You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ol...@apache.org on 2016/10/03 14:19:38 UTC
[1/5] ambari git commit: AMBARI-18293. Enable log search for NIFI_CA
component (Miklos Gergely via oleewere)
Repository: ambari
Updated Branches:
refs/heads/branch-dev-logsearch 6df5b1c24 -> b72b720cb
AMBARI-18293. Enable log search for NIFI_CA component (Miklos Gergely via oleewere)
Change-Id: I62deb855422f53c8069f4b75a7621cdeb596846f
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bc327fb9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bc327fb9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bc327fb9
Branch: refs/heads/branch-dev-logsearch
Commit: bc327fb9907652e74a584e32e4f87d1665ea190e
Parents: 6df5b1c
Author: Miklos Gergely <mg...@hortonworks.com>
Authored: Mon Oct 3 16:09:10 2016 +0200
Committer: oleewere <ol...@gmail.com>
Committed: Mon Oct 3 16:09:10 2016 +0200
----------------------------------------------------------------------
.../0.5.0/package/templates/HadoopServiceConfig.json.j2 | 3 +++
.../0.5.0/package/templates/input.config-nifi.json.j2 | 7 ++++++-
2 files changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/bc327fb9/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/HadoopServiceConfig.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/HadoopServiceConfig.json.j2 b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/HadoopServiceConfig.json.j2
index 9ce3fde..7982631 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/HadoopServiceConfig.json.j2
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/HadoopServiceConfig.json.j2
@@ -281,6 +281,9 @@
},
{
"name": "nifi_user"
+ },
+ {
+ "name": "nifi_ca"
}
],
"dependencies": [
http://git-wip-us.apache.org/repos/asf/ambari/blob/bc327fb9/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-nifi.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-nifi.json.j2 b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-nifi.json.j2
index 99f1740..fe5c426 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-nifi.json.j2
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-nifi.json.j2
@@ -36,8 +36,12 @@
"type":"nifi_user",
"rowtype":"service",
"path":"{{nifi_log_dir}}/nifi-user.log"
+ },
+ {
+ "type":"nifi_ca",
+ "rowtype":"service",
+ "path":"{{nifi_log_dir}}/nifi-ca.stdout"
}
-
],
"filter":[
{
@@ -49,6 +53,7 @@
"nifi_bootstrap",
"nifi_setup",
"nifi_user",
+ "nifi_ca"
]
}
[5/5] ambari git commit: AMBARI-18510. Use logsearch truststore to
look for credential in case of external authentication (Miklos Gergely via
oleewere)
Posted by ol...@apache.org.
AMBARI-18510. Use logsearch truststore to look for credential in case of external authentication (Miklos Gergely via oleewere)
Change-Id: I44bd04868d00574c339fd31c8303a7abf97686f6
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b72b720c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b72b720c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b72b720c
Branch: refs/heads/branch-dev-logsearch
Commit: b72b720cbe939f20c299a61b51783c7576dcb32d
Parents: 875581b
Author: Miklos Gergely <mg...@hortonworks.com>
Authored: Mon Oct 3 16:14:54 2016 +0200
Committer: oleewere <ol...@gmail.com>
Committed: Mon Oct 3 16:14:54 2016 +0200
----------------------------------------------------------------------
.../src/main/scripts/run.sh | 4 +-
.../org/apache/ambari/logsearch/LogSearch.java | 32 +--
.../logsearch/common/ExternalServerClient.java | 24 +-
.../logsearch/common/PropertiesHelper.java | 2 +-
.../apache/ambari/logsearch/util/SSLUtil.java | 107 +++++++++
...LogsearchAbstractAuthenticationProvider.java | 20 +-
.../LogsearchAuthenticationProvider.java | 86 +++----
...rchExternalServerAuthenticationProvider.java | 97 +++-----
.../LogsearchFileAuthenticationProvider.java | 9 +-
.../LogsearchSimpleAuthenticationProvider.java | 23 +-
.../src/main/scripts/run.sh | 2 +-
.../LogsearchAuthenticationProviderTest.java | 205 ++++++++++++++++
...xternalServerAuthenticationProviderTest.java | 185 +++++++++++++++
...LogsearchFileAuthenticationProviderTest.java | 231 +++++++++++++++++++
...LogsearchLdapAuthenticationProviderTest.java | 61 +++++
...gsearchSimpleAuthenticationProviderTest.java | 118 ++++++++++
.../src/test/resources/logsearch.properties | 3 +-
ambari-logsearch/docker/.gitignore | 2 +-
ambari-logsearch/docker/Dockerfile | 14 +-
ambari-logsearch/docker/bin/start.sh | 57 ++++-
ambari-logsearch/docker/logsearch-docker.sh | 6 +-
.../test-config/logfeeder/logfeeder-env.sh | 13 +-
.../test-config/logsearch/logsearch-env.sh | 12 +-
.../logsearch/logsearch-https.properties | 55 +++++
.../docker/test-config/solr/solr-env-ssl.sh | 101 ++++++++
.../docker/test-config/solr/solr-env.sh | 4 +-
.../0.1.0/properties/infra-solr-env.sh.j2 | 4 +-
.../0.5.0/properties/logsearch-env.sh.j2 | 2 +-
28 files changed, 1256 insertions(+), 223 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-logfeeder/src/main/scripts/run.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/scripts/run.sh b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/scripts/run.sh
index dfc7b7b..5aecd00 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/scripts/run.sh
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/scripts/run.sh
@@ -97,9 +97,9 @@ if [ $foreground -eq 0 ]; then
echo "Starting logfeeder. Output file=$LOGFILE pid_file=$PID_FILE"
#LOGFEEDER_CLI_CLASSPATH=
#set -x
- nohup $JAVA -cp "$LOGFEEDER_CLI_CLASSPATH:$LOGFEEDER_CONF_DIR:$script_dir/libs/*:$script_dir/classes:$script_dir/LogProcessor.jar" $LOGFEEDER_GC_OPTS $LOGFEEDER_JAVA_MEM $LOGFEEDER_JAVA_OPTS $JMX org.apache.ambari.logfeeder.LogFeeder $* > $LOGFILE 2>&1 &
+ nohup $JAVA -cp "$LOGFEEDER_CLI_CLASSPATH:$LOGFEEDER_CONF_DIR:$script_dir/libs/*:$script_dir/classes" $LOGFEEDER_GC_OPTS $LOGFEEDER_JAVA_MEM $LOGFEEDER_JAVA_OPTS $JMX org.apache.ambari.logfeeder.LogFeeder $* > $LOGFILE 2>&1 &
echo $! > $PID_FILE
else
- $JAVA -cp "$LOGFEEDER_CLI_CLASSPATH:$LOGFEEDER_CONF_DIR:$script_dir/libs/*:$script_dir/classes:$script_dir/LogProcessor.jar" $LOGFEEDER_JAVA_MEM $LOGFEEDER_JAVA_OPTS $JMX org.apache.ambari.logfeeder.LogFeeder $*
+ $JAVA -cp "$LOGFEEDER_CLI_CLASSPATH:$LOGFEEDER_CONF_DIR:$script_dir/libs/*:$script_dir/classes" $LOGFEEDER_JAVA_MEM $LOGFEEDER_JAVA_OPTS $JMX org.apache.ambari.logfeeder.LogFeeder $*
fi
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/LogSearch.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/LogSearch.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/LogSearch.java
index 75d8be3..5a7cf02 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/LogSearch.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/LogSearch.java
@@ -29,6 +29,7 @@ import java.util.EnumSet;
import org.apache.ambari.logsearch.common.ManageStartEndTime;
import org.apache.ambari.logsearch.common.PropertiesHelper;
import org.apache.ambari.logsearch.conf.ApplicationConfig;
+import org.apache.ambari.logsearch.util.SSLUtil;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.eclipse.jetty.server.Connector;
@@ -56,15 +57,6 @@ import javax.servlet.DispatcherType;
public class LogSearch {
private static final Logger logger = Logger.getLogger(LogSearch.class);
- private static final String KEYSTORE_LOCATION_ARG = "javax.net.ssl.keyStore";
- private static final String KEYSTORE_PASSWORD_ARG = "javax.net.ssl.keyStorePassword";
- private static final String KEYSTORE_TYPE_ARG = "javax.net.ssl.keyStoreType";
- private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
- private static final String TRUSTSTORE_LOCATION_ARG = "javax.net.ssl.trustStore";
- private static final String TRUSTSTORE_PASSWORD_ARG = "javax.net.ssl.trustStorePassword";
- private static final String TRUSTSTORE_TYPE_ARG = "javax.net.ssl.trustStoreType";
- private static final String DEFAULT_TRUSTSTORE_TYPE = "JKS";
-
private static final String LOGSEARCH_PROTOCOL_PROP = "logsearch.protocol";
private static final String HTTPS_PROTOCOL = "https";
private static final String HTTP_PROTOCOL = "http";
@@ -112,28 +104,13 @@ public class LogSearch {
protcolProperty = HTTP_PROTOCOL;
}
String port = null;
- String keystoreLocation = System.getProperty(KEYSTORE_LOCATION_ARG);
- String keystorePassword = System.getProperty(KEYSTORE_PASSWORD_ARG);
- String keystoreType = System.getProperty(KEYSTORE_TYPE_ARG,DEFAULT_KEYSTORE_TYPE);
- String trustStoreLocation = System.getProperty(TRUSTSTORE_LOCATION_ARG);
- String trustStorePassword = System.getProperty(TRUSTSTORE_PASSWORD_ARG);
- String trustStoreType = System.getProperty(TRUSTSTORE_TYPE_ARG,DEFAULT_TRUSTSTORE_TYPE);
- if (HTTPS_PROTOCOL.equals(protcolProperty)
- && !StringUtils.isEmpty(keystoreLocation) && !StringUtils.isEmpty(keystorePassword)) {
+ if (HTTPS_PROTOCOL.equals(protcolProperty) && SSLUtil.isKeyStoreSpecified()) {
logger.info("Building https server...........");
port = portSpecified ? argv[0] : HTTPS_PORT;
checkPort(Integer.parseInt(port));
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
- SslContextFactory sslContextFactory = new SslContextFactory();
- sslContextFactory.setKeyStorePath(keystoreLocation);
- sslContextFactory.setKeyStorePassword(keystorePassword);
- sslContextFactory.setKeyStoreType(keystoreType);
- if (!StringUtils.isEmpty(trustStoreLocation) && !StringUtils.isEmpty(trustStorePassword)) {
- sslContextFactory.setTrustStorePath(trustStoreLocation);
- sslContextFactory.setTrustStorePassword(trustStorePassword);
- sslContextFactory.setTrustStoreType(trustStoreType);
- }
+ SslContextFactory sslContextFactory = SSLUtil.getSslContextFactory();
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(https));
@@ -146,8 +123,7 @@ public class LogSearch {
connector.setPort(Integer.parseInt(port));
server.setConnectors(new Connector[] { connector });
}
- URI logsearchURI = URI.create(String.format("%s://0.0.0.0:%s", protcolProperty,
- port));
+ URI logsearchURI = URI.create(String.format("%s://0.0.0.0:%s", protcolProperty, port));
logger.info("Starting logsearch server URI=" + logsearchURI);
return server;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/ExternalServerClient.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/ExternalServerClient.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/ExternalServerClient.java
index c476b9d..1207373 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/ExternalServerClient.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/ExternalServerClient.java
@@ -18,18 +18,14 @@
*/
package org.apache.ambari.logsearch.common;
-import java.util.List;
-import java.util.Map;
-
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import org.apache.ambari.logsearch.conf.AuthPropsConfig;
-import org.apache.commons.lang.StringUtils;
+import org.apache.ambari.logsearch.util.SSLUtil;
import org.apache.log4j.Logger;
import org.glassfish.jersey.client.JerseyClient;
import org.glassfish.jersey.client.JerseyClientBuilder;
@@ -42,10 +38,12 @@ import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
public class ExternalServerClient {
private static Logger LOG = Logger.getLogger(ExternalServerClient.class);
- private static final ThreadLocal<JerseyClient> localJerseyClient = new ThreadLocal<JerseyClient>(){
+ private static final ThreadLocal<JerseyClient> localJerseyClient = new ThreadLocal<JerseyClient>() {
@Override
protected JerseyClient initialValue() {
- return JerseyClientBuilder.createClient();
+ return SSLUtil.isKeyStoreSpecified() ?
