You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by kr...@apache.org on 2018/08/03 19:45:32 UTC
[ambari] branch branch-2.7 updated: AMBARI-24187 - Ambari Server
Setup LDAP Label Updates (#1961)
This is an automated email from the ASF dual-hosted git repository.
krisztiankasa pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new abeba0a AMBARI-24187 - Ambari Server Setup LDAP Label Updates (#1961)
abeba0a is described below
commit abeba0a09df248212cb33bb61757782270f262f3
Author: kasakrisz <33...@users.noreply.github.com>
AuthorDate: Fri Aug 3 21:45:28 2018 +0200
AMBARI-24187 - Ambari Server Setup LDAP Label Updates (#1961)
---
.../src/main/python/ambari_server/setupSecurity.py | 244 ++++++++++++---------
.../src/main/python/ambari_server/userInput.py | 30 +--
ambari-server/src/test/python/TestAmbariServer.py | 51 ++---
3 files changed, 172 insertions(+), 153 deletions(-)
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index 3f29ae2..ac0c4d4 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -17,26 +17,28 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
'''
+import \
+ ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
import base64
import fileinput
import getpass
-import stat
-import tempfile
-import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
+import logging
import os
import re
import shutil
-import urllib2
-import time
+import stat
import sys
-import logging
-
+import tempfile
+import time
+import urllib2
from ambari_commons.exceptions import FatalException, NonFatalException
from ambari_commons.logging_utils import print_warning_msg, print_error_msg, print_info_msg, get_verbose
from ambari_commons.os_check import OSConst
from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
from ambari_commons.os_utils import is_root, set_file_permissions, \
run_os_command, search_file, is_valid_filepath, change_owner, get_ambari_repo_file_full_name, get_file_owner
+from ambari_server.dbConfiguration import ensure_jdbc_driver_is_installed
+from ambari_server.serverClassPath import ServerClassPath
from ambari_server.serverConfiguration import configDefaults, parse_properties_file, \
encrypt_password, find_jdk, find_properties_file, get_alias_string, get_ambari_properties, get_conf_dir, \
get_credential_store_location, get_is_persisted, get_is_secure, get_master_key_location, get_db_type, write_property, \
@@ -48,19 +50,24 @@ from ambari_server.serverConfiguration import configDefaults, parse_properties_f
SECURITY_IS_ENCRYPTION_ENABLED, SECURITY_KEY_ENV_VAR_NAME, SECURITY_KERBEROS_JASS_FILENAME, \
SECURITY_PROVIDER_KEY_CMD, SECURITY_MASTER_KEY_FILENAME, SSL_TRUSTSTORE_PASSWORD_ALIAS, \
SSL_TRUSTSTORE_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_TYPE_PROPERTY, \
- SSL_API, SSL_API_PORT, DEFAULT_SSL_API_PORT, CLIENT_API_PORT, JDK_NAME_PROPERTY, JCE_NAME_PROPERTY, JAVA_HOME_PROPERTY, \
- get_resources_location, SECURITY_MASTER_KEY_LOCATION, SETUP_OR_UPGRADE_MSG, CHECK_AMBARI_KRB_JAAS_CONFIGURATION_PROPERTY
+ JDK_NAME_PROPERTY, JCE_NAME_PROPERTY, JAVA_HOME_PROPERTY, \
+ get_resources_location, SECURITY_MASTER_KEY_LOCATION, SETUP_OR_UPGRADE_MSG, \
+ CHECK_AMBARI_KRB_JAAS_CONFIGURATION_PROPERTY
from ambari_server.serverUtils import is_server_runing, get_ambari_server_api_base, \
get_ambari_admin_username_password_pair, perform_changes_via_rest_api, get_ssl_context
from ambari_server.setupActions import SETUP_ACTION, LDAP_SETUP_ACTION
-from ambari_server.userInput import get_validated_string_input, get_prompt_default, read_password, get_YN_input, quit_if_has_answer
-from ambari_server.serverClassPath import ServerClassPath
-from ambari_server.dbConfiguration import DBMSConfigFactory, check_jdbc_drivers, \
- get_jdbc_driver_path, ensure_jdbc_driver_is_installed, LINUX_DBMS_KEYS_LIST
+from ambari_server.userInput import get_validated_string_input, get_prompt_default, read_password, get_YN_input, \
+ quit_if_has_answer
from contextlib import closing
logger = logging.getLogger(__name__)
+LDAP_AD="AD"
+LDAP_IPA="IPA"
+LDAP_GENERIC="Generic LDAP"
+
+LDAP_TYPES = [LDAP_AD, LDAP_IPA, LDAP_GENERIC]
+
REGEX_IP_ADDRESS = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
REGEX_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
REGEX_PORT = "^([0-9]{1,5}$)"
@@ -68,6 +75,7 @@ REGEX_HOSTNAME_PORT = "^(.*:[0-9]{1,5}$)"
REGEX_TRUE_FALSE = "^(true|false)?$"
REGEX_SKIP_CONVERT = "^(skip|convert)?$"
REGEX_REFERRAL = "^(follow|ignore)?$"
+REGEX_LDAP_TYPE = "^({})?$".format("|".join(LDAP_TYPES))
REGEX_ANYTHING = ".*"
LDAP_TO_PAM_MIGRATION_HELPER_CMD = "{0} -cp {1} " + \
"org.apache.ambari.server.security.authentication.LdapToPamMigrationHelper" + \
@@ -213,11 +221,12 @@ def adjust_directory_permissions(ambari_user):
change_owner(path, user, recursive)
def configure_ldap_password(options):
- passwordDefault = ""
- passwordPrompt = 'Enter Manager Password* : '
- passwordPattern = ".*"
- passwordDescr = "Invalid characters in password."
