Return-Path: <commits-return-28609-archive-asf-public=cust-asf.ponee.io@ambari.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 890E2200B40
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu,  2 Jun 2016 00:37:40 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 878F7160A4D; Wed,  1 Jun 2016 22:37:40 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 11F61160A4C
	for <archive-asf-public@cust-asf.ponee.io>; Thu,  2 Jun 2016 00:37:38 +0200 (CEST)
Received: (qmail 4052 invoked by uid 500); 1 Jun 2016 22:37:38 -0000
Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@ambari.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@ambari.apache.org>
List-Post: <mailto:commits@ambari.apache.org>
List-Id: <commits.ambari.apache.org>
Reply-To: ambari-dev@ambari.apache.org
Delivered-To: mailing list commits@ambari.apache.org
Received: (qmail 4043 invoked by uid 99); 1 Jun 2016 22:37:38 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Jun 2016 22:37:38 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 1E8C4E0498; Wed,  1 Jun 2016 22:37:38 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: oleewere@apache.org
To: commits@ambari.apache.org
Message-Id: <7eadd54b610e4eb6b9450b6bd164e106@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: ambari git commit: AMBARI-16719. Enable authentication using Ambari
 for LogSearch (Miklos Gergely via oleewere)
Date: Wed,  1 Jun 2016 22:37:38 +0000 (UTC)
archived-at: Wed, 01 Jun 2016 22:37:40 -0000

Repository: ambari
Updated Branches:
  refs/heads/trunk b4df6da51 -> 2ff12b7e0


AMBARI-16719. Enable authentication using Ambari for LogSearch (Miklos Gergely via oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2ff12b7e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2ff12b7e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2ff12b7e

Branch: refs/heads/trunk
Commit: 2ff12b7e0ff3ff111f5f8b01e2a232b3109f4ab7
Parents: b4df6da
Author: Miklos Gergely <mgergely@hortonworks.com>
Authored: Thu Jun 2 00:21:56 2016 +0200
Committer: oleewere <oleewere@gmail.com>
Committed: Thu Jun 2 00:36:46 2016 +0200

----------------------------------------------------------------------
 .../ambari_agent/CustomServiceOrchestrator.py   |  8 +++++-
 .../TestCustomServiceOrchestrator.py            |  2 ++
 ...rchExternalServerAuthenticationProvider.java | 10 +++++---
 .../src/main/resources/logsearch.properties     |  2 +-
 .../ambari/server/controller/AmbariServer.java  |  1 +
 .../apache/ambari/server/utils/StageUtils.java  | 25 ++++++++++++++----
 .../configuration/logsearch-properties.xml      | 27 ++++++++++++++++++++
 .../LOGSEARCH/0.5.0/package/scripts/params.py   | 23 +++++++++++++++--
 .../package/templates/logsearch.properties.j2   |  9 +++++++
 .../AmbariCustomCommandExecutionHelperTest.java |  6 ++---
 .../AmbariManagementControllerTest.java         |  2 ++
 .../BackgroundCustomCommandExecutionTest.java   |  3 ++-
 .../server/controller/KerberosHelperTest.java   |  6 +++++
 ...ClusterStackVersionResourceProviderTest.java |  4 +--
 .../HostStackVersionResourceProviderTest.java   |  5 ++--
 .../UpgradeResourceProviderHDP22Test.java       |  2 ++
 .../internal/UpgradeResourceProviderTest.java   |  2 ++
 .../ambari/server/utils/StageUtilsTest.java     |  2 ++
 .../test/python/stacks/2.4/configs/default.json | 11 +++++++-
 ambari-web/app/data/HDP2/site_properties.js     | 21 +++++++++++++++
 20 files changed, 149 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
index fcea23f..fc1b72a 100644
--- a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
+++ b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
@@ -56,6 +56,8 @@ class CustomServiceOrchestrator():
   IPV4_ADDRESSES_KEY = "all_ipv4_ips"
 
   AMBARI_SERVER_HOST = "ambari_server_host"
+  AMBARI_SERVER_PORT = "ambari_server_port"
+  AMBARI_SERVER_USE_SSL = "ambari_server_use_ssl"
 