+ new JerseyClientBuilder().sslContext(SSLUtil.getSSLContext()).build() :
+ JerseyClientBuilder.createClient();
}
};
@@ -55,10 +53,8 @@ public class ExternalServerClient {
/**
* Send GET request to an external server
*/
- public Object sendGETRequest(String url, Class klass, MultivaluedMap<String, String> queryParam,
- String username, String password)
- throws Exception {
- url = authPropsConfig.getExternalAuthHostUrl() + url;
+ public Object sendGETRequest(String loginUrl, Class<?> klass, String username, String password) throws Exception {
+ String url = authPropsConfig.getExternalAuthHostUrl() + loginUrl;
JerseyClient client = localJerseyClient.get();
HttpAuthenticationFeature authFeature = HttpAuthenticationFeature.basicBuilder()
.credentials(username, password)
@@ -67,11 +63,7 @@ public class ExternalServerClient {
WebTarget target = client.target(url);
LOG.debug("URL: " + url);
- for (Map.Entry<String, List<String>> entry : queryParam.entrySet()) {
- target = target.queryParam(entry.getKey(), entry.getValue());
- LOG.debug(
- String.format("Query parameter: name - %s ; value - %s ;" + entry.getKey(), StringUtils.join(entry.getValue(),',')));
- }
+
Invocation.Builder invocationBuilder = target.request(MediaType.APPLICATION_JSON_TYPE);
try {
return invocationBuilder.get().readEntity(klass);
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/PropertiesHelper.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/PropertiesHelper.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/PropertiesHelper.java
index 1844d8f..257ae3c 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/PropertiesHelper.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/common/PropertiesHelper.java
@@ -43,7 +43,7 @@ public class PropertiesHelper extends PropertyPlaceholderConfigurer {
private PropertiesHelper() {
}
- static {
+ static {
propertiesMap = new HashMap<String, String>();
Properties properties = new Properties();
URL fileCompleteUrl = Thread.currentThread().getContextClassLoader().getResource(LOGSEARCH_PROP_FILE);
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
new file mode 100644
index 0000000..206f793
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ambari.logsearch.util;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+public class SSLUtil {
+ private static final Logger logger = Logger.getLogger(SSLUtil.class);
+
+ private static final String KEYSTORE_LOCATION_ARG = "javax.net.ssl.keyStore";
+ private static final String KEYSTORE_PASSWORD_ARG = "javax.net.ssl.keyStorePassword";
+ private static final String KEYSTORE_TYPE_ARG = "javax.net.ssl.keyStoreType";
+ private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
+ private static final String TRUSTSTORE_LOCATION_ARG = "javax.net.ssl.trustStore";
+ private static final String TRUSTSTORE_PASSWORD_ARG = "javax.net.ssl.trustStorePassword";
+ private static final String TRUSTSTORE_TYPE_ARG = "javax.net.ssl.trustStoreType";
+ private static final String DEFAULT_TRUSTSTORE_TYPE = "JKS";
+
+ private SSLUtil() {
+ throw new UnsupportedOperationException();
+ }
+
+ public static String getKeyStoreLocation() {
+ return System.getProperty(KEYSTORE_LOCATION_ARG);
+ }
+
+ public static String getKeyStorePassword() {
+ return System.getProperty(KEYSTORE_PASSWORD_ARG);
+ }
+
+ public static String getKeyStoreType() {
+ return System.getProperty(KEYSTORE_TYPE_ARG, DEFAULT_KEYSTORE_TYPE);
+ }
+
+ public static String getTrustStoreLocation() {
+ return System.getProperty(TRUSTSTORE_LOCATION_ARG);
+ }
+
+ public static String getTrustStorePassword() {
+ return System.getProperty(TRUSTSTORE_PASSWORD_ARG);
+ }
+
+ public static String getTrustStoreType() {
+ return System.getProperty(TRUSTSTORE_TYPE_ARG, DEFAULT_TRUSTSTORE_TYPE);
+ }
+
+ public static boolean isKeyStoreSpecified() {
+ return StringUtils.isNotEmpty(getKeyStoreLocation()) && StringUtils.isNotEmpty(getKeyStorePassword());
+ }
+
+ private static boolean isTrustStoreSpecified() {
+ return StringUtils.isNotEmpty(getTrustStoreLocation()) && StringUtils.isNotEmpty(getTrustStorePassword());
+ }
+
+ public static SslContextFactory getSslContextFactory() {
+ SslContextFactory sslContextFactory = new SslContextFactory();
+ sslContextFactory.setKeyStorePath(getKeyStoreLocation());
+ sslContextFactory.setKeyStorePassword(getKeyStorePassword());
+ sslContextFactory.setKeyStoreType(getKeyStoreType());
+ if (isTrustStoreSpecified()) {
+ sslContextFactory.setTrustStorePath(getTrustStoreLocation());
+ sslContextFactory.setTrustStorePassword(getTrustStorePassword());
+ sslContextFactory.setTrustStoreType(getTrustStoreType());
+ }
+
+ return sslContextFactory;
+ }
+
+ public static SSLContext getSSLContext() {
+ SslContextFactory sslContextFactory = getSslContextFactory();
+
+ try {
+ sslContextFactory.start();
+ return sslContextFactory.getSslContext();
+ } catch (Exception e) {
+ logger.error("Could not create SSL Context", e);
+ return null;
+ } finally {
+ try {
+ sslContextFactory.stop();
+ } catch (Exception e) {
+ logger.error("Could not stop sslContextFactory", e);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java
index eab33a1..eb6c9f1 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAbstractAuthenticationProvider.java
@@ -27,11 +27,11 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
-public abstract class LogsearchAbstractAuthenticationProvider implements AuthenticationProvider {
+abstract class LogsearchAbstractAuthenticationProvider implements AuthenticationProvider {
- public final static String AUTH_METHOD_PROP_START_WITH = "logsearch.auth.";
+ private static final String AUTH_METHOD_PROPERTY_PREFIX = "logsearch.auth.";
- protected enum AUTH_METHOD {
+ protected enum AuthMethod {
LDAP, FILE, EXTERNAL_AUTH, SIMPLE
};
@@ -42,25 +42,19 @@ public abstract class LogsearchAbstractAuthenticationProvider implements Authent
/**
* GET Default GrantedAuthority
- *
- * @param username
- * @return List<GrantedAuthority>
*/
- protected List<GrantedAuthority> getAuthorities(String username) {
- final List<GrantedAuthority> grantedAuths = new ArrayList<>();
+ protected List<GrantedAuthority> getAuthorities() {
+ List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
return grantedAuths;
}
/**
* Check authentication provider is enable or disable for specified method
- *
- * @param method
- * @return boolean
*/
- public boolean isEnable(AUTH_METHOD method) {
+ public boolean isEnable(AuthMethod method) {
String methodName = method.name().toLowerCase();
- String property = AUTH_METHOD_PROP_START_WITH + methodName + ".enable";
+ String property = AUTH_METHOD_PROPERTY_PREFIX + methodName + ".enable";
boolean isEnable = PropertiesHelper.getBooleanProperty(property, false);
return isEnable;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java
index d37e545..711e3ec 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProvider.java
@@ -20,8 +20,8 @@ package org.apache.ambari.logsearch.web.security;
import java.util.HashMap;
-import org.apache.ambari.logsearch.dao.UserDao;
import org.apache.ambari.logsearch.util.JSONUtil;
+import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -32,15 +32,9 @@ import javax.inject.Inject;
import javax.inject.Named;
@Named
-public class LogsearchAuthenticationProvider extends
- LogsearchAbstractAuthenticationProvider {
- private static final Logger logger = Logger
- .getLogger(LogsearchAuthenticationProvider.class);
- private static Logger auditLogger = Logger
- .getLogger("org.apache.ambari.logsearch.audit");
-
- @Inject
- private UserDao userDao;
+public class LogsearchAuthenticationProvider extends LogsearchAbstractAuthenticationProvider {
+ private static final Logger logger = Logger .getLogger(LogsearchAuthenticationProvider.class);
+ private static final Logger auditLogger = Logger.getLogger("org.apache.ambari.logsearch.audit");
@Inject
private LogsearchLdapAuthenticationProvider ldapAuthenticationProvider;
@@ -49,44 +43,40 @@ public class LogsearchAuthenticationProvider extends
private LogsearchFileAuthenticationProvider fileAuthenticationProvider;
@Inject
- private LogsearchSimpleAuthenticationProvider simpleAuthenticationProvider;
+ private LogsearchExternalServerAuthenticationProvider externalServerAuthenticationProvider;
@Inject
- private LogsearchExternalServerAuthenticationProvider externalServerAuthenticationProvider;
+ private LogsearchSimpleAuthenticationProvider simpleAuthenticationProvider;
@Override
- public Authentication authenticate(Authentication authentication)
- throws AuthenticationException {
- logger.info("Authenticating user:" + authentication.getName()
- + ", userDetail=" + authentication.toString());
- Authentication inAuthentication = authentication;
- AuthenticationException authException = null;
+ public Authentication authenticate(Authentication inAuthentication) throws AuthenticationException {
+ logger.info("Authenticating user:" + inAuthentication.getName() + ", userDetail=" + inAuthentication.toString());
+ logger.info("authentication.class=" + inAuthentication.getClass().getName());
+
HashMap<String, Object> auditRecord = new HashMap<String, Object>();
- auditRecord.put("user", authentication.getName());
- auditRecord.put("principal", authentication.getPrincipal().toString());
- auditRecord.put("auth_class", authentication.getClass().getName());
- logger.info("authentication.class="
- + authentication.getClass().getName());
+ auditRecord.put("user", inAuthentication.getName());
+ auditRecord.put("principal", inAuthentication.getPrincipal().toString());
+ auditRecord.put("auth_class", inAuthentication.getClass().getName());
if (inAuthentication instanceof UsernamePasswordAuthenticationToken) {
UsernamePasswordAuthenticationToken authClass = (UsernamePasswordAuthenticationToken) inAuthentication;
Object details = authClass.getDetails();
if (details instanceof WebAuthenticationDetails) {
WebAuthenticationDetails webAuthentication = (WebAuthenticationDetails) details;
- auditRecord.put("remote_ip",
- webAuthentication.getRemoteAddress());
+ auditRecord.put("remote_ip", webAuthentication.getRemoteAddress());
auditRecord.put("session", webAuthentication.getSessionId());
}
}
+
boolean isSuccess = false;
try {
- for (AUTH_METHOD authMethod : AUTH_METHOD.values()) {
+ Authentication authentication = inAuthentication;
+ AuthenticationException authException = null;
+
+ for (AuthMethod authMethod : AuthMethod.values()) {
try {
authentication = doAuth(authentication, authMethod);
- if (authentication != null
- && authentication.isAuthenticated()) {
- logger.info("Authenticated using method="
- + authMethod.name() + ", user="
- + authentication.getName());
+ if (authentication != null && authentication.isAuthenticated()) {
+ logger.info("Authenticated using method=" + authMethod.name() + ", user=" + authentication.getName());
auditRecord.put("result", "allowed");
isSuccess = true;
auditRecord.put("authType", authMethod.name());
@@ -94,17 +84,15 @@ public class LogsearchAuthenticationProvider extends
}
} catch (AuthenticationException ex) {
if (authException == null) {
- // Let's save the first one
authException = ex;
}
- }catch(Exception e){
- logger.error(e,e.getCause());
+ } catch (Exception e) {
+ logger.error(e, e.getCause());
}
}
+
auditRecord.put("result", "denied");
- logger.warn("Authentication failed for user="
- + inAuthentication.getName() + ", userDetail="
- + inAuthentication.toString());
+ logger.warn("Authentication failed for user=" + inAuthentication.getName() + ", userDetail=" + inAuthentication.toString());
if (authException != null) {
auditRecord.put("reason", authException.getMessage());
throw authException;
@@ -112,25 +100,17 @@ public class LogsearchAuthenticationProvider extends
return authentication;
} finally {
String jsonStr = JSONUtil.mapToJSON(auditRecord);
- if (isSuccess) {
- auditLogger.info(jsonStr);
- } else {
- auditLogger.warn(jsonStr);
- }
+ auditLogger.log(isSuccess ? Level.INFO : Level.WARN, jsonStr);
}
}
- public Authentication doAuth(Authentication authentication, AUTH_METHOD authMethod) {
- if (authMethod.equals(AUTH_METHOD.LDAP)) {
- authentication = ldapAuthenticationProvider.authenticate(authentication);
- } else if (authMethod.equals(AUTH_METHOD.FILE)) {
- authentication = fileAuthenticationProvider.authenticate(authentication);
- } else if (authMethod.equals(AUTH_METHOD.SIMPLE)) {
- authentication = simpleAuthenticationProvider.authenticate(authentication);
- } else if (authMethod.equals(AUTH_METHOD.EXTERNAL_AUTH)) {
- authentication = externalServerAuthenticationProvider.authenticate(authentication);
- } else {
- logger.error("Invalid authentication method :" + authMethod.name());
+ private Authentication doAuth(Authentication authentication, AuthMethod authMethod) {
+ switch (authMethod) {
+ case LDAP: return ldapAuthenticationProvider.authenticate(authentication);
+ case FILE: return fileAuthenticationProvider.authenticate(authentication);
+ case EXTERNAL_AUTH: return externalServerAuthenticationProvider.authenticate(authentication);
+ case SIMPLE: return simpleAuthenticationProvider.authenticate(authentication);
+ default: logger.error("Invalid authentication method :" + authMethod.name());
}
return authentication;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
index 7e146ac..e23f0a2 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
@@ -42,57 +42,30 @@ import org.springframework.security.core.AuthenticationException;
* call
*/
@Named
-public class LogsearchExternalServerAuthenticationProvider extends
- LogsearchAbstractAuthenticationProvider {
+public class LogsearchExternalServerAuthenticationProvider extends LogsearchAbstractAuthenticationProvider {
- private static Logger LOG = Logger
- .getLogger(LogsearchExternalServerAuthenticationProvider.class);
+ private static Logger LOG = Logger.getLogger(LogsearchExternalServerAuthenticationProvider.class);
- public final static String ALLOWED_ROLE_PROP = "logsearch.roles.allowed";
+ private static final String ALLOWED_ROLE_PROP = "logsearch.roles.allowed";
- public static enum PRIVILEGE_INFO {
- PERMISSION_LABEL {
- @Override
- public String toString() {
- return "permission_label";
- }
- },
- PERMISSION_NAME {
- @Override
- public String toString() {
- return "permission_name";
- }
- },
- PRINCIPAL_NAME {
- @Override
- public String toString() {
- return "principal_name";
- }
- },
- PRINCIPAL_TYPE {
- @Override
- public String toString() {
- return "principal_type";
- }
- },
- PRIVILEGE_ID {
- @Override
- public String toString() {
- return "privilege_id";
- }
- },
- TYPE {
- @Override
- public String toString() {
- return "type";
- }
- },
- USER_NAME {
- @Override
- public String toString() {
- return "user_name";
- }
- };
+ private static enum PrivilegeInfo {
+ PERMISSION_LABEL("permission_label"),
+ PERMISSION_NAME("permission_name"),
+ PRINCIPAL_NAME("principal_name"),
+ PRINCIPAL_TYPE("principal_type"),
+ PRIVILEGE_ID("privilege_id"),
+ TYPE("type"),
+ USER_NAME("user_name");
+
+ private String propertyKey;
+
+ private PrivilegeInfo(String name) {
+ this.propertyKey = name;
+ }
+
+ public String toString() {
+ return propertyKey;
+ }
}
@Inject
@@ -104,19 +77,17 @@ public class LogsearchExternalServerAuthenticationProvider extends
/**
* Authenticating user from external-server using REST call
*
- * @param authentication
- * the authentication request object.