- password = read_password(passwordDefault, passwordPattern, passwordPrompt, passwordDescr, options.ldap_manager_password)
+ password_default = ""
+ password_prompt = 'Enter Bind DN Password: '
+ confirm_password_prompt = 'Confirm Bind DN Password: '
+ password_pattern = ".*"
+ password_descr = "Invalid characters in password."
+ password = read_password(password_default, password_pattern, password_prompt, password_descr, options.ldap_manager_password, confirm_password_prompt)
return password
@@ -631,50 +640,58 @@ class LdapPropTemplate:
def __init__(self, properties, i_option, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None):
self.prop_name = i_prop_name
self.option = i_option
- self.ldap_prop_name = get_value_from_properties(properties, i_prop_name, i_prop_name_default)
- self.ldap_prop_val_prompt = i_prop_val_pattern.format(get_prompt_default(self.ldap_prop_name))
+ self.ldap_prop_value = get_value_from_properties(properties, i_prop_name, i_prop_name_default)
+ self.ldap_prop_val_prompt = format_prop_val_prompt(i_prop_val_pattern, self.ldap_prop_value)
self.prompt_regex = i_prompt_regex
self.allow_empty_prompt = i_allow_empty_prompt
+def format_prop_val_prompt(prop_prompt_pattern, prop_default_value):
+ default_value = get_prompt_default(prop_default_value)
+ return prop_prompt_pattern.format((" " + default_value) if default_value is not None and default_value != "" else "")
+
@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
-def init_ldap_properties_list_reqd(properties, options):
+def init_ldap_properties_list_reqd(properties, options, ldap_type):
# python2.x dict is not ordered
ldap_properties = [
- LdapPropTemplate(properties, options.ldap_primary_host, "ambari.ldap.connectivity.server.host", "Primary URL Host* {0}: ", REGEX_HOSTNAME, False),
- LdapPropTemplate(properties, options.ldap_primary_port, "ambari.ldap.connectivity.server.port", "Primary URL Port* {0}: ", REGEX_PORT, False),
- LdapPropTemplate(properties, options.ldap_secondary_host, "ambari.ldap.connectivity.secondary.server.host", "Secondary URL Host {0}: ", REGEX_HOSTNAME, True),
- LdapPropTemplate(properties, options.ldap_secondary_port, "ambari.ldap.connectivity.secondary.server.port", "Secondary URL Port {0}: ", REGEX_PORT, True),
- LdapPropTemplate(properties, options.ldap_ssl, "ambari.ldap.connectivity.use_ssl", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
- LdapPropTemplate(properties, options.ldap_user_attr, "ambari.ldap.attributes.user.name_attr", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
- LdapPropTemplate(properties, options.ldap_base_dn, "ambari.ldap.attributes.user.search_base", "Base DN* {0}: ", REGEX_ANYTHING, False, "dc=ambari,dc=apache,dc=org"),
- LdapPropTemplate(properties, options.ldap_referral, "ambari.ldap.advanced.referrals", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
- LdapPropTemplate(properties, options.ldap_bind_anonym, "ambari.ldap.connectivity.anonymous_bind" "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
+ LdapPropTemplate(properties, options.ldap_primary_host, "ambari.ldap.connectivity.server.host", "Primary LDAP Host{0}: ", REGEX_HOSTNAME, False, get_default_prop_value(ldap_type, {LDAP_IPA:'ipa.ambari.apache.org', LDAP_GENERIC:'ldap.ambari.apache.org'})),
+ LdapPropTemplate(properties, options.ldap_primary_port, "ambari.ldap.connectivity.server.port", "Primary LDAP Port{0}: ", REGEX_PORT, False, get_default_prop_value(ldap_type, {LDAP_IPA:'636', LDAP_GENERIC:'389'})),
+ LdapPropTemplate(properties, options.ldap_secondary_host, "ambari.ldap.connectivity.secondary.server.host", "Secondary LDAP Host <Optional>{0}: ", REGEX_HOSTNAME, True),
+ LdapPropTemplate(properties, options.ldap_secondary_port, "ambari.ldap.connectivity.secondary.server.port", "Secondary LDAP Port <Optional>{0}: ", REGEX_PORT, True),
+ LdapPropTemplate(properties, options.ldap_ssl, "ambari.ldap.connectivity.use_ssl", "Use SSL [true/false]{0}: ", REGEX_TRUE_FALSE, False, get_default_prop_value(ldap_type, {LDAP_AD:'false', LDAP_IPA:'true', LDAP_GENERIC:'false'})),