   FREQUENT_COMMANDS = [COMMAND_NAME_SECURITY_STATUS, COMMAND_NAME_STATUS]
   DONT_DEBUG_FAILURES_FOR_COMMANDS = FREQUENT_COMMANDS
@@ -360,6 +362,8 @@ class CustomServiceOrchestrator():
     ipv4_addresses = info.pop(self.IPV4_ADDRESSES_KEY)
 
     ambariServerHost = info.pop(self.AMBARI_SERVER_HOST)
+    ambariServerPort = info.pop(self.AMBARI_SERVER_PORT)
+    ambariServerUseSsl = info.pop(self.AMBARI_SERVER_USE_SSL)
 
     decompressedMap = {}
 
@@ -385,8 +389,10 @@ class CustomServiceOrchestrator():
     decompressedMap[self.RACKS_KEY] = racks
     #Add ips list to result
     decompressedMap[self.IPV4_ADDRESSES_KEY] = ipv4_addresses
-    #Add ambari-server host to result
+    #Add ambari-server properties to result
     decompressedMap[self.AMBARI_SERVER_HOST] = ambariServerHost
+    decompressedMap[self.AMBARI_SERVER_PORT] = ambariServerPort
+    decompressedMap[self.AMBARI_SERVER_USE_SSL] = ambariServerUseSsl
 
     return decompressedMap
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
index 482235f..0ff0ba5 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
@@ -163,6 +163,8 @@ class TestCustomServiceOrchestrator(TestCase):
                          'slave_hosts'   : ['0', '1'],
                          'all_racks'   : [u'/default-rack:0'],
                          'ambari_server_host' : 'a.b.c',
+                         'ambari_server_port' : '123',
+                         'ambari_server_use_ssl' : 'false',
                          'all_ipv4_ips'   : [u'192.168.12.101:0'],
                          'all_hosts'     : ['h1.hortonworks.com', 'h2.hortonworks.com'],
                          'all_ping_ports': ['8670:0,1']},

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
index 0fd3770..f1f2e31 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
@@ -166,11 +166,13 @@ public class LogsearchExternalServerAuthenticationProvider extends
     String allowedRoleList[] = PropertiesUtil
         .getPropertyStringList(ALLOWED_ROLE_PROP);
 
+    List<String> values = new ArrayList<String>();
+    jsonUtil.getValuesOfKey(responseJson,
+        PRIVILEGE_INFO.PERMISSION_NAME.toString(), values);
+    if (values.isEmpty())
+      return true;
+    
     if (allowedRoleList.length > 0 && responseJson != null) {
-      List<String> values = new ArrayList<String>();
-      jsonUtil.getValuesOfKey(responseJson,
-          PRIVILEGE_INFO.PERMISSION_NAME.toString(), values);
-
       for (String allowedRole : allowedRoleList) {
         for (String role : values) {
           if (role.equals(allowedRole)) {

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties
index 0c65bd6..f477c5a 100755
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/resources/logsearch.properties
@@ -46,4 +46,4 @@ logsearch.auth.external_auth.enable=false
 logsearch.auth.external_auth.host_url=http://ip:port
 logsearch.auth.external_auth.login_url=/api/v1/users/$USERNAME/privileges?fields=*
 #Note: Use comma(,) for separation of multiple roles
-logsearch.roles.allowed=AMBARI.ADMIN
\ No newline at end of file
+logsearch.roles.allowed=AMBARI.ADMINISTRATOR
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index d17a451..cdc8185 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -889,6 +889,7 @@ public class AmbariServer {
     StackAdvisorResourceProvider.init(injector.getInstance(StackAdvisorHelper.class));
     StageUtils.setGson(injector.getInstance(Gson.class));
     StageUtils.setTopologyManager(injector.getInstance(TopologyManager.class));
+    StageUtils.setConfiguration(injector.getInstance(Configuration.class));
     WorkflowJsonService.setDBProperties(
       injector.getInstance(Configuration.class));
     SecurityFilter.init(injector.getInstance(Configuration.class));

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
index 218a42f..240bfc7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
@@ -45,6 +45,7 @@ import org.apache.ambari.server.RoleCommand;
 import org.apache.ambari.server.actionmanager.Stage;
 import org.apache.ambari.server.actionmanager.StageFactory;
 import org.apache.ambari.server.agent.ExecutionCommand;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.ActionExecutionContext;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Host;
@@ -63,6 +64,7 @@ import org.codehaus.jackson.map.ObjectMapper;
 import org.codehaus.jackson.map.SerializationConfig;
 
 import com.google.common.base.Joiner;
+import com.google.common.collect.Sets;
 import com.google.gson.Gson;
 import com.google.inject.Inject;
 
