ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From swa...@apache.org
Subject git commit: AMBARI-7683. Upgrade: 1.6.1 fails to upgrade with LDAP configured w/o encrypt pwds.
Date Wed, 08 Oct 2014 00:42:12 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-1.7.0 1bb602df6 -> 43d506ff4


AMBARI-7683. Upgrade: 1.6.1 fails to upgrade with LDAP configured w/o encrypt pwds.


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/43d506ff
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/43d506ff
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/43d506ff

Branch: refs/heads/branch-1.7.0
Commit: 43d506ff4bec6bdde38a2b1e7feb6040bd0fce44
Parents: 1bb602d
Author: Siddharth Wagle <swagle@hortonworks.com>
Authored: Tue Oct 7 17:24:39 2014 -0700
Committer: Siddharth Wagle <swagle@hortonworks.com>
Committed: Tue Oct 7 17:24:39 2014 -0700

----------------------------------------------------------------------
 .../server/configuration/Configuration.java     |  4 +-
 ambari-server/src/main/python/ambari-server.py  |  7 +-
 .../server/configuration/ConfigurationTest.java | 80 +++++++++++++++++---
 3 files changed, 79 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/43d506ff/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 53d61e7..315e1a6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -802,7 +802,9 @@ public class Configuration {
     if (ldapPassword != null) {
       ldapServerProperties.setManagerPassword(ldapPassword);
     } else {
-      ldapServerProperties.setManagerPassword(readPasswordFromFile(ldapPasswordProperty,
""));
+      if (ldapPasswordProperty != null && new File(ldapPasswordProperty).exists())
{
+        ldapServerProperties.setManagerPassword(readPasswordFromFile(ldapPasswordProperty,
""));
+      }
     }
     ldapServerProperties.setBaseDN(properties.getProperty
         (LDAP_BASE_DN_KEY, LDAP_BASE_DN_DEFAULT));

http://git-wip-us.apache.org/repos/asf/ambari/blob/43d506ff/ambari-server/src/main/python/ambari-server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index bb2cf75..a4bca0e 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -242,6 +242,7 @@ LDAP_MGR_PASSWORD_ALIAS = "ambari.ldap.manager.password"
 LDAP_MGR_PASSWORD_PROPERTY = "authentication.ldap.managerPassword"
 LDAP_MGR_PASSWORD_FILENAME = "ldap-password.dat"
 LDAP_MGR_USERNAME_PROPERTY = "authentication.ldap.managerDn"
+LDAP_PRIMARY_URL_PROPERTY = "authentication.ldap.primaryUrl"
 
 SSL_TRUSTSTORE_PASSWORD_ALIAS = "ambari.ssl.trustStore.password"
 SSL_TRUSTSTORE_PATH_PROPERTY = "ssl.trustStore.path"
@@ -2924,6 +2925,10 @@ def upgrade(args):
       if os.path.lexists(jdbc_symlink):
         os.remove(jdbc_symlink)
       os.symlink(os.path.join(resources_dir,JDBC_DB_DEFAULT_DRIVER[db_name]), jdbc_symlink)
+  
+  # check if ambari has obsolete LDAP configuration
+  if properties.get_property(LDAP_PRIMARY_URL_PROPERTY) and not properties.get_property(IS_LDAP_CONFIGURED):
+    args.warnings.append("Existing LDAP configuration is detected. You must run the \"ambari-server
setup-ldap\" command to adjust existing LDAP configuration.")
 
 
 #
@@ -3190,7 +3195,7 @@ def setup_ldap():
   properties = get_ambari_properties()
   isSecure = get_is_secure(properties)
   # python2.x dict is not ordered
-  ldap_property_list_reqd = ["authentication.ldap.primaryUrl",
+  ldap_property_list_reqd = [LDAP_PRIMARY_URL_PROPERTY,
                         "authentication.ldap.secondaryUrl",
                         "authentication.ldap.useSSL",
                         "authentication.ldap.userObjectClass",

http://git-wip-us.apache.org/repos/asf/ambari/blob/43d506ff/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
index 54154b1..207f1eb 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
@@ -36,6 +36,7 @@ import junit.framework.Assert;
 
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.security.authorization.LdapServerProperties;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.RandomStringUtils;
 import org.junit.After;
@@ -124,11 +125,11 @@ public class ConfigurationTest {
 
     File passFile = File.createTempFile("https.pass.", "txt");
     passFile.deleteOnExit();
-    
+
     String password = "pass12345";
-    
+
     FileUtils.writeStringToFile(passFile, password);
-    
+
     Properties ambariProperties = new Properties();
     ambariProperties.setProperty(Configuration.API_USE_SSL, "true");
     ambariProperties.setProperty(
@@ -137,14 +138,14 @@ public class ConfigurationTest {
     ambariProperties.setProperty(
         Configuration.CLIENT_API_SSL_CRT_PASS_FILE_NAME_KEY,
         passFile.getName());
-    
-    
+
+
     String oneWayPort = RandomStringUtils.randomNumeric(4);
     String twoWayPort = RandomStringUtils.randomNumeric(4);
-    
+
     ambariProperties.setProperty(Configuration.SRVR_TWO_WAY_SSL_PORT_KEY, twoWayPort.toString());
     ambariProperties.setProperty(Configuration.SRVR_ONE_WAY_SSL_PORT_KEY, oneWayPort.toString());
-    
+
     Configuration conf = new Configuration(ambariProperties);
     Assert.assertTrue(conf.getApiSSLAuthentication());
 