+ LdapPropTemplate(properties, options.ldap_user_attr, "ambari.ldap.attributes.user.name_attr", "User ID attribute{0}: ", REGEX_ANYTHING, False, get_default_prop_value(ldap_type, {LDAP_AD:'sAMAccountName', LDAP_IPA:'uid', LDAP_GENERIC:'uid'})),
+ LdapPropTemplate(properties, options.ldap_base_dn, "ambari.ldap.attributes.user.search_base", "Search Base{0}: ", REGEX_ANYTHING, False, "dc=ambari,dc=apache,dc=org"),
+ LdapPropTemplate(properties, options.ldap_referral, "ambari.ldap.advanced.referrals", "Referral method [follow/ignore]{0}: ", REGEX_REFERRAL, True, "follow"),
+ LdapPropTemplate(properties, options.ldap_bind_anonym, "ambari.ldap.connectivity.anonymous_bind" "Bind anonymously [true/false]{0}: ", REGEX_TRUE_FALSE, False, "false")
]
return ldap_properties
@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
-def init_ldap_properties_list_reqd(properties, options):
+def init_ldap_properties_list_reqd(properties, options, ldap_type):
ldap_properties = [
- LdapPropTemplate(properties, options.ldap_primary_host, "ambari.ldap.connectivity.server.host", "Primary URL Host* {0}: ", REGEX_HOSTNAME, False),
- LdapPropTemplate(properties, options.ldap_primary_port, "ambari.ldap.connectivity.server.port", "Primary URL Port* {0}: ", REGEX_PORT, False),
- LdapPropTemplate(properties, options.ldap_secondary_host, "ambari.ldap.connectivity.secondary.server.host", "Secondary URL Host {0}: ", REGEX_HOSTNAME, True),
- LdapPropTemplate(properties, options.ldap_secondary_port, "ambari.ldap.connectivity.secondary.server.port", "Secondary URL Port {0}: ", REGEX_PORT, True),
- LdapPropTemplate(properties, options.ldap_ssl, "ambari.ldap.connectivity.use_ssl", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
- LdapPropTemplate(properties, options.ldap_user_class, "ambari.ldap.attributes.user.object_class", "User object class* {0}: ", REGEX_ANYTHING, False, "person"),
- LdapPropTemplate(properties, options.ldap_user_attr, "ambari.ldap.attributes.user.name_attr", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
- LdapPropTemplate(properties, options.ldap_group_class, "ambari.ldap.attributes.group.object_class", "Group object class* {0}: ", REGEX_ANYTHING, False, "posixGroup"),
- LdapPropTemplate(properties, options.ldap_group_attr, "ambari.ldap.attributes.group.name_attr", "Group name attribute* {0}: ", REGEX_ANYTHING, False, "cn"),
- LdapPropTemplate(properties, options.ldap_member_attr, "ambari.ldap.attributes.group.member_attr", "Group member attribute* {0}: ", REGEX_ANYTHING, False, "memberUid"),
- LdapPropTemplate(properties, options.ldap_dn, "ambari.ldap.attributes.dn_attr", "Distinguished name attribute* {0}: ", REGEX_ANYTHING, False, "dn"),
- LdapPropTemplate(properties, options.ldap_base_dn, "ambari.ldap.attributes.user.search_base", "Base DN* {0}: ", REGEX_ANYTHING, False, "dc=ambari,dc=apache,dc=org"),
- LdapPropTemplate(properties, options.ldap_referral, "ambari.ldap.advanced.referrals", "Referral method [follow/ignore] {0}: ", REGEX_REFERRAL, True),
- LdapPropTemplate(properties, options.ldap_bind_anonym, "ambari.ldap.connectivity.anonymous_bind", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
- LdapPropTemplate(properties, options.ldap_sync_username_collisions_behavior, "ambari.ldap.advance.collision_behavior", "Handling behavior for username collisions [convert/skip] for LDAP sync* {0}: ", REGEX_SKIP_CONVERT, False, "convert"),
- LdapPropTemplate(properties, options.ldap_force_lowercase_usernames, "ambari.ldap.advanced.force_lowercase_usernames", "Force lower-case user names [true/false] {0}:", REGEX_TRUE_FALSE, True),
- LdapPropTemplate(properties, options.ldap_pagination_enabled, "ambari.ldap.advanced.pagination_enabled", "Results from LDAP are paginated when requested [true/false] {0}:", REGEX_TRUE_FALSE, True)
+ LdapPropTemplate(properties, options.ldap_primary_host, "ambari.ldap.connectivity.server.host", "Primary LDAP Host{0}: ", REGEX_HOSTNAME, False, get_default_prop_value(ldap_type, {LDAP_IPA:'ipa.ambari.apache.org', LDAP_GENERIC:'ldap.ambari.apache.org'})),
+ LdapPropTemplate(properties, options.ldap_primary_port, "ambari.ldap.connectivity.server.port", "Primary LDAP Port{0}: ", REGEX_PORT, False, get_default_prop_value(ldap_type, {LDAP_IPA:'636', LDAP_GENERIC:'389'})),
