You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ma...@apache.org on 2013/06/26 21:32:19 UTC
svn commit: r1497052 - in /incubator/ambari/trunk/ambari-server/src:
main/python/ambari-server.py test/python/TestAmbaryServer.py
Author: mahadev
Date: Wed Jun 26 19:32:19 2013
New Revision: 1497052
URL: http://svn.apache.org/r1497052
Log:
AMBARI-2494. Various issues when running ambari-server as non-root. (Dmitry L via mahadev)
Modified:
incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
Modified: incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py?rev=1497052&r1=1497051&r2=1497052&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py (original)
+++ incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py Wed Jun 26 19:32:19 2013
@@ -380,6 +380,7 @@ NR_ADJUST_OWNERSHIP_LIST =[
( "/var/run/ambari-server", "644", "{0}", "{0}" , True),
( "/var/run/ambari-server", "755", "{0}", "{0}" , False),
( "/var/run/ambari-server/bootstrap", "755", "{0}", "{0}", False ),
+ ( "/var/lib/ambari-server/ambari-env.sh", "700", "{0}", "{0}", False ),
( "/var/lib/ambari-server/keys", "600", "{0}", "{0}", True ),
( "/var/lib/ambari-server/keys", "700", "{0}", "{0}", False ),
( "/var/lib/ambari-server/keys/db", "700", "{0}", "{0}", False ),
@@ -646,7 +647,7 @@ def check_ambari_user():
create_user = False
update_user_setting = False
if user is not None:
- create_user = get_YN_input("Ambari-server process is configured run under user {0}."
+ create_user = get_YN_input("Ambari-server process is configured to run under user {0}."
" Change this setting [y/n] (n)? ".format(user), False)
update_user_setting = create_user # Only if we will create another user
else: # user is not configured yet
@@ -2277,6 +2278,11 @@ def get_prompt_default(defaultStr=None):
return '(' + defaultStr + ')'
def setup_ldap():
+ if not is_root():
+ err = 'Ambari-server setup-ldap should be run with ' \
+ 'root-level privileges'
+ raise FatalException(4, err)
+
properties = get_ambari_properties()
# Setup secure key
@@ -2368,8 +2374,13 @@ def setup_ldap():
def reset_master_key():
+ if not is_root():
+ err = 'Ambari-server resetmasterkey should be run with ' \
+ 'root-level privileges'
+ raise FatalException(4, err)
setup_master_key(resetKey=True)
+
def setup_master_key(resetKey=False):
properties = get_ambari_properties()
passwordPattern = "^[a-zA-Z0-9_-]*$"
@@ -2619,6 +2630,10 @@ def update_properties(propertyMap):
return 0
def setup_https(args):
+ if not is_root():
+ err = 'Ambari-server setup-https should be run with ' \
+ 'root-level privileges'
+ raise FatalException(4, err)
if not SILENT:
properties = get_ambari_properties()
try:
Modified: incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py?rev=1497052&r1=1497051&r2=1497052&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py (original)
+++ incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py Wed Jun 26 19:32:19 2013
@@ -976,7 +976,8 @@ class TestAmbariServer(TestCase):
@patch.object(ambari_server, "get_YN_input")
@patch("__builtin__.open")
@patch("ambari-server.Properties")
- def test_setup_https(self, Properties_mock, open_Mock, get_YN_input_mock,\
+ @patch.object(ambari_server, "is_root")
+ def test_setup_https(self, is_root_mock, Properties_mock, open_Mock, get_YN_input_mock,\
import_cert_and_key_action_mock,
is_server_runing_mock, get_ambari_properties_mock,\
find_properties_file_mock,\
@@ -984,6 +985,20 @@ class TestAmbariServer(TestCase):
args = MagicMock()
open_Mock.return_value = file
p = get_ambari_properties_mock.return_value
+