+ * @param authentication the authentication request object.
* @return a fully authenticated object including credentials.
- * @throws AuthenticationException
- * if authentication fails.
+ * @throws AuthenticationException if authentication fails.
*/
@Override
- public Authentication authenticate(Authentication authentication)
- throws AuthenticationException {
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (!authPropsConfig.isAuthExternalEnabled()) {
LOG.debug("external server auth is disabled.");
return authentication;
}
+
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (StringUtils.isBlank(username)) {
@@ -125,38 +96,32 @@ public class LogsearchExternalServerAuthenticationProvider extends
if (StringUtils.isBlank(password)) {
throw new BadCredentialsException("Password can't be null or empty.");
}
- // html unescape
password = StringEscapeUtils.unescapeHtml(password);
username = StringEscapeUtils.unescapeHtml(username);
+
try {
String finalLoginUrl = authPropsConfig.getExternalAuthLoginUrl().replace("$USERNAME", username);
- String responseObj = (String) externalServerClient.sendGETRequest(
- finalLoginUrl, String.class, null, username, password);
+ String responseObj = (String) externalServerClient.sendGETRequest(finalLoginUrl, String.class, username, password);
if (!isAllowedRole(responseObj)) {
- LOG.error(username + " does'nt have permission");
+ LOG.error(username + " doesn't have permission");
throw new BadCredentialsException("Invalid User");
}
-
} catch (Exception e) {
- LOG.error("Login failed for username :" + username + " Error :"
- + e.getLocalizedMessage());
+ LOG.error("Login failed for username :" + username + " Error :" + e.getLocalizedMessage());
throw new BadCredentialsException("Bad credentials");
}
- authentication = new UsernamePasswordAuthenticationToken(username,
- password, getAuthorities(username));
+ authentication = new UsernamePasswordAuthenticationToken(username, password, getAuthorities());
return authentication;
}
/**
* Return true/false based on PEMISSION NAME return boolean
*/
- @SuppressWarnings("static-access")
private boolean isAllowedRole(String responseJson) {
String allowedRoleList[] = PropertiesHelper.getPropertyStringList(ALLOWED_ROLE_PROP);
List<String> values = new ArrayList<>();
- JSONUtil.getValuesOfKey(responseJson,
- PRIVILEGE_INFO.PERMISSION_NAME.toString(), values);
+ JSONUtil.getValuesOfKey(responseJson, PrivilegeInfo.PERMISSION_NAME.toString(), values);
if (values.isEmpty())
return true;
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java
index 51b3547..8c12e0a 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProvider.java
@@ -39,7 +39,7 @@ import javax.inject.Named;
@Named
public class LogsearchFileAuthenticationProvider extends LogsearchAbstractAuthenticationProvider {
- private static Logger logger = Logger.getLogger(LogsearchFileAuthenticationProvider.class);
+ private static final Logger logger = Logger.getLogger(LogsearchFileAuthenticationProvider.class);
@Inject
private AuthPropsConfig authPropsConfig;
@@ -53,6 +53,7 @@ public class LogsearchFileAuthenticationProvider extends LogsearchAbstractAuthen
logger.debug("File auth is disabled.");
return authentication;
}
+
String username = authentication.getName();
String password = (String) authentication.getCredentials();
if (StringUtils.isBlank(username)) {
@@ -70,16 +71,16 @@ public class LogsearchFileAuthenticationProvider extends LogsearchAbstractAuthen
logger.error("Username not found.");
throw new BadCredentialsException("User not found.");
}
- if (password == null || password.isEmpty()) {
+ if (StringUtils.isEmpty(user.getPassword())) {
logger.error("Password can't be null or empty.");
throw new BadCredentialsException("Password can't be null or empty.");
}
-
String encPassword = CommonUtil.encryptPassword(username, password);
if (!encPassword.equals(user.getPassword())) {
logger.error("Wrong password for user=" + username);
- throw new BadCredentialsException("Wrong password");
+ throw new BadCredentialsException("Wrong password.");
}
+
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
authentication = new UsernamePasswordAuthenticationToken(username, encPassword, authorities);
return authentication;
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java
index 400361b..92a7aaa 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProvider.java
@@ -34,7 +34,7 @@ import javax.inject.Named;
@Named
public class LogsearchSimpleAuthenticationProvider extends LogsearchAbstractAuthenticationProvider {
- private static Logger logger = Logger.getLogger(LogsearchSimpleAuthenticationProvider.class);
+ private static final Logger logger = Logger.getLogger(LogsearchSimpleAuthenticationProvider.class);
@Inject
private AuthPropsConfig authPropsConfig;
@@ -45,29 +45,28 @@ public class LogsearchSimpleAuthenticationProvider extends LogsearchAbstractAuth
logger.debug("Simple auth is disabled");
return authentication;
}
+
String username = authentication.getName();
String password = (String) authentication.getCredentials();
username = StringEscapeUtils.unescapeHtml(username);
if (StringUtils.isBlank(username)) {
throw new BadCredentialsException("Username can't be null or empty.");
}
+
User user = new User();
user.setUsername(username);
- authentication = new UsernamePasswordAuthenticationToken(username, password, getAuthorities(username));
+ authentication = new UsernamePasswordAuthenticationToken(username, password, getAuthorities());
return authentication;
}
@Override
- public boolean isEnable(AUTH_METHOD method) {
- boolean ldapEnabled = super.isEnable(AUTH_METHOD.LDAP);
- boolean fileEnabled = super.isEnable(AUTH_METHOD.FILE);
- boolean externalAuthEnabled = super.isEnable(AUTH_METHOD.EXTERNAL_AUTH);
+ public boolean isEnable(AuthMethod method) {
+ boolean ldapEnabled = super.isEnable(AuthMethod.LDAP);
+ boolean fileEnabled = super.isEnable(AuthMethod.FILE);
+ boolean externalAuthEnabled = super.isEnable(AuthMethod.EXTERNAL_AUTH);
boolean simpleEnabled = super.isEnable(method);
- if (!ldapEnabled && !fileEnabled && simpleEnabled && !externalAuthEnabled) {
- // simple is enabled only when rest three are disabled and simple is enable
- return true;
- } else {
- return false;
- }
+
+ // simple is enabled only when rest three are disabled and simple is enable
+ return !ldapEnabled && !fileEnabled && !externalAuthEnabled && simpleEnabled;
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/run.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/run.sh b/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/run.sh
index 4e8901d..1204ef3 100755
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/run.sh
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/scripts/run.sh
@@ -96,5 +96,5 @@ LOGSEARCH_GC_OPTS="-XX:+PrintGCDetails -XX:+PrintGCDateStamps -Xloggc:$LOGSEARCH
echo "Starting logsearch. Output file=$LOGFILE pid_file=$PID_FILE"
#LOGSEARCH_CLI_CLASSPATH=
#set -x
-nohup $JAVA -cp "$LOGSEARCH_CLI_CLASSPATH:$LOGSEARCH_CONF_DIR:$script_dir/libs/*:$script_dir/classes:$script_dir/LogProcessor.jar" $LOGSEARCH_GC_OPTS $LOGSEARCH_JAVA_MEM $LOGSEARCH_JAVA_OPTS $JMX org.apache.ambari.logsearch.LogSearch $LOGSEARCH_PORT $* > $LOGFILE 2>&1 &
+nohup $JAVA -cp "$LOGSEARCH_CLI_CLASSPATH:$LOGSEARCH_CONF_DIR:$script_dir/libs/*:$script_dir/classes" $LOGSEARCH_GC_OPTS $LOGSEARCH_JAVA_MEM $LOGSEARCH_JAVA_OPTS $JMX org.apache.ambari.logsearch.LogSearch $LOGSEARCH_PORT $* > $LOGFILE 2>&1 &
echo $! > $PID_FILE
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProviderTest.java b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProviderTest.java
new file mode 100644
index 0000000..c6a5ba5
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchAuthenticationProviderTest.java
@@ -0,0 +1,205 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ambari.logsearch.web.security;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertSame;
+import static junit.framework.Assert.assertTrue;
+import static org.easymock.EasyMock.strictMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.lang.reflect.Field;
+
+public class LogsearchAuthenticationProviderTest {
+ private static final Authentication SUCCESSFUL_AUTHENTICATION = new TestingAuthenticationToken("principal", "credentials");
+ private static final Authentication FAILED_AUTHENTICATION = new TestingAuthenticationToken("principal", "credentials");
+ static {
+ SUCCESSFUL_AUTHENTICATION.setAuthenticated(true);
+ FAILED_AUTHENTICATION.setAuthenticated(false);
+ }
+
+ private LogsearchAuthenticationProvider provider;
+
+ private LogsearchLdapAuthenticationProvider mockLdapProvider;
+ private LogsearchFileAuthenticationProvider mockFileProvider;
+ private LogsearchExternalServerAuthenticationProvider mockExternalServerProvider;
+ private LogsearchSimpleAuthenticationProvider mockSimpleProvider;
+
+ @Before
+ public void resetContext() throws Exception {
+ provider = new LogsearchAuthenticationProvider();
+
+ mockLdapProvider = strictMock(LogsearchLdapAuthenticationProvider.class);
+ mockFileProvider = strictMock(LogsearchFileAuthenticationProvider.class);
+ mockExternalServerProvider = strictMock(LogsearchExternalServerAuthenticationProvider.class);
+ mockSimpleProvider = strictMock(LogsearchSimpleAuthenticationProvider.class);
+
+ Field ldapProviderField = LogsearchAuthenticationProvider.class.getDeclaredField("ldapAuthenticationProvider");
+ ldapProviderField.setAccessible(true);
+ ldapProviderField.set(provider, mockLdapProvider);
+
+ Field fileProviderField = LogsearchAuthenticationProvider.class.getDeclaredField("fileAuthenticationProvider");
+ fileProviderField.setAccessible(true);
+ fileProviderField.set(provider, mockFileProvider);
+
+ Field extarnalProviderField = LogsearchAuthenticationProvider.class.getDeclaredField("externalServerAuthenticationProvider");
+ extarnalProviderField.setAccessible(true);
+ extarnalProviderField.set(provider, mockExternalServerProvider);
+
+ Field simpleProviderField = LogsearchAuthenticationProvider.class.getDeclaredField("simpleAuthenticationProvider");
+ simpleProviderField.setAccessible(true);
+ simpleProviderField.set(provider, mockSimpleProvider);
+ }
+
+ @Test
+ public void testLdapAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andReturn(SUCCESSFUL_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertSame(authenticationResult, SUCCESSFUL_AUTHENTICATION);
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+
+ @Test
+ public void testFileAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockFileProvider.authenticate(authentication)).andReturn(SUCCESSFUL_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertSame(authenticationResult, SUCCESSFUL_AUTHENTICATION);
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+
+ @Test
+ public void testExternalAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockFileProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockExternalServerProvider.authenticate(authentication)).andReturn(SUCCESSFUL_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertSame(authenticationResult, SUCCESSFUL_AUTHENTICATION);
