Repository: ambari
Updated Branches:
  refs/heads/trunk a84acc27f -> 95b466923


AMBARI-9037. Storm service components should indicate security state (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/95b46692
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/95b46692
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/95b46692

Branch: refs/heads/trunk
Commit: 95b466923393a48ffd3008018ff4392c1a03f89d
Parents: a84acc2
Author: Robert Levas <[email protected]>
Authored: Tue Jan 13 15:50:37 2015 -0500
Committer: Robert Levas <[email protected]>
Committed: Tue Jan 13 15:50:45 2015 -0500

----------------------------------------------------------------------
 .../libraries/functions/security_commons.py     |   2 +-
 .../0.9.1.2.1/package/scripts/drpc_server.py    |  56 ++++++++++
 .../STORM/0.9.1.2.1/package/scripts/nimbus.py   |  57 ++++++++++-
 .../0.9.1.2.1/package/scripts/status_params.py  |  13 ++-
 .../0.9.1.2.1/package/scripts/ui_server.py      |  57 +++++++++++
 .../stacks/2.1/STORM/test_storm_drpc_server.py  | 102 +++++++++++++++++++
 .../stacks/2.1/STORM/test_storm_nimbus.py       | 102 +++++++++++++++++++
 .../stacks/2.1/STORM/test_storm_ui_server.py    |  82 +++++++++++++++
 .../test/python/stacks/2.1/configs/secured.json |   4 +-
 9 files changed, 471 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
----------------------------------------------------------------------
diff --git 
a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
 
b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
index 91d55f0..7f6ed00 100644
--- 
a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
+++ 
b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
@@ -146,7 +146,7 @@ def get_params_from_filesystem(conf_dir, config_files):
 
     elif file_type == FILE_TYPE_JAAS_CONF:
       section_header = re.compile('^(\w+)\s+\{\s*$')
-      section_data = re.compile('(^[^ \s\=\}\{]+)\s*=?\s*"?([^ ";]+)"?;?\s*$')
+      section_data = re.compile('^\s*([^ \s\=\}\{]+)\s*=?\s*"?([^ 
";].+)"?;?\s*$')
       section_footer = re.compile('^\}\s*;?\s*$')
       section_name = "root"
       result[file_name] = {}

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py
 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py
index 09406e1..e57abbc 100644
--- 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py
+++ 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py
@@ -27,6 +27,9 @@ from resource_management.libraries.functions.version import 
compare_versions, fo
 from storm import storm
 from service import service
 from service_check import ServiceCheck
+from resource_management.libraries.functions.security_commons import 
build_expectations, \
+  cached_kinit_executor, get_params_from_filesystem, 
validate_security_config_properties, \
+  FILE_TYPE_JAAS_CONF
 
 
 class DrpcServer(Script):
@@ -69,5 +72,58 @@ class DrpcServer(Script):
     env.set_params(status_params)
     check_process_status(status_params.pid_drpc)
 
+  def security_status(self, env):
+    import status_params
+
+    env.set_params(status_params)
+
+    if status_params.security_enabled:
+      # Expect the following files to be available in status_params.config_dir:
+      #   storm_jaas.conf
+
+      try:
+        props_value_check = None
+        props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
+        props_read_check = ['StormServer/keyTab']
+        storm_env_expectations = build_expectations('storm_jaas', 
props_value_check, props_empty_check,
+                                                 props_read_check)
+
+        storm_expectations = {}
+        storm_expectations.update(storm_env_expectations)
+
+        security_params = get_params_from_filesystem(status_params.conf_dir,
+                                                     {'storm_jaas.conf': 
FILE_TYPE_JAAS_CONF})
+
+        result_issues = validate_security_config_properties(security_params, 
storm_expectations)
+        if not result_issues:  # If all validations passed successfully
+          # Double check the dict before calling execute
+          if ( 'storm_jaas' not in security_params
+               or 'StormServer' not in security_params['storm_jaas']
+               or 'keyTab' not in security_params['storm_jaas']['StormServer']
+               or 'principal' not in 
security_params['storm_jaas']['StormServer']):
+            self.put_structured_out({"securityState": "ERROR"})
+            self.put_structured_out({"securityIssuesFound": "Keytab file or 
principal are not set property."})
+            return
+
+          cached_kinit_executor(status_params.kinit_path_local,
+                                status_params.storm_user,
+                                
security_params['storm_jaas']['StormServer']['keyTab'],
+                                
security_params['storm_jaas']['StormServer']['principal'],
+                                status_params.hostname,
+                                status_params.tmp_dir,
+                                30)
+          self.put_structured_out({"securityState": "SECURED_KERBEROS"})
+        else:
+          issues = []
+          for cf in result_issues:
+            issues.append("Configuration file %s did not pass the validation. 
Reason: %s" % (cf, result_issues[cf]))
+          self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
+          self.put_structured_out({"securityState": "UNSECURED"})
+      except Exception as e:
+        self.put_structured_out({"securityState": "ERROR"})
+        self.put_structured_out({"securityStateErrorInfo": str(e)})
+    else:
+      self.put_structured_out({"securityState": "UNSECURED"})
+
 if __name__ == "__main__":
   DrpcServer().execute()