+ # Testing call under non-root
+ is_root_mock.return_value = False
+ try:
+ ambari_server.setup_https(args)
+ self.fail("Should throw exception")
+ except FatalException as fe:
+ # Expected
+ self.assertTrue("root-level" in fe.reason)
+ pass
+
+ # Testing call under root
+ is_root_mock.return_value = True
+
#Case #1: if client ssl is on and user didnt choose
#disable ssl option and choose import certs and keys
p.get_property.side_effect = ["key_dir","5555","6666", "true"]
@@ -2816,7 +2831,8 @@ class TestAmbariServer(TestCase):
@patch.object(ambari_server, 'get_YN_input')
@patch.object(ambari_server, 'search_file')
@patch.object(ambari_server, 'get_ambari_properties')
- def test_reset_master_key_persisted(self, get_ambari_properties_method,
+ @patch.object(ambari_server, 'is_root')
+ def test_reset_master_key_persisted(self, is_root_method, get_ambari_properties_method,
search_file_message, get_YN_input_method,
get_validated_string_input_method, save_master_key_method,
update_properties_method, get_master_key_ispersisted_method,
@@ -2825,6 +2841,20 @@ class TestAmbariServer(TestCase):
out = StringIO.StringIO()
sys.stdout = out
+
+ # Testing call under non-root
+ is_root_method.return_value = False
+ try:
+ ambari_server.reset_master_key()
+ self.fail("Should throw exception")
+ except FatalException as fe:
+ # Expected
+ self.assertTrue("root-level" in fe.reason)
+ pass
+
+ # Testing call under root
+ is_root_method.return_value = True
+
search_file_message.return_value = "filepath"
configs = { ambari_server.SECURITY_MASTER_KEY_LOCATION : "filepath",
ambari_server.SECURITY_KEYS_DIR : tempfile.gettempdir(),
@@ -2862,7 +2892,8 @@ class TestAmbariServer(TestCase):
@patch.object(ambari_server, 'get_YN_input')
@patch.object(ambari_server, 'search_file')
@patch.object(ambari_server, 'get_ambari_properties')
- def test_reset_master_key_not_persisted(self, get_ambari_properties_method,
+ @patch.object(ambari_server, 'is_root')
+ def test_reset_master_key_not_persisted(self, is_root_method, get_ambari_properties_method,
search_file_message, get_YN_input_method,
get_validated_string_input_method, save_master_key_method,
update_properties_method, get_master_key_ispersisted_method,
@@ -2871,6 +2902,7 @@ class TestAmbariServer(TestCase):
out = StringIO.StringIO()
sys.stdout = out
+ is_root_method.return_value = True
search_file_message.return_value = "filepath"
configs = { ambari_server.SECURITY_MASTER_KEY_LOCATION : "filepath",
ambari_server.SECURITY_KEYS_DIR : tempfile.gettempdir(),
@@ -2905,13 +2937,28 @@ class TestAmbariServer(TestCase):
@patch.object(ambari_server, 'setup_master_key')
@patch.object(ambari_server, 'search_file')
@patch.object(ambari_server, 'get_ambari_properties')
- def test_setup_ldap(self, get_ambari_properties_method,
+ @patch.object(ambari_server, 'is_root')
+ def test_setup_ldap(self, is_root_method, get_ambari_properties_method,
search_file_message, setup_master_key_method,
get_validated_string_input_method,
configure_ldap_password_method, update_properties_method,
get_YN_input_method, save_passwd_for_alias_method):
out = StringIO.StringIO()
sys.stdout = out
+
+ # Testing call under non-root
+ is_root_method.return_value = False
+ try:
+ ambari_server.setup_ldap()
+ self.fail("Should throw exception")
+ except FatalException as fe:
+ # Expected
+ self.assertTrue("root-level" in fe.reason)
+ pass
+
+ # Testing call under root
+ is_root_method.return_value = True
+
search_file_message.return_value = "filepath"
configs = { ambari_server.SECURITY_MASTER_KEY_LOCATION : "filepath",