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+
+ @Test
+ public void testSimpleAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockFileProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockExternalServerProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockSimpleProvider.authenticate(authentication)).andReturn(SUCCESSFUL_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertSame(authenticationResult, SUCCESSFUL_AUTHENTICATION);
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+
+ @Test
+ public void testNoOneAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockFileProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockExternalServerProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockSimpleProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertSame(authenticationResult, FAILED_AUTHENTICATION);
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+
+ @Test
+ public void testOneExceptionAndAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andThrow(new AuthenticationException("") {});
+ expect(mockFileProvider.authenticate(authentication)).andReturn(SUCCESSFUL_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertSame(authenticationResult, SUCCESSFUL_AUTHENTICATION);
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+
+ @Test
+ public void testOneExceptionNoOneAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andThrow(new AuthenticationException("msg1") {});
+ expect(mockFileProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockExternalServerProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockSimpleProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown AuthenticationException", false);
+ } catch(AuthenticationException e) {
+ assertEquals(e.getMessage(), "msg1");
+ }
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+
+ @Test
+ public void testTwoExceptionNoOneAuthenticates() {
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ expect(mockLdapProvider.authenticate(authentication)).andThrow(new AuthenticationException("msg1") {});
+ expect(mockFileProvider.authenticate(authentication)).andThrow(new AuthenticationException("msg2") {});
+ expect(mockExternalServerProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+ expect(mockSimpleProvider.authenticate(authentication)).andReturn(FAILED_AUTHENTICATION);
+
+ replay(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown AuthenticationException", false);
+ } catch(AuthenticationException e) {
+ assertEquals(e.getMessage(), "msg1");
+ }
+
+ verify(mockLdapProvider, mockFileProvider, mockSimpleProvider, mockExternalServerProvider);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProviderTest.java b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProviderTest.java
new file mode 100644
index 0000000..d6247a1
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProviderTest.java
@@ -0,0 +1,185 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ambari.logsearch.web.security;
+
+import org.apache.ambari.logsearch.common.ExternalServerClient;
+import org.apache.ambari.logsearch.conf.AuthPropsConfig;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertSame;
+import static junit.framework.Assert.assertTrue;
+import static org.easymock.EasyMock.strictMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.lang.reflect.Field;
+
+public class LogsearchExternalServerAuthenticationProviderTest {
+
+ private LogsearchExternalServerAuthenticationProvider provider;
+ private AuthPropsConfig mockAuthPropsConfig;
+ private ExternalServerClient mockExternalServerClient;
+
+ @Before
+ public void init() throws Exception {
+ provider = new LogsearchExternalServerAuthenticationProvider();
+ mockAuthPropsConfig = strictMock(AuthPropsConfig.class);
+ mockExternalServerClient = strictMock(ExternalServerClient.class);
+
+ Field authPropsConfigField = LogsearchExternalServerAuthenticationProvider.class.getDeclaredField("authPropsConfig");
+ authPropsConfigField.setAccessible(true);
+ authPropsConfigField.set(provider, mockAuthPropsConfig);
+
+ Field externalServerClientField = LogsearchExternalServerAuthenticationProvider.class.getDeclaredField("externalServerClient");
+ externalServerClientField.setAccessible(true);
+ externalServerClientField.set(provider, mockExternalServerClient);
+ }
+
+ @Test
+ public void testAuthenticationDisabled() {
+ expect(mockAuthPropsConfig.isAuthExternalEnabled()).andReturn(false);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ assertSame(provider.authenticate(authentication), authentication);
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationEmptyUser() {
+ expect(mockAuthPropsConfig.isAuthExternalEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("", "credentials");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Username can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationNullUser() {
+ expect(mockAuthPropsConfig.isAuthExternalEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken(null, "credentials");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Username can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+
+ @Test
+ public void testAuthenticationEmptyPassword() {
+ expect(mockAuthPropsConfig.isAuthExternalEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Password can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationNullPassword() {
+ expect(mockAuthPropsConfig.isAuthExternalEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", null);
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Password can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationUnsuccessful() throws Exception {
+ expect(mockAuthPropsConfig.isAuthExternalEnabled()).andReturn(true);
+ expect(mockAuthPropsConfig.getExternalAuthLoginUrl()).andReturn("http://server.com?userName=$USERNAME");
+ expect(mockExternalServerClient.sendGETRequest("http://server.com?userName=principal", String.class, "principal", "credentials"))
+ .andReturn("{\"permission_name\": \"NOT.AMBARI.ADMINISTRATOR\" }");
+
+ replay(mockAuthPropsConfig, mockExternalServerClient);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch (BadCredentialsException e) {
+ assertEquals("Bad credentials", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig, mockExternalServerClient);
+ }
+
+ @Test
+ public void testAuthenticationSuccessful() throws Exception {
+ expect(mockAuthPropsConfig.isAuthExternalEnabled()).andReturn(true);
+ expect(mockAuthPropsConfig.getExternalAuthLoginUrl()).andReturn("http://server.com?userName=$USERNAME");
+ expect(mockExternalServerClient.sendGETRequest("http://server.com?userName=principal", String.class, "principal", "credentials"))
+ .andReturn("{\"permission_name\": \"AMBARI.ADMINISTRATOR\" }");
+
+ replay(mockAuthPropsConfig, mockExternalServerClient);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ Authentication authenticationResult = provider.authenticate(authentication);
+
+ assertEquals("principal", authenticationResult.getName());
+ assertEquals("credentials", authenticationResult.getCredentials());
+ assertEquals(1, authenticationResult.getAuthorities().size());
+ assertEquals(new SimpleGrantedAuthority("ROLE_USER"), authenticationResult.getAuthorities().iterator().next());
+
+ verify(mockAuthPropsConfig, mockExternalServerClient);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProviderTest.java b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProviderTest.java
new file mode 100644
index 0000000..407cc83
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchFileAuthenticationProviderTest.java
@@ -0,0 +1,231 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ambari.logsearch.web.security;
+
+import org.apache.ambari.logsearch.conf.AuthPropsConfig;
+import org.apache.ambari.logsearch.util.CommonUtil;
+import org.apache.ambari.logsearch.web.model.User;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetailsService;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertSame;
+import static junit.framework.Assert.assertTrue;
+import static org.easymock.EasyMock.strictMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.lang.reflect.Field;
+import java.util.Arrays;
+import java.util.List;
+
+public class LogsearchFileAuthenticationProviderTest {
+
+ private LogsearchFileAuthenticationProvider provider;
+ private AuthPropsConfig mockAuthPropsConfig;
+ private UserDetailsService mockUserDetailsService;
+
+ @Before
+ public void init() throws Exception {
+ provider = new LogsearchFileAuthenticationProvider();
+ mockAuthPropsConfig = strictMock(AuthPropsConfig.class);
+ mockUserDetailsService = strictMock(UserDetailsService.class);
+
+ Field authPropsConfigField = LogsearchFileAuthenticationProvider.class.getDeclaredField("authPropsConfig");
+ authPropsConfigField.setAccessible(true);
+ authPropsConfigField.set(provider, mockAuthPropsConfig);
+
+ Field userDetailsServiceField = LogsearchFileAuthenticationProvider.class.getDeclaredField("userDetailsService");
+ userDetailsServiceField.setAccessible(true);
+ userDetailsServiceField.set(provider, mockUserDetailsService);
+ }
+
+ @Test
+ public void testAuthenticationDisabled() {
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(false);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ assertSame(provider.authenticate(authentication), authentication);
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationEmptyUser() {
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("", "credentials");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Username can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationNullUser() {
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken(null, "credentials");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Username can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+
+ @Test
+ public void testAuthenticationEmptyPassword() {
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Password can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationNullPassword() {
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", null);
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Password can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationUnknownUser() {
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+ expect(mockUserDetailsService.loadUserByUsername("principal")).andReturn(null);
+
+ replay(mockAuthPropsConfig, mockUserDetailsService);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch (BadCredentialsException e) {
+ assertEquals("User not found.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig, mockUserDetailsService);
+ }
+
+ @Test
+ public void testAuthenticationNoPassword() {
+ List<GrantedAuthority> grantedAuths = Arrays.<GrantedAuthority>asList(new SimpleGrantedAuthority("ROLE_USER"));
+ User user = new User("principal", null, grantedAuths);
+
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+ expect(mockUserDetailsService.loadUserByUsername("principal")).andReturn(user);
+
+ replay(mockAuthPropsConfig, mockUserDetailsService);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch (BadCredentialsException e) {
+ assertEquals("Password can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig, mockUserDetailsService);
