You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2014/12/18 23:49:19 UTC
ambari git commit: AMBARI-8801. Kerberos Wizard: Component identity
principal having value should not be made observable on parent stack identity
principal value.
Repository: ambari
Updated Branches:
refs/heads/trunk 1f8e6d83f -> 60c9f8c82
AMBARI-8801. Kerberos Wizard: Component identity principal having value should not be made observable on parent stack identity principal value.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/60c9f8c8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/60c9f8c8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/60c9f8c8
Branch: refs/heads/trunk
Commit: 60c9f8c82c1715ada544d8ccbbba69db478e1a87
Parents: 1f8e6d8
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Thu Dec 18 14:48:32 2014 -0800
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Thu Dec 18 14:49:04 2014 -0800
----------------------------------------------------------------------
.../data/wizard/kerberos/stack_descriptors.json | 149 ++++++++++++++++--
.../app/mixins/wizard/addSecurityConfigs.js | 52 ++++++-
ambari-web/app/routes/add_kerberos_routes.js | 3 +-
.../mixins/wizard/addSeccurityConfigs_test.js | 94 +++++++++++-
.../test/mock_data_setup/stack_descriptors.js | 150 +++++++++++++++++--
5 files changed, 417 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/60c9f8c8/ambari-web/app/assets/data/wizard/kerberos/stack_descriptors.json
----------------------------------------------------------------------
diff --git a/ambari-web/app/assets/data/wizard/kerberos/stack_descriptors.json b/ambari-web/app/assets/data/wizard/kerberos/stack_descriptors.json
index 3bfdf7a..ff9b669 100644
--- a/ambari-web/app/assets/data/wizard/kerberos/stack_descriptors.json
+++ b/ambari-web/app/assets/data/wizard/kerberos/stack_descriptors.json
@@ -9,19 +9,78 @@
},
"identities": [
{
- "name": "spnego",
- "principal": {
- "value": "HTTP/_HOST@${realm}"
+ "principal" : {
+ "value" : "HTTP/_HOST@${realm}",
+ "configuration" : null
},
- "keytab": {
- "file": "${keytab_dir}/spnego.service.keytab",
- "owner": {
- "name": "root",
- "access": "r"
+ "name" : "spnego",
+ "keytab" : {
+ "file" : "${keytab_dir}/spnego.service.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
},
- "group": {
- "name": "${cluster-env/user_group}",
- "access": "r"
+ "configuration" : null,
+ "group" : {
+ "name" : "${hadoop-env/user_group}",
+ "access" : "r"
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "hdfs@${realm}",
+ "configuration" : "cluster-env/hdfs_principal_name"
+ },
+ "name" : "hdfs",
+ "keytab" : {
+ "file" : "${keytab_dir}/hdfs.headless.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
+ },
+ "configuration" : "hadoop-env/hdfs_user_keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : "r"
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "hbase@${realm}",
+ "configuration" : "hbase-env/hbase_principal_name"
+ },
+ "name" : "hbase",
+ "keytab" : {
+ "file" : "${keytab_dir}/hbase.headless.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
+ },
+ "configuration" : "hbase-env/hbase_user_keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : "r"
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "ambari-qa@${realm}",
+ "configuration" : "cluster-env/smokeuser_principal_name"
+ },
+ "name" : "smokeuser",
+ "keytab" : {
+ "file" : "${keytab_dir}/smokeuser.headless.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
+ },
+ "configuration" : "cluster-env/smokeuser_keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : "r"
}
}
}
@@ -187,6 +246,74 @@
]
}
]
+ },
+ {
+ "name" : "FALCON",
+ "identities" : [
+ {
+ "name" : "/spnego"
+ },
+ {
+ "name" : "/smokeuser"
+ },
+ {
+ "name" : "/hdfs"
+ }
+ ],
+ "configurations" : [
+ {
+ "falcon-startup.properties" : {
+ "*.falcon.http.authentication.type" : "kerberos",
+ "*.falcon.authentication.type" : "kerberos",
+ "*.dfs.namenode.kerberos.principal" : "nn/_HOST@${realm}"
+ }
+ }
+ ],
+ "components" : [
+ {
+ "name" : "FALCON_SERVER",
+ "identities" : [
+ {
+ "principal" : {
+ "value" : "falcon/${host}@${realm}",
+ "configuration" : "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal"
+ },
+ "name" : "falcon_server",
+ "keytab" : {
+ "file" : "${keytab_dir}/falcon.service.keytab",
+ "owner" : {
+ "name" : "${falcon-env/falcon_user}",
+ "access" : "r"
