ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-14905. Add API directive to force toggling Kerberos if the cluster's security type has not changed (rlevas)
Date Thu, 04 Feb 2016 21:41:28 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.2 4a739b2d3 -> feca33de8


AMBARI-14905. Add API directive to force toggling Kerberos if the cluster's security type
has not changed (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/feca33de
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/feca33de
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/feca33de

Branch: refs/heads/branch-2.2
Commit: feca33de8217b61e0c4d7a77dbfb1955ca971edb
Parents: 4a739b2
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Thu Feb 4 16:41:19 2016 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Thu Feb 4 16:41:23 2016 -0500

----------------------------------------------------------------------
 .../resources/ClusterResourceDefinition.java    |  3 +-
 .../AmbariManagementControllerImpl.java         | 39 +++++++-----
 .../server/controller/KerberosHelper.java       | 26 +++++++-
 .../server/controller/KerberosHelperImpl.java   |  5 ++
 .../AmbariManagementControllerImplTest.java     | 12 ++++
 .../server/controller/KerberosHelperTest.java   | 66 +++++++++++++++++++-
 6 files changed, 130 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/feca33de/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
index b2be291..e57364f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ClusterResourceDefinition.java
@@ -81,8 +81,9 @@ public class ClusterResourceDefinition extends BaseResourceDefinition {
   @Override
   public Collection<String> getUpdateDirectives() {
     Collection<String> directives = super.getUpdateDirectives();
-    directives.add("regenerate_keytabs");
+    directives.add(KerberosHelper.DIRECTIVE_REGENERATE_KEYTABS);
     directives.add(KerberosHelper.DIRECTIVE_MANAGE_KERBEROS_IDENTITIES);
+    directives.add(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS);
     return directives;
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/feca33de/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 1f450bc..157b961 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -1597,25 +1597,30 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
         } catch (KerberosOperationException e) {
           throw new IllegalArgumentException(e.getMessage(), e);
         }
-      } else if (cluster.getSecurityType() != securityType) {
-        LOG.info("Received cluster security type change request from {} to {}",
-            cluster.getSecurityType().name(), securityType.name());
-
-        if ((securityType == SecurityType.KERBEROS) || (securityType == SecurityType.NONE))
{
-          // Since the security state of the cluster has changed, invoke toggleKerberos to
handle
-          // adding or removing Kerberos from the cluster. This may generate multiple stages
-          // or not depending the current state of the cluster.
-          try {
-            requestStageContainer = kerberosHelper.toggleKerberos(cluster, securityType,
requestStageContainer,
-                kerberosHelper.getManageIdentitiesDirective(requestProperties));
-          } catch (KerberosOperationException e) {
-            throw new IllegalArgumentException(e.getMessage(), e);
+      } else {
+        // If force_toggle_kerberos is not specified, null will be returned. Therefore, perform
an
+        // equals check to yield true if the result is Boolean.TRUE, otherwise false.
+        boolean forceToggleKerberos = kerberosHelper.getForceToggleKerberosDirective(requestProperties);
+
+        if (forceToggleKerberos || (cluster.getSecurityType() != securityType)) {
+          LOG.info("Received cluster security type change request from {} to {} (forced:
{})",
+              cluster.getSecurityType().name(), securityType.name(), forceToggleKerberos);
+          if ((securityType == SecurityType.KERBEROS) || (securityType == SecurityType.NONE))
{
+            // Since the security state of the cluster has changed, invoke toggleKerberos
to handle
+            // adding or removing Kerberos from the cluster. This may generate multiple stages
+            // or not depending the current state of the cluster.
+            try {
+              requestStageContainer = kerberosHelper.toggleKerberos(cluster, securityType,
requestStageContainer,
+                  kerberosHelper.getManageIdentitiesDirective(requestProperties));
+            } catch (KerberosOperationException e) {
+              throw new IllegalArgumentException(e.getMessage(), e);
+            }
+          } else {
+            throw new IllegalArgumentException(String.format("Unexpected security type encountered:
%s", securityType.name()));
           }
-        } else {
-          throw new IllegalArgumentException(String.format("Unexpected security type encountered:
%s", securityType.name()));
-        }
 
-        cluster.setSecurityType(securityType);
+          cluster.setSecurityType(securityType);
+        }
       }
     }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/feca33de/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index ff7ebc2..63b25f8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -45,6 +45,15 @@ public interface KerberosHelper {
    */
   String DIRECTIVE_MANAGE_KERBEROS_IDENTITIES = "manage_kerberos_identities";
   /**
+   * directive used to indicate that the enable Kerberos operation is only to regenerate
keytab files
+   */
+  String DIRECTIVE_REGENERATE_KEYTABS = "regenerate_keytabs";
+  /**
+   * directive used to indicate that the enable Kerberos operation should proceed even if
the
+   * cluster's security type is not changing
+   */
+  String DIRECTIVE_FORCE_TOGGLE_KERBEROS = "force_toggle_kerberos";
+  /**
    * config type which contains the property used to determine if Kerberos is enabled
    */
   String SECURITY_ENABLED_CONFIG_TYPE = "cluster-env";
@@ -469,13 +478,28 @@ public interface KerberosHelper {
    * If manage_kerberos_identities does exists in the map of request properties, a Boolean
value
    * is returned indicating whether its value is "false" (Boolean.FALSE) or not (Boolean.TRUE).
    *
-   * @param requestProperties a map of the requst property name/value pairs
+   * @param requestProperties a map of the request property name/value pairs
    * @return Boolean.TRUE or Boolean.FALSE if the manage_kerberos_identities property exists
in the map;
    * otherwise false
    */
   Boolean getManageIdentitiesDirective(Map<String, String> requestProperties);
 
   /**
+   * Retrieves the value of the force_toggle_kerberos directive from the request properties,
+   * if it exists.
+   * <p/>
+   * If force_toggle_kerberos does not exist in the map of request properties, <code>false</code>
is
+   * returned.
+   * <p/>
+   * If force_toggle_kerberos does exists in the map of request properties and is equal to
"true",
+   * then <code>true</code> is returned; otherwise <code>false</code>
is returned.
+   *
+   * @param requestProperties a map of the request property name/value pairs
+   * @return true if force_toggle_kerberos is "true"; otherwise false
+   */
+  boolean getForceToggleKerberosDirective(Map<String, String> requestProperties);
+
+  /**
    * Given a list of KerberosIdentityDescriptors, returns a Map fo configuration types to
property
    * names and values.
    * <p/>

http://git-wip-us.apache.org/repos/asf/ambari/blob/feca33de/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 6ebe568..b94da70 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -2073,6 +2073,11 @@ public class KerberosHelperImpl implements KerberosHelper {
   }
 
   @Override
+  public boolean getForceToggleKerberosDirective(Map<String, String> requestProperties)
{
+    return (requestProperties != null) && "true".equalsIgnoreCase(requestProperties.get(DIRECTIVE_FORCE_TOGGLE_KERBEROS));
+  }
+
+  @Override
   public Map<String, Map<String, String>> getIdentityConfigurations(List<KerberosIdentityDescriptor>
identityDescriptors) {
     Map<String, Map<String, String>> map = new HashMap<String, Map<String,
String>>();
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/feca33de/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
index 33a581a..27f75f7 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
@@ -717,6 +717,9 @@ public class AmbariManagementControllerImplTest {
     expect(kerberosHelper.shouldExecuteCustomOperations(SecurityType.KERBEROS, null))
         .andReturn(false)
         .once();
+    expect(kerberosHelper.getForceToggleKerberosDirective(anyObject(Map.class)))
+        .andReturn(false)
+        .once();
     // Note: kerberosHelper.toggleKerberos is not called
 