+ LdapPropTemplate(properties, options.ldap_secondary_host, "ambari.ldap.connectivity.secondary.server.host", "Secondary LDAP Host <Optional>{0}: ", REGEX_HOSTNAME, True),
+ LdapPropTemplate(properties, options.ldap_secondary_port, "ambari.ldap.connectivity.secondary.server.port", "Secondary LDAP Port <Optional>{0}: ", REGEX_PORT, True),
+ LdapPropTemplate(properties, options.ldap_ssl, "ambari.ldap.connectivity.use_ssl", "Use SSL [true/false]{0}: ", REGEX_TRUE_FALSE, False, get_default_prop_value(ldap_type, {LDAP_AD:'false', LDAP_IPA:'true', LDAP_GENERIC:'false'})),
+ LdapPropTemplate(properties, options.ldap_user_class, "ambari.ldap.attributes.user.object_class", "User object class{0}: ", REGEX_ANYTHING, False, get_default_prop_value(ldap_type, {LDAP_AD:'user', LDAP_IPA:'posixUser', LDAP_GENERIC:'posixUser'})),
+ LdapPropTemplate(properties, options.ldap_user_attr, "ambari.ldap.attributes.user.name_attr", "User ID attribute{0}: ", REGEX_ANYTHING, False, get_default_prop_value(ldap_type, {LDAP_AD:'sAMAccountName', LDAP_IPA:'uid', LDAP_GENERIC:'uid'})),
+ LdapPropTemplate(properties, options.ldap_group_class, "ambari.ldap.attributes.group.object_class", "Group object class{0}: ", REGEX_ANYTHING, False, get_default_prop_value(ldap_type, {LDAP_AD:'group', LDAP_IPA:'posixGroup', LDAP_GENERIC:'posixGroup'})),
+ LdapPropTemplate(properties, options.ldap_group_attr, "ambari.ldap.attributes.group.name_attr", "Group name attribute{0}: ", REGEX_ANYTHING, False, "cn"),
+ LdapPropTemplate(properties, options.ldap_member_attr, "ambari.ldap.attributes.group.member_attr", "Group member attribute{0}: ", REGEX_ANYTHING, False, get_default_prop_value(ldap_type, {LDAP_AD:'member', LDAP_IPA:'memberUid', LDAP_GENERIC:'memberUid'})),
+ LdapPropTemplate(properties, options.ldap_dn, "ambari.ldap.attributes.dn_attr", "Distinguished name attribute{0}: ", REGEX_ANYTHING, False, get_default_prop_value(ldap_type, {LDAP_AD:'distinguishedName', LDAP_IPA:'dn', LDAP_GENERIC:'dn'})),
+ LdapPropTemplate(properties, options.ldap_base_dn, "ambari.ldap.attributes.user.search_base", "Search Base{0}: ", REGEX_ANYTHING, False, "dc=ambari,dc=apache,dc=org"),
+ LdapPropTemplate(properties, options.ldap_referral, "ambari.ldap.advanced.referrals", "Referral method [follow/ignore]{0}: ", REGEX_REFERRAL, True, "follow"),
+ LdapPropTemplate(properties, options.ldap_bind_anonym, "ambari.ldap.connectivity.anonymous_bind", "Bind anonymously [true/false]{0}: ", REGEX_TRUE_FALSE, False, "false"),
+ LdapPropTemplate(properties, options.ldap_sync_username_collisions_behavior, "ambari.ldap.advance.collision_behavior", "Handling behavior for username collisions [convert/skip] for LDAP sync{0}: ", REGEX_SKIP_CONVERT, False, "skip"),
+ LdapPropTemplate(properties, options.ldap_force_lowercase_usernames, "ambari.ldap.advanced.force_lowercase_usernames", "Force lower-case user names [true/false]{0}:", REGEX_TRUE_FALSE, True),
+ LdapPropTemplate(properties, options.ldap_pagination_enabled, "ambari.ldap.advanced.pagination_enabled", "Results from LDAP are paginated when requested [true/false]{0}:", REGEX_TRUE_FALSE, True)
]
return ldap_properties
+def get_default_prop_value(ldap_type, default_value_map):
+ return default_value_map[ldap_type] if ldap_type in default_value_map else None
+
+
def update_ldap_configuration(options, properties, ldap_property_value_map):
admin_login, admin_password = get_ambari_admin_username_password_pair(options)
request_data = {
@@ -687,6 +704,14 @@ def update_ldap_configuration(options, properties, ldap_property_value_map):
request_data['Configuration']['properties'] = ldap_property_value_map
perform_changes_via_rest_api(properties, admin_login, admin_password, SETUP_LDAP_CONFIG_URL, 'PUT', request_data)
+def query_ldap_type():
+ return get_validated_string_input("Please select the type of LDAP you want to use ({}):".format(", ".join(LDAP_TYPES)),
+ None,
+ REGEX_LDAP_TYPE,
+ "Please enter one of the followings '{}'!".format("', '".join(LDAP_TYPES)),
+ False,
+ False)
+
def setup_ldap(options):
logger.info("Setup LDAP.")
