ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smoha...@apache.org
Subject ambari git commit: AMBARI-17869. Update Atlas Metadata server security status for the new version (smohanty)
Date Mon, 25 Jul 2016 21:15:54 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 1cfb68b4f -> 97c8f920a


AMBARI-17869. Update Atlas Metadata server security status for the new version (smohanty)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/97c8f920
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/97c8f920
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/97c8f920

Branch: refs/heads/trunk
Commit: 97c8f920aa3a6f1ed6dffa9099ed6223dd775f2a
Parents: 1cfb68b
Author: Sumit Mohanty <smohanty@hortonworks.com>
Authored: Mon Jul 25 14:14:10 2016 -0700
Committer: Sumit Mohanty <smohanty@hortonworks.com>
Committed: Mon Jul 25 14:14:10 2016 -0700

----------------------------------------------------------------------
 .../package/scripts/metadata_server.py          | 53 +++++++++++++++-----
 .../stacks/2.5/ATLAS/test_atlas_server.py       | 42 ++++++++++++++++
 2 files changed, 83 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/97c8f920/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
index f18809f..d5159b8 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
@@ -63,6 +63,7 @@ class MetadataServer(Script):
 
   def start(self, env, upgrade_type=None):
     import params
+
     env.set_params(params)
     self.configure(env)
 
@@ -71,7 +72,7 @@ class MetadataServer(Script):
 
     if params.stack_supports_atlas_ranger_plugin:
       Logger.info('Atlas plugin is enabled, configuring Atlas plugin.')
-      setup_ranger_atlas(upgrade_type = upgrade_type)
+      setup_ranger_atlas(upgrade_type=upgrade_type)
     else:
       Logger.info('Atlas plugin is not supported or enabled.')
 
@@ -86,6 +87,7 @@ class MetadataServer(Script):
 
   def stop(self, env, upgrade_type=None):
     import params
+
     env.set_params(params)
     daemon_cmd = format('source {params.conf_dir}/atlas-env.sh; {params.metadata_stop_script}')
 
@@ -101,6 +103,7 @@ class MetadataServer(Script):
 
   def status(self, env):
     import status_params
+
     env.set_params(status_params)
     check_process_status(status_params.pid_file)
 
@@ -109,6 +112,7 @@ class MetadataServer(Script):
 
     env.set_params(status_params)
 
+    file_name_key = 'applicaton'
     props_value_check = {'atlas.authentication.method': 'kerberos',
                          'atlas.http.authentication.enabled': 'true',
                          'atlas.http.authentication.type': 'kerberos'}
@@ -118,7 +122,19 @@ class MetadataServer(Script):
                          'atlas.http.authentication.kerberos.keytab']
     props_read_check = ['atlas.authentication.keytab',
                         'atlas.http.authentication.kerberos.keytab']
-    atlas_site_expectations = build_expectations('application',
+
+    if check_stack_feature(StackFeature.ATLAS_UPGRADE_SUPPORT, status_params.version_for_stack_feature_checks):
+      file_name_key = 'atlas-application'
+      props_value_check = {'atlas.authentication.method.kerberos': 'true',
+                           'atlas.solr.kerberos.enable': 'true'}
+      props_empty_check = ['atlas.authentication.principal',
+                           'atlas.authentication.keytab',
+                           'atlas.authentication.method.kerberos.principal',
+                           'atlas.authentication.method.kerberos.keytab']
+      props_read_check = ['atlas.authentication.keytab',
+                          'atlas.authentication.method.kerberos.keytab']
+
+    atlas_site_expectations = build_expectations(file_name_key,
                                                  props_value_check,
                                                  props_empty_check,
                                                  props_read_check)
@@ -129,24 +145,34 @@ class MetadataServer(Script):
     security_params = get_params_from_filesystem(status_params.conf_dir,
                                                  {status_params.conf_file: FILE_TYPE_PROPERTIES})
     result_issues = validate_security_config_properties(security_params, atlas_expectations)
+
     if not result_issues:  # If all validations passed successfully
       try:
         # Double check the dict before calling execute
-        if ( 'application' not in security_params
-             or 'atlas.authentication.keytab' not in security_params['application']
-             or 'atlas.authentication.principal' not in security_params['application']):
+        if ( file_name_key not in security_params
+             or 'atlas.authentication.keytab' not in security_params[file_name_key]
+             or 'atlas.authentication.principal' not in security_params[file_name_key]):
           self.put_structured_out({"securityState": "UNSECURED"})
           self.put_structured_out(
             {"securityIssuesFound": "Atlas service keytab file or principal are not set property."})
           return
 
