Updated Branches: refs/heads/branch-1.2.5 779c629ab -> 222748c1c
AMBARI-2644. Ambari-server can not find password for remote database with password encryption enabled. (swagle) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/222748c1 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/222748c1 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/222748c1 Branch: refs/heads/branch-1.2.5 Commit: 222748c1c40bee296260bdd98e4037bcac03c10a Parents: 779c629 Author: Siddharth Wagle <[email protected]> Authored: Fri Jul 12 13:58:05 2013 -0700 Committer: Siddharth Wagle <[email protected]> Committed: Fri Jul 12 13:58:05 2013 -0700 ---------------------------------------------------------------------- ambari-server/src/main/python/ambari-server.py | 10 ++++-- .../src/test/python/TestAmbaryServer.py | 38 ++++++++++++++------ 2 files changed, 34 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/222748c1/ambari-server/src/main/python/ambari-server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index a509fce..8b04dd3 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -2742,25 +2742,29 @@ def setup_master_key(): # Encrypt only un-encrypted passwords if db_password and not is_alias_string(db_password): retCode = save_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, db_password, masterKey) - propertyMap[JDBC_PASSWORD_PROPERTY] = get_alias_string(JDBC_RCA_PASSWORD_ALIAS) if retCode != 0: print 'Failed to save secure database password.' else: + propertyMap[JDBC_PASSWORD_PROPERTY] = get_alias_string(JDBC_RCA_PASSWORD_ALIAS) remove_password_file(JDBC_PASSWORD_FILENAME) + if properties.get_property(JDBC_RCA_PASSWORD_FILE_PROPERTY): + propertyMap[JDBC_RCA_PASSWORD_FILE_PROPERTY] = get_alias_string(JDBC_RCA_PASSWORD_ALIAS) pass if ldap_password and not is_alias_string(ldap_password): retCode = save_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, ldap_password, masterKey) - propertyMap[LDAP_MGR_PASSWORD_PROPERTY] = get_alias_string(LDAP_MGR_PASSWORD_ALIAS) if retCode != 0: print 'Failed to save secure LDAP password.' + else: + propertyMap[LDAP_MGR_PASSWORD_PROPERTY] = get_alias_string(LDAP_MGR_PASSWORD_ALIAS) pass if ts_password and not is_alias_string(ts_password): retCode = save_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password, masterKey) - propertyMap[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS) if retCode != 0: print 'Failed to save secure TrustStore password.' + else: + propertyMap[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS) pass update_properties(properties, propertyMap) http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/222748c1/ambari-server/src/test/python/TestAmbaryServer.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/TestAmbaryServer.py b/ambari-server/src/test/python/TestAmbaryServer.py index 7198ace..666fe50 100644 --- a/ambari-server/src/test/python/TestAmbaryServer.py +++ b/ambari-server/src/test/python/TestAmbaryServer.py @@ -3077,7 +3077,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV is_root_method.return_value = True p = get_ambari_properties_method.return_value - p.get_property.side_effect = [ "fakepasswd", "fakepasswd", "fakepasswd"] + p.get_property.side_effect = [ "fakepasswd", "fakepasswd", "fakepasswd", "fakepasswd"] read_master_key_method.return_value = "aaa" get_YN_input_method.return_value = False read_ambari_user_method.return_value = None @@ -3099,10 +3099,12 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV result_expected = {ambari_server.JDBC_PASSWORD_PROPERTY : ambari_server.get_alias_string(ambari_server.JDBC_RCA_PASSWORD_ALIAS), + ambari_server.JDBC_RCA_PASSWORD_FILE_PROPERTY: + ambari_server.get_alias_string(ambari_server.JDBC_RCA_PASSWORD_ALIAS), ambari_server.LDAP_MGR_PASSWORD_PROPERTY : ambari_server.get_alias_string(ambari_server.LDAP_MGR_PASSWORD_ALIAS), ambari_server.SSL_TRUSTSTORE_PASSWORD_PROPERTY : - ambari_server.get_alias_string(ambari_server.SSL_TRUSTSTORE_PASSWORD_ALIAS), + ambari_server.get_alias_string(ambari_server.SSL_TRUSTSTORE_PASSWORD_ALIAS), ambari_server.SECURITY_IS_ENCRYPTION_ENABLED : 'true'} sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0)) @@ -3111,6 +3113,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV self.assertEquals(sorted_x, sorted_y) + @patch.object(ambari_server, 'save_passwd_for_alias') @patch("os.path.exists") @patch.object(ambari_server, 'get_is_secure') @patch.object(ambari_server, 'get_is_persisted') @@ -3128,17 +3131,19 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV get_YN_input_method, save_master_key_method, update_properties_method, get_master_key_location_method, read_ambari_user_method, read_master_key_method, - get_is_persisted_method, get_is_secure_method, exists_mock): + get_is_persisted_method, get_is_secure_method, exists_mock, + save_passwd_for_alias_method): is_root_method.return_value = True p = get_ambari_properties_method.return_value - p.get_property.side_effect = [ "fakepasswd", None, None] + p.get_property.side_effect = [ "fakepasswd", None, None, None ] read_master_key_method.return_value = "aaa" get_YN_input_method.side_effect = [True, False] read_ambari_user_method.return_value = None get_is_persisted_method.return_value = (True, "filepath") get_is_secure_method.return_value = False exists_mock.return_value = False + save_passwd_for_alias_method.return_value = 0 ambari_server.setup_master_key() @@ -3199,6 +3204,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV read_ambari_user_method.return_value = None p = get_ambari_properties_method.return_value p.get_property.side_effect = [ 'true', '${alias=fakealias}', + '${alias=fakealias}', '${alias=fakealias}', '${alias=fakealias}'] get_YN_input_method.side_effect = [ True, True ] @@ -3219,6 +3225,8 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV result_expected = {ambari_server.JDBC_PASSWORD_PROPERTY: ambari_server.get_alias_string(ambari_server.JDBC_RCA_PASSWORD_ALIAS), + ambari_server.JDBC_RCA_PASSWORD_FILE_PROPERTY: + ambari_server.get_alias_string(ambari_server.JDBC_RCA_PASSWORD_ALIAS), ambari_server.LDAP_MGR_PASSWORD_PROPERTY: ambari_server.get_alias_string(ambari_server.LDAP_MGR_PASSWORD_ALIAS), ambari_server.SSL_TRUSTSTORE_PASSWORD_PROPERTY: @@ -3261,7 +3269,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV search_file_message.return_value = False read_ambari_user_method.return_value = None p = get_ambari_properties_method.return_value - p.get_property.side_effect = [ '${alias=fakealias}', + p.get_property.side_effect = [ '${alias=fakealias}', '${alias=fakealias}', '${alias=fakealias}', '${alias=fakealias}'] get_YN_input_method.side_effect = [ True, False ] @@ -3285,10 +3293,12 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV result_expected = {ambari_server.JDBC_PASSWORD_PROPERTY: ambari_server.get_alias_string(ambari_server.JDBC_RCA_PASSWORD_ALIAS), + ambari_server.JDBC_RCA_PASSWORD_FILE_PROPERTY: + ambari_server.get_alias_string(ambari_server.JDBC_RCA_PASSWORD_ALIAS), ambari_server.LDAP_MGR_PASSWORD_PROPERTY: ambari_server.get_alias_string(ambari_server.LDAP_MGR_PASSWORD_ALIAS), ambari_server.SSL_TRUSTSTORE_PASSWORD_PROPERTY: - ambari_server.get_alias_string(ambari_server.SSL_TRUSTSTORE_PASSWORD_ALIAS), + ambari_server.get_alias_string(ambari_server.SSL_TRUSTSTORE_PASSWORD_ALIAS), ambari_server.SECURITY_IS_ENCRYPTION_ENABLED: 'true'} sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0)) @@ -3340,12 +3350,20 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV get_ambari_properties_method.return_value = configs configure_ldap_password_method.return_value = "password" setup_master_key_method.return_value = (None, True, True) - get_YN_input_method.return_value = True save_passwd_for_alias_method.return_value = 0 encrypt_password_method.return_value = ambari_server.get_alias_string( ambari_server.LDAP_MGR_PASSWORD_ALIAS) - def side_effect(*args, **kwargs): + def yn_input_side_effect(*args, **kwargs): + if 'TrustStore' in args[0]: + return False + else: + return True + + #get_YN_input_method.side_effect = yn_input_side_effect() + get_YN_input_method.side_effect = [ True, ] + + def valid_input_side_effect(*args, **kwargs): if 'Bind anonymously' in args[0]: return 'false' if args[1] == "true" or args[1] == "false": @@ -3353,7 +3371,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV else: return "test" - get_validated_string_input_method.side_effect = side_effect + get_validated_string_input_method.side_effect = valid_input_side_effect ambari_server.setup_ldap() @@ -3366,8 +3384,6 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV "authentication.ldap.baseDn" : "test", "authentication.ldap.bindAnonymously" : "false", "authentication.ldap.managerDn" : "test", - "authentication.ldap.managerPassword" : \ - 'password', "client.security" : "ldap",\ ambari_server.LDAP_MGR_PASSWORD_PROPERTY : ambari_server.get_alias_string(\ ambari_server.LDAP_MGR_PASSWORD_ALIAS)
