ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleew...@apache.org
Subject ambari git commit: AMBARI-20152. Use storm user instead of nimbus user for ranger audit (oleewere)
Date Sat, 25 Feb 2017 19:57:23 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 0beb353a0 -> a8d1efc76


AMBARI-20152. Use storm user instead of nimbus user for ranger audit (oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a8d1efc7
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a8d1efc7
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a8d1efc7

Branch: refs/heads/trunk
Commit: a8d1efc76d799ff32304164406023efc3fc209f5
Parents: 0beb353
Author: oleewere <oleewere@gmail.com>
Authored: Thu Feb 23 21:42:13 2017 +0100
Committer: oleewere <oleewere@gmail.com>
Committed: Sat Feb 25 20:54:08 2017 +0100

----------------------------------------------------------------------
 .../server/upgrade/UpgradeCatalog250.java       |  91 ++++++++
 .../ATLAS/0.1.0.2.3/kerberos.json               |   5 +-
 .../ATLAS/0.7.0.2.5/kerberos.json               |   5 +-
 .../LOGSEARCH/0.5.0/kerberos.json               |   5 +-
 .../common-services/RANGER/0.6.0/kerberos.json  |   5 +-
 .../common-services/STORM/1.0.1/kerberos.json   |   2 +-
 .../server/upgrade/UpgradeCatalog250Test.java   |  79 +++++++
 ...test_kerberos_descriptor_2_5_infra_solr.json | 217 +++++++++++++++++++
 8 files changed, 404 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index b0243b7..d6ff241 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -33,19 +33,30 @@ import java.util.concurrent.atomic.AtomicLong;
 
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.actionmanager.CommandExecutionType;
+import org.apache.ambari.server.collections.Predicate;
+import org.apache.ambari.server.collections.functors.ContainsPredicate;
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.AmbariManagementController;
 import org.apache.ambari.server.orm.DBAccessor;
 import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo;
 import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
 import org.apache.ambari.server.orm.dao.AlertsDAO;
+import org.apache.ambari.server.orm.dao.ArtifactDAO;
 import org.apache.ambari.server.orm.dao.DaoUtils;
 import org.apache.ambari.server.orm.entities.AlertCurrentEntity;
 import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
 import org.apache.ambari.server.orm.entities.AlertHistoryEntity;
+import org.apache.ambari.server.orm.entities.ArtifactEntity;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.Config;
+import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory;
+import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -179,6 +190,7 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog {
     updateRangerUrlConfigs();
     addManageServiceAutoStartPermissions();
     addManageAlertNotificationsPermissions();
+    updateKerberosDescriptorArtifacts();
   }
 
   /**
@@ -436,6 +448,82 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog {
     }
   }
 