+ }
+
+ @Test
+ public void testAuthenticationWrongPassword() {
+ List<GrantedAuthority> grantedAuths = Arrays.<GrantedAuthority>asList(new SimpleGrantedAuthority("ROLE_USER"));
+ User user = new User("principal", CommonUtil.encryptPassword("principal", "notCredentials"), grantedAuths);
+
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+ expect(mockUserDetailsService.loadUserByUsername("principal")).andReturn(user);
+
+ replay(mockAuthPropsConfig, mockUserDetailsService);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch (BadCredentialsException e) {
+ assertEquals("Wrong password.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig, mockUserDetailsService);
+ }
+
+ @Test
+ public void testAuthenticationSuccessful() {
+ List<GrantedAuthority> grantedAuths = Arrays.<GrantedAuthority>asList(new SimpleGrantedAuthority("ROLE_USER"));
+ User user = new User("principal", CommonUtil.encryptPassword("principal", "credentials"), grantedAuths);
+
+ expect(mockAuthPropsConfig.isAuthFileEnabled()).andReturn(true);
+ expect(mockUserDetailsService.loadUserByUsername("principal")).andReturn(user);
+
+ replay(mockAuthPropsConfig, mockUserDetailsService);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertEquals("principal", authenticationResult.getName());
+ assertEquals(CommonUtil.encryptPassword("principal", "credentials"), authenticationResult.getCredentials());
+ assertEquals(1, authenticationResult.getAuthorities().size());
+ assertEquals(new SimpleGrantedAuthority("ROLE_USER"), authenticationResult.getAuthorities().iterator().next());
+
+ verify(mockAuthPropsConfig, mockUserDetailsService);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProviderTest.java b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProviderTest.java
new file mode 100644
index 0000000..c6af3e2
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchLdapAuthenticationProviderTest.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ambari.logsearch.web.security;
+
+import org.apache.ambari.logsearch.conf.AuthPropsConfig;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+
+import static junit.framework.Assert.assertSame;
+import static org.easymock.EasyMock.strictMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.lang.reflect.Field;
+
+public class LogsearchLdapAuthenticationProviderTest {
+
+ private LogsearchLdapAuthenticationProvider provider;
+ private AuthPropsConfig mockAuthPropsConfig;
+
+ @Before
+ public void init() throws Exception {
+ provider = new LogsearchLdapAuthenticationProvider();
+ mockAuthPropsConfig = strictMock(AuthPropsConfig.class);
+
+ Field f = LogsearchLdapAuthenticationProvider.class.getDeclaredField("authPropsConfig");
+ f.setAccessible(true);
+ f.set(provider, mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationDisabled() {
+ expect(mockAuthPropsConfig.isAuthLdapEnabled()).andReturn(false);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ assertSame(provider.authenticate(authentication), authentication);
+
+ verify(mockAuthPropsConfig);
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProviderTest.java b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProviderTest.java
new file mode 100644
index 0000000..7287012
--- /dev/null
+++ b/ambari-logsearch/ambari-logsearch-portal/src/test/java/org/apache/ambari/logsearch/web/security/LogsearchSimpleAuthenticationProviderTest.java
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ambari.logsearch.web.security;
+
+import org.apache.ambari.logsearch.conf.AuthPropsConfig;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertSame;
+import static junit.framework.Assert.assertTrue;
+import static org.easymock.EasyMock.strictMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.lang.reflect.Field;
+
+public class LogsearchSimpleAuthenticationProviderTest {
+
+ private LogsearchSimpleAuthenticationProvider provider;
+ private AuthPropsConfig mockAuthPropsConfig;
+
+ @Before
+ public void init() throws Exception {
+ provider = new LogsearchSimpleAuthenticationProvider();
+ mockAuthPropsConfig = strictMock(AuthPropsConfig.class);
+
+ Field f = LogsearchSimpleAuthenticationProvider.class.getDeclaredField("authPropsConfig");
+ f.setAccessible(true);
+ f.set(provider, mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationDisabled() {
+ expect(mockAuthPropsConfig.isAuthSimpleEnabled()).andReturn(false);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+ assertSame(provider.authenticate(authentication), authentication);
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationEmptyUser() {
+ expect(mockAuthPropsConfig.isAuthSimpleEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("", "credentials");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Username can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationNullUser() {
+ expect(mockAuthPropsConfig.isAuthSimpleEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken(null, "credentials");
+
+ try {
+ provider.authenticate(authentication);
+ assertTrue("Should have thrown BadCredentialsException", false);
+ } catch(BadCredentialsException e) {
+ assertEquals("Username can't be null or empty.", e.getMessage());
+ }
+
+ verify(mockAuthPropsConfig);
+ }
+
+ @Test
+ public void testAuthenticationSuccessful() {
+ expect(mockAuthPropsConfig.isAuthSimpleEnabled()).andReturn(true);
+
+ replay(mockAuthPropsConfig);
+
+ Authentication authentication = new TestingAuthenticationToken("principal", "credentials");
+
+ Authentication authenticationResult = provider.authenticate(authentication);
+ assertEquals("principal", authenticationResult.getName());
+ assertEquals("credentials", authenticationResult.getCredentials());
+ assertEquals(1, authenticationResult.getAuthorities().size());
+ assertEquals(new SimpleGrantedAuthority("ROLE_USER"), authenticationResult.getAuthorities().iterator().next());
+
+ verify(mockAuthPropsConfig);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/ambari-logsearch-portal/src/test/resources/logsearch.properties
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/test/resources/logsearch.properties b/ambari-logsearch/ambari-logsearch-portal/src/test/resources/logsearch.properties
index fa3efb8..2715d1f 100755
--- a/ambari-logsearch/ambari-logsearch-portal/src/test/resources/logsearch.properties
+++ b/ambari-logsearch/ambari-logsearch-portal/src/test/resources/logsearch.properties
@@ -29,4 +29,5 @@ logsearch.collection.history.replication.factor=234
logsearch.solr.collection.history=test_history_logs_collection
logsearch.auth.file.enable=true
-logsearch.login.credentials.file=user_pass.json
\ No newline at end of file
+logsearch.login.credentials.file=user_pass.json
+logsearch.roles.allowed=AMBARI.ADMINISTRATOR
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/.gitignore
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/.gitignore b/ambari-logsearch/docker/.gitignore
index 0d6af58..99455ed 100644
--- a/ambari-logsearch/docker/.gitignore
+++ b/ambari-logsearch/docker/.gitignore
@@ -1 +1 @@
-Profile
\ No newline at end of file
+Profile
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/Dockerfile
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/Dockerfile b/ambari-logsearch/docker/Dockerfile
index a09f235..dfa1462 100644
--- a/ambari-logsearch/docker/Dockerfile
+++ b/ambari-logsearch/docker/Dockerfile
@@ -62,12 +62,12 @@ ADD test-logs /root/test-logs
RUN chmod -R 777 /root/test-config
RUN chmod +x /root/start.sh
-ENV SOLR_CONFIG_LOCATION /root/test-config/solr
-ENV LOGSEARCH_CONFIG_LOCATION /root/test-config/logsearch
-ENV LOGFEEDER_CONFIG_LOCATION /root/test-config/logfeeder
-ENV SOLR_INCLUDE /root/test-config/solr/solr-env.sh
-ENV LOGSEARCH_INCLUDE /root/test-config/logsearch/logsearch-env.sh
-ENV LOGFEEDER_INCLUDE /root/test-config/logfeeder/logfeeder-env.sh
+ENV SOLR_CONFIG_LOCATION /root/config/solr
+ENV LOGSEARCH_CONFIG_LOCATION /root/config/logsearch
+ENV LOGFEEDER_CONFIG_LOCATION /root/config/logfeeder
+ENV SOLR_INCLUDE /root/config/solr/solr-env.sh
+ENV LOGSEARCH_INCLUDE /root/config/logsearch/logsearch-env.sh
+ENV LOGFEEDER_INCLUDE /root/config/logfeeder/logfeeder-env.sh
RUN mkdir -p /var/run/ambari-logsearch-solr /var/log/ambari-logsearch-solr /var/run/ambari-logsearch-solr-client \
/var/log/ambari-logsearch-solr-client /root/logsearch_solr_index/data \
@@ -78,4 +78,4 @@ RUN cp /root/test-config/solr/solr.xml /root/logsearch_solr_index/data
RUN cp /root/test-config/solr/zoo.cfg /root/logsearch_solr_index/data
WORKDIR /root
-CMD /root/start.sh
\ No newline at end of file
+CMD /root/start.sh
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/bin/start.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/bin/start.sh b/ambari-logsearch/docker/bin/start.sh
index a09e4b2..81c9e66 100644
--- a/ambari-logsearch/docker/bin/start.sh
+++ b/ambari-logsearch/docker/bin/start.sh
@@ -28,27 +28,70 @@ function build_all() {
cd $AMBARI_PATH/ambari-logsearch && mvn clean package -DskipTests && mvn -pl ambari-logsearch-logfeeder clean package -DskipTests
}
+function create_config() {
+ mkdir /root/config
+
+ mkdir /root/config/solr
+ cp /root/test-config/solr/log4j.properties /root/config/solr/
+ cp /root/test-config/solr/zoo.cfg /root/config/solr/
+ cp /root/test-config/solr/solr.xml /root/config/solr/
+ if [ $LOGSEARCH_SOLR_SSL_ENABLED == 'true' ]
+ then
+ cp /root/test-config/solr/solr-env-ssl.sh /root/config/solr/solr-env.sh
+ else
+ cp /root/test-config/solr/solr-env.sh /root/config/solr/solr-env.sh
+ fi
+
+ mkdir /root/config/logfeeder
+ cp -r /root/test-config/logfeeder/* /root/config/logfeeder/
+
+ mkdir /root/config/logsearch
+ cp /root/test-config/logsearch/log4j.xml /root/config/logsearch/
+ cp /root/test-config/logsearch/logsearch-env.sh /root/config/logsearch/
+ if [ $LOGSEARCH_HTTPS_ENABLED == 'true' ]
+ then
+ cp /root/test-config/logsearch/logsearch-https.properties /root/config/logsearch/logsearch.properties
+ else
+ cp /root/test-config/logsearch/logsearch.properties /root/config/logsearch/logsearch.properties
+ fi
+
+ chmod -R 777 /root/config
+}
+
+function generate_keys() {
+ IP=`hostname --ip-address`
+ echo "generating stores for IP: $IP"
+ mkdir /root/config/ssl
+ keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /root/config/ssl/logsearch.keyStore.jks -ext SAN=DNS:localhost,IP:127.0.0.1,IP:$IP -dname "CN=Common Name, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc
+ cp /root/config/ssl/logsearch.keyStore.jks /root/config/ssl/logsearch.trustStore.jks
+}
+
function start_solr() {
echo "Starting Solr..."
/root/solr-$SOLR_VERSION/bin/solr start -cloud -s /root/logsearch_solr_index/data -verbose
touch /var/log/ambari-logsearch-solr/solr.log
+
+ if [ $LOGSEARCH_SOLR_SSL_ENABLED == 'true' ]
+ then
+ echo "Setting urlScheme as https and restarting solr..."
+ $ZKCLI -zkhost localhost:9983 -cmd clusterprop -name urlScheme -val https
+ /root/solr-$SOLR_VERSION/bin/solr stop
+ /root/solr-$SOLR_VERSION/bin/solr start -cloud -s /root/logsearch_solr_index/data -verbose
+ fi
}
function start_logsearch() {
echo "Upload configuration sets ..."
