ResultStatus;
+import org.apache.ambari.server.controller.internal.ResourceImpl;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
+import org.apache.ambari.server.ldap.LdapConfigurationFactory;
+import org.apache.ambari.server.ldap.service.LdapFacade;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
+import org.apache.ambari.server.security.authorization.ResourceType;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+
+import com.google.common.collect.Sets;
+
+/**
+ * Endpoint designated to LDAP specific operations.
+ */
+@StaticallyInject
+@Path("/ldapconfigs/")
+public class LdapConfigurationService extends AmbariConfigurationService {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(LdapConfigurationService.class);
+
+ @Inject
+ private static LdapFacade ldapFacade;
+
+ @Inject
+ private static LdapConfigurationFactory ldapConfigurationFactory;
+
+ /**
+ * Actions supported by this endpoint
+ */
+ private enum LdapAction {
+ TEST_CONNECTION("test-connection"),
+ TEST_ATTRIBUTES("test-attributes"),
+ DETECT_ATTRIBUTES("detect-attributes");
+
+ private String actionStr;
+
+ LdapAction(String actionStr) {
+ this.actionStr = actionStr;
+ }
+
+ public static LdapAction fromAction(String action) {
+ for (LdapAction val : LdapAction.values()) {
+ if (val.action().equals(action)) {
+ return val;
+ }
+ }
+ throw new IllegalStateException("Action [ " + action + " ] is not supported");
+ }
+
+ public String action() {
+ return this.actionStr;
+ }
+ }
+
+ @POST
+ @ApiIgnore // until documented
+ @Path("/validate")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ public Response validateConfiguration(LdapCheckConfigurationRequest ldapCheckConfigurationRequest) {
+
+ authorize();
+
+ Set<String> groups = Sets.newHashSet();
+
+ Result result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.OK));
+ try {
+
+ validateRequest(ldapCheckConfigurationRequest);
+
+ AmbariLdapConfiguration ambariLdapConfiguration = ldapConfigurationFactory.createLdapConfiguration(
+ ldapCheckConfigurationRequest.getAmbariConfiguration().getData().iterator().next());
+
+ LdapAction action = LdapAction.fromAction(ldapCheckConfigurationRequest.getRequestInfo().getAction());
+ switch (action) {
+
+ case TEST_CONNECTION:
+
+ LOGGER.info("Testing connection to the LDAP server ...");
+ ldapFacade.checkConnection(ambariLdapConfiguration);
+
+ break;
+ case TEST_ATTRIBUTES:
+
+ LOGGER.info("Testing LDAP attributes ....");
+ groups = ldapFacade.checkLdapAttibutes(ldapCheckConfigurationRequest.getRequestInfo().getParameters(), ambariLdapConfiguration);
+ setResult(groups, result);
+
+ break;
+ case DETECT_ATTRIBUTES:
+
+ LOGGER.info("Detecting LDAP attributes ...");
+ ldapFacade.detectAttributes(ambariLdapConfiguration);
+
+ break;
+ default:
+ LOGGER.warn("No action provided ...");
+ throw new IllegalArgumentException("No request action provided");
+ }
+
+ } catch (Exception e) {
+ result.setResultStatus(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e));
+ }
+
+ return Response.status(result.getStatus().getStatusCode()).entity(getResultSerializer().serialize(result)).build();
+ }
+
+ private void setResult(Set<String> groups, Result result) {
+ Resource resource = new ResourceImpl(Resource.Type.AmbariConfiguration);
+ resource.setProperty("groups", groups);
+ result.getResultTree().addChild(resource, "payload");
+ }
+
+ private void validateRequest(LdapCheckConfigurationRequest ldapCheckConfigurationRequest) {
+ String errMsg;
+
+ if (null == ldapCheckConfigurationRequest) {
+ errMsg = "No ldap configuraiton request provided";
+ LOGGER.error(errMsg);
+ throw new IllegalArgumentException(errMsg);
+ }
+
+ if (null == ldapCheckConfigurationRequest.getRequestInfo()) {
+ errMsg = String.format("No request information provided. Request: [%s]", ldapCheckConfigurationRequest);
+ LOGGER.error(errMsg);
+ throw new IllegalArgumentException(errMsg);
+ }
+
+ if (null == ldapCheckConfigurationRequest.getAmbariConfiguration()
+ || ldapCheckConfigurationRequest.getAmbariConfiguration().getData().size() != 1) {
+ errMsg = String.format("No / Invalid configuration data provided. Request: [%s]", ldapCheckConfigurationRequest);
+ LOGGER.error(errMsg);
+ throw new IllegalArgumentException(errMsg);
+ }
+ }
+
+ private void authorize() {
+ try {
+ Authentication authentication = AuthorizationHelper.getAuthentication();
+
+ if (authentication == null || !authentication.isAuthenticated()) {
+ throw new AuthorizationException("Authentication data is not available, authorization to perform the requested operation is not granted");
+ }
+
+ if (!AuthorizationHelper.isAuthorized(authentication, ResourceType.AMBARI, null, requiredAuthorizations())) {