+  /**
+   * {@inheritDoc}
+   */
+  @Override
+  protected void updateKerberosDescriptorArtifact(ArtifactDAO artifactDAO, ArtifactEntity
artifactEntity) throws AmbariException {
+    if (artifactEntity != null) {
+      Map<String, Object> data = artifactEntity.getArtifactData();
+
+      if (data != null) {
+        final KerberosDescriptor kerberosDescriptor = new KerberosDescriptorFactory().createInstance(data);
+
+        if (kerberosDescriptor != null) {
+          KerberosServiceDescriptor logSearchKerberosDescriptor = kerberosDescriptor.getService("LOGSEARCH");
+          KerberosServiceDescriptor atlasKerberosDescriptor = kerberosDescriptor.getService("ATLAS");
+          KerberosServiceDescriptor rangerKerberosDescriptor = kerberosDescriptor.getService("RANGER");
+          addInfrSolrDescriptor(artifactDAO, artifactEntity, kerberosDescriptor, atlasKerberosDescriptor,
"ATLAS_SERVER");
+          addInfrSolrDescriptor(artifactDAO, artifactEntity, kerberosDescriptor, logSearchKerberosDescriptor,
"LOGSEARCH_SERVER");
+          addInfrSolrDescriptor(artifactDAO, artifactEntity, kerberosDescriptor, rangerKerberosDescriptor,
"RANGER_ADMIN");
+          KerberosServiceDescriptor stormKerberosDescriptor = kerberosDescriptor.getService("STORM");
+          if (stormKerberosDescriptor != null) {
+            KerberosComponentDescriptor componentDescriptor = stormKerberosDescriptor.getComponent("NIMBUS");
+            if (componentDescriptor != null) {
+              KerberosIdentityDescriptor origIdentityDescriptor = componentDescriptor.getIdentity("/STORM/NIMBUS/nimbus_server");
+              if (origIdentityDescriptor != null) {
+                KerberosPrincipalDescriptor origPrincipalDescriptor = origIdentityDescriptor.getPrincipalDescriptor();
+                KerberosPrincipalDescriptor newPrincipalDescriptor = new KerberosPrincipalDescriptor(
+                  null,
+                  null,
+                  (origPrincipalDescriptor == null) ?
+                    "ranger-storm-audit/xasecure.audit.jaas.Client.option.principal" : origPrincipalDescriptor.getConfiguration(),
+                  null
+                );
+                KerberosKeytabDescriptor origKeytabDescriptor = origIdentityDescriptor.getKeytabDescriptor();
+                KerberosKeytabDescriptor newKeytabDescriptor = new KerberosKeytabDescriptor(
+                  null,
+                  null,
+                  null,
+                  null,
+                  null,
+                  (origKeytabDescriptor == null) ?
+                    "ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab" : origKeytabDescriptor.getConfiguration(),
+                  false);
+                componentDescriptor.removeIdentity("/STORM/NIMBUS/nimbus_server");
+                componentDescriptor.putIdentity(new KerberosIdentityDescriptor("/STORM/storm_components",
null, newPrincipalDescriptor, newKeytabDescriptor, null));
+
+                artifactEntity.setArtifactData(kerberosDescriptor.toMap());
+                artifactDAO.merge(artifactEntity);
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+
+  /**
+   * Add /AMBARI-INFRA/INFRA_SOLR/infra-solr reference to specific service component
+   */
+  private void addInfrSolrDescriptor(ArtifactDAO artifactDAO, ArtifactEntity artifactEntity,
KerberosDescriptor kerberosDescriptor,
+                                     KerberosServiceDescriptor serviceDescriptor, String
componentName) {
+    if (serviceDescriptor != null) {
+      KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(componentName);
+      if (componentDescriptor != null) {
+        KerberosIdentityDescriptor origIdentityDescriptor = componentDescriptor.getIdentity("/AMBARI_INFRA/INFRA_SOLR/infra-solr");
+        if (origIdentityDescriptor != null) {
+          LOG.info("/AMBARI_INFRA/INFRA_SOLR/infra-solr identity already exists in {} component",
componentName);
+        } else {
+          Predicate predicate = ContainsPredicate.fromMap(Collections.<String, Object>singletonMap(ContainsPredicate.NAME,
Arrays.asList("services", "AMBARI_INFRA")));
+          componentDescriptor.putIdentity(new KerberosIdentityDescriptor("/AMBARI_INFRA/INFRA_SOLR/infra-solr",null,
null, null, predicate));
+          artifactEntity.setArtifactData(kerberosDescriptor.toMap());
+          artifactDAO.merge(artifactEntity);
+        }
+      }
+    }
+  }
+
   protected void updateTablesForZeppelinViewRemoval() throws SQLException {
     dbAccessor.executeQuery("DELETE from viewinstance WHERE view_name='ZEPPELIN{1.0.0}'",
true);
     dbAccessor.executeQuery("DELETE from viewmain WHERE view_name='ZEPPELIN{1.0.0}'", true);
@@ -1068,4 +1156,7 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog {
       updateConfigurationPropertiesForCluster(cluster, configType, updateProperty, true,
false);
     }
   }
+
+
+
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
index 0c25c95..4fe4d32 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
@@ -50,7 +50,10 @@
               }
             },
             {
-              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr"
+              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+              "when" : {
+                "contains" : ["services", "AMBARI_INFRA"]
+              }
             }
           ]
         }

http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
index d024146..e136bcf 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
@@ -89,7 +89,10 @@
               "name": "/KAFKA/KAFKA_BROKER/kafka_broker"
             },
             {
-              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr"
+              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+              "when" : {
+                "contains" : ["services", "AMBARI_INFRA"]
+              }
             }
           ]
         }

http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
index 60c8afb..9e0f12d 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
@@ -32,7 +32,10 @@
               }
             },
             {
-              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr"
+              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+              "when" : {
+                "contains" : ["services", "AMBARI_INFRA"]
+              }
             }
           ]
         },