@@ -74,6 +76,8 @@ public class StageUtils {
 
   private static final Log LOG = LogFactory.getLog(StageUtils.class);
   protected static final String AMBARI_SERVER_HOST = "ambari_server_host";
+  protected static final String AMBARI_SERVER_PORT = "ambari_server_port";
+  protected static final String AMBARI_SERVER_USE_SSL = "ambari_server_use_ssl";
   protected static final String HOSTS_LIST = "all_hosts";
   protected static final String PORTS = "all_ping_ports";
   protected static final String RACKS = "all_racks";
@@ -91,6 +95,9 @@ public class StageUtils {
   private static TopologyManager topologyManager;
 
   @Inject
+  private static Configuration configuration;
+  
+  @Inject
   public StageUtils(StageFactory stageFactory) {
     StageUtils.stageFactory = stageFactory;
   }
@@ -129,6 +136,11 @@ public class StageUtils {
     StageUtils.topologyManager = topologyManager;
   }
 
+  //todo: proper static injection
+  public static void setConfiguration(Configuration configuration) {
+    StageUtils.configuration = configuration;
+  }
+
   static {
     componentToClusterInfoKeyMap.put("NAMENODE", "namenode_host");
     componentToClusterInfoKeyMap.put("JOBTRACKER", "jtnode_host");
@@ -411,14 +423,17 @@ public class StageUtils {
 
     // Fill server host
     /*
-     * Note: We don't replace server host name by an index (like we do
+     * Note: We don't replace server host name, port, ssl usage by an index (like we do
      * with component hostnames), because if ambari-agent is not installed
      * at ambari-server host, then allHosts map will not contain
      * ambari-server hostname.
      */
-    TreeSet<String> serverHost = new TreeSet<String>();
-    serverHost.add(getHostName());
-    clusterHostInfo.put(AMBARI_SERVER_HOST, serverHost);
+    clusterHostInfo.put(AMBARI_SERVER_HOST, Sets.newHashSet(getHostName()));
+    
+    boolean serverUseSsl = configuration.getApiSSLAuthentication();
+    int port = serverUseSsl ? configuration.getClientSSLApiPort() : configuration.getClientApiPort();
+    clusterHostInfo.put(AMBARI_SERVER_PORT, Sets.newHashSet(Integer.toString(port)));
+    clusterHostInfo.put(AMBARI_SERVER_USE_SSL, Sets.newHashSet(Boolean.toString(serverUseSsl)));
 
     return clusterHostInfo;
   }
@@ -437,7 +452,7 @@ public class StageUtils {
    * @throws AmbariException if an index fails to map to a host name
    */
   public static Map<String, Set<String>> substituteHostIndexes(Map<String, Set<String>> clusterHostInfo) throws AmbariException {
-    Set<String> keysToSkip = new HashSet<String>(Arrays.asList(HOSTS_LIST, PORTS, AMBARI_SERVER_HOST, RACKS, IPV4_ADDRESSES));
+    Set<String> keysToSkip = new HashSet<String>(Arrays.asList(HOSTS_LIST, PORTS, AMBARI_SERVER_HOST, AMBARI_SERVER_PORT, AMBARI_SERVER_USE_SSL, RACKS, IPV4_ADDRESSES));
     String[] allHosts = {};
     if (clusterHostInfo.get(HOSTS_LIST) != null) {
       allHosts = clusterHostInfo.get(HOSTS_LIST).toArray(new String[clusterHostInfo.get(HOSTS_LIST).size()]);

