You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by lp...@apache.org on 2017/10/26 09:31:57 UTC
[43/71] [abbrv] ambari git commit: AMBARI-21307 Groups for the test
user returned to the caller
AMBARI-21307 Groups for the test user returned to the caller
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c659b9e0
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c659b9e0
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c659b9e0
Branch: refs/heads/feature-branch-AMBARI-21307
Commit: c659b9e09fe656b6c9085a8634457f6e8a288c12
Parents: 7c2ceaa
Author: lpuskas <lp...@apache.org>
Authored: Tue Aug 8 15:50:29 2017 +0200
Committer: lpuskas <lp...@apache.org>
Committed: Thu Oct 26 11:28:47 2017 +0200
----------------------------------------------------------------------
.../api/services/ldap/LdapRestService.java | 16 +++++-
.../server/ldap/AmbariLdapConfiguration.java | 2 +-
.../apache/ambari/server/ldap/LdapModule.java | 3 +
.../server/ldap/service/AmbariLdapFacade.java | 3 +-
.../ambari/server/ldap/service/LdapFacade.java | 3 +-
...efaultLdapConfigurationValidatorService.java | 25 ++++++---
.../ad/DefaultLdapConnectionService.java | 2 +-
...ltLdapConfigurationValidatorServiceTest.java | 59 +++-----------------
8 files changed, 49 insertions(+), 64 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java
index 33b10fa..8578204 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java
@@ -28,6 +28,8 @@
package org.apache.ambari.server.api.services.ldap;
+import java.util.Set;
+
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
@@ -41,12 +43,16 @@ import org.apache.ambari.server.api.services.BaseService;
import org.apache.ambari.server.api.services.Result;
import org.apache.ambari.server.api.services.ResultImpl;
import org.apache.ambari.server.api.services.ResultStatus;
+import org.apache.ambari.server.controller.internal.ResourceImpl;
+import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
import org.apache.ambari.server.ldap.LdapConfigurationFactory;
import org.apache.ambari.server.ldap.service.LdapFacade;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.collect.Sets;
+
/**
* Endpoint designated to LDAP specific operations.
*/
@@ -68,6 +74,8 @@ public class LdapRestService extends BaseService {
@Consumes(MediaType.APPLICATION_JSON)
public Response validateConfiguration(LdapCheckConfigurationRequest ldapCheckConfigurationRequest) {
+ Set<String> groups = Sets.newHashSet();
+
Result result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.OK));
try {
@@ -86,7 +94,11 @@ public class LdapRestService extends BaseService {
case "test-attributes":
LOGGER.info("Testing LDAP attributes ....");
- ldapFacade.checkLdapAttibutes(ldapCheckConfigurationRequest.getRequestInfo().getParameters(), ambariLdapConfiguration);
+ groups = ldapFacade.checkLdapAttibutes(ldapCheckConfigurationRequest.getRequestInfo().getParameters(), ambariLdapConfiguration);
+ // todo factor out the resource creation, design better the structure in the response
+ Resource resource = new ResourceImpl(Resource.Type.AmbariConfiguration);
+ resource.setProperty("groups", groups);
+ result.getResultTree().addChild(resource, "payload");
break;
case "detect-attributes":
@@ -101,7 +113,7 @@ public class LdapRestService extends BaseService {
}
} catch (Exception e) {
- result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e));
+ result.setResultStatus(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e));
}
return Response.status(result.getStatus().getStatusCode()).entity(getResultSerializer().serialize(result)).build();
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
index a6ff80b..8ab587b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java
@@ -48,7 +48,7 @@ public class AmbariLdapConfiguration {
MANAGER_PASSWORD("ambari.ldap.managerpassword"),
USER_OBJECT_CLASS("ambari.ldap.user.object.class"),
USER_NAME_ATTRIBUTE("ambari.ldap.user.name.attribute"),
- USER_SEARCH_BASE("ambari.ldap.user.search.Base"),
+ USER_SEARCH_BASE("ambari.ldap.user.search.base"),
GROUP_OBJECT_CLASS("ambari.ldap.group.object.class"),
GROUP_NAME_ATTRIBUTE("ambari.ldap.group.name.attribute"),
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
index 545f220..1b49159 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java
@@ -16,8 +16,10 @@
package org.apache.ambari.server.ldap;
import org.apache.ambari.server.ldap.service.AmbariLdapFacade;
+import org.apache.ambari.server.ldap.service.LdapConnectionService;
import org.apache.ambari.server.ldap.service.LdapFacade;
import org.apache.ambari.server.ldap.service.ad.DefaultLdapConfigurationValidatorService;
+import org.apache.ambari.server.ldap.service.ad.DefaultLdapConnectionService;