http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
index c5b3201..1fc8acf 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
@@ -74,7 +74,10 @@
               }
             },
             {
-              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr"
+              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+              "when" : {
+                "contains" : ["services", "AMBARI_INFRA"]
+              }
             }
           ]
         },

http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json b/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
index fecef7c..fa2f6db 100644
--- a/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
@@ -106,7 +106,7 @@
               }
             },
             {
-              "name": "/STORM/NIMBUS/nimbus_server",
+              "name": "/STORM/storm_components",
               "principal": {
                 "configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.principal"
               },

http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 274d7eb..39d8785 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -32,7 +32,9 @@ import static org.easymock.EasyMock.reset;
 import static org.easymock.EasyMock.verify;
 import static org.junit.Assert.assertTrue;
 
+import java.io.File;
 import java.lang.reflect.Method;
+import java.net.URL;
 import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.SQLException;
@@ -54,10 +56,12 @@ import org.apache.ambari.server.controller.KerberosHelper;
 import org.apache.ambari.server.controller.MaintenanceStateHelper;
 import org.apache.ambari.server.orm.DBAccessor;
 import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
+import org.apache.ambari.server.orm.dao.ArtifactDAO;
 import org.apache.ambari.server.orm.dao.PermissionDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
 import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
+import org.apache.ambari.server.orm.entities.ArtifactEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
 import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
@@ -65,6 +69,9 @@ import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.Config;
 import org.apache.ambari.server.state.Service;
+import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory;
+import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
 import org.apache.ambari.server.state.stack.OsFamily;
 import org.easymock.Capture;
 import org.easymock.CaptureType;
@@ -368,6 +375,7 @@ public class UpgradeCatalog250Test {
     Method updateYarnSite = UpgradeCatalog250.class.getDeclaredMethod("updateYarnSite");
     Method updateAlerts = UpgradeCatalog250.class.getDeclaredMethod("updateStormAlerts");
     Method removeAlertDuplicates = UpgradeCatalog250.class.getDeclaredMethod("removeAlertDuplicates");
+    Method updateKerberosDescriptorArtifacts = AbstractUpgradeCatalog.class.getDeclaredMethod("updateKerberosDescriptorArtifacts");
 
     UpgradeCatalog250 upgradeCatalog250 = createMockBuilder(UpgradeCatalog250.class)
         .addMockedMethod(updateAmsConfigs)
@@ -387,6 +395,7 @@ public class UpgradeCatalog250Test {
         .addMockedMethod(updateYarnSite)
         .addMockedMethod(updateAlerts)
         .addMockedMethod(removeAlertDuplicates)
+        .addMockedMethod(updateKerberosDescriptorArtifacts)
         .createMock();
 
     upgradeCatalog250.updateAMSConfigs();
@@ -440,6 +449,9 @@ public class UpgradeCatalog250Test {
     upgradeCatalog250.removeAlertDuplicates();
       expectLastCall().once();
 
+    upgradeCatalog250.updateKerberosDescriptorArtifacts();
+    expectLastCall().once();
+
     replay(upgradeCatalog250);
 
     upgradeCatalog250.executeDMLUpdates();
@@ -1589,6 +1601,73 @@ public class UpgradeCatalog250Test {
   }
 