+
$ZKCLI -zkhost localhost:9983 -cmd upconfig -confdir $LOGSEARCH_SERVER_PATH/solr_configsets/audit_logs/conf -confname audit_logs
$ZKCLI -zkhost localhost:9983 -cmd upconfig -confdir $LOGSEARCH_SERVER_PATH/solr_configsets/hadoop_logs/conf -confname hadoop_logs
$ZKCLI -zkhost localhost:9983 -cmd upconfig -confdir $LOGSEARCH_SERVER_PATH/solr_configsets/history/conf -confname history
-
- cp $LOGSEARCH_CONFIG_LOCATION/logsearch.properties /root/ambari/ambari-logsearch/ambari-logsearch-portal/target/package/classes/logsearch.properties
- cp $LOGSEARCH_CONFIG_LOCATION/log4j.xml /root/ambari/ambari-logsearch/ambari-logsearch-portal/target/package/classes/logsearch.properties
+
$LOGSEARCH_SERVER_PATH/run.sh
touch /var/log/ambari-logsearch-portal/logsearch-app.log
}
function start_logfeeder() {
- cp $LOGFEEDER_CONFIG_LOCATION/logfeeder.properties /root/ambari/ambari-logsearch/ambari-logsearch-logfeeder/target/package/classes/logfeeder.properties
- cp $LOGFEEDER_CONFIG_LOCATION/log4j.xml /root/ambari/ambari-logsearch/ambari-logsearch-logfeeder/target/package/classes/log4j.xml
$LOGFEEDER_PATH/run.sh
touch /var/log/ambari-logsearch-logfeeder/logsearch-logfeeder.log
}
@@ -68,10 +111,10 @@ function log() {
esac
}
+create_config
+generate_keys
start_solr
start_logsearch
start_logfeeder
log
-
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/logsearch-docker.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/logsearch-docker.sh b/ambari-logsearch/docker/logsearch-docker.sh
index 022b1ba..76994ee 100755
--- a/ambari-logsearch/docker/logsearch-docker.sh
+++ b/ambari-logsearch/docker/logsearch-docker.sh
@@ -57,8 +57,10 @@ function setup_profile() {
AMBARI_LOCATION=$HOME/prj/ambari
MAVEN_REPOSITORY_LOCATION=$HOME/.m2
LOGSEARCH_EXPOSED_PORTS="-p 8886:8886 -p 61888:61888 -p 5005:5005 -p 5006:5006"
-LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch"
-LOGSEARCH_VOLUME_OPTS="-v \$AMBARI_LOCATION/ambari-logsearch/docker/test-logs:/root/test-logs -v \$AMBARI_LOCATION/ambari-logsearch/docker/test-config:/root/test-config "
+LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch -e LOGSEARCH_HTTPS_ENABLED=false -e LOGSEARCH_SOLR_SSL_ENABLED=false"
+
+LOGSEARCH_VOLUME_OPTS="-v $AMBARI_LOCATION/ambari-logsearch/docker/test-logs:/root/test-logs -v $AMBARI_LOCATION/ambari-logsearch/docker/test-config:/root/test-config"
+
LOGSEARCH_EXTRA_OPTS=""
EOF
echo "Profile has been created. Check it out before starting Log Search. ($sdir/Profile)"
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/test-config/logfeeder/logfeeder-env.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/test-config/logfeeder/logfeeder-env.sh b/ambari-logsearch/docker/test-config/logfeeder/logfeeder-env.sh
index e69b1db..5beb093 100644
--- a/ambari-logsearch/docker/test-config/logfeeder/logfeeder-env.sh
+++ b/ambari-logsearch/docker/test-config/logfeeder/logfeeder-env.sh
@@ -18,7 +18,7 @@ set -e
export LOGFEEDER_PATH=/root/ambari/ambari-logsearch/ambari-logsearch-logfeeder/target/package
-export LOGFEEDER_CONF_DIR=/root/test-config/logfeeder
+export LOGFEEDER_CONF_DIR=/root/config/logfeeder
#Logfile e.g. /var/log/logfeeder.log
export LOGFILE=/var/log/ambari-logsearch-logfeeder/logfeeder.out
@@ -32,4 +32,13 @@ LOGFEEDER_JAVA_MEM=${LOGFEEDER_JAVA_MEM:-"-Xmx512m"}
export LOGFEEDER_DEBUG=true
-export LOGFEEDER_DEBUG_PORT=5006
\ No newline at end of file
+export LOGFEEDER_DEBUG_PORT=5006
+
+export LOGFEEDER_SSL="true"
+export LOGFEEDER_KEYSTORE_LOCATION=/root/config/ssl/logsearch.keyStore.jks
+export LOGFEEDER_KEYSTORE_PASSWORD=bigdata
+export LOGFEEDER_KEYSTORE_TYPE=jks
+export LOGFEEDER_TRUSTSTORE_LOCATION=/root/config/ssl/logsearch.trustStore.jks
+export LOGFEEDER_TRUSTSTORE_PASSWORD=bigdata
+export LOGFEEDER_TRUSTSTORE_TYPE=jks
+
[4/5] ambari git commit: AMBARI-18510. Use logsearch truststore to
look for credential in case of external authentication (Miklos Gergely via
oleewere)
Posted by ol...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
index 2ad7055..2c2d056 100644
--- a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
+++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
@@ -21,7 +21,7 @@ export LOGSEARCH_PORT=61888
# path containing LogSearch.jar file
export LOGSEARCH_PATH=/root/ambari/ambari-logsearch/ambari-logsearch-portal/target/package
-export LOGSEARCH_CONF_DIR=/root/test-config/logsearch
+export LOGSEARCH_CONF_DIR=/root/config/logsearch
export LOGFILE=/var/log/ambari-logsearch-portal/logsearch.log
@@ -33,4 +33,12 @@ LOGSEARCH_JAVA_MEM=${LOGSEARCH_JAVA_MEM:-"-Xmx1024m"}
export LOGSEARCH_DEBUG=true
-export LOGSEARCH_DEBUG_PORT=5005
\ No newline at end of file
+export LOGSEARCH_DEBUG_PORT=5005
+
+export LOGSEARCH_SSL="true"
+export LOGSEARCH_KEYSTORE_LOCATION=/root/config/ssl/logsearch.keyStore.jks
+export LOGSEARCH_KEYSTORE_PASSWORD=bigdata
+export LOGSEARCH_KEYSTORE_TYPE=jks
+export LOGSEARCH_TRUSTSTORE_LOCATION=/root/config/ssl/logsearch.trustStore.jks
+export LOGSEARCH_TRUSTSTORE_PASSWORD=bigdata
+export LOGSEARCH_TRUSTSTORE_TYPE=jks
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties b/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties
new file mode 100644
index 0000000..1bd8c70
--- /dev/null
+++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties
@@ -0,0 +1,55 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+logsearch.solr.zk_connect_string=localhost:9983
+
+# Service Logs
+logsearch.solr.collection.service.logs=hadoop_logs
+
+logsearch.service.logs.split.interval.mins=15
+logsearch.collection.service.logs.numshards=3
+logsearch.collection.service.logs.replication.factor=2
+
+# Audit logs
+logsearch.solr.audit.logs.zk_connect_string=localhost:9983
+logsearch.solr.collection.audit.logs=audit_logs
+logsearch.solr.audit.logs.url=
+
+logsearch.audit.logs.split.interval.mins=15
+logsearch.collection.audit.logs.numshards=3
+logsearch.collection.audit.logs.replication.factor=2
+
+# History logs
+logsearch.solr.collection.history=history
+logsearch.solr.history.config.name=history
+logsearch.collection.history.replication.factor=1
+
+# Metrics
+logsearch.solr.metrics.collector.hosts=
+logsearch.solr.jmx.port=18886
+
+# Logfeeder Settings
+
+logsearch.logfeeder.include.default.level=FATAL,ERROR,WARN,INFO,DEBUG,TRACE,UNKNOWN
+
+# logsearch-admin.json
+logsearch.auth.file.enable=true
+logsearch.login.credentials.file=user_pass.json
+
+logsearch.auth.ldap.enable=false
+logsearch.auth.simple.enable=false
+logsearch.auth.external_auth.enable=false
+
+logsearch.protocol=https
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh b/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh
new file mode 100644
index 0000000..faaa6ff
--- /dev/null
+++ b/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# By default the script will use JAVA_HOME to determine which java
+# to use, but you can set a specific path for Solr to use without
+# affecting other Java applications on your server/workstation.
+SOLR_JAVA_HOME=/usr/java/default
+
+# Increase Java Min/Max Heap as needed to support your indexing / query needs
+SOLR_JAVA_MEM="-Xms1024m -Xmx2048m"
+
+# Enable verbose GC logging
+GC_LOG_OPTS="-verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails \
+-XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime"
+
+# These GC settings have shown to work well for a number of common Solr workloads
+GC_TUNE="-XX:NewRatio=3 \
+-XX:SurvivorRatio=4 \
+-XX:TargetSurvivorRatio=90 \
+-XX:MaxTenuringThreshold=8 \
+-XX:+UseConcMarkSweepGC \
+-XX:+UseParNewGC \
+-XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 \
+-XX:+CMSScavengeBeforeRemark \
+-XX:PretenureSizeThreshold=64m \
+-XX:+UseCMSInitiatingOccupancyOnly \
+-XX:CMSInitiatingOccupancyFraction=50 \
+-XX:CMSMaxAbortablePrecleanTime=6000 \
+-XX:+CMSParallelRemarkEnabled \
+-XX:+ParallelRefProcEnabled"
+
+# Set the ZooKeeper connection string if using an external ZooKeeper ensemble
+# e.g. host1:2181,host2:2181/chroot
+# Leave empty if not using SolrCloud
+#ZK_HOST="localhost:9983/ambari-solr"
+
+# Set the ZooKeeper client timeout (for SolrCloud mode)
+ZK_CLIENT_TIMEOUT="60000"
+
+# By default the start script uses "localhost"; override the hostname here
+# for production SolrCloud environments to control the hostname exposed to cluster state
+#SOLR_HOST="192.168.1.1"
+
+# By default the start script uses UTC; override the timezone if needed
+#SOLR_TIMEZONE="UTC"
+
+# Set to true to activate the JMX RMI connector to allow remote JMX client applications
+# to monitor the JVM hosting Solr; set to "false" to disable that behavior
+# (false is recommended in production environments)
+ENABLE_REMOTE_JMX_OPTS="true"
+
+# The script will use SOLR_PORT+10000 for the RMI_PORT or you can set it here
+RMI_PORT=18886
+
+# Anything you add to the SOLR_OPTS variable will be included in the java
+# start command line as-is, in ADDITION to other options. If you specify the
+# -a option on start script, those options will be appended as well. Examples:
+#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000"
+#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoCommit.maxTime=60000"
+#SOLR_OPTS="$SOLR_OPTS -Dsolr.clustering.enabled=true"
+
+# Location where the bin/solr script will save PID files for running instances
+# If not set, the script will create PID files in $SOLR_TIP/bin
+SOLR_PID_DIR=/var/run/ambari-logsearch-solr
+
+# Path to a directory where Solr creates index files, the specified directory
+# must contain a solr.xml; by default, Solr will use server/solr
+SOLR_HOME=/root/logsearch_solr_index/data
+
+# Solr provides a default Log4J configuration properties file in server/resources
+# however, you may want to customize the log settings and file appender location
+# so you can point the script to use a different log4j.properties file
+LOG4J_PROPS=/root/config/solr/log4j.properties
+
+# Location where Solr should write logs to; should agree with the file appender
+# settings in server/resources/log4j.properties
+SOLR_LOGS_DIR=/var/log/ambari-logsearch-solr
+
+# Sets the port Solr binds to, default is 8983
+SOLR_PORT=8886
+
+SOLR_SSL_KEY_STORE=/root/config/ssl/logsearch.keyStore.jks
+SOLR_SSL_KEY_STORE_PASSWORD=bigdata
+SOLR_SSL_TRUST_STORE=/root/config/ssl/logsearch.trustStore.jks
+SOLR_SSL_TRUST_STORE_PASSWORD=bigdata
+SOLR_SSL_NEED_CLIENT_AUTH=false
+SOLR_SSL_WANT_CLIENT_AUTH=false
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-logsearch/docker/test-config/solr/solr-env.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/test-config/solr/solr-env.sh b/ambari-logsearch/docker/test-config/solr/solr-env.sh
index 92fa354..11b9fe0 100644
--- a/ambari-logsearch/docker/test-config/solr/solr-env.sh
+++ b/ambari-logsearch/docker/test-config/solr/solr-env.sh
@@ -83,11 +83,11 @@ SOLR_HOME=/root/logsearch_solr_index/data
# Solr provides a default Log4J configuration properties file in server/resources
# however, you may want to customize the log settings and file appender location
# so you can point the script to use a different log4j.properties file
-LOG4J_PROPS=/root/test-config/solr/log4j.properties
+LOG4J_PROPS=/root/config/solr/log4j.properties
# Location where Solr should write logs to; should agree with the file appender
# settings in server/resources/log4j.properties
SOLR_LOGS_DIR=/var/log/ambari-logsearch-solr
# Sets the port Solr binds to, default is 8983
-SOLR_PORT=8886
\ No newline at end of file
+SOLR_PORT=8886
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2
index d1c1ef9..8c24fa4 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2
+++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2
@@ -96,8 +96,8 @@ SOLR_PORT={{infra_solr_port}}
{% if infra_solr_ssl_enabled %}
SOLR_SSL_KEY_STORE={{infra_solr_keystore_location}}
SOLR_SSL_KEY_STORE_PASSWORD={{infra_solr_keystore_password}}
-SOLR_SSL_TRUST_STORE={{infra_solr_keystore_location}}
-SOLR_SSL_TRUST_STORE_PASSWORD={{infra_solr_keystore_password}}
+SOLR_SSL_TRUST_STORE={{infra_solr_truststore_location}}
+SOLR_SSL_TRUST_STORE_PASSWORD={{infra_solr_truststore_password}}
SOLR_SSL_NEED_CLIENT_AUTH=false
SOLR_SSL_WANT_CLIENT_AUTH=false
{% endif %}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b72b720c/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2 b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2
index 501603a..eb7306c 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2
@@ -38,7 +38,7 @@ export LOGSEARCH_DEBUG={{logsearch_debug_enabled}}
export LOGSEARCH_DEBUG_PORT={{logsearch_debug_port}}
-{% if infra_solr_ssl_enabled or logsearch_ui_protocol == 'https' %}
+{% if infra_solr_ssl_enabled or logsearch_ui_protocol == 'https' or ambari_server_use_ssl %}
export LOGSEARCH_SSL="true"
export LOGSEARCH_KEYSTORE_LOCATION={{logsearch_keystore_location}}
export LOGSEARCH_KEYSTORE_PASSWORD={{logsearch_keystore_password}}
[3/5] ambari git commit: AMBARI-18372. Audit logs should not be
filtered by Log Feeder (Miklos Gergely via oleewere)
Posted by ol...@apache.org.