import com.google.inject.AbstractModule;
import com.google.inject.assistedinject.FactoryModuleBuilder;
@@ -31,6 +33,7 @@ public class LdapModule extends AbstractModule {
protected void configure() {
bind(LdapFacade.class).to(AmbariLdapFacade.class);
bind(LdapConfigurationValidatorService.class).to(DefaultLdapConfigurationValidatorService.class);
+ bind(LdapConnectionService.class).to(DefaultLdapConnectionService.class);
install(new FactoryModuleBuilder().build(LdapConfigurationFactory.class));
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
index abb464b..eec47ce 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java
@@ -79,7 +79,7 @@ public class AmbariLdapFacade implements LdapFacade {
}
@Override
- public void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariLdapException {
+ public Set<String> checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariLdapException {
String userName = getTestUserNameFromParameters(parameters);
String testUserPass = getTestUserPasswordFromParameters(parameters);
@@ -95,6 +95,7 @@ public class AmbariLdapFacade implements LdapFacade {
LOGGER.info("Testing LDAP group attributes with test user dn: {}", userDn);
Set<String> groups = ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, userDn, ldapConfiguration);
+ return groups;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
index 7bb1198..eadff7d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java
@@ -15,6 +15,7 @@
package org.apache.ambari.server.ldap.service;
import java.util.Map;
+import java.util.Set;
import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
@@ -47,5 +48,5 @@ public interface LdapFacade {
* @param ambariLdapConfiguration configutration instance with available attributes
* @throws AmbariLdapException if the attribute checking fails
*/
- void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
+ Set<String> checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
index 838ef4c..a8503ca 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java
@@ -37,7 +37,6 @@ import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.ldap.client.api.search.FilterBuilder;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.slf4j.Logger;
@@ -84,18 +83,18 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati
* @param testUserName the test username
* @param testPassword the test password
* @param ambariLdapConfiguration configuration instance holding ldap configuration details
+ * @return the DN of the test user
* @throws AmbariException if the attributes are not valid or any errors occurs
*/
@Override
public String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException {
- LdapNetworkConnection connection = null;
SearchCursor searchCursor = null;
String userDn = null;
try {
LOGGER.info("Checking user attributes for user {} r ...", testUserName);
// bind anonimously or with manager data
- bind(ambariLdapConfiguration, connection);
+ bind(ambariLdapConfiguration, ldapConnection);
// set up a filter based on the provided attributes
String filter = FilterBuilder.and(
@@ -104,7 +103,7 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati
.toString();
LOGGER.info("Searching for the user: {} using the search filter: {}", testUserName, filter);
- EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.userSearchBase()), filter, SearchScope.SUBTREE);
+ EntryCursor entryCursor = ldapConnection.search(new Dn(ambariLdapConfiguration.userSearchBase()), filter, SearchScope.SUBTREE);
// collecting search result entries
List<Entry> users = Lists.newArrayList();
@@ -128,7 +127,7 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati
throw new AmbariLdapException(e.getMessage(), e);
} finally {
- closeResources(connection, searchCursor);
+ closeResources(ldapConnection, searchCursor);
}
return userDn;
}
@@ -172,14 +171,19 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati
throw new AmbariLdapException(e.getMessage(), e);
} finally {
-
closeResources(ldapConnection, searchCursor);
-
}
return processGroupResults(groupResponses, ambariLdapConfiguration);
}
+ /**
+ * Binds to the LDAP server (anonimously or wit manager credentials)
+ *
+ * @param ambariLdapConfiguration configuration instance
+ * @param connection connection instance
+ * @throws LdapException if the bind operation fails
+ */
private void bind(AmbariLdapConfiguration ambariLdapConfiguration, LdapConnection connection) throws LdapException {
LOGGER.info("Connecting to LDAP ....");
if (!ambariLdapConfiguration.bindAnonimously()) {
@@ -198,6 +202,13 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati
}
+ /**
+ * Extracts meaningful values from the search result.