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
index 0d7bb89..b1fb6ab 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml
@@ -137,4 +137,31 @@
     <on-ambari-upgrade add="false" change="true" delete="true"/>
     <on-stack-upgrade add="true" change="true" delete="false"/>
   </property>
+  <property>
+    <name>logsearch.external.auth.enabled</name>
+    <value>true</value>
+    <display-name>External authentication</display-name>
+    <description>Enable external authentication</description>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false" change="true" delete="true"/>
+    <on-stack-upgrade add="true" change="true" delete="false"/>
+  </property>
+  <property>
+    <name>logsearch.external.auth.host_url</name>
+    <value>{ambari_server_auth_host_url}</value>
+    <display-name>External authentication url - host and port</display-name>
+    <description>The host and port of the external server used to authenticate</description>
+    <on-ambari-upgrade add="false" change="true" delete="true"/>
+    <on-stack-upgrade add="true" change="true" delete="false"/>
+  </property>
+  <property>
+    <name>logsearch.external.auth.login_url</name>
+    <value>/api/v1/users/$USERNAME/privileges?fields=*</value>
+    <display-name>External authentication url - path and query</display-name>
+    <description>The path and query of the external server used to authenticate</description>
+    <on-ambari-upgrade add="false" change="true" delete="true"/>
+    <on-stack-upgrade add="true" change="true" delete="false"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
index 0adc5c5..34583ba 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py
@@ -195,6 +195,9 @@ logsearch_custom_properties.pop("logsearch.collection.audit.logs.replication.fac
 logsearch_custom_properties.pop("logsearch.collection.service.logs.numshards", None)
 logsearch_custom_properties.pop("logsearch.service.logs.split.interval.mins", None)
 logsearch_custom_properties.pop("logsearch.collection.audit.logs.numshards", None)
+logsearch_custom_properties.pop("logsearch.external.auth.enabled", None)
+logsearch_custom_properties.pop("logsearch.external.auth.host_url", None)
+logsearch_custom_properties.pop("logsearch.external.auth.login_url", None)
 
 # logsearch-env configs
 logsearch_user = config['configurations']['logsearch-env']['logsearch_user']
@@ -237,7 +240,7 @@ mapred_log_dir_prefix = default('/configurations/mapred-env/mapred_log_dir_prefi
 zk_log_dir = default('/configurations/zookeeper-env/zk_log_dir', '/var/log/zookeeper')
 
 #####################################
-# Logsearch admin configs
+# Logsearch auth configs
 #####################################
 
 logsearch_admin_credential_file = 'logsearch-admin.json'
@@ -245,6 +248,22 @@ logsearch_admin_username = default('/configurations/logsearch-admin-json/logsear
 logsearch_admin_password = default('/configurations/logsearch-admin-json/logsearch_admin_password', "")
 logsearch_admin_content = config['configurations']['logsearch-admin-json']['content']
 
+# for now just pick first collector
+if 'ambari_server_host' in config['clusterHostInfo']:
+  ambari_server_host = config['clusterHostInfo']['ambari_server_host'][0]
+  ambari_server_port = config['clusterHostInfo']['ambari_server_port'][0]
+  ambari_server_use_ssl = config['clusterHostInfo']['ambari_server_use_ssl'][0] == 'true'
+  
+  ambari_server_protocol = 'https' if ambari_server_use_ssl else 'http'
+
+  ambari_server_auth_host_url = format('{ambari_server_protocol}://{ambari_server_host}:{ambari_server_port}')
+else:
+  ambari_server_auth_host_url = ''
+
+logsearch_auth_external_enabled = str(config['configurations']['logsearch-properties']['logsearch.external.auth.enabled']).lower()
+logsearch_auth_external_host_url = format(config['configurations']['logsearch-properties']['logsearch.external.auth.host_url'])
+logsearch_auth_external_login_url = config['configurations']['logsearch-properties']['logsearch.external.auth.login_url']
+
 #####################################
 # Logfeeder configs
 #####################################
@@ -304,4 +323,4 @@ logfeeder_custom_properties.pop('logfeeder.config.files', None)
 logfeeder_custom_properties.pop('logfeeder.checkpoint.folder', None)
 logfeeder_custom_properties.pop('logfeeder.metrics.collector.hosts', None)
 logfeeder_custom_properties.pop('logfeeder.log.filter.enable', None)
-logfeeder_custom_properties.pop('logfeeder.solr.config.interval', None)
\ No newline at end of file
+logfeeder_custom_properties.pop('logfeeder.solr.config.interval', None)

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/logsearch.properties.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/logsearch.properties.j2 b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/logsearch.properties.j2
index 7e649ea..9ada5bf 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/logsearch.properties.j2
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/templates/logsearch.properties.j2
@@ -47,8 +47,17 @@ logsearch.solr.jmx.port={{logsearch_solr_jmx_port}}
 logsearch.logfeeder.include.default.level={{logsearch_logfeeder_include_default_level}}
 