+ },
+ "configuration" : "falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : ""
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "HTTP/${host}@${realm}",
+ "configuration" : "falcon-startup.properties/oozie.authentication.kerberos.principal"
+ },
+ "name" : "/spnego",
+ "keytab" : {
+ "file" : null,
+ "owner" : {
+ "name" : null,
+ "access" : null
+ },
+ "configuration" : "falcon-startup.properties/oozie.authentication.kerberos.keytab",
+ "group" : {
+ "name" : null,
+ "access" : null
+ }
+ }
+ }
+ ]
+ }
+ ]
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/60c9f8c8/ambari-web/app/mixins/wizard/addSecurityConfigs.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/mixins/wizard/addSecurityConfigs.js b/ambari-web/app/mixins/wizard/addSecurityConfigs.js
index 9bf1511..5e741b6 100644
--- a/ambari-web/app/mixins/wizard/addSecurityConfigs.js
+++ b/ambari-web/app/mixins/wizard/addSecurityConfigs.js
@@ -422,6 +422,7 @@ App.AddSecurityConfigs = Em.Mixin.create({
});
// unite cluster and service configs
configs = configs.concat(clusterConfigs);
+ self.processConfigReferences(kerberosDescriptor, configs);
// return configs with uniq names
return configs.reduce(function(p,c) {
if (!p.findProperty('name', c.get('name'))) p.push(c);
@@ -448,9 +449,7 @@ App.AddSecurityConfigs = Em.Mixin.create({
componentName: componentName,
name: identity.name
};
- if (identity.name == '/spnego') {
- defaultObject.isEditable = false;
- }
+
self.parseIdentityObject(identity).forEach(function(item) {
configs.push(App.ServiceConfigProperty.create($.extend({}, defaultObject, item)));
});
@@ -473,8 +472,15 @@ App.AddSecurityConfigs = Em.Mixin.create({
keys.forEach(function(item) {
var configObject = {};
var prop = identity[item];
- if (name == '/spnego') configObject.observesValueFrom = 'spnego_' + item;
- configObject.defaultValue = configObject.value = item == 'principal' ? prop.value : prop.file;
+ var itemValue = prop[{keytab: 'file', principal: 'value'}[item]];
+ // skip inherited property without `configuration` and `keytab` or `file` values
+ if (!prop.configuration && !itemValue) return;
+ // inherited property with value should not observe value from reference
+ if (name.startsWith('/') && !itemValue) {
+ configObject.referenceProperty = name.substring(1) + ':' + item;
+ configObject.isEditable = false;
+ }
+ configObject.defaultValue = configObject.value = itemValue;
configObject.filename = prop.configuration ? prop.configuration.split('/')[0] : 'cluster-env';
configObject.name = configObject.displayName = prop.configuration ? prop.configuration.split('/')[1] : name + '_' + item;
result.push(configObject);
@@ -508,6 +514,42 @@ App.AddSecurityConfigs = Em.Mixin.create({
return configs;
},
+
+ /**
+ * Take care about configs that should observe value from referenced configs.
+ * Reference is set with `referenceProperty` key.
+ *
+ * @param {object[]} kerberosDescriptor
+ * @param {App.ServiceConfigProperty[]} configs
+ */
+ processConfigReferences: function(kerberosDescriptor, configs) {
+ var identities = kerberosDescriptor.identities;
+ identities = identities.concat(kerberosDescriptor.services.map(function(service) {
+ var _identities = service.identities || [];
+ if (service.components && !!service.components.length) {
+ identities = identities.concat(service.components.mapProperty('identities').reduce(function(p, c) {
+ return p.concat(c);
+ }, []));
+ return identities;
+ }
+ }).reduce(function(p, c) {
+ return p.concat(c);
+ }, []));
+ // clean up array
+ identities = identities.compact().without(undefined);
+ configs.forEach(function(item) {
+ var reference = item.get('referenceProperty');
+ if (!!reference) {
+ var identity = identities.findProperty('name', reference.split(':')[0])[reference.split(':')[1]];
+ if (identity && !!identity.configuration) {
+ item.set('observesValueFrom', identity.configuration.split('/')[1]);
+ } else {
+ item.set('observesValueFrom', reference.replace(':', '_'));
+ }
+ }
+ });
+ },
+
/**
* update the kerberos descriptor to be put on cluster resource with user customizations
* @param kerberosDescriptor {Object}
http://git-wip-us.apache.org/repos/asf/ambari/blob/60c9f8c8/ambari-web/app/routes/add_kerberos_routes.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/routes/add_kerberos_routes.js b/ambari-web/app/routes/add_kerberos_routes.js