@@ -719,7 +744,9 @@ def setup_ldap(options):
options.ldap_secondary_host = options.ldap_secondary_url.split(':')[0]
options.ldap_secondary_port = options.ldap_secondary_url.split(':')[1]
- ldap_property_list_reqd = init_ldap_properties_list_reqd(properties, options)
+ ldap_type = query_ldap_type()
+
+ ldap_property_list_reqd = init_ldap_properties_list_reqd(properties, options, ldap_type)
ldap_property_list_opt = [LDAP_MGR_USERNAME_PROPERTY,
LDAP_MGR_PASSWORD_PROPERTY,
@@ -729,7 +756,10 @@ def setup_ldap(options):
ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PASSWORD_PROPERTY]
- LDAP_MGR_DN_DEFAULT = None
+ ldap_mgr_dn_default = get_default_prop_value(ldap_type, {
+ LDAP_AD:'cn=ldapbind,dc=ambari,dc=apache,dc=org',
+ LDAP_IPA:'uid=ldapbind,cn=users,cn=accounts,dc=ambari,dc=apache,dc=org',
+ LDAP_GENERIC:'uid=ldapbind,cn=users,dc=ambari,dc=apache,dc=org'})
SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
@@ -737,69 +767,69 @@ def setup_ldap(options):
ldap_property_value_map = {}
ldap_property_values_in_ambari_properties = {}
for ldap_prop in ldap_property_list_reqd:
- input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex,
+ input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_value, ldap_prop.prompt_regex,
"Invalid characters in the input!", False, ldap_prop.allow_empty_prompt,
answer = ldap_prop.option)
if input is not None and input != "":
ldap_property_value_map[ldap_prop.prop_name] = input
- bindAnonymously = ldap_property_value_map[LDAP_ANONYMOUS_BIND]
- anonymous = (bindAnonymously and bindAnonymously.lower() == 'true')
- mgr_password = None
- # Ask for manager credentials only if bindAnonymously is false
- if not anonymous:
- username = get_validated_string_input("Manager DN* {0}: ".format(
- get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
- "Invalid characters in the input!", False, False, answer = options.ldap_manager_dn)
- ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
- mgr_password = configure_ldap_password(options)
- ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
-
- useSSL = ldap_property_value_map[LDAP_USE_SSL]
- ldaps = (useSSL and useSSL.lower() == 'true')
- ts_password = None
-
- if ldaps:
- truststore_default = "n"
- truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
- if truststore_set:
- truststore_default = "y"
- custom_trust_store = True if options.trust_store_path is not None and options.trust_store_path else False
- if not custom_trust_store:
- custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
- format(truststore_default),
- truststore_set)
- if custom_trust_store:
- ts_type = get_validated_string_input("TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
- SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer=options.trust_store_type)
- ts_path = None
- while True:
- ts_path = get_validated_string_input("Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
- SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path)
- if os.path.exists(ts_path):
- break
- else:
- print 'File not found.'