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
index 6af4010..4b11b82 100644
--- 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
+++ 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py
@@ -27,7 +27,9 @@ from resource_management.libraries.functions.version import 
compare_versions, fo
 
 from storm import storm
 from service import service
-
+from resource_management.libraries.functions.security_commons import 
build_expectations, \
+  cached_kinit_executor, get_params_from_filesystem, 
validate_security_config_properties, \
+  FILE_TYPE_JAAS_CONF
 
 class Nimbus(Script):
 
@@ -71,5 +73,58 @@ class Nimbus(Script):
     env.set_params(status_params)
     check_process_status(status_params.pid_nimbus)
 
+  def security_status(self, env):
+    import status_params
+
+    env.set_params(status_params)
+
+    if status_params.security_enabled:
+      # Expect the following files to be available in status_params.config_dir:
+      #   storm_jaas.conf
+
+      try:
+        props_value_check = None
+        props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
+        props_read_check = ['StormServer/keyTab']
+        storm_env_expectations = build_expectations('storm_jaas', 
props_value_check, props_empty_check,
+                                                 props_read_check)
+
+        storm_expectations = {}
+        storm_expectations.update(storm_env_expectations)
+
+        security_params = get_params_from_filesystem(status_params.conf_dir,
+                                                     {'storm_jaas.conf': 
FILE_TYPE_JAAS_CONF})
+
+        result_issues = validate_security_config_properties(security_params, 
storm_expectations)
+        if not result_issues:  # If all validations passed successfully
+          # Double check the dict before calling execute
+          if ( 'storm_jaas' not in security_params
+               or 'StormServer' not in security_params['storm_jaas']
+               or 'keyTab' not in security_params['storm_jaas']['StormServer']
+               or 'principal' not in 
security_params['storm_jaas']['StormServer']):
+            self.put_structured_out({"securityState": "ERROR"})
+            self.put_structured_out({"securityIssuesFound": "Keytab file or 
principal are not set property."})
+            return
+
+          cached_kinit_executor(status_params.kinit_path_local,
+                                status_params.storm_user,
+                                
security_params['storm_jaas']['StormServer']['keyTab'],
+                                
security_params['storm_jaas']['StormServer']['principal'],
+                                status_params.hostname,
+                                status_params.tmp_dir,
+                                30)
+          self.put_structured_out({"securityState": "SECURED_KERBEROS"})
+        else:
+          issues = []
+          for cf in result_issues:
+            issues.append("Configuration file %s did not pass the validation. 
Reason: %s" % (cf, result_issues[cf]))
+          self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
+          self.put_structured_out({"securityState": "UNSECURED"})
+      except Exception as e:
+        self.put_structured_out({"securityState": "ERROR"})
+        self.put_structured_out({"securityStateErrorInfo": str(e)})
+    else:
+      self.put_structured_out({"securityState": "UNSECURED"})
+
 if __name__ == "__main__":
   Nimbus().execute()

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py
 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py
index 570cd53..663eb8e 100644
--- 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py
+++ 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py
@@ -18,7 +18,8 @@ limitations under the License.
 
 """
 from resource_management.libraries.script import Script
-from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions import get_kinit_path
+from resource_management.libraries.functions import default, format
 
 config = Script.get_config()
 