index 1697209..7241268 100644
--- a/ambari-web/app/routes/add_kerberos_routes.js
+++ b/ambari-web/app/routes/add_kerberos_routes.js
@@ -171,9 +171,10 @@ module.exports = App.WizardRoute.extend({
console.log('in kerberosWizardController.step4:connectOutlets');
var controller = router.get('kerberosWizardController');
var step4Controller = router.get('kerberosWizardStep4Controller');
+ controller.setCurrentStep(4);
controller.dataLoading().done(function () {
controller.loadAllPriorSteps();
- controller.setCurrentStep(4);
+ controller.setLowerStepsDisable(4);
step4Controller.set('wizardController', controller);
controller.connectOutlet('kerberosWizardStep4', controller.get('content'));
});
http://git-wip-us.apache.org/repos/asf/ambari/blob/60c9f8c8/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
----------------------------------------------------------------------
diff --git a/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js b/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
index 2cf1768..c327d97 100644
--- a/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
+++ b/ambari-web/test/mixins/wizard/addSeccurityConfigs_test.js
@@ -340,6 +340,24 @@ describe('App.AddSecurityConfigs', function () {
{ key: 'value', value: '${keytab_dir}/spnego.service.keytab' },
{ key: 'serviceName', value: 'Cluster' },
]
+ },
+ // principal name inherited from /spnego with predefined value
+ {
+ property: 'oozie.authentication.kerberos.principal',
+ e: [
+ { key: 'value', value: 'HTTP/${host}@${realm}' },
+ { key: 'isEditable', value: true },
+ ]
+ },
+ // keytab inherited from /spnego without predefined file value
+ {
+ property: 'oozie.authentication.kerberos.keytab',
+ e: [
+ { key: 'value', value: null },
+ { key: 'isEditable', value: false },
+ { key: 'referenceProperty', value: 'spnego:keytab' },
+ { key: 'observesValueFrom', value: 'spnego_keytab' }
+ ]
}
];
@@ -401,7 +419,7 @@ describe('App.AddSecurityConfigs', function () {
{
property: 'dfs.web.authentication.kerberos.principal',
e: [
- { key: 'observesValueFrom', value: 'spnego_principal' },
+ { key: 'referenceProperty', value: 'spnego:principal' },
{ key: 'isEditable', value: false }
]
}
@@ -489,5 +507,77 @@ describe('App.AddSecurityConfigs', function () {
});
});
});
-
+
+ describe('#processConfigReferences', function() {
+ var generateProperty = function(name, reference) {
+ return Em.Object.create({ name: name, referenceProperty: reference});
+ };
+ var descriptor = {
+ identities: [
+ { name: 'spnego', principal: { value: 'spnego_value' }, keytab: { file: 'spnego_file'} },
+ { name: 'hdfs',
+ principal: { value: 'hdfs_value', configuration: "hadoop-env/hdfs_user_principal_name" },
+ keytab: { file: 'hdfs_file', configuration: "hadoop-env/hdfs_user_keytab"} }
+ ],
+ services: [
+ {
+ name: 'SERVICE',
+ identities: [
+ { name: '/spnego' },
+ { name: '/hdfs' }
+ ]
+ },
+ {
+ name: 'SERVICE2',
+ components: [
+ {
+ name: 'COMPONENT',
+ identities: [
+ {
+ name: 'component_prop1',
+ keytab: { configuration: 'service2-site/component.keytab' },
+ principal: { configuration: null }
+ },
+ {
+ name: 'component_prop2',
+ keytab: { configuration: 'service2-site/component2.keytab' },
+ principal: { configuration: 'service2-site/component2.principal' }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ };
+ var configs = Em.A([
+ generateProperty('spnego_inherited_keytab', 'spnego:keytab'),
+ generateProperty('spnego_inherited_principal', 'spnego:principal'),
+ generateProperty('hdfs_inherited_keytab', 'hdfs:keytab'),
+ generateProperty('hdfs_inherited_principal', 'hdfs:principal'),
+ generateProperty('component_prop1_inherited_principal', 'component_prop1:principal'),
+ generateProperty('component_prop1_inherited_keytab', 'component_prop1:keytab'),
+ generateProperty('component_prop2_inherited_keytab', 'component_prop2:keytab'),
+ generateProperty('component_prop2_inherited_principal', 'component_prop2:principal'),
+ ]);
+ var tests = [
+ { name: 'spnego_inherited_keytab', e: 'spnego_keytab' },
+ { name: 'spnego_inherited_principal', e: 'spnego_principal' },
+ { name: 'hdfs_inherited_keytab', e: 'hdfs_user_keytab' },
+ { name: 'hdfs_inherited_principal', e: 'hdfs_user_principal_name' },
+ { name: 'component_prop1_inherited_keytab', e: 'component.keytab' },