 # logsearch-admin.json
+logsearch.auth.file.enable=true
 logsearch.login.credentials.file={{logsearch_admin_credential_file}}
 
+logsearch.auth.ldap.enable=false
+logsearch.auth.simple.enable=false
+
+logsearch.auth.external_auth.enable={{logsearch_auth_external_enabled}}
+logsearch.auth.external_auth.host_url={{logsearch_auth_external_host_url}}
+logsearch.auth.external_auth.login_url={{logsearch_auth_external_login_url}}
+logsearch.roles.allowed=AMBARI.ADMINISTRATOR
+
 # Custom properties
 {% for key, value in logsearch_custom_properties.items() %}
 {{key}}={{value}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
index 1ecadc4..68b31c0 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
@@ -33,6 +33,7 @@ import org.apache.ambari.server.actionmanager.ExecutionCommandWrapper;
 import org.apache.ambari.server.actionmanager.Request;
 import org.apache.ambari.server.actionmanager.Stage;
 import org.apache.ambari.server.agent.ExecutionCommand;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.internal.ComponentResourceProviderTest;
 import org.apache.ambari.server.controller.internal.RequestOperationLevel;
 import org.apache.ambari.server.controller.internal.RequestResourceFilter;
@@ -82,7 +83,6 @@ public class AmbariCustomCommandExecutionHelperTest {
 
   @Before
   public void setup() throws Exception {
-    TopologyManager topologyManager;
     InMemoryDefaultTestModule module = new InMemoryDefaultTestModule(){
       @Override
       protected void configure() {
@@ -96,8 +96,8 @@ public class AmbariCustomCommandExecutionHelperTest {
     injector.getInstance(GuiceJpaInitializer.class);
     controller = injector.getInstance(AmbariManagementController.class);
     clusters = injector.getInstance(Clusters.class);
-    topologyManager = injector.getInstance(TopologyManager.class);
-    StageUtils.setTopologyManager(topologyManager);
+    StageUtils.setTopologyManager(injector.getInstance(TopologyManager.class));
+    StageUtils.setConfiguration(injector.getInstance(Configuration.class));
   }
 
   @After

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
index 42d62c8..fd70df5 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
@@ -248,6 +248,8 @@ public class AmbariManagementControllerTest {
     controller = injector.getInstance(AmbariManagementController.class);
     TopologyManager topologyManager = injector.getInstance(TopologyManager.class);
     StageUtils.setTopologyManager(topologyManager);
+    Configuration configuration = injector.getInstance(Configuration.class);
+    StageUtils.setConfiguration(configuration);
     ActionManager.setTopologyManager(topologyManager);
 
     SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
index fc39521..0f5224d 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
@@ -103,7 +103,8 @@ public class BackgroundCustomCommandExecutionTest {
     Assert.assertEquals("src/main/resources/custom_action_definitions", configuration.getCustomActionDefinitionPath());
 
     StageUtils.setTopologyManager(topologyManager);
-
+    StageUtils.setConfiguration(configuration);
+    
     // Set the authenticated user
     // TODO: remove this or replace the authenticated user to test authorization rules
     // Set the authenticated user

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index c707a90..7281e85 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -34,6 +34,7 @@ import org.apache.ambari.server.api.services.stackadvisor.StackAdvisorHelper;
 import org.apache.ambari.server.api.services.stackadvisor.StackAdvisorRequest;
 import org.apache.ambari.server.api.services.stackadvisor.recommendations.RecommendationResponse;
 import org.apache.ambari.server.audit.AuditLogger;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.internal.ArtifactResourceProvider;
 import org.apache.ambari.server.controller.internal.RequestStageContainer;
 import org.apache.ambari.server.controller.spi.ClusterController;
@@ -141,6 +142,7 @@ public class KerberosHelperTest extends EasyMockSupport {
   private final KerberosConfigDataFileWriterFactory kerberosConfigDataFileWriterFactory = createStrictMock(KerberosConfigDataFileWriterFactory.class);
   private final AmbariMetaInfo metaInfo = createMock(AmbariMetaInfo.class);
   private final TopologyManager topologyManager = createMock(TopologyManager.class);
+  private final Configuration configuration = createMock(Configuration.class);
 