@@ -35,3 +36,13 @@ pid_files = {"logviewer":pid_logviewer,
              "supervisor": pid_supervisor,
              "drpc": pid_drpc,
              "rest_api": pid_rest_api}
+
+# Security related/required params
+hostname = config['hostname']
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+kinit_path_local = get_kinit_path(["/usr/bin", "/usr/kerberos/bin", 
"/usr/sbin"])
+tmp_dir = Script.get_tmp_dir()
+conf_dir = "/etc/storm/conf"
+storm_user = config['configurations']['storm-env']['storm_user']
+storm_ui_principal = 
default('/configurations/storm-env/storm_ui_principal_name', None)
+storm_ui_keytab = default('/configurations/storm-env/storm_ui_keytab', None)
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
index 64ad379..1e317d5 100644
--- 
a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
+++ 
b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py
@@ -27,6 +27,9 @@ from resource_management.libraries.script import Script
 from resource_management.libraries.functions import format
 from resource_management.core.resources.system import Execute
 from resource_management.libraries.functions.version import compare_versions, 
format_hdp_stack_version
+from resource_management.libraries.functions.security_commons import 
build_expectations, \
+  cached_kinit_executor, get_params_from_filesystem, 
validate_security_config_properties, \
+  FILE_TYPE_JAAS_CONF
 
 
 class UiServer(Script):
@@ -69,5 +72,59 @@ class UiServer(Script):
     env.set_params(status_params)
     check_process_status(status_params.pid_ui)
 
+  def security_status(self, env):
+    import status_params
+
+    env.set_params(status_params)
+
+    if status_params.security_enabled:
+      # Expect the following files to be available in status_params.config_dir:
+      #   storm_jaas.conf
+
+      try:
+        props_value_check = None
+        props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab']
+        props_read_check = ['storm_ui_keytab']
+        storm_env_expectations = build_expectations('storm_ui', 
props_value_check, props_empty_check,
+                                                 props_read_check)
+
+        storm_expectations = {}
+        storm_expectations.update(storm_env_expectations)
+
+        security_params = {}
+        security_params['storm_ui'] = {}
+        security_params['storm_ui']['storm_ui_principal_name'] = 
status_params.storm_ui_principal
+        security_params['storm_ui']['storm_ui_keytab'] = 
status_params.storm_ui_keytab
+
+        result_issues = validate_security_config_properties(security_params, 
storm_expectations)
+        if not result_issues:  # If all validations passed successfully
+          # Double check the dict before calling execute
+          if ( 'storm_ui' not in security_params
+               or 'storm_ui_principal_name' not in security_params['storm_ui']
+               or 'storm_ui_keytab' not in security_params['storm_ui']):
+            self.put_structured_out({"securityState": "ERROR"})
+            self.put_structured_out({"securityIssuesFound": "Keytab file or 
principal are not set property."})
+            return
+
+          cached_kinit_executor(status_params.kinit_path_local,
+                                status_params.storm_user,
+                                security_params['storm_ui']['storm_ui_keytab'],
+                                
security_params['storm_ui']['storm_ui_principal_name'],
+                                status_params.hostname,
+                                status_params.tmp_dir,
+                                30)
+          self.put_structured_out({"securityState": "SECURED_KERBEROS"})
+        else:
+          issues = []
+          for cf in result_issues:
+            issues.append("Configuration file %s did not pass the validation. 
Reason: %s" % (cf, result_issues[cf]))
+          self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
+          self.put_structured_out({"securityState": "UNSECURED"})
+      except Exception as e:
+        self.put_structured_out({"securityState": "ERROR"})
+        self.put_structured_out({"securityStateErrorInfo": str(e)})
+    else:
+      self.put_structured_out({"securityState": "UNSECURED"})
+
 if __name__ == "__main__":
   UiServer().execute()

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py 
b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
index f3223dd..1113409 100644
--- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
+++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
@@ -151,3 +151,105 @@ class TestStormDrpcServer(TestStormBase):
 
     self.assertResourceCalled("Execute", "hdp-select set storm-client 
2.2.1.0-2067")
 
