ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbeerbo...@apache.org
Subject ambari git commit: AMBARI-12032 - Add setup truststore and import certificate option to ambari-server setup-security (tbeerbower)
Date Sat, 20 Jun 2015 17:37:33 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.1 80440d2b5 -> 92151c9a2


AMBARI-12032 - Add setup truststore and import certificate option to ambari-server setup-security
(tbeerbower)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/92151c9a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/92151c9a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/92151c9a

Branch: refs/heads/branch-2.1
Commit: 92151c9a247babed9e089cca50f209a6ea5e0e14
Parents: 80440d2
Author: tbeerbower <tbeerbower@hortonworks.com>
Authored: Sat Jun 20 13:35:49 2015 -0400
Committer: tbeerbower <tbeerbower@hortonworks.com>
Committed: Sat Jun 20 13:37:21 2015 -0400

----------------------------------------------------------------------
 ambari-server/src/main/python/ambari-server.py  |  5 +-
 .../src/main/python/ambari_server/setupHttps.py | 42 +++++++----------
 .../src/test/python/TestAmbariServer.py         | 49 +++++++++-----------
 3 files changed, 44 insertions(+), 52 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/92151c9a/ambari-server/src/main/python/ambari-server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index 19b7138..f323487 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -35,7 +35,7 @@ from ambari_server.serverConfiguration import configDefaults, get_ambari_propert
 from ambari_server.serverUtils import is_server_runing, refresh_stack_hash
 from ambari_server.serverSetup import reset, setup, setup_jce_policy
 from ambari_server.serverUpgrade import upgrade, upgrade_stack, set_current
-from ambari_server.setupHttps import setup_https
+from ambari_server.setupHttps import setup_https, setup_truststore
 
 from ambari_server.setupActions import BACKUP_ACTION, LDAP_SETUP_ACTION, LDAP_SYNC_ACTION,
PSTART_ACTION, \
   REFRESH_STACK_HASH_ACTION, RESET_ACTION, RESTORE_ACTION, SETUP_ACTION, SETUP_SECURITY_ACTION,
START_ACTION, \
@@ -191,6 +191,7 @@ def create_setup_security_actions(args):
       ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
       ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key)],
       ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
+      ['Import certificate to truststore.', UserActionRestart(setup_truststore)],
     ]
   return action_list
 
@@ -200,6 +201,8 @@ def create_setup_security_actions(args):
       ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
       ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key)],
       ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
+      ['Setup truststore.', UserActionRestart(setup_truststore)],
+      ['Import certificate to truststore.', UserActionRestart(setup_truststore, True)],
     ]
   return action_list
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/92151c9a/ambari-server/src/main/python/ambari_server/setupHttps.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupHttps.py b/ambari-server/src/main/python/ambari_server/setupHttps.py
index fb0f725..c9fe421 100644
--- a/ambari-server/src/main/python/ambari_server/setupHttps.py
+++ b/ambari-server/src/main/python/ambari_server/setupHttps.py
@@ -450,7 +450,7 @@ def setup_https(args):
     raise NonFatalException(warning)
 
 
-def setup_component_https(component, command, property, alias):
+def setup_truststore(import_cert=False):
   if not get_silent():
     jdk_path = find_jdk()
     if jdk_path is None:
@@ -461,38 +461,30 @@ def setup_component_https(component, command, property, alias):
 
     properties = get_ambari_properties()
 
-    use_https = properties.get_property(property) in ['true']
+    if get_YN_input("Do you want to configure a truststore [y/n] (y)? ", True):
+      truststore_type = get_truststore_type(properties)
+      truststore_path = get_truststore_path(properties)
+      truststore_password = get_truststore_password(properties)
 
-    if use_https:
-      if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False):
-        truststore_path = get_truststore_path(properties)
-        truststore_password = get_truststore_password(properties)
+      if import_cert:
 
-        run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path,
truststore_password))
+        if get_YN_input("Do you want to import a certificate [y/n] (y)? ", True):
 
-        properties.process_pair(property, "false")
-      else:
-        return
-    else:
-      if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ",
True):
-        truststore_type = get_truststore_type(properties)
-        truststore_path = get_truststore_path(properties)
-        truststore_password = get_truststore_password(properties)
+          alias = get_validated_string_input("Please enter an alias for the certificate:
", "", None, None, False, False)
 
-        run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
+          run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
 
-        import_cert_path = get_validated_filepath_input( \
-            "Enter path to " + component + " Certificate: ", \
-            "Certificate not found")
+          import_cert_path = get_validated_filepath_input( \
+              "Enter path to certificate: ", \
+              "Certificate not found")
 
-        run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type,
import_cert_path, truststore_path, truststore_password))
+          run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type,
import_cert_path, truststore_path, truststore_password))
 
-        properties.process_pair(property, "true")
-      else:
-        return
+    else:
+      return
 
     conf_file = find_properties_file()
     f = open(conf_file, 'w')
-    properties.store(f, "Changed by 'ambari-server " + command + "' command")
+    properties.store(f, "Changed by 'ambari-server setup-security' command")
   else:
-    print command + " is not enabled in silent mode."
+    print "setup-security is not enabled in silent mode."

http://git-wip-us.apache.org/repos/asf/ambari/blob/92151c9a/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index 4e5d044..430fa60 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -83,7 +83,7 @@ with patch("platform.linux_distribution", return_value = os_distro_value):
           run_stack_upgrade, run_metainfo_upgrade, run_schema_upgrade, move_user_custom_actions
         from ambari_server.setupHttps import is_valid_https_port, setup_https, import_cert_and_key_action,
get_fqdn, \
           generate_random_string, get_cert_info, COMMON_NAME_ATTR, is_valid_cert_exp, NOT_AFTER_ATTR,
NOT_BEFORE_ATTR, \
-          SSL_DATE_FORMAT, import_cert_and_key, is_valid_cert_host, setup_component_https,
\
+          SSL_DATE_FORMAT, import_cert_and_key, is_valid_cert_host, setup_truststore, \
           SRVR_ONE_WAY_SSL_PORT_PROPERTY, SRVR_TWO_WAY_SSL_PORT_PROPERTY, GANGLIA_HTTPS
         from ambari_server.setupSecurity import adjust_directory_permissions, get_alias_string,
get_ldap_event_spec_names, sync_ldap, LdapSyncOptions, \
           configure_ldap_password, setup_ldap, REGEX_HOSTNAME_PORT, REGEX_TRUE_FALSE, REGEX_ANYTHING,
setup_master_key, \
@@ -285,11 +285,11 @@ class TestAmbariServer(TestCase):
   @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
   @patch.object(_ambari_server_, "setup_ambari_krb5_jaas")
   @patch.object(_ambari_server_, "setup_master_key")
-  @patch("ambari_server.setupHttps.setup_component_https")
+  @patch.object(_ambari_server_, "setup_truststore")
   @patch.object(_ambari_server_, "setup_https")
   @patch.object(_ambari_server_, "get_validated_string_input")
   def test_setup_security(self, get_validated_string_input_mock, setup_https_mock,
-                          setup_component_https_mock, setup_master_key_mock,
+                          setup_truststore_mock, setup_master_key_mock,
                           setup_ambari_krb5_jaas_mock):
 
     args = {}
@@ -304,6 +304,14 @@ class TestAmbariServer(TestCase):
     get_validated_string_input_mock.return_value = '3'
     _ambari_server_.setup_security(args)
     self.assertTrue(setup_ambari_krb5_jaas_mock.called)
+
+    get_validated_string_input_mock.return_value = '4'
+    _ambari_server_.setup_security(args)
+    self.assertTrue(setup_truststore_mock.called)
+
+    get_validated_string_input_mock.return_value = '5'
+    _ambari_server_.setup_security(args)
+    self.assertTrue(setup_truststore_mock.called)
     pass
 