- hasAnswer = options.trust_store_path is not None and options.trust_store_path
- quit_if_has_answer(hasAnswer)
-
- ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password", options.trust_store_password)
-
- ldap_property_values_in_ambari_properties[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
- ldap_property_values_in_ambari_properties[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
- ldap_property_values_in_ambari_properties[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password
+ if ldap_prop.prop_name == LDAP_ANONYMOUS_BIND:
+ anonymous = (input and input.lower() == 'true')
+ mgr_password = None
+ # Ask for manager credentials only if bindAnonymously is false
+ if not anonymous:
+ username = get_validated_string_input(
+ format_prop_val_prompt("Bind DN{0}: ", get_value_from_properties(properties, LDAP_MGR_USERNAME_PROPERTY, ldap_mgr_dn_default)),
+ ldap_mgr_dn_default, ".*",
+ "Invalid characters in the input!", False, False, answer = options.ldap_manager_dn)
+ ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
+ mgr_password = configure_ldap_password(options)
+ ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
+ elif ldap_prop.prop_name == LDAP_USE_SSL:
+ ldaps = (input and input.lower() == 'true')
+ ts_password = None
+
+ if ldaps:
+ truststore_default = "n"
+ truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
+ if truststore_set:
+ truststore_default = "y"
+ custom_trust_store = True if options.trust_store_path is not None and options.trust_store_path else False
+ if not custom_trust_store:
+ custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
+ format(truststore_default),
+ truststore_set)
+ if custom_trust_store:
+ ts_type = get_validated_string_input("TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
+ SSL_TRUSTSTORE_TYPE_DEFAULT, "^(jks|jceks|pkcs12)?$", "Wrong type", False, answer=options.trust_store_type)
+ ts_path = None
+ while True:
+ ts_path = get_validated_string_input("Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
+ SSL_TRUSTSTORE_PATH_DEFAULT, ".*", False, False, answer = options.trust_store_path)
+ if os.path.exists(ts_path):
+ break
+ else:
+ print 'File not found.'
+ hasAnswer = options.trust_store_path is not None and options.trust_store_path
+ quit_if_has_answer(hasAnswer)
+
+ ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password", options.trust_store_password)
+
+ ldap_property_values_in_ambari_properties[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
+ ldap_property_values_in_ambari_properties[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
+ ldap_property_values_in_ambari_properties[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password
+ pass
+ elif properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY):
+ print 'The TrustStore is already configured: '
+ print ' ' + SSL_TRUSTSTORE_TYPE_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
+ print ' ' + SSL_TRUSTSTORE_PATH_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
+ print ' ' + SSL_TRUSTSTORE_PASSWORD_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
+ if get_YN_input("Do you want to remove these properties [y/n] (y)? ", True, options.trust_store_reconfigure):
+ properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
+ properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
+ properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
+ pass
pass
- elif properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY):
- print 'The TrustStore is already configured: '
- print ' ' + SSL_TRUSTSTORE_TYPE_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
- print ' ' + SSL_TRUSTSTORE_PATH_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
- print ' ' + SSL_TRUSTSTORE_PASSWORD_PROPERTY + ' = ' + properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
- if get_YN_input("Do you want to remove these properties [y/n] (y)? ", True, options.trust_store_reconfigure):
- properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
- properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
- properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
- pass
- pass
print '=' * 20
print 'Review Settings'
diff --git a/ambari-server/src/main/python/ambari_server/userInput.py b/ambari-server/src/main/python/ambari_server/userInput.py
index 1f31152..a00709e 100644
--- a/ambari-server/src/main/python/ambari_server/userInput.py
+++ b/ambari-server/src/main/python/ambari_server/userInput.py
@@ -19,7 +19,6 @@ limitations under the License.
'''
import os
-import getpass
import re
from ambari_commons.logging_utils import get_silent
@@ -157,31 +156,32 @@ def get_prompt_default(defaultStr=None):
return '(' + defaultStr + ')'
-def read_password(passwordDefault,
- passwordPattern,
- passwordPrompt=None,
- passwordDescr=None,
- answer=None):
+def read_password(password_default,
+ password_pattern,
+ password_prompt=None,
+ password_descr=None,
+ answer=None,
+ confirm_password_prompt="Re-enter password: "):
input = True
while(input):
# setup password
- if passwordPrompt is None:
- passwordPrompt = 'Password (' + passwordDefault + '): '
+ if password_prompt is None:
+ password_prompt = 'Password (' + password_default + '): '
- if passwordDescr is None:
- passwordDescr = "Invalid characters in password. Use only alphanumeric or " \
+ if password_descr is None:
+ password_descr = "Invalid characters in password. Use only alphanumeric or " \
"_ or - characters"
- password = get_validated_string_input(passwordPrompt, passwordDefault,
- passwordPattern, passwordDescr, True, answer = answer)
+ password = get_validated_string_input(password_prompt, password_default,
+ password_pattern, password_descr, True, answer = answer)
if not password:
print 'Password cannot be blank.'
continue
- if password != passwordDefault:
- password1 = get_validated_string_input("Re-enter password: ", passwordDefault, passwordPattern,
- passwordDescr, True, answer = answer)
+ if password != password_default:
+ password1 = get_validated_string_input(confirm_password_prompt, password_default, password_pattern,
+ password_descr, True, answer = answer)
if password != password1:
print "Passwords do not match"
continue
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index 1bd528c..ca17ea7 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -16,41 +16,32 @@ See the License for the specific language governing permissions and
limitations under the License.