     // replay mocks
@@ -764,6 +767,9 @@ public class AmbariManagementControllerImplTest {
     expect(kerberosHelper.shouldExecuteCustomOperations(SecurityType.KERBEROS, null))
         .andReturn(false)
         .once();
+    expect(kerberosHelper.getForceToggleKerberosDirective(null))
+        .andReturn(false)
+        .once();
     expect(kerberosHelper.getManageIdentitiesDirective(null))
         .andReturn(null)
         .once();
@@ -845,6 +851,9 @@ public class AmbariManagementControllerImplTest {
     expect(kerberosHelper.shouldExecuteCustomOperations(SecurityType.NONE, null))
         .andReturn(false)
         .once();
+    expect(kerberosHelper.getForceToggleKerberosDirective(anyObject(Map.class)))
+        .andReturn(false)
+        .once();
     expect(kerberosHelper.getManageIdentitiesDirective(anyObject(Map.class)))
         .andReturn(manageIdentities)
         .once();
@@ -908,6 +917,9 @@ public class AmbariManagementControllerImplTest {
     expect(kerberosHelper.shouldExecuteCustomOperations(SecurityType.NONE, null))
         .andReturn(false)
         .once();
+    expect(kerberosHelper.getForceToggleKerberosDirective(anyObject(Map.class)))
+        .andReturn(false)
+        .once();
     expect(kerberosHelper.getManageIdentitiesDirective(anyObject(Map.class)))
         .andReturn(null)
         .once();

http://git-wip-us.apache.org/repos/asf/ambari/blob/feca33de/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index 658e566..862776f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -420,7 +420,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     final Cluster cluster = createNiceMock(Cluster.class);
 
     kerberosHelper.executeCustomOperations(cluster,
-        Collections.singletonMap("regenerate_keytabs", "false"), null, true);
+        Collections.singletonMap(KerberosHelper.DIRECTIVE_REGENERATE_KEYTABS, "false"), null,
true);
     Assert.fail("AmbariException should have failed");
   }
 
@@ -1751,7 +1751,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
         PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
 
-    Assert.assertNotNull(kerberosHelper.executeCustomOperations(cluster, Collections.singletonMap("regenerate_keytabs",
"true"), requestStageContainer, true));
+    Assert.assertNotNull(kerberosHelper.executeCustomOperations(cluster, Collections.singletonMap(KerberosHelper.DIRECTIVE_REGENERATE_KEYTABS,
"true"), requestStageContainer, true));
 
     verifyAll();
   }
@@ -1845,6 +1845,68 @@ public class KerberosHelperTest extends EasyMockSupport {
   }
 
   @Test
+  public void testGetForceToggleKerberosDirective_NotSet() throws Exception {
+    KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
+
+    assertEquals(false, kerberosHelper.getForceToggleKerberosDirective(null));
+    assertEquals(false, kerberosHelper.getForceToggleKerberosDirective(Collections.<String,
String>emptyMap()));
+
+    assertEquals(false, kerberosHelper.getForceToggleKerberosDirective(
+        new HashMap<String, String>() {
+          {
+            put(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS, null);
+            put("some_directive_0", "false");
+            put("some_directive_1", null);
+          }
+        }
+    ));
+
+    assertEquals(false, kerberosHelper.getForceToggleKerberosDirective(
+        new HashMap<String, String>() {
+          {
+            put("some_directive_0", "false");
+            put("some_directive_1", null);
+          }
+        }
+    ));
+  }
+
+  @Test
+  public void testGetForceToggleKerberosDirective_True() throws Exception {
+    KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
+
+    assertEquals(true, kerberosHelper.getForceToggleKerberosDirective(Collections.singletonMap(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS,
"true")));
+    assertEquals(false, kerberosHelper.getForceToggleKerberosDirective(Collections.singletonMap(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS,
"not_true")));
+
+    assertEquals(true, kerberosHelper.getForceToggleKerberosDirective(
+        new HashMap<String, String>() {
+          {
+            put(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS, "true");
+            put("some_directive_0", "false");
+            put("some_directive_1", null);
+          }
+        }
+    ));
+  }
+
+  @Test
+  public void testGetForceToggleKerberosDirective_False() throws Exception {
+    KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
+
+    assertEquals(false, kerberosHelper.getForceToggleKerberosDirective(Collections.singletonMap(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS,
"false")));
+
+    assertEquals(false, kerberosHelper.getForceToggleKerberosDirective(
+        new HashMap<String, String>() {
+          {
+            put(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS, "false");
+            put("some_directive_0", "false");
+            put("some_directive_1", null);
+          }
+        }
+    ));
+  }
+
+  @Test
   public void testSetAuthToLocalRules() throws Exception {
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
 


Mime
View raw message