AMBARI-18372. Audit logs should not be filtered by Log Feeder (Miklos Gergely via oleewere)
Change-Id: I636b5619e365e9a9f1271a0da4df545d459900cf
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/875581b8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/875581b8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/875581b8
Branch: refs/heads/branch-dev-logsearch
Commit: 875581b8d0723fb47433c6e504ed25c56bc83eb2
Parents: d964480
Author: Miklos Gergely <mg...@hortonworks.com>
Authored: Mon Oct 3 16:13:42 2016 +0200
Committer: oleewere <ol...@gmail.com>
Committed: Mon Oct 3 16:13:42 2016 +0200
----------------------------------------------------------------------
.../logfeeder/logconfig/FilterLogData.java | 10 ++--
.../ambari/logfeeder/output/OutputManager.java | 4 +-
.../logconfig/LogConfigHandlerTest.java | 51 ++++++++++++++++----
.../logfeeder/output/OutputManagerTest.java | 2 +
4 files changed, 53 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/875581b8/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/logconfig/FilterLogData.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/logconfig/FilterLogData.java b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/logconfig/FilterLogData.java
index 801a289..a05a916 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/logconfig/FilterLogData.java
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/logconfig/FilterLogData.java
@@ -23,6 +23,7 @@ import java.util.List;
import java.util.Map;
import org.apache.ambari.logfeeder.common.LogFeederConstants;
+import org.apache.ambari.logfeeder.input.InputMarker;
import org.apache.ambari.logfeeder.util.LogFeederUtil;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
@@ -39,15 +40,18 @@ public enum FilterLogData {
private static final boolean DEFAULT_VALUE = true;
- public boolean isAllowed(String jsonBlock) {
+ public boolean isAllowed(String jsonBlock, InputMarker inputMarker) {
if (StringUtils.isEmpty(jsonBlock)) {
return DEFAULT_VALUE;
}
Map<String, Object> jsonObj = LogFeederUtil.toJSONObject(jsonBlock);
- return isAllowed(jsonObj);
+ return isAllowed(jsonObj, inputMarker);
}
- public boolean isAllowed(Map<String, Object> jsonObj) {
+ public boolean isAllowed(Map<String, Object> jsonObj, InputMarker inputMarker) {
+ if ("audit".equals(inputMarker.input.getConfigs().get(LogFeederConstants.ROW_TYPE)))
+ return true;
+
boolean isAllowed = applyFilter(jsonObj);
if (!isAllowed) {
LOG.trace("Filter block the content :" + LogFeederUtil.getGson().toJson(jsonObj));
http://git-wip-us.apache.org/repos/asf/ambari/blob/875581b8/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/output/OutputManager.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/output/OutputManager.java b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/output/OutputManager.java
index 2c81c19..86b5c57 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/output/OutputManager.java
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/output/OutputManager.java
@@ -139,7 +139,7 @@ public class OutputManager {
}
}
- if (FilterLogData.INSTANCE.isAllowed(jsonObj)) {
+ if (FilterLogData.INSTANCE.isAllowed(jsonObj, inputMarker)) {
for (Output output : input.getOutputList()) {
try {
output.write(jsonObj, inputMarker);
@@ -171,7 +171,7 @@ public class OutputManager {
}
public void write(String jsonBlock, InputMarker inputMarker) {
- if (FilterLogData.INSTANCE.isAllowed(jsonBlock)) {
+ if (FilterLogData.INSTANCE.isAllowed(jsonBlock, inputMarker)) {
for (Output output : inputMarker.input.getOutputList()) {
try {
output.write(jsonBlock, inputMarker);
http://git-wip-us.apache.org/repos/asf/ambari/blob/875581b8/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/logconfig/LogConfigHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/logconfig/LogConfigHandlerTest.java b/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/logconfig/LogConfigHandlerTest.java
index 02ffd47..266108f 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/logconfig/LogConfigHandlerTest.java
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/logconfig/LogConfigHandlerTest.java
@@ -26,6 +26,9 @@ import java.util.Map;
import static org.easymock.EasyMock.*;
import static org.junit.Assert.*;
+import org.apache.ambari.logfeeder.common.LogFeederConstants;
+import org.apache.ambari.logfeeder.input.Input;
+import org.apache.ambari.logfeeder.input.InputMarker;
import org.apache.ambari.logfeeder.util.LogFeederUtil;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@@ -35,6 +38,24 @@ public class LogConfigHandlerTest {
private static LogConfigFetcher mockFetcher;
+ private static InputMarker inputMarkerAudit;
+ private static InputMarker inputMarkerService;
+ static {
+ Map<String, Object> auditMap = new HashMap<String, Object>();
+ auditMap.put(LogFeederConstants.ROW_TYPE, "audit");
+ Input auditInput = strictMock(Input.class);
+ expect(auditInput.getConfigs()).andReturn(auditMap).anyTimes();
+ inputMarkerAudit = new InputMarker(auditInput, null, 0);
+
+ Map<String, Object> serviceMap = new HashMap<String, Object>();
+ serviceMap.put(LogFeederConstants.ROW_TYPE, "service");
+ Input serviceInput = strictMock(Input.class);
+ expect(serviceInput.getConfigs()).andReturn(serviceMap).anyTimes();
+ inputMarkerService = new InputMarker(serviceInput, null, 0);
+
+ replay(auditInput, serviceInput);
+ }
+
private static final Map<String, Object> CONFIG_MAP = new HashMap<>();
static {
CONFIG_MAP.put("jsons",
@@ -74,40 +95,52 @@ public class LogConfigHandlerTest {
}
@Test
+ public void testLogConfigHandler_auditAllowed() throws Exception {
+ assertTrue(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file', 'level':'DEBUG'}",
+ inputMarkerAudit));
+ }
+
+ @Test
public void testLogConfigHandler_emptyDataAllowed() throws Exception {
- assertTrue(FilterLogData.INSTANCE.isAllowed((String)null));
- assertTrue(FilterLogData.INSTANCE.isAllowed(""));
- assertTrue(FilterLogData.INSTANCE.isAllowed(Collections.<String, Object> emptyMap()));
+ assertTrue(FilterLogData.INSTANCE.isAllowed((String)null, inputMarkerService));
+ assertTrue(FilterLogData.INSTANCE.isAllowed("", inputMarkerService));
+ assertTrue(FilterLogData.INSTANCE.isAllowed(Collections.<String, Object> emptyMap(), inputMarkerService));
}
@Test
public void testLogConfigHandler_notConfiguredLogAllowed() throws Exception {
- assertTrue(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'not_configured_log_file', 'level':'INFO'}"));
+ assertTrue(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'not_configured_log_file', 'level':'INFO'}",
+ inputMarkerService));
}
@Test
public void testLogConfigHandler_configuredDataAllow() throws Exception {
- assertTrue(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file', 'level':'INFO'}"));
+ assertTrue(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file', 'level':'INFO'}",
+ inputMarkerService));
}
@Test
public void testLogConfigHandler_configuredDataDontAllow() throws Exception {
- assertFalse(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file', 'level':'DEBUG'}"));
+ assertFalse(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file', 'level':'DEBUG'}",
+ inputMarkerService));
}
@Test
public void testLogConfigHandler_overridenConfiguredData() throws Exception {
- assertTrue(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file2', 'level':'DEBUG'}"));
+ assertTrue(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file2', 'level':'DEBUG'}",
+ inputMarkerService));
}
@Test
public void testLogConfigHandler_overridenConfiguredDataDifferentHost() throws Exception {
- assertFalse(FilterLogData.INSTANCE.isAllowed("{'host':'host2', 'type':'configured_log_file2', 'level':'DEBUG'}"));
+ assertFalse(FilterLogData.INSTANCE.isAllowed("{'host':'host2', 'type':'configured_log_file2', 'level':'DEBUG'}",
+ inputMarkerService));
}
@Test
public void testLogConfigHandler_overridenConfiguredDataExpired() throws Exception {
- assertFalse(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file3', 'level':'DEBUG'}"));
+ assertFalse(FilterLogData.INSTANCE.isAllowed("{'host':'host1', 'type':'configured_log_file3', 'level':'DEBUG'}",
+ inputMarkerService));
}
@AfterClass
http://git-wip-us.apache.org/repos/asf/ambari/blob/875581b8/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/output/OutputManagerTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/output/OutputManagerTest.java b/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/output/OutputManagerTest.java
index e103346..a080fa8 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/output/OutputManagerTest.java
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/output/OutputManagerTest.java
@@ -102,6 +102,7 @@ public class OutputManagerTest {
expect(mockInput.getContextFields()).andReturn(Collections.<String, String> emptyMap());
expect(mockInput.isUseEventMD5()).andReturn(false);
expect(mockInput.isGenEventMD5()).andReturn(false);
+ expect(mockInput.getConfigs()).andReturn(Collections.<String, Object> emptyMap());
expect(mockInput.getOutputList()).andReturn(Arrays.asList(output1, output2, output3));
output1.write(jsonObj, inputMarker); expectLastCall();
@@ -131,6 +132,7 @@ public class OutputManagerTest {
Output output2 = strictMock(Output.class);
Output output3 = strictMock(Output.class);
+ expect(mockInput.getConfigs()).andReturn(Collections.<String, Object> emptyMap());
expect(mockInput.getOutputList()).andReturn(Arrays.asList(output1, output2, output3));
output1.write(jsonString, inputMarker); expectLastCall();
[2/5] ambari git commit: AMBARI-18348. Ranger audit log collection is
not used in Log Search (Miklos Gergely via oleewere)
Posted by ol...@apache.org.
AMBARI-18348. Ranger audit log collection is not used in Log Search (Miklos Gergely via oleewere)
Change-Id: I50b4c2c375d1657d620cfd1cab30943688ef079a
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d964480c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d964480c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d964480c
Branch: refs/heads/branch-dev-logsearch
Commit: d964480cc1efb804f71654559b6b70b115b82cf3
Parents: bc327fb
Author: Miklos Gergely <mg...@hortonworks.com>
Authored: Mon Oct 3 16:13:08 2016 +0200
Committer: oleewere <ol...@gmail.com>
Committed: Mon Oct 3 16:13:08 2016 +0200
----------------------------------------------------------------------
.../ambari/logfeeder/filter/FilterKeyValue.java | 41 +++-
.../logfeeder/filter/FilterKeyValueTest.java | 29 ++-
.../configuration/logsearch-properties.xml | 19 +-
.../LOGSEARCH/0.5.0/package/scripts/params.py | 5 +
.../0.5.0/package/scripts/setup_logsearch.py | 19 +-
.../templates/input.config-ambari.json.j2 | 235 ++++++++++++++++++-
.../test/python/stacks/2.4/configs/default.json | 2 +
ambari-web/app/data/HDP2/site_properties.js | 22 +-
8 files changed, 339 insertions(+), 33 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/filter/FilterKeyValue.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/filter/FilterKeyValue.java b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/filter/FilterKeyValue.java
index c9c3f2c..5bb15ff 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/filter/FilterKeyValue.java
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/src/main/java/org/apache/ambari/logfeeder/filter/FilterKeyValue.java
@@ -21,7 +21,7 @@ package org.apache.ambari.logfeeder.filter;
import java.util.List;
import java.util.Map;
-import java.util.StringTokenizer;
+import java.util.regex.Pattern;
import org.apache.ambari.logfeeder.common.LogfeederException;
import org.apache.ambari.logfeeder.input.InputMarker;
@@ -37,7 +37,8 @@ public class FilterKeyValue extends Filter {
private String sourceField = null;
private String valueSplit = "=";
private String fieldSplit = "\t";
-
+ private String valueBorders = null;
+
private MetricData errorMetric = new MetricData("filter.error.keyvalue", false);
@Override
@@ -47,6 +48,7 @@ public class FilterKeyValue extends Filter {
sourceField = getStringValue("source_field");
valueSplit = getStringValue("value_split", valueSplit);
fieldSplit = getStringValue("field_split", fieldSplit);
+ valueBorders = getStringValue("value_borders");
LOG.info("init() done. source_field=" + sourceField + ", value_split=" + valueSplit + ", " + ", field_split=" +
fieldSplit + ", " + getShortDescription());
@@ -68,18 +70,16 @@ public class FilterKeyValue extends Filter {
}
Object valueObj = jsonObj.get(sourceField);
if (valueObj != null) {
- StringTokenizer fieldTokenizer = new StringTokenizer(valueObj.toString(), fieldSplit);
- while (fieldTokenizer.hasMoreTokens()) {
- String nv = fieldTokenizer.nextToken();
- StringTokenizer nvTokenizer = new StringTokenizer(nv, valueSplit);
- while (nvTokenizer.hasMoreTokens()) {
- String name = nvTokenizer.nextToken();
- if (nvTokenizer.hasMoreTokens()) {
- String value = nvTokenizer.nextToken();
+ String splitPattern = Pattern.quote(fieldSplit);
+ String[] tokens = valueObj.toString().split(splitPattern);
+ for (String nv : tokens) {
+ String[] nameValue = getNameValue(nv);