   @Before
   public void setUp() throws Exception {
@@ -229,6 +231,10 @@ public class KerberosHelperTest extends EasyMockSupport {
     StageUtils.setTopologyManager(topologyManager);
     expect(topologyManager.getPendingHostComponents()).andReturn(
         Collections.<String, Collection<String>>emptyMap()).anyTimes();
+    
+    StageUtils.setConfiguration(configuration);
+    expect(configuration.getApiSSLAuthentication()).andReturn(false).anyTimes();
+    expect(configuration.getClientApiPort()).andReturn(8080).anyTimes();
 
     CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
     if (!credentialStoreService.isInitialized(CredentialStoreType.TEMPORARY)) {

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
index 403f426..f3c90a1 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java
@@ -322,8 +322,8 @@ public class ClusterStackVersionResourceProviderTest {
     expect(clusterVersionDAO.findByClusterAndStackAndVersion(anyObject(String.class),
             anyObject(StackId.class), anyObject(String.class))).andReturn(cve);
 
-    TopologyManager topologyManager = injector.getInstance(TopologyManager.class);
-    StageUtils.setTopologyManager(topologyManager);
+    StageUtils.setTopologyManager(injector.getInstance(TopologyManager.class));
+    StageUtils.setConfiguration(injector.getInstance(Configuration.class));
 
     expect(clusterVersionDAO.findByCluster(anyObject(String.class))).andReturn(Collections.<ClusterVersionEntity>emptyList()).once();
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostStackVersionResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostStackVersionResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostStackVersionResourceProviderTest.java
index 4fcfce2..0c42d37 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostStackVersionResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostStackVersionResourceProviderTest.java
@@ -41,6 +41,7 @@ import java.util.Set;
 import org.apache.ambari.server.actionmanager.ActionManager;
 import org.apache.ambari.server.actionmanager.HostRoleCommand;
 import org.apache.ambari.server.api.services.AmbariMetaInfo;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.AmbariManagementController;
 import org.apache.ambari.server.controller.RequestStatusResponse;
 import org.apache.ambari.server.controller.ResourceProviderFactory;
@@ -251,8 +252,8 @@ public class HostStackVersionResourceProviderTest {
 
     expect(actionManager.getRequestTasks(anyLong())).andReturn(Collections.<HostRoleCommand>emptyList()).anyTimes();
 
-    TopologyManager topologyManager = injector.getInstance(TopologyManager.class);
-    StageUtils.setTopologyManager(topologyManager);
+    StageUtils.setTopologyManager(injector.getInstance(TopologyManager.class));
+    StageUtils.setConfiguration(injector.getInstance(Configuration.class));
 
     // replay
     replay(managementController, response, clusters, resourceProviderFactory, csvResourceProvider,

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderHDP22Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderHDP22Test.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderHDP22Test.java
index 73860bc..bc99117 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderHDP22Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderHDP22Test.java
@@ -36,6 +36,7 @@ import org.apache.ambari.server.actionmanager.ExecutionCommandWrapper;
 import org.apache.ambari.server.actionmanager.ExecutionCommandWrapperFactory;
 import org.apache.ambari.server.agent.ExecutionCommand;
 import org.apache.ambari.server.agent.ExecutionCommand.KeyNames;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.AmbariManagementController;
 import org.apache.ambari.server.controller.AmbariServer;
 import org.apache.ambari.server.controller.spi.Request;
@@ -239,6 +240,7 @@ public class UpgradeResourceProviderHDP22Test {
     sch.setVersion("2.2.0.0");
     topologyManager = injector.getInstance(TopologyManager.class);
     StageUtils.setTopologyManager(topologyManager);
+    StageUtils.setConfiguration(injector.getInstance(Configuration.class));
     ActionManager.setTopologyManager(topologyManager);
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
index 89b508c..67be4e5 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
@@ -46,6 +46,7 @@ import org.apache.ambari.server.actionmanager.Stage;
 import org.apache.ambari.server.api.resources.UpgradeResourceDefinition;
 import org.apache.ambari.server.api.services.AmbariMetaInfo;
 import org.apache.ambari.server.audit.AuditLogger;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.AmbariManagementController;
 import org.apache.ambari.server.controller.AmbariServer;
 import org.apache.ambari.server.controller.spi.Predicate;
@@ -241,6 +242,7 @@ public class UpgradeResourceProviderTest {
 