+ *
+ * @param groupResponses the result entries returned by the search
+ * @param ambariLdapConfiguration holds the keys of the meaningful attributes
+ * @return a set with the group names the test user belongs to
+ */
private Set<String> processGroupResults(Set<Response> groupResponses, AmbariLdapConfiguration ambariLdapConfiguration) {
Set<String> groupStrSet = Sets.newHashSet();
for (Response response : groupResponses) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
index b5559d9..25dc1f2 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java
@@ -56,7 +56,7 @@ public class DefaultLdapConnectionService implements LdapConnectionService {
ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort());
ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL());
- //todo set the other values as required
+ // todo set the other values as required
return ldapConnectionConfig;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c659b9e0/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
index 5c9d304..663ea12 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java
@@ -18,23 +18,15 @@ import static org.junit.Assert.assertNotNull;
import java.util.Map;
-import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.ldap.AmbariLdapConfiguration;
import org.apache.ambari.server.ldap.LdapConfigurationValidatorService;
import org.apache.ambari.server.ldap.service.LdapConnectionService;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
-import org.apache.directory.api.ldap.model.cursor.SearchCursor;
import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.message.Response;
-import org.apache.directory.api.ldap.model.message.SearchRequest;
-import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
-import org.apache.directory.api.ldap.model.message.SearchResultEntry;
import org.apache.directory.api.ldap.model.message.SearchScope;
-import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
-import org.apache.directory.ldap.client.api.search.FilterBuilder;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.junit.Test;
import org.slf4j.Logger;
@@ -75,57 +67,24 @@ public class DefaultLdapConfigurationValidatorServiceTest {
@Test
public void testCheckUserAttributes() throws Exception {
+ // GIVEN
Map<String, Object> ldapPropsMap = Maps.newHashMap();
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), false);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), "true");
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com");
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com");
+
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC);
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT);
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT);
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
+ ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_SEARCH_BASE.propertyName(), "dc=example,dc=com");
- AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
-
-
- try {
- LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER);
- LdapConnectionService connectionService = new DefaultLdapConnectionService();
- LdapNetworkConnection connection = connectionService.createLdapConnection(ambariLdapConfiguration);
-
- String filter = FilterBuilder.and(
- FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()),
- FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER))
- .toString();
-
- SearchRequest searchRequest = new SearchRequestImpl();
- searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn()));
- searchRequest.setFilter(filter);
- searchRequest.setScope(SearchScope.SUBTREE);
- LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter);
-
- connection.bind();
- SearchCursor searchCursor = connection.search(searchRequest);
-
- while (searchCursor.next()) {
- Response response = searchCursor.get();
-
- // process the SearchResultEntry
- if (response instanceof SearchResultEntry) {
- Entry resultEntry = ((SearchResultEntry) response).getEntry();
- System.out.println(resultEntry);
- }
- }
-
- searchCursor.close();
-
- } catch (Exception e) {
- throw new AmbariException("Error during user authentication check", e);
- }
+ AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap);
+ LdapConnectionService connectionService = new DefaultLdapConnectionService();
+ LdapNetworkConnection ldapConnection = connectionService.createLdapConnection(ambariLdapConfiguration);
+ ldapConfigurationValidatorService.checkUserAttributes(ldapConnection, "einstein", "", ambariLdapConfiguration);
}
@Test
@@ -138,8 +97,6 @@ public class DefaultLdapConfigurationValidatorServiceTest {
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389");
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com");
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC);
- ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT);
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC);
ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT);