ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-14702. disabling kerberos does not remove auth to local rules (rlevas)
Date Tue, 26 Jan 2016 16:02:17 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk e404eee58 -> c852a0db3


AMBARI-14702. disabling kerberos does not remove auth to local rules (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c852a0db
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c852a0db
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c852a0db

Branch: refs/heads/trunk
Commit: c852a0db34d7fec4f123f18ac482f780aec0f691
Parents: e404eee
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Tue Jan 26 11:02:06 2016 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Tue Jan 26 11:02:06 2016 -0500

----------------------------------------------------------------------
 .../server/controller/KerberosHelperImpl.java   | 14 +------
 .../PrepareDisableKerberosServerAction.java     | 24 ++++++++++++
 .../AbstractKerberosDescriptorContainer.java    | 12 ++++++
 .../state/kerberos/KerberosDescriptor.java      | 41 ++++++++++++++++++++
 .../state/kerberos/KerberosDescriptorTest.java  |  9 ++++-
 5 files changed, 86 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/c852a0db/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 019fb3b..a0e6ccb 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -126,7 +126,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 @Singleton
 public class KerberosHelperImpl implements KerberosHelper {
@@ -135,17 +134,6 @@ public class KerberosHelperImpl implements KerberosHelper {
 
   private static final Logger LOG = LoggerFactory.getLogger(KerberosHelperImpl.class);
 
-  /**
-   * Regular expression pattern used to parse auth_to_local property specifications into
the following
-   * parts:
-   * <ul>
-   * <li>configuration type (optional, if _global_)</li>
-   * <li>property name</li>
-   * <li>concatenation type (optional, if using the default behavior)</li>
-   * </ul>
-   */
-  private static final Pattern AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN = Pattern.compile("^(?:(.+?)/)?(.+?)(?:\\|(.+?))?$");
-
   @Inject
   private AmbariCustomCommandExecutionHelper customCommandExecutionHelper;
 
@@ -759,7 +747,7 @@ public class KerberosHelperImpl implements KerberosHelper {
 
       if (!authToLocalPropertiesToSet.isEmpty()) {
         for (String authToLocalProperty : authToLocalPropertiesToSet) {
-          Matcher m = AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN.matcher(authToLocalProperty);
+          Matcher m = KerberosDescriptor.AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN.matcher(authToLocalProperty);
 
           if (m.matches()) {
             AuthToLocalBuilder builder = authToLocalBuilder.copy();

http://git-wip-us.apache.org/repos/asf/ambari/blob/c852a0db/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
index f0a5440..5d22385 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java
@@ -42,6 +42,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentMap;
+import java.util.regex.Matcher;
 
 /**
  * PrepareEnableKerberosServerAction is a ServerAction implementation that prepares metadata
needed
@@ -114,6 +115,29 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS
 
     processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter,
dataDirectory, kerberosConfigurations, false);
 
+    // Add auth-to-local configurations to the set of changes
+    Set<String> authToLocalProperties = kerberosDescriptor.getAllAuthToLocalProperties();
+    if(authToLocalProperties != null) {
+      for (String authToLocalProperty : authToLocalProperties) {
+        Matcher m = KerberosDescriptor.AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN.matcher(authToLocalProperty);
+
+        if (m.matches()) {
+          String configType = m.group(1);
+          String propertyName = m.group(2);
+
+          if (configType == null) {
+            configType = "";
+          }
+
+          // Add existing auth_to_local configuration, if set
+          Map<String, String> configuration = kerberosConfigurations.get(configType);
+          if (configuration != null) {
+            configuration.put(propertyName, "DEFAULT");
+          }
+        }
+      }
+    }
+
     actionLog.writeStdOut("Determining configuration changes");
     // Ensure the cluster-env/security_enabled flag is set properly
     Map<String, String> clusterEnvProperties = kerberosConfigurations.get(KerberosHelper.SECURITY_ENABLED_CONFIG_TYPE);

http://git-wip-us.apache.org/repos/asf/ambari/blob/c852a0db/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
index 874e331..bb2ed1c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
@@ -29,6 +29,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.regex.Pattern;
 
 /**
  * AbstractKerberosDescriptorContainer is an abstract class implementing AbstractKerberosDescriptor
@@ -86,6 +87,17 @@ import java.util.Set;
 public abstract class AbstractKerberosDescriptorContainer extends AbstractKerberosDescriptor
{
 
   /**
+   * Regular expression pattern used to parse auth_to_local property specifications into
the following
+   * parts:
+   * <ul>
+   * <li>configuration type (optional, if _global_)</li>
+   * <li>property name</li>
+   * <li>concatenation type (optional, if using the default behavior)</li>
+   * </ul>
+   */
+  public static final Pattern AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN = Pattern.compile("^(?:(.+?)/)?(.+?)(?:\\|(.+?))?$");
+
+  /**
    * A List of KerberosIdentityDescriptors contained in this AbstractKerberosDescriptorContainer
    */
   private List<KerberosIdentityDescriptor> identities = null;

http://git-wip-us.apache.org/repos/asf/ambari/blob/c852a0db/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
index 1c44789..98f8883 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
@@ -20,8 +20,10 @@ package org.apache.ambari.server.state.kerberos;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * KerberosDescriptor is an implementation of an AbstractKerberosDescriptorContainer that
@@ -344,4 +346,43 @@ public class KerberosDescriptor extends AbstractKerberosDescriptorContainer
{
       return false;
     }
   }
+
+  /**
+   * Recursively gets the entire set of <code>auth_to_local</code> property names
contain within this
+   * KerberosDescriptor.
+   *
+   * @return a Set of String values where each value is in the form of config-type/property_name
+   */
+  public Set<String> getAllAuthToLocalProperties() {
+    Set<String> authToLocalProperties = new HashSet<>();
+
+    Set<String> set;
+
+    set = getAuthToLocalProperties();
+    if (set != null) {
+      authToLocalProperties.addAll(set);
+    }
+
+    if (services != null) {
+      for (KerberosServiceDescriptor service : services.values()) {
+        Map<String, KerberosComponentDescriptor> components = service.getComponents();
+
+        if (components != null) {
+          for (KerberosComponentDescriptor component : components.values()) {
+            set = component.getAuthToLocalProperties();
+            if (set != null) {
+              authToLocalProperties.addAll(set);
+            }
+          }
+        }
+
+        set = service.getAuthToLocalProperties();
+        if (set != null) {
+          authToLocalProperties.addAll(set);
+        }
+      }
+    }
+
+    return authToLocalProperties;
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/c852a0db/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
index d6a6f41..d80d7cc 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java
@@ -118,7 +118,14 @@ public class KerberosDescriptorTest {
     Set<String> authToLocalProperties = descriptor.getAuthToLocalProperties();
     Assert.assertNotNull(authToLocalProperties);
     Assert.assertEquals(1, authToLocalProperties.size());
-    Assert.assertEquals("generic.name.rules", authToLocalProperties.iterator().next());
+    Assert.assertTrue(authToLocalProperties.contains("generic.name.rules"));
+
+    authToLocalProperties = descriptor.getAllAuthToLocalProperties();
+    Assert.assertNotNull(authToLocalProperties);
+    Assert.assertEquals(3, authToLocalProperties.size());
+    Assert.assertTrue(authToLocalProperties.contains("component.name.rules1"));
+    Assert.assertTrue(authToLocalProperties.contains("generic.name.rules"));
+    Assert.assertTrue(authToLocalProperties.contains("service.name.rules1"));
 
     Map<String, KerberosServiceDescriptor> serviceDescriptors = descriptor.getServices();
     Assert.assertNotNull(serviceDescriptors);


Mime
View raw message