     topologyManager = injector.getInstance(TopologyManager.class);
     StageUtils.setTopologyManager(topologyManager);
+    StageUtils.setConfiguration(injector.getInstance(Configuration.class));
     ActionManager.setTopologyManager(topologyManager);
     EasyMock.replay(injector.getInstance(AuditLogger.class));
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/java/org/apache/ambari/server/utils/StageUtilsTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/utils/StageUtilsTest.java b/ambari-server/src/test/java/org/apache/ambari/server/utils/StageUtilsTest.java
index 3f1fba3..5d39841 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/utils/StageUtilsTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/utils/StageUtilsTest.java
@@ -56,6 +56,7 @@ import org.apache.ambari.server.actionmanager.StageFactory;
 import org.apache.ambari.server.actionmanager.StageFactoryImpl;
 import org.apache.ambari.server.agent.ExecutionCommand;
 import org.apache.ambari.server.api.services.AmbariMetaInfo;
+import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.orm.DBAccessor;
 import org.apache.ambari.server.orm.dao.HostDAO;
 import org.apache.ambari.server.orm.dao.HostRoleCommandDAO;
@@ -131,6 +132,7 @@ public class StageUtilsTest extends EasyMockSupport {
 
 
     StageUtils.setTopologyManager(injector.getInstance(TopologyManager.class));
+    StageUtils.setConfiguration(injector.getInstance(Configuration.class));
   }
 
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-server/src/test/python/stacks/2.4/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.4/configs/default.json b/ambari-server/src/test/python/stacks/2.4/configs/default.json
index e01bc26..6362a4c 100644
--- a/ambari-server/src/test/python/stacks/2.4/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.4/configs/default.json
@@ -275,7 +275,10 @@
         "logsearch.collection.audit.logs.numshards": "10",
         "logsearch.collection.audit.logs.replication.factor": "1",
         "logsearch.app.max.memory": "1g",
-        "logsearch.solr.metrics.collector.hosts" : "{metrics_collector_hosts}"
+        "logsearch.solr.metrics.collector.hosts" : "{metrics_collector_hosts}",
+        "logsearch.external.auth.enabled" : "false",
+        "logsearch.external.auth.host_url" : "{ambari_server_auth_host_url}",
+        "logsearch.external.auth.login_url" : "/api/v1/users/$USERNAME/privileges?fields=*"
       },
       "logfeeder-properties": {
         "logfeeder.metrics.collector.hosts" : "{metrics_collector_hosts}",
@@ -382,6 +385,12 @@
       "ambari_server_host": [
         "c6401.ambari.apache.org"
       ],
+      "ambari_server_port": [
+        "8080"
+      ],
+      "ambari_server_use_ssl": [
+        "false"
+      ],
       "all_ping_ports": [
         "8670",
         "8670"

http://git-wip-us.apache.org/repos/asf/ambari/blob/2ff12b7e/ambari-web/app/data/HDP2/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2/site_properties.js b/ambari-web/app/data/HDP2/site_properties.js
index beb420d..2634785 100644
--- a/ambari-web/app/data/HDP2/site_properties.js
+++ b/ambari-web/app/data/HDP2/site_properties.js
@@ -2170,6 +2170,27 @@ var hdp2properties = [
     "category": "Advanced logsearch-properties",
     "index": 9
   },
+  {
+    "name": "logsearch.external.auth.enabled",
+    "serviceName": "LOGSEARCH",
+    "filename": "logsearch-properties.xml",
+    "category": "Advanced logsearch-properties",
+    "index": 10
+  },
+  {
+    "name": "logsearch.external.auth.host_url",
+    "serviceName": "LOGSEARCH",
+    "filename": "logsearch-properties.xml",
+    "category": "Advanced logsearch-properties",
+    "index": 11
+  },
+  {
+    "name": "logsearch.external.auth.login_url",
+    "serviceName": "LOGSEARCH",
+    "filename": "logsearch-properties.xml",
+    "category": "Advanced logsearch-properties",
+    "index": 12
+  },
   /*logsearch-solr-env*/
   {
     "name": "logsearch_solr_log_dir",