+
+  
@patch("resource_management.libraries.functions.security_commons.build_expectations")
+  
@patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
+  
@patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
+  
@patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
+  @patch("resource_management.libraries.script.Script.put_structured_out")
+  def test_security_status(self, put_structured_out_mock, 
cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, 
build_exp_mock):
+    # Test that function works when is called with correct parameters
+    import status_params
+
+    security_params = {}
+    security_params = {}
+    security_params['storm_jaas'] = {}
+    security_params['storm_jaas']['StormServer'] = {}
+    security_params['storm_jaas']['StormServer']['keyTab'] = 
'path/to/storm/service/keytab'
+    security_params['storm_jaas']['StormServer']['principal'] = 'storm_keytab'
+    result_issues = []
+
+    props_value_check = None
+    props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
+    props_read_check = ['StormServer/keyTab']
+
+    get_params_mock.return_value = security_params
+    validate_security_config_mock.return_value = result_issues
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/drpc_server.py",
+                       classname = "DrpcServer",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+
+    build_exp_mock.assert_called_with('storm_jaas', props_value_check, 
props_empty_check, props_read_check)
+    put_structured_out_mock.assert_called_with({"securityState": 
"SECURED_KERBEROS"})
+    self.assertTrue(cached_kinit_executor_mock.call_count, 2)
+    
cached_kinit_executor_mock.assert_called_with(status_params.kinit_path_local,
+                              status_params.storm_user,
+                              
security_params['storm_jaas']['StormServer']['keyTab'],
+                              
security_params['storm_jaas']['StormServer']['principal'],
+                              status_params.hostname,
+                              status_params.tmp_dir,
+                              30)
+
+    # Testing that the exception throw by cached_executor is caught
+    cached_kinit_executor_mock.reset_mock()
+    cached_kinit_executor_mock.side_effect = Exception("Invalid command")
+
+    try:
+      self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/drpc_server.py",
+                        classname = "DrpcServer",
+                        command = "security_status",
+                        config_file="secured.json",
+                        hdp_stack_version = self.STACK_VERSION,
+                        target = RMFTestCase.TARGET_COMMON_SERVICES
+      )
+    except:
+      self.assertTrue(True)
+
+    # Testing with a security_params which doesn't contains storm_jaas
+    empty_security_params = {}
+    cached_kinit_executor_mock.reset_mock()
+    get_params_mock.reset_mock()
+    put_structured_out_mock.reset_mock()
+    get_params_mock.return_value = empty_security_params
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/drpc_server.py",
+                       classname = "DrpcServer",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab 
file or principal are not set property."})
+
+    # Testing with not empty result_issues
+    result_issues_with_params = {}
+    result_issues_with_params['storm_jaas']="Something bad happened"
+
+    validate_security_config_mock.reset_mock()
+    get_params_mock.reset_mock()
+    validate_security_config_mock.return_value = result_issues_with_params
+    get_params_mock.return_value = security_params
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/drpc_server.py",
+                       classname = "DrpcServer",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
+
+    # Testing with security_enable = false
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/drpc_server.py",
+                       classname = "DrpcServer",
+                       command = "security_status",
+                       config_file="default.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py 
b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
index 7583d77..e607499 100644
--- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
+++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
@@ -150,3 +150,105 @@ class TestStormNimbus(TestStormBase):
 
     self.assertResourceCalled("Execute", "hdp-select set storm-nimbus 
2.2.1.0-2067")
 
+    
+  
@patch("resource_management.libraries.functions.security_commons.build_expectations")
+  
@patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
+  
@patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
+  
@patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
+  @patch("resource_management.libraries.script.Script.put_structured_out")
+  def test_security_status(self, put_structured_out_mock, 
cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, 
build_exp_mock):
+    # Test that function works when is called with correct parameters
+    import status_params
+
+    security_params = {}
+    security_params = {}
+    security_params['storm_jaas'] = {}
+    security_params['storm_jaas']['StormServer'] = {}
+    security_params['storm_jaas']['StormServer']['keyTab'] = 
'path/to/storm/service/keytab'
+    security_params['storm_jaas']['StormServer']['principal'] = 'storm_keytab'
+    result_issues = []
+
+    props_value_check = None
+    props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
+    props_read_check = ['StormServer/keyTab']
+
+    get_params_mock.return_value = security_params
+    validate_security_config_mock.return_value = result_issues
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+
+    build_exp_mock.assert_called_with('storm_jaas', props_value_check, 
props_empty_check, props_read_check)
+    put_structured_out_mock.assert_called_with({"securityState": 
"SECURED_KERBEROS"})
+    self.assertTrue(cached_kinit_executor_mock.call_count, 2)
+    
cached_kinit_executor_mock.assert_called_with(status_params.kinit_path_local,
+                              status_params.storm_user,
+                              
security_params['storm_jaas']['StormServer']['keyTab'],
+                              
security_params['storm_jaas']['StormServer']['principal'],
+                              status_params.hostname,
+                              status_params.tmp_dir,
+                              30)
+
+    # Testing that the exception throw by cached_executor is caught
+    cached_kinit_executor_mock.reset_mock()
+    cached_kinit_executor_mock.side_effect = Exception("Invalid command")
+
+    try:
+      self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+      )
+    except:
+      self.assertTrue(True)
+
+    # Testing with a security_params which doesn't contains storm_jaas
+    empty_security_params = {}
+    cached_kinit_executor_mock.reset_mock()
+    get_params_mock.reset_mock()
+    put_structured_out_mock.reset_mock()
+    get_params_mock.return_value = empty_security_params
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab 
file or principal are not set property."})
+
+    # Testing with not empty result_issues
+    result_issues_with_params = {}
+    result_issues_with_params['storm_jaas']="Something bad happened"
+
+    validate_security_config_mock.reset_mock()
+    get_params_mock.reset_mock()
+    validate_security_config_mock.return_value = result_issues_with_params
+    get_params_mock.return_value = security_params
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
+
+    # Testing with security_enable = false
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
+                       classname = "Nimbus",
+                       command = "security_status",
+                       config_file="default.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py 
b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
index 3bec89d..8a04369 100644
--- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
+++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
@@ -149,3 +149,85 @@ class TestStormUiServer(TestStormBase):
 