   @Test
+  public void testUpdateKerberosDescriptorArtifact() throws Exception {
+    final KerberosDescriptorFactory kerberosDescriptorFactory = new KerberosDescriptorFactory();
+
+    KerberosServiceDescriptor serviceDescriptor;
+
+    URL systemResourceURL = ClassLoader.getSystemResource("kerberos/test_kerberos_descriptor_2_5_infra_solr.json");
+    Assert.assertNotNull(systemResourceURL);
+
+    final KerberosDescriptor kerberosDescriptorOrig = kerberosDescriptorFactory.createInstance(new
File(systemResourceURL.getFile()));
+
+    serviceDescriptor = kerberosDescriptorOrig.getService("LOGSEARCH");
+    Assert.assertNotNull(serviceDescriptor);
+    Assert.assertNotNull(serviceDescriptor.getComponent("LOGSEARCH_SERVER"));
+    Assert.assertNotNull(serviceDescriptor.getComponent("LOGSEARCH_SERVER").getIdentity("logsearch"));
+    Assert.assertNotNull(serviceDescriptor.getComponent("LOGSEARCH_SERVER").getIdentity("/AMBARI_INFRA/INFRA_SOLR/infra-solr"));
+
+    serviceDescriptor = kerberosDescriptorOrig.getService("ATLAS");
+    Assert.assertNotNull(serviceDescriptor);
+    Assert.assertNotNull(serviceDescriptor.getComponent("ATLAS_SERVER"));
+
+    serviceDescriptor = kerberosDescriptorOrig.getService("RANGER");
+    Assert.assertNotNull(serviceDescriptor);
+    Assert.assertNotNull(serviceDescriptor.getComponent("RANGER_ADMIN"));
+
+    serviceDescriptor = kerberosDescriptorOrig.getService("STORM");
+    Assert.assertNotNull(serviceDescriptor);
+    Assert.assertNotNull(serviceDescriptor.getComponent("NIMBUS"));
+
+    UpgradeCatalog250 upgradeMock = createMockBuilder(UpgradeCatalog250.class).createMock();
+
+
+    ArtifactEntity artifactEntity = createNiceMock(ArtifactEntity.class);
+    expect(artifactEntity.getArtifactData())
+      .andReturn(kerberosDescriptorOrig.toMap())
+      .once();
+
+    Capture<Map<String, Object>> updateData = Capture.newInstance(CaptureType.ALL);
+    artifactEntity.setArtifactData(capture(updateData));
+    expectLastCall().times(3);
+
+    ArtifactDAO artifactDAO = createNiceMock(ArtifactDAO.class);
+    expect(artifactDAO.merge(anyObject(ArtifactEntity.class))).andReturn(artifactEntity).times(3);
+
+    replay(artifactEntity, artifactDAO, upgradeMock);
+    upgradeMock.updateKerberosDescriptorArtifact(artifactDAO, artifactEntity);
+    verify(artifactEntity, artifactDAO, upgradeMock);
+
+    KerberosDescriptor atlasKerberosDescriptorUpdated = new KerberosDescriptorFactory().createInstance(updateData.getValues().get(0));
+    KerberosDescriptor rangerKerberosDescriptorUpdated = new KerberosDescriptorFactory().createInstance(updateData.getValues().get(1));
+    KerberosDescriptor stormKerberosDescriptorUpdated = new KerberosDescriptorFactory().createInstance(updateData.getValues().get(2));
+
+    Assert.assertNotNull(atlasKerberosDescriptorUpdated.getIdentity("spnego"));
+    Assert.assertNotNull(atlasKerberosDescriptorUpdated.getService("LOGSEARCH"));
+    Assert.assertNotNull(atlasKerberosDescriptorUpdated.getService("LOGSEARCH").getComponent("LOGSEARCH_SERVER"));
+    Assert.assertNotNull(atlasKerberosDescriptorUpdated.getService("LOGSEARCH").getComponent("LOGSEARCH_SERVER").getIdentity("/AMBARI_INFRA/INFRA_SOLR/infra-solr"));
+    Assert.assertNotNull(atlasKerberosDescriptorUpdated.getService("ATLAS"));
+    Assert.assertNotNull(atlasKerberosDescriptorUpdated.getService("ATLAS").getComponent("ATLAS_SERVER"));
+    Assert.assertNotNull(atlasKerberosDescriptorUpdated.getService("ATLAS").getComponent("ATLAS_SERVER").getIdentity("/AMBARI_INFRA/INFRA_SOLR/infra-solr"));
+    Assert.assertNotNull(rangerKerberosDescriptorUpdated.getService("RANGER"));
+    Assert.assertNotNull(rangerKerberosDescriptorUpdated.getService("RANGER").getComponent("RANGER_ADMIN"));
+    Assert.assertNotNull(rangerKerberosDescriptorUpdated.getService("RANGER").getComponent("RANGER_ADMIN").getIdentity("/AMBARI_INFRA/INFRA_SOLR/infra-solr"));
+    Assert.assertNotNull(stormKerberosDescriptorUpdated.getService("STORM"));
+    Assert.assertNotNull(stormKerberosDescriptorUpdated.getService("STORM").getComponent("NIMBUS"));
+    Assert.assertNotNull(stormKerberosDescriptorUpdated.getService("STORM").getComponent("NIMBUS").getIdentity("/STORM/storm_components"));
+  }
+
+  @Test
   public void testCreateRoleAuthorizations() throws AmbariException, SQLException {
 