+ throw new AuthorizationException("The authenticated user does not have the appropriate authorizations to create the requested resource(s)");
+ }
+ } catch (AuthorizationException e) {
+ LOGGER.error("Unauthorized operation.", e);
+ throw new IllegalArgumentException("User is not authorized to perform the operation", e);
+ }
+
+ }
+
+ Set<RoleAuthorization> requiredAuthorizations() {
+ return Sets.newHashSet(RoleAuthorization.AMBARI_MANAGE_CONFIGURATION);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d062cf05/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java
deleted file mode 100644
index 4e654dc..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.api.services.ldap;
-
-import java.util.Set;
-
-import javax.inject.Inject;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-import org.apache.ambari.annotations.ApiIgnore;
-import org.apache.ambari.server.StaticallyInject;
-import org.apache.ambari.server.api.services.BaseService;
-import org.apache.ambari.server.api.services.Result;
-import org.apache.ambari.server.api.services.ResultImpl;
-import org.apache.ambari.server.api.services.ResultStatus;
-import org.apache.ambari.server.controller.internal.ResourceImpl;
-import org.apache.ambari.server.controller.spi.Resource;
-import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
-import org.apache.ambari.server.ldap.LdapConfigurationFactory;
-import org.apache.ambari.server.ldap.service.LdapFacade;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.collect.Sets;
-
-/**
- * Endpoint designated to LDAP specific operations.
- */
-@StaticallyInject
-@Path("/ldap")
-public class LdapRestService extends BaseService {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(LdapRestService.class);
-
- @Inject
- private static LdapFacade ldapFacade;
-
- @Inject
- private static LdapConfigurationFactory ldapConfigurationFactory;
-
- @POST
- @ApiIgnore // until documented
- @Path("/validate") // todo this needs to be moved under the resource
- @Consumes(MediaType.APPLICATION_JSON)
- @Produces(MediaType.APPLICATION_JSON)
- public Response validateConfiguration(LdapCheckConfigurationRequest ldapCheckConfigurationRequest) {
-
- Set<String> groups = Sets.newHashSet();
-
- Result result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.OK));
- try {
-
- validateRequest(ldapCheckConfigurationRequest);
-
- AmbariLdapConfiguration ambariLdapConfiguration = ldapConfigurationFactory.createLdapConfiguration(
- ldapCheckConfigurationRequest.getAmbariConfiguration().getData().iterator().next());
-
- switch (ldapCheckConfigurationRequest.getRequestInfo().getAction()) {
- case "test-connection":
-
- LOGGER.info("Testing connection to the LDAP server ...");
- ldapFacade.checkConnection(ambariLdapConfiguration);
-
- break;
- case "test-attributes":
-
- LOGGER.info("Testing LDAP attributes ....");
- groups = ldapFacade.checkLdapAttibutes(ldapCheckConfigurationRequest.getRequestInfo().getParameters(), ambariLdapConfiguration);
- setResult(groups, result);
-
- break;
- case "detect-attributes":
-
- LOGGER.info("Detecting LDAP attributes ...");
- ldapFacade.detectAttributes(ambariLdapConfiguration);
-
- break;
- default:
- LOGGER.warn("No action provided ...");
- throw new IllegalArgumentException("No request action provided");
- }
-
- } catch (Exception e) {
- result.setResultStatus(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e));
- }
-
- return Response.status(result.getStatus().getStatusCode()).entity(getResultSerializer().serialize(result)).build();
- }
-
- private void setResult(Set<String> groups, Result result) {
- Resource resource = new ResourceImpl(Resource.Type.AmbariConfiguration);
- resource.setProperty("groups", groups);
- result.getResultTree().addChild(resource, "payload");
- }
-
- private void validateRequest(LdapCheckConfigurationRequest ldapCheckConfigurationRequest) {
- String errMsg;
-
- if (null == ldapCheckConfigurationRequest) {
- errMsg = "No ldap configuraiton request provided";
- LOGGER.error(errMsg);
- throw new IllegalArgumentException(errMsg);
- }
-
- if (null == ldapCheckConfigurationRequest.getRequestInfo()) {
- errMsg = String.format("No request information provided. Request: [%s]", ldapCheckConfigurationRequest);
- LOGGER.error(errMsg);
- throw new IllegalArgumentException(errMsg);
- }
-
- if (null == ldapCheckConfigurationRequest.getAmbariConfiguration()
- || ldapCheckConfigurationRequest.getAmbariConfiguration().getData().size() != 1) {
- errMsg = String.format("No / Invalid configuration data provided. Request: [%s]", ldapCheckConfigurationRequest);
- LOGGER.error(errMsg);
- throw new IllegalArgumentException(errMsg);
- }
- }
-}