+ { name: 'component_prop1_inherited_principal', e: 'component_prop1_principal' },
+ { name: 'component_prop2_inherited_keytab', e: 'component2.keytab' },
+ { name: 'component_prop2_inherited_principal', e: 'component2.principal' }
+ ];
+ before(function() {
+ controller.processConfigReferences(descriptor, configs);
+ });
+
+ tests.forEach(function(test) {
+ it('`{0}` should observe value from `{1}` property'.format(test.name, test.e), function() {
+ expect(configs.findProperty('name', test.name).get('observesValueFrom')).to.be.eql(test.e);
+ });
+ });
+ });
+
});
http://git-wip-us.apache.org/repos/asf/ambari/blob/60c9f8c8/ambari-web/test/mock_data_setup/stack_descriptors.js
----------------------------------------------------------------------
diff --git a/ambari-web/test/mock_data_setup/stack_descriptors.js b/ambari-web/test/mock_data_setup/stack_descriptors.js
index 3e92a20..989d728 100644
--- a/ambari-web/test/mock_data_setup/stack_descriptors.js
+++ b/ambari-web/test/mock_data_setup/stack_descriptors.js
@@ -17,7 +17,6 @@
*/
module.exports = {
- "href": "http://162.216.148.139:8080/api/v1/stacks/HDP/versions/2.2?fields=Versions/kerberos_descriptor",
"Versions": {
"stack_name": "HDP",
"stack_version": "2.2",
@@ -28,19 +27,78 @@ module.exports = {
},
"identities": [
{
- "name": "spnego",
- "principal": {
- "value": "HTTP/_HOST@${realm}"
+ "principal" : {
+ "value" : "HTTP/_HOST@${realm}",
+ "configuration" : null
},
- "keytab": {
- "file": "${keytab_dir}/spnego.service.keytab",
- "owner": {
- "name": "root",
- "access": "r"
+ "name" : "spnego",
+ "keytab" : {
+ "file" : "${keytab_dir}/spnego.service.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
},
- "group": {
- "name": "${cluster-env/user_group}",
- "access": "r"
+ "configuration" : null,
+ "group" : {
+ "name" : "${hadoop-env/user_group}",
+ "access" : "r"
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "hdfs@${realm}",
+ "configuration" : "cluster-env/hdfs_principal_name"
+ },
+ "name" : "hdfs",
+ "keytab" : {
+ "file" : "${keytab_dir}/hdfs.headless.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
+ },
+ "configuration" : "hadoop-env/hdfs_user_keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : "r"
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "hbase@${realm}",
+ "configuration" : "hbase-env/hbase_principal_name"
+ },
+ "name" : "hbase",
+ "keytab" : {
+ "file" : "${keytab_dir}/hbase.headless.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
+ },
+ "configuration" : "hbase-env/hbase_user_keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : "r"
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "ambari-qa@${realm}",
+ "configuration" : "cluster-env/smokeuser_principal_name"
+ },
+ "name" : "smokeuser",
+ "keytab" : {
+ "file" : "${keytab_dir}/smokeuser.headless.keytab",
+ "owner" : {
+ "name" : "root",
+ "access" : "r"
+ },
+ "configuration" : "cluster-env/smokeuser_keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : "r"
}
}
}
@@ -206,6 +264,74 @@ module.exports = {
]
}
]
+ },
+ {
+ "name" : "FALCON",
+ "identities" : [
+ {
+ "name" : "/spnego"
+ },
+ {
+ "name" : "/smokeuser"
+ },
+ {
+ "name" : "/hdfs"
+ }
+ ],
+ "configurations" : [
+ {
+ "falcon-startup.properties" : {
+ "*.falcon.http.authentication.type" : "kerberos",
+ "*.falcon.authentication.type" : "kerberos",
+ "*.dfs.namenode.kerberos.principal" : "nn/_HOST@${realm}"
+ }
+ }
+ ],
+ "components" : [
+ {
+ "name" : "FALCON_SERVER",
+ "identities" : [
+ {
+ "principal" : {
+ "value" : "falcon/${host}@${realm}",
+ "configuration" : "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal"
+ },
+ "name" : "falcon_server",
+ "keytab" : {
+ "file" : "${keytab_dir}/falcon.service.keytab",
+ "owner" : {
+ "name" : "${falcon-env/falcon_user}",
+ "access" : "r"
+ },
+ "configuration" : "falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab",
+ "group" : {
+ "name" : "${cluster-env/user_group}",
+ "access" : ""
+ }
+ }
+ },
+ {
+ "principal" : {
+ "value" : "HTTP/${host}@${realm}",
+ "configuration" : "falcon-startup.properties/oozie.authentication.kerberos.principal"
+ },
+ "name" : "/spnego",
+ "keytab" : {
+ "file" : null,
+ "owner" : {
+ "name" : null,
+ "access" : null
+ },
+ "configuration" : "falcon-startup.properties/oozie.authentication.kerberos.keytab",
+ "group" : {
+ "name" : null,
+ "access" : null
+ }
+ }
+ }
+ ]
+ }
+ ]
}
]
}