     EasyMockSupport easyMockSupport = new EasyMockSupport();

http://git-wip-us.apache.org/repos/asf/ambari/blob/a8d1efc7/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
b/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
new file mode 100644
index 0000000..172ad05
--- /dev/null
+++ b/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
@@ -0,0 +1,217 @@
+{
+  "properties": {
+    "realm": "${kerberos-env/realm}",
+    "keytab_dir": "/etc/security/keytabs"
+  },
+  "identities": [
+    {
+      "name": "spnego",
+      "principal": {
+        "value": "HTTP/_HOST@${realm}",
+        "type": "service"
+      },
+      "keytab": {
+        "file": "${keytab_dir}/spnego.service.keytab",
+        "owner": {
+          "name": "root",
+          "access": "r"
+        },
+        "group": {
+          "name": "${cluster-env/user_group}",
+          "access": "r"
+        }
+      }
+    }
+  ],
+  "services": [
+    {
+      "name": "ATLAS",
+      "identities": [
+        {
+          "name": "/spnego"
+        }
+      ],
+      "components": [
+        {
+          "name": "ATLAS_SERVER",
+          "identities": [
+            {
+              "name": "atlas",
+              "principal": {
+                "value": "atlas/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "application-properties/atlas.jaas.KafkaClient.option.principal",
+                "local_username" : "${atlas-env/metadata_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/atlas.service.keytab",
+                "owner": {
+                  "name": "${atlas-env/metadata_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "application-properties/atlas.jaas.KafkaClient.option.keyTab"
+              }
+            },
+            {
+              "name": "ranger_atlas_audit",
+              "reference": "/ATLAS/ATLAS_SERVER/atlas",
+              "principal": {
+                "configuration": "ranger-atlas-audit/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-atlas-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "LOGSEARCH",
+      "identities": [
+        {
+          "name": "/spnego"
+        }
+      ],
+      "components": [
+        {
+          "name": "LOGSEARCH_SERVER",
+          "identities": [
+            {
+              "name": "logsearch",
+              "principal": {
+                "value": "logsearch/_HOST@${realm}",
+                "type": "service",
+                "configuration": "logsearch-env/logsearch_kerberos_principal"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/logsearch.service.keytab",
+                "owner": {
+                  "name": "${logsearch-env/logsearch_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "logsearch-env/logsearch_kerberos_keytab"
+              }
+            },
+            {
+              "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+              "when" : {
+                "contains" : ["services", "AMBARI_INFRA"]
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "RANGER",
+      "identities": [
+        {
+          "name": "/spnego"
+        }
+      ],
+      "components": [
+        {
+          "name": "RANGER_ADMIN",
+          "identities": [
+            {
+              "name": "rangeradmin",
+              "principal": {
+                "value": "rangeradmin/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "ranger-admin-site/ranger.admin.kerberos.principal",
+                "local_username" : "${ranger-env/ranger_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/rangeradmin.service.keytab",
+                "owner": {
+                  "name": "${ranger-env/ranger_user}",
+                  "access": "r"
+                },
+                "configuration": "ranger-admin-site/ranger.admin.kerberos.keytab"
+              }
+            },
+            {
+              "name": "/spnego",
+              "keytab": {
+                "configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "name": "STORM",
+      "identities": [
+        {
+          "name": "/spnego"
+        },
+        {
+          "name": "storm_components",
+          "principal": {
+            "value": "${storm-env/storm_user}${principal_suffix}@${realm}",
+            "type": "user",
+            "configuration": "storm-env/storm_principal_name"
+          },
+          "keytab": {
+            "file": "${keytab_dir}/storm.headless.keytab",
+            "owner": {
+              "name": "${storm-env/storm_user}",
+              "access": "r"
+            },
+            "group": {
+              "name": "${cluster-env/user_group}",
+              "access": ""
+            },
+            "configuration": "storm-env/storm_keytab"
+          }
+        }
+      ],
+      "components": [
+        {
+          "name": "NIMBUS",
+          "identities": [
+            {
+              "name": "nimbus_server",
+              "principal": {
+                "value": "nimbus/_HOST@${realm}",
+                "type": "service",
+                "configuration": "storm-env/nimbus_principal_name"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/nimbus.service.keytab",
+                "owner": {
+                  "name": "${storm-env/storm_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "storm-env/nimbus_keytab"
+              }
+            },
+            {
+              "name": "/STORM/NIMBUS/nimbus_server",
+              "principal": {
+                "configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file


Mime
View raw message