     self.assertResourceCalled("Execute", "hdp-select set storm-client 
2.2.1.0-2067")
 
+
+  
@patch("resource_management.libraries.functions.security_commons.build_expectations")
+  
@patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
+  
@patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
+  @patch("resource_management.libraries.script.Script.put_structured_out")
+  def test_security_status(self, put_structured_out_mock, 
cached_kinit_executor_mock, validate_security_config_mock, build_exp_mock):
+    # Test that function works when is called with correct parameters
+    result_issues = []
+
+    security_params = {}
+    security_params['storm_ui'] = {}
+    security_params['storm_ui']['storm_ui_principal_name'] = 'HTTP/_HOST'
+    security_params['storm_ui']['storm_ui_keytab'] = 
'/etc/security/keytabs/spnego.service.keytab'
+
+    props_value_check = None
+    props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab']
+    props_read_check = ['storm_ui_keytab']
+
+    validate_security_config_mock.return_value = result_issues
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/ui_server.py",
+                       classname = "UiServer",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+
+    import status_params
+
+    build_exp_mock.assert_called_with('storm_ui', props_value_check, 
props_empty_check, props_read_check)
+    put_structured_out_mock.assert_called_with({"securityState": 
"SECURED_KERBEROS"})
+    self.assertTrue(cached_kinit_executor_mock.call_count, 2)
+
+    
cached_kinit_executor_mock.assert_called_with(status_params.kinit_path_local,
+                                status_params.storm_user,
+                                security_params['storm_ui']['storm_ui_keytab'],
+                                
security_params['storm_ui']['storm_ui_principal_name'],
+                                status_params.hostname,
+                                status_params.tmp_dir,
+                                30)
+
+    # Testing that the exception throw by cached_executor is caught
+    cached_kinit_executor_mock.reset_mock()
+    cached_kinit_executor_mock.side_effect = Exception("Invalid command")
+
+    try:
+      self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/ui_server.py",
+                        classname = "UiServer",
+                        command = "security_status",
+                        config_file="secured.json",
+                        hdp_stack_version = self.STACK_VERSION,
+                        target = RMFTestCase.TARGET_COMMON_SERVICES
+      )
+    except:
+      self.assertTrue(True)
+
+    # Testing with not empty result_issues
+    result_issues_with_params = {}
+    result_issues_with_params['storm_ui']="Something bad happened"
+
+    validate_security_config_mock.reset_mock()
+    validate_security_config_mock.return_value = result_issues_with_params
+
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/ui_server.py",
+                       classname = "UiServer",
+                       command = "security_status",
+                       config_file="secured.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
+
+    # Testing with security_enable = false
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + 
"/scripts/ui_server.py",
+                       classname = "UiServer",
+                       command = "security_status",
+                       config_file="default.json",
+                       hdp_stack_version = self.STACK_VERSION,
+                       target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/configs/secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/configs/secured.json 
b/ambari-server/src/test/python/stacks/2.1/configs/secured.json
index b2a6053..7f8fd68 100644
--- a/ambari-server/src/test/python/stacks/2.1/configs/secured.json
+++ b/ambari-server/src/test/python/stacks/2.1/configs/secured.json
@@ -604,7 +604,9 @@
             "storm_log_dir": "/var/log/storm", 
             "storm_pid_dir": "/var/run/storm", 
             "storm_user": "storm",
-            "storm_principal_name": "storm"
+            "storm_principal_name": "storm",
+            "storm_ui_keytab" : "/etc/security/keytabs/spnego.service.keytab",
+            "storm_ui_principal_name" : "HTTP/_HOST"
         }, 
         "falcon-env": {
             "falcon_port": "15000", 

Reply via email to