@@ -234,7 +235,7 @@ public class ConfigurationTest {
 
     Assert.assertEquals("ambaritest", conf.getDatabasePassword());
   }
-  
+
   @Test
   public void testGetAmbariProperties() throws Exception {
     Properties ambariProperties = new Properties();
@@ -265,7 +266,7 @@ public class ConfigurationTest {
   public void testServerPoolSizes() {
     Properties ambariProperties = new Properties();
     Configuration conf = new Configuration(ambariProperties);
-    
+
     Assert.assertEquals(25, conf.getClientThreadPoolSize());
     Assert.assertEquals(25, conf.getAgentThreadPoolSize());
 
@@ -282,7 +283,7 @@ public class ConfigurationTest {
     ambariProperties.setProperty("view.extraction.threadpool.timeout", "6000");
 
     conf = new Configuration(ambariProperties);
-    
+
     Assert.assertEquals(4, conf.getClientThreadPoolSize());
     Assert.assertEquals(82, conf.getAgentThreadPoolSize());
 
@@ -290,4 +291,63 @@ public class ConfigurationTest {
     Assert.assertEquals(56, conf.getViewExtractionThreadPoolMaxSize());
     Assert.assertEquals(6000L, conf.getViewExtractionThreadPoolTimeout());
   }
+
+  @Test
+  public void testGetLdapServerProperties_WrongManagerPassword() throws Exception {
+    final Properties ambariProperties = new Properties();
+    ambariProperties.setProperty(Configuration.LDAP_MANAGER_PASSWORD_KEY, "somePassword");
+    final Configuration configuration = new Configuration(ambariProperties);
+
+    final LdapServerProperties ldapProperties = configuration.getLdapServerProperties();
+    // if it's not a store alias and is not a file, it should be ignored
+    Assert.assertNull(ldapProperties.getManagerPassword());
+  }
+
+  @Test
+  public void testGetLdapServerProperties() throws Exception {
+    final Properties ambariProperties = new Properties();
+    final Configuration configuration = new Configuration(ambariProperties);
+
+    final File passwordFile = temp.newFile("ldap-password.dat");
+    final FileOutputStream fos = new FileOutputStream(passwordFile);
+    fos.write("ambaritest\r\n".getBytes());
+    fos.close();
+    final String passwordFilePath = temp.getRoot().getAbsolutePath() + File.separator + "ldap-password.dat";
+
+    ambariProperties.setProperty(Configuration.LDAP_PRIMARY_URL_KEY, "1");
+    ambariProperties.setProperty(Configuration.LDAP_SECONDARY_URL_KEY, "2");
+    ambariProperties.setProperty(Configuration.LDAP_USE_SSL_KEY, "true");
+    ambariProperties.setProperty(Configuration.LDAP_BIND_ANONYMOUSLY_KEY, "true");
+    ambariProperties.setProperty(Configuration.LDAP_MANAGER_DN_KEY, "5");
+    ambariProperties.setProperty(Configuration.LDAP_MANAGER_PASSWORD_KEY, passwordFilePath);
+    ambariProperties.setProperty(Configuration.LDAP_BASE_DN_KEY, "7");
+    ambariProperties.setProperty(Configuration.LDAP_USERNAME_ATTRIBUTE_KEY, "8");
+    ambariProperties.setProperty(Configuration.LDAP_USER_BASE_KEY, "9");
+    ambariProperties.setProperty(Configuration.LDAP_USER_OBJECT_CLASS_KEY, "10");
+    ambariProperties.setProperty(Configuration.LDAP_GROUP_BASE_KEY, "11");
+    ambariProperties.setProperty(Configuration.LDAP_GROUP_OBJECT_CLASS_KEY, "12");
+    ambariProperties.setProperty(Configuration.LDAP_GROUP_MEMEBERSHIP_ATTR_KEY, "13");
+    ambariProperties.setProperty(Configuration.LDAP_GROUP_NAMING_ATTR_KEY, "14");
+    ambariProperties.setProperty(Configuration.LDAP_ADMIN_GROUP_MAPPING_RULES_KEY, "15");
+    ambariProperties.setProperty(Configuration.LDAP_GROUP_SEARCH_FILTER_KEY, "16");
+
+    final LdapServerProperties ldapProperties = configuration.getLdapServerProperties();
+
+    Assert.assertEquals("1", ldapProperties.getPrimaryUrl());
+    Assert.assertEquals("2", ldapProperties.getSecondaryUrl());
+    Assert.assertEquals(true, ldapProperties.isUseSsl());
+    Assert.assertEquals(true, ldapProperties.isAnonymousBind());
+    Assert.assertEquals("5", ldapProperties.getManagerDn());
+    Assert.assertEquals("ambaritest", ldapProperties.getManagerPassword());
+    Assert.assertEquals("7", ldapProperties.getBaseDN());
+    Assert.assertEquals("8", ldapProperties.getUsernameAttribute());
+    Assert.assertEquals("9", ldapProperties.getUserBase());
+    Assert.assertEquals("10", ldapProperties.getUserObjectClass());
+    Assert.assertEquals("11", ldapProperties.getGroupBase());
+    Assert.assertEquals("12", ldapProperties.getGroupObjectClass());
+    Assert.assertEquals("13", ldapProperties.getGroupMembershipAttr());
+    Assert.assertEquals("14", ldapProperties.getGroupNamingAttr());
+    Assert.assertEquals("15", ldapProperties.getAdminGroupMappingRules());
+    Assert.assertEquals("16", ldapProperties.getGroupSearchFilter());
+  }
 }


Mime
View raw message