'''
import os
-from mock.mock import patch, MagicMock, create_autospec, call
import sys
+from mock.mock import patch, MagicMock, call
with patch.object(os, "geteuid", new=MagicMock(return_value=0)):
from resource_management.core import sudo
reload(sudo)
-from stacks.utils.RMFTestCase import *
-
-import traceback
import datetime
-import errno
import json
import operator
from ambari_commons import subprocess32
-from optparse import OptionParser
import platform
import socket
import re
-import shutil
import signal
import stat
import StringIO
import tempfile
-import logging
-import logging.handlers
-import logging.config
from unittest import TestCase
os.environ["ROOT"] = ""
-from only_for_platform import get_platform, not_for_platform, only_for_platform, os_distro_value, PLATFORM_LINUX, PLATFORM_WINDOWS
+from only_for_platform import get_platform, not_for_platform, only_for_platform, os_distro_value, PLATFORM_WINDOWS
from ambari_commons import os_utils
if get_platform() != PLATFORM_WINDOWS:
- from pwd import getpwnam
+ pass
import shutil
project_dir = os.path.join(os.path.abspath(os.path.dirname(__file__)),os.path.normpath("../../../../"))
@@ -91,8 +82,7 @@ with patch.object(platform, "linux_distribution", return_value = MagicMock(retur
from ambari_server.dbConfiguration_linux import PGConfig, LinuxDBMSConfig, OracleConfig
from ambari_server.properties import Properties
from ambari_server.resourceFilesKeeper import ResourceFilesKeeper, KeeperException
- from ambari_server.serverConfiguration import configDefaults, get_java_exe_path, \
- check_database_name_property, OS_FAMILY_PROPERTY, \
+ from ambari_server.serverConfiguration import configDefaults, check_database_name_property, OS_FAMILY_PROPERTY, \
find_properties_file, get_ambari_properties, get_JAVA_HOME, \
parse_properties_file, read_ambari_user, update_ambari_properties, update_properties_2, write_property, find_jdk, \
get_is_active_instance, \
@@ -101,36 +91,31 @@ with patch.object(platform, "linux_distribution", return_value = MagicMock(retur
JDBC_DATABASE_NAME_PROPERTY, OS_TYPE_PROPERTY, validate_jdk, JDBC_POSTGRES_SCHEMA_PROPERTY, \
RESOURCES_DIR_PROPERTY, JDBC_RCA_PASSWORD_ALIAS, JDBC_RCA_SCHEMA_PROPERTY, \
SSL_API, SSL_API_PORT, CLIENT_API_PORT_PROPERTY,\
- JDBC_CONNECTION_POOL_TYPE, JDBC_CONNECTION_POOL_ACQUISITION_SIZE, \
- JDBC_CONNECTION_POOL_IDLE_TEST_INTERVAL, JDBC_CONNECTION_POOL_MAX_AGE, JDBC_CONNECTION_POOL_MAX_IDLE_TIME, \
- JDBC_CONNECTION_POOL_MAX_IDLE_TIME_EXCESS,\
- LDAP_MGR_PASSWORD_PROPERTY, LDAP_MGR_PASSWORD_ALIAS, JDBC_PASSWORD_FILENAME, NR_USER_PROPERTY, SECURITY_KEY_IS_PERSISTED, \
+ JDBC_CONNECTION_POOL_TYPE, LDAP_MGR_PASSWORD_PROPERTY, LDAP_MGR_PASSWORD_ALIAS, JDBC_PASSWORD_FILENAME, NR_USER_PROPERTY, SECURITY_KEY_IS_PERSISTED, \
SSL_TRUSTSTORE_PASSWORD_PROPERTY, SECURITY_IS_ENCRYPTION_ENABLED, PID_DIR_PROPERTY, SSL_TRUSTSTORE_PASSWORD_ALIAS, \
SECURITY_MASTER_KEY_LOCATION, SECURITY_KEYS_DIR, store_password_file, \
- get_pass_file_path, GET_FQDN_SERVICE_URL, JDBC_USE_INTEGRATED_AUTH_PROPERTY, SECURITY_KEY_ENV_VAR_NAME, \
+ get_pass_file_path, GET_FQDN_SERVICE_URL, SECURITY_KEY_ENV_VAR_NAME, \
JAVA_HOME_PROPERTY, JDK_NAME_PROPERTY, JCE_NAME_PROPERTY, STACK_LOCATION_KEY, SERVER_VERSION_FILE_PATH, \
COMMON_SERVICES_PATH_PROPERTY, WEBAPP_DIR_PROPERTY, SHARED_RESOURCES_DIR, BOOTSTRAP_SCRIPT, \
CUSTOM_ACTION_DEFINITIONS, BOOTSTRAP_SETUP_AGENT_SCRIPT, STACKADVISOR_SCRIPT, BOOTSTRAP_DIR_PROPERTY, MPACKS_STAGING_PATH_PROPERTY, STACK_JAVA_VERSION
from ambari_server.serverUtils import is_server_runing, refresh_stack_hash
from ambari_server.serverSetup import check_selinux, check_ambari_user, proceedJDBCProperties, SE_STATUS_DISABLED, SE_MODE_ENFORCING, configure_os_settings, \
download_and_install_jdk, prompt_db_properties, setup, \