+ String name = nameValue != null && nameValue.length == 2 ? nameValue[0] : null;
+ String value = nameValue != null && nameValue.length == 2 ? nameValue[1] : null;
+ if (name != null && value != null) {
jsonObj.put(name, value);
- } else {
- logParseError("name=" + name + ", pair=" + nv + ", field=" + sourceField + ", field_value=" + valueObj);
- }
+ } else {
+ logParseError("name=" + name + ", pair=" + nv + ", field=" + sourceField + ", field_value=" + valueObj);
}
}
}
@@ -87,6 +87,21 @@ public class FilterKeyValue extends Filter {
statMetric.value++;
}
+ private String[] getNameValue(String nv) {
+ if (valueBorders != null) {
+ if (nv.charAt(nv.length() - 1) == valueBorders.charAt(1)) {
+ String splitPattern = Pattern.quote("" + valueBorders.charAt(0));
+ return nv.substring(0, nv.length() - 1).split(splitPattern);
+ } else {
+ return null;
+ }
+ }
+ else {
+ String splitPattern = Pattern.quote(valueSplit);
+ return nv.split(splitPattern);
+ }
+ }
+
private void logParseError(String inputStr) {
errorMetric.value++;
String logMessageKey = this.getClass().getSimpleName() + "_PARSEERROR";
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/filter/FilterKeyValueTest.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/filter/FilterKeyValueTest.java b/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/filter/FilterKeyValueTest.java
index 30cee42..05647e6 100644
--- a/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/filter/FilterKeyValueTest.java
+++ b/ambari-logsearch/ambari-logsearch-logfeeder/src/test/java/org/apache/ambari/logfeeder/filter/FilterKeyValueTest.java
@@ -1,4 +1,4 @@
-/*
+/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -21,8 +21,8 @@ package org.apache.ambari.logfeeder.filter;
import java.util.HashMap;
import java.util.Map;
-import org.apache.ambari.logfeeder.input.InputMarker;
import org.apache.ambari.logfeeder.output.OutputManager;
+import org.apache.ambari.logfeeder.input.InputMarker;
import org.apache.log4j.Logger;
import org.easymock.Capture;
import org.easymock.CaptureType;
@@ -77,6 +77,31 @@ public class FilterKeyValueTest {
}
@Test
+ public void testFilterKeyValue_extractionWithBorders() throws Exception {
+ LOG.info("testFilterKeyValue_extractionWithBorders()");
+
+ Map<String, Object> config = new HashMap<String, Object>();
+ config.put("source_field", "keyValueField");
+ config.put("field_split", "&");
+ config.put("value_borders", "()");
+ init(config);
+
+ mockOutputManager.write(EasyMock.capture(capture), EasyMock.anyObject(InputMarker.class));
+ EasyMock.expectLastCall();
+ EasyMock.replay(mockOutputManager);
+
+ filterKeyValue.apply("{ keyValueField: 'name1(value1)&name2(value2)' }", new InputMarker(null, null, 0));
+
+ EasyMock.verify(mockOutputManager);
+ Map<String, Object> jsonParams = capture.getValue();
+
+ assertEquals("Original missing!", "name1(value1)&name2(value2)", jsonParams.remove("keyValueField"));
+ assertEquals("Incorrect extraction: name1", "value1", jsonParams.remove("name1"));
+ assertEquals("Incorrect extraction: name2", "value2", jsonParams.remove("name2"));
+ assertTrue("jsonParams are not empty!", jsonParams.isEmpty());
+ }
+
+ @Test
public void testFilterKeyValue_missingSourceField() throws Exception {
LOG.info("testFilterKeyValue_missingSourceField()");
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
index e521c8e..febeffd 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
@@ -113,6 +113,23 @@
<on-ambari-upgrade add="true"/>
</property>
<property>
+ <name>logsearch.solr.audit.logs.use.ranger</name>
+ <value>false</value>
+ <display-name>Ranger Audit Logs Enabled</display-name>
+ <description>Use Ranger Audit collection. This is supported only if Ranger Solr is installed in SolrCloud mode</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>logsearch.ranger.audit.logs.collection.name</name>
+ <value>ranger_audits</value>
+ <display-name>Log Search Solr Ranger Audit Logs Collection</display-name>
+ <description>Name for the ranger audit logs collection</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
<name>logsearch.logfeeder.include.default.level</name>
<value>FATAL,ERROR,WARN</value>
<description>Include default Log Feeder Log Levels for Log Search. Used for bootstrapping the configuration only. (levels: FATAL,ERROR,WARN,INFO,DEBUG,TRACE)</description>
@@ -133,7 +150,7 @@
<on-ambari-upgrade add="true"/>
</property>
<property>
- <name>logsearch.auth.external_auth.enable</name>
+ <name>logsearch.auth.external_auth.enabled</name>
<value>true</value>
<display-name>External authentication</display-name>
<description>Enable external authentication</description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
index 8b0ce75..7200d7b 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
@@ -205,6 +205,11 @@ logsearch_properties['logsearch.solr.collection.history'] = 'history'
logsearch_properties['logsearch.solr.history.config.name'] = 'history'
logsearch_properties['logsearch.collection.history.replication.factor'] = '1'
+if logsearch_properties['logsearch.solr.audit.logs.use.ranger'] == 'false':
+ del logsearch_properties['logsearch.ranger.audit.logs.collection.name']
+
+del logsearch_properties['logsearch.solr.audit.logs.use.ranger']
+
logsearch_properties['logsearch.solr.metrics.collector.hosts'] = format(logsearch_properties['logsearch.solr.metrics.collector.hosts'])
logsearch_properties['logsearch.solr.jmx.port'] = infra_solr_jmx_port
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py
index 8d84093..6c1a936 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/setup_logsearch.py
@@ -38,13 +38,14 @@ def setup_logsearch():
)
Directory([params.logsearch_dir, params.logsearch_server_conf, params.logsearch_config_set_dir],
- mode=0755,
- cd_access='a',
- owner=params.logsearch_user,
- group=params.user_group,
- create_parents=True,
- recursive_ownership=True
- )
+ mode=0755,
+ cd_access='a',
+ owner=params.logsearch_user,
+ group=params.user_group,
+ create_parents=True,
+ recursive_ownership=True
+ )
+
File(params.logsearch_log,
mode=0644,
owner=params.logsearch_user,
@@ -53,8 +54,8 @@ def setup_logsearch():
)
PropertiesFile(format("{logsearch_server_conf}/logsearch.properties"),
- properties=params.logsearch_properties
- )
+ properties=params.logsearch_properties
+ )
File(format("{logsearch_server_conf}/HadoopServiceConfig.json"),
content=Template("HadoopServiceConfig.json.j2"),
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-ambari.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-ambari.json.j2 b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-ambari.json.j2
index 34f4b30..e2646ff 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-ambari.json.j2
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/input.config-ambari.json.j2
@@ -52,8 +52,12 @@
},
{
"type":"ambari_audit",
- "rowtype":"service",
+ "rowtype":"audit",
"add_fields":{
+ "logType":"AmbariAudit",
+ "enforcer":"ambari-acl",
+ "repoType":"1",
+ "repo":"ambari",
"level":"INFO"
},
"path":"{{ambari_server_log_dir}}/ambari-audit.log"
@@ -237,10 +241,10 @@
},
"log4j_format":"%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n",
- "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
- "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime},%{SPACE}%{GREEDYDATA:log_message}",
+ "multiline_pattern":"^(%{TIMESTAMP_ISO8601:evtTime})",
+ "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:evtTime},%{SPACE}%{GREEDYDATA:log_message}",
"post_map_values":{
- "logtime":{
+ "evtTime":{
"map_date":{
"target_date_pattern":"yyyy-MM-dd'T'HH:mm:ss.SSSXX"
}
@@ -249,6 +253,229 @@
}
+ },
+ {
+ "filter":"keyvalue",
+ "sort_order":1,
+ "conditions":{
+ "fields":{
+ "type":[
+ "ambari_audit"
+ ]
+
+ }
+
+ },
+ "source_field":"log_message",
+ "field_split":", ",
+ "value_borders":"()",
+ "post_map_values":{
+ "User":{
+ "map_fieldname":{
+ "new_fieldname":"reqUser"
+ }
+ },
+ "Hostname":{
+ "map_fieldname":{
+ "new_fieldname":"host"
+ }
+ },
+ "RemoteIp":{
+ "map_fieldname":{
+ "new_fieldname":"cliIP"
+ }
+ },
+ "RequestType":{
+ "map_fieldname":{
+ "new_fieldname":"cliType"
+ }
+ },
+ "RequestId":{
+ "map_fieldname":{
+ "new_fieldname":"request_id"
+ }
+ },
+ "TaskId":{
+ "map_fieldname":{
+ "new_fieldname":"task_id"
+ }
+ },
+ "Operation":{
+ "map_fieldname":{
+ "new_fieldname":"action"
+ }
+ },
+ "url":{
+ "map_fieldname":{
+ "new_fieldname":"resource"
+ }
+ },
+ "ResourcePath":{
+ "map_fieldname":{
+ "new_fieldname":"resource"
+ }
+ },
+ "Status":[
+ {
+ "map_fieldvalue":{
+ "pre_value":"Success",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"Successfully queued",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"QUEUED",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"PENDING",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"COMPLETED",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"IN_PROGRESS",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"Failed",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"Failed to queue",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"HOLDING",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"HOLDING_FAILED",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"HOLDING_TIMEDOUT",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"FAILED",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"TIMEDOUT",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"ABORTED",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"SKIPPED_FAILED",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldname":{
+ "new_fieldname":"result"
+ }
+ }
+ ],
+ "ResultStatus":[
+ {
+ "map_fieldvalue":{
+ "pre_value":"200 OK",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"201 Created",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"202 Accepted",
+ "post_value":"1"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"400 Bad Request",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"401 Unauthorized",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"403 Forbidden",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"404 Not Found",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"409 Resource Conflict",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldvalue":{
+ "pre_value":"500 Internal Server Error",
+ "post_value":"0"
+ }
+ },
+ {
+ "map_fieldname":{
+ "new_fieldname":"result"
+ }
+ }
+ ]
+
+ }
+
}
]
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-server/src/test/python/stacks/2.4/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.4/configs/default.json b/ambari-server/src/test/python/stacks/2.4/configs/default.json
index 8ac6fa7..1ebbda9 100644
--- a/ambari-server/src/test/python/stacks/2.4/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.4/configs/default.json
@@ -289,6 +289,8 @@
"logsearch.collection.service.logs.replication.factor": "1",
"logsearch.collection.audit.logs.numshards": "10",
"logsearch.collection.audit.logs.replication.factor": "1",
+ "logsearch.solr.audit.logs.use.ranger": "false",
+ "logsearch.ranger.audit.logs.collection.name": "ranger_audits",
"logsearch.solr.metrics.collector.hosts" : "{metrics_collector_hosts}",
"logsearch.auth.external_auth.enabled" : "false",
"logsearch.auth.external_auth.host_url" : "{ambari_server_auth_host_url}",
http://git-wip-us.apache.org/repos/asf/ambari/blob/d964480c/ambari-web/app/data/HDP2/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2/site_properties.js b/ambari-web/app/data/HDP2/site_properties.js
index 9311e75..fac40c4 100644
--- a/ambari-web/app/data/HDP2/site_properties.js
+++ b/ambari-web/app/data/HDP2/site_properties.js
@@ -2208,33 +2208,47 @@ var hdp2properties = [
"index": 5
},
{
- "name": "logsearch.solr.metrics.collector.hosts",
+ "name": "logsearch.solr.audit.logs.use.ranger",
"serviceName": "LOGSEARCH",
"filename": "logsearch-properties.xml",
"category": "Advanced logsearch-properties",
"index": 6
},
{
- "name": "logsearch.auth.external_auth.enable",
+ "name": "logsearch.ranger.audit.logs.collection.name",
"serviceName": "LOGSEARCH",
"filename": "logsearch-properties.xml",
"category": "Advanced logsearch-properties",
"index": 7
},
{
- "name": "logsearch.auth.external_auth.host_url",
+ "name": "logsearch.solr.metrics.collector.hosts",
"serviceName": "LOGSEARCH",
"filename": "logsearch-properties.xml",
"category": "Advanced logsearch-properties",
"index": 8
},
{
- "name": "logsearch.auth.external_auth.login_url",
+ "name": "logsearch.auth.external_auth.enable",
"serviceName": "LOGSEARCH",
"filename": "logsearch-properties.xml",
"category": "Advanced logsearch-properties",
"index": 9
},
+ {
+ "name": "logsearch.auth.external_auth.host_url",
+ "serviceName": "LOGSEARCH",
+ "filename": "logsearch-properties.xml",
+ "category": "Advanced logsearch-properties",
+ "index": 10
+ },
+ {
+ "name": "logsearch.auth.external_auth.login_url",
+ "serviceName": "LOGSEARCH",
+ "filename": "logsearch-properties.xml",
+ "category": "Advanced logsearch-properties",
+ "index": 11
+ },
/*infra-solr-client-log4j*/
{
"name": "infra_solr_client_log_dir",