-        if ( 'application' not in security_params
-             or 'atlas.http.authentication.kerberos.keytab' not in security_params['application']
-             or 'atlas.http.authentication.kerberos.principal' not in security_params['application']):
-          self.put_structured_out({"securityState": "UNSECURED"})
-          self.put_structured_out(
-            {"securityIssuesFound": "HTTP Authentication keytab file or principal are not
set property."})
-          return
+        if check_stack_feature(StackFeature.ATLAS_UPGRADE_SUPPORT, status_params.version_for_stack_feature_checks):
+          if ( file_name_key not in security_params
+               or 'atlas.authentication.method.kerberos.keytab' not in security_params[file_name_key]
+               or 'atlas.authentication.method.kerberos.principal' not in security_params[file_name_key]):
+            self.put_structured_out({"securityState": "UNSECURED"})
+            self.put_structured_out(
+              {"securityIssuesFound": "Method Authentication keytab file or principal are
not set property."})
+            return
+        else:
+          if ( file_name_key not in security_params
+               or 'atlas.http.authentication.kerberos.keytab' not in security_params[file_name_key]
+               or 'atlas.http.authentication.kerberos.principal' not in security_params[file_name_key]):
+            self.put_structured_out({"securityState": "UNSECURED"})
+            self.put_structured_out(
+              {"securityIssuesFound": "HTTP Authentication keytab file or principal are not
set property."})
+            return
 
         self.put_structured_out({"securityState": "SECURED_KERBEROS"})
       except Exception as e:
@@ -161,11 +187,14 @@ class MetadataServer(Script):
 
   def get_log_folder(self):
     import params
+
     return params.log_dir
 
   def get_user(self):
     import params
+
     return params.metadata_user
 
+
 if __name__ == "__main__":
   MetadataServer().execute()

http://git-wip-us.apache.org/repos/asf/ambari/blob/97c8f920/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py b/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
index 3797cf3..b155c37 100644
--- a/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
+++ b/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
@@ -19,6 +19,7 @@ limitations under the License.
 '''
 
 from stacks.utils.RMFTestCase import *
+from mock.mock import MagicMock, call, patch
 
 from only_for_platform import not_for_platform, PLATFORM_WINDOWS
 
@@ -189,3 +190,44 @@ class TestAtlasServer(RMFTestCase):
     self.configureResourcesCalled()
     self.assertNoMoreResources()
 
+  @patch("resource_management.libraries.functions.security_commons.build_expectations")
+  @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
+  @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
+  @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
+  @patch("resource_management.libraries.script.Script.put_structured_out")
+  def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock,
get_params_mock, build_exp_mock):
+
+    security_params = {
+      'atlas-application': {
+        'atlas.authentication.keytab': '/etc/security/keytabs/atlas.service.keytab',
+        'atlas.authentication.method.file': 'true',
+        'atlas.authentication.method.kerberos': 'true',
+        'atlas.authentication.method.kerberos.keytab': '/etc/security/keytabs/spnego.service.keytab',
+        'atlas.authentication.method.kerberos.principal': 'HTTP/_HOST@EXAMPLE.COM',
+        'atlas.authentication.principal': 'atlas/_HOST@EXAMPLE.COM'
+      }
+    }
+    result_issues = []
+    props_value_check = {'atlas.authentication.method.kerberos': 'true',
+                         'atlas.solr.kerberos.enable': 'true'}
+    props_empty_check = ['atlas.authentication.principal',
+                         'atlas.authentication.keytab',
+                         'atlas.authentication.method.kerberos.principal',
+                         'atlas.authentication.method.kerberos.keytab']
+    props_read_check = ['atlas.authentication.keytab',
+                        'atlas.authentication.method.kerberos.keytab']
+
+    get_params_mock.return_value = security_params
+    validate_security_config_mock.return_value = result_issues
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/metadata_server.py",
+                       classname = "MetadataServer",
+                       command = "security_status",
+                       config_file="default.json",
+                       stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    build_exp_mock.assert_called_with('atlas-application', props_value_check, props_empty_check,
props_read_check)
+    put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
+
+    self.assertNoMoreResources()


Mime
View raw message