 
@@ -1378,6 +1386,7 @@ class TestAmbariServer(TestCase):
     pass
 
   @patch("ambari_server.setupHttps.get_validated_filepath_input")
+  @patch("ambari_server.setupHttps.get_validated_string_input")
   @patch("ambari_server.setupHttps.run_os_command")
   @patch("ambari_server.setupHttps.get_truststore_type")
   @patch("__builtin__.open")
@@ -1389,11 +1398,12 @@ class TestAmbariServer(TestCase):
   @patch("ambari_server.setupHttps.get_YN_input")
   @patch("ambari_server.setupHttps.get_ambari_properties")
   @patch("ambari_server.setupHttps.find_jdk")
-  def test_setup_component_https(self, find_jdk_mock, get_ambari_properties_mock, get_YN_input_mock,
+  def test_setup_truststore(self, find_jdk_mock, get_ambari_properties_mock, get_YN_input_mock,
                                  get_truststore_path_mock, get_truststore_password_mock,
                                  get_delete_cert_command_mock, run_component_https_cmd_mock,
                                  find_properties_file_mock, open_mock,
                                  get_truststore_type_mock, run_os_command_mock,
+                                 get_validated_string_input_mock,
                                  get_validated_filepath_input_mock):
     out = StringIO.StringIO()
     sys.stdout = out
@@ -1403,34 +1413,23 @@ class TestAmbariServer(TestCase):
     alias = "alias"
     #Silent mode
     set_silent(True)
-    setup_component_https(component, command, property, alias)
-    self.assertEqual('command is not enabled in silent mode.\n', out.getvalue())
+    setup_truststore()
+    self.assertEqual('setup-security is not enabled in silent mode.\n', out.getvalue())
     sys.stdout = sys.__stdout__
     #Verbouse mode and jdk_path is None
     set_silent(False)
     p = get_ambari_properties_mock.return_value
-    # Use ssl
-    p.get_property.side_effect = ["true"]
     # Dont disable ssl
     get_YN_input_mock.side_effect = [False]
-    setup_component_https(component, command, property, alias)
-    self.assertTrue(p.get_property.called)
-    self.assertTrue(get_YN_input_mock.called)
-    p.get_property.reset_mock()
-    get_YN_input_mock.reset_mock()
-    # Dont use ssl
-    p.get_property.side_effect = ["false"]
-    # Dont enable ssl
-    get_YN_input_mock.side_effect = [False]
-    setup_component_https(component, command, property, alias)
-    self.assertTrue(p.get_property.called)
+    get_validated_string_input_mock.return_value = "alias"
+    setup_truststore()
     self.assertTrue(get_YN_input_mock.called)
     p.get_property.reset_mock()
     get_YN_input_mock.reset_mock()
     # Cant find jdk
     find_jdk_mock.return_value = None
     try:
-        setup_component_https(component, command, property, alias)
+        setup_truststore()
         self.fail("Should throw exception")
     except FatalException as fe:
         # Expected
@@ -1440,13 +1439,12 @@ class TestAmbariServer(TestCase):
     #Verbouse mode and jdk_path is not None (use_https = true)
     find_jdk_mock.return_value = "/jdk_path"
     p.get_property.side_effect = ["true"]
-    get_YN_input_mock.side_effect = [True]
+    get_YN_input_mock.side_effect = [True,True]
     get_truststore_path_mock.return_value = "/truststore_path"
     get_truststore_password_mock.return_value = "/truststore_password"
     get_delete_cert_command_mock.return_value = "rm -f"
-    setup_component_https(component, command, property, alias)
+    setup_truststore(True)
 
-    self.assertTrue(p.process_pair.called)
     self.assertTrue(get_truststore_path_mock.called)
     self.assertTrue(get_truststore_password_mock.called)
     self.assertTrue(get_delete_cert_command_mock.called)
@@ -1464,10 +1462,9 @@ class TestAmbariServer(TestCase):
     p.store.reset_mock()
     #Verbouse mode and jdk_path is not None (use_https = false) and import cert
     p.get_property.side_effect = ["false"]
-    get_YN_input_mock.side_effect = [True]
-    setup_component_https(component, command, property, alias)
+    get_YN_input_mock.side_effect = [True,True]
+    setup_truststore(True)
 
-    self.assertTrue(p.process_pair.called)
     self.assertTrue(get_truststore_type_mock.called)
     self.assertTrue(get_truststore_path_mock.called)
     self.assertTrue(get_truststore_password_mock.called)


Mime
View raw message