- AmbariUserChecks, AmbariUserChecksLinux, AmbariUserChecksWindows, JDKSetup, reset, setup_jce_policy, expand_jce_zip_file, check_ambari_java_version_is_valid
- from ambari_server.serverUpgrade import upgrade, change_objects_owner, \
- run_schema_upgrade, move_user_custom_actions, find_and_copy_custom_services
+ AmbariUserChecks, JDKSetup, reset, setup_jce_policy, expand_jce_zip_file, check_ambari_java_version_is_valid
+ from ambari_server.serverUpgrade import upgrade, run_schema_upgrade, move_user_custom_actions, find_and_copy_custom_services
from ambari_server.setupHttps import is_valid_https_port, setup_https, import_cert_and_key_action, get_fqdn, \
generate_random_string, get_cert_info, COMMON_NAME_ATTR, is_valid_cert_exp, NOT_AFTER_ATTR, NOT_BEFORE_ATTR, \
SSL_DATE_FORMAT, import_cert_and_key, is_valid_cert_host, setup_truststore, \
- SRVR_ONE_WAY_SSL_PORT_PROPERTY, SRVR_TWO_WAY_SSL_PORT_PROPERTY, GANGLIA_HTTPS
- from ambari_server.setupSecurity import adjust_directory_permissions, get_alias_string, get_ldap_event_spec_names, sync_ldap, LdapSyncOptions, \
+ SRVR_ONE_WAY_SSL_PORT_PROPERTY, SRVR_TWO_WAY_SSL_PORT_PROPERTY
+ from ambari_server.setupSecurity import adjust_directory_permissions, get_alias_string, get_ldap_event_spec_names, sync_ldap, \
configure_ldap_password, setup_ldap, REGEX_HOSTNAME_PORT, REGEX_TRUE_FALSE, REGEX_ANYTHING, setup_master_key, \
- setup_ambari_krb5_jaas, ensure_can_start_under_current_user, generate_env, IS_LDAP_CONFIGURED
+ setup_ambari_krb5_jaas
from ambari_server.userInput import get_YN_input, get_choice_string_input, get_validated_string_input, \
read_password
from ambari_server_main import get_ulimit_open_files, ULIMIT_OPEN_FILES_KEY, ULIMIT_OPEN_FILES_DEFAULT
from ambari_server.serverClassPath import JDBC_DRIVER_PATH_PROPERTY, ServerClassPath
from ambari_server.hostUpdate import update_host_names
from ambari_server.checkDatabase import check_database
- from ambari_server import serverConfiguration
CURR_AMBARI_VERSION = "2.0.0"
@@ -7146,7 +7131,8 @@ class TestAmbariServer(TestCase):
@patch("ambari_server.setupSecurity.get_ambari_properties")
@patch("ambari_server.setupSecurity.logger")
@patch("ambari_server.setupSecurity.is_server_runing")
- def test_setup_ldap_invalid_input(self, is_server_runing_method, logger_mock, get_ambari_properties_method,
+ @patch("ambari_server.setupSecurity.query_ldap_type")
+ def test_setup_ldap_invalid_input(self, query_ldap_type_method, is_server_runing_method, logger_mock, get_ambari_properties_method,
search_file_message,
update_properties_method,
get_YN_input_method,
@@ -7156,6 +7142,7 @@ class TestAmbariServer(TestCase):
sys.stdout = out
is_server_runing_method.return_value = (True, 0)
search_file_message.return_value = "filepath"
+ query_ldap_type_method.return_value = 'Generic LDAP'
properties = Properties();
properties.process_pair(SECURITY_MASTER_KEY_LOCATION, "filepath")
@@ -7351,8 +7338,10 @@ class TestAmbariServer(TestCase):
return 'false'
if 'username collisions' in args[0]:
return 'skip'
- if 'URL Port' in args[0]:
+ if 'LDAP Port' in args[0]:
return '1'
+ if 'Use SSL' in args[0]:
+ return 'false'
if args[1] == "true" or args[1] == "false":
return args[1]
else:
@@ -7406,7 +7395,7 @@ class TestAmbariServer(TestCase):
return "bogus"
else:
return "valid"
- if 'URL Port' in args[0]:
+ if 'LDAP Port' in args[0]:
return '1'
if args[1] == "true" or args[1] == "false":
return args[1]
@@ -7487,9 +7476,9 @@ class TestAmbariServer(TestCase):
return 'false'
if 'username collisions' in args[0]:
return 'skip'
- if 'URL Port' in args[0]:
+ if 'LDAP Port' in args[0]:
return '1'
- if 'Primary URL' in args[0]:
+ if 'LDAP Host' in args[0]:
return kwargs['answer']
if args[1] == "true" or args[1] == "false":
return args[1]