Repository: ambari Updated Branches: refs/heads/trunk a84acc27f -> 95b466923
AMBARI-9037. Storm service components should indicate security state (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/95b46692 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/95b46692 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/95b46692 Branch: refs/heads/trunk Commit: 95b466923393a48ffd3008018ff4392c1a03f89d Parents: a84acc2 Author: Robert Levas <[email protected]> Authored: Tue Jan 13 15:50:37 2015 -0500 Committer: Robert Levas <[email protected]> Committed: Tue Jan 13 15:50:45 2015 -0500 ---------------------------------------------------------------------- .../libraries/functions/security_commons.py | 2 +- .../0.9.1.2.1/package/scripts/drpc_server.py | 56 ++++++++++ .../STORM/0.9.1.2.1/package/scripts/nimbus.py | 57 ++++++++++- .../0.9.1.2.1/package/scripts/status_params.py | 13 ++- .../0.9.1.2.1/package/scripts/ui_server.py | 57 +++++++++++ .../stacks/2.1/STORM/test_storm_drpc_server.py | 102 +++++++++++++++++++ .../stacks/2.1/STORM/test_storm_nimbus.py | 102 +++++++++++++++++++ .../stacks/2.1/STORM/test_storm_ui_server.py | 82 +++++++++++++++ .../test/python/stacks/2.1/configs/secured.json | 4 +- 9 files changed, 471 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py index 91d55f0..7f6ed00 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py @@ -146,7 +146,7 @@ def get_params_from_filesystem(conf_dir, config_files): elif file_type == FILE_TYPE_JAAS_CONF: section_header = re.compile('^(\w+)\s+\{\s*$') - section_data = re.compile('(^[^ \s\=\}\{]+)\s*=?\s*"?([^ ";]+)"?;?\s*$') + section_data = re.compile('^\s*([^ \s\=\}\{]+)\s*=?\s*"?([^ ";].+)"?;?\s*$') section_footer = re.compile('^\}\s*;?\s*$') section_name = "root" result[file_name] = {} http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py index 09406e1..e57abbc 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/drpc_server.py @@ -27,6 +27,9 @@ from resource_management.libraries.functions.version import compare_versions, fo from storm import storm from service import service from service_check import ServiceCheck +from resource_management.libraries.functions.security_commons import build_expectations, \ + cached_kinit_executor, get_params_from_filesystem, validate_security_config_properties, \ + FILE_TYPE_JAAS_CONF class DrpcServer(Script): @@ -69,5 +72,58 @@ class DrpcServer(Script): env.set_params(status_params) check_process_status(status_params.pid_drpc) + def security_status(self, env): + import status_params + + env.set_params(status_params) + + if status_params.security_enabled: + # Expect the following files to be available in status_params.config_dir: + # storm_jaas.conf + + try: + props_value_check = None + props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] + props_read_check = ['StormServer/keyTab'] + storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, + props_read_check) + + storm_expectations = {} + storm_expectations.update(storm_env_expectations) + + security_params = get_params_from_filesystem(status_params.conf_dir, + {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) + + result_issues = validate_security_config_properties(security_params, storm_expectations) + if not result_issues: # If all validations passed successfully + # Double check the dict before calling execute + if ( 'storm_jaas' not in security_params + or 'StormServer' not in security_params['storm_jaas'] + or 'keyTab' not in security_params['storm_jaas']['StormServer'] + or 'principal' not in security_params['storm_jaas']['StormServer']): + self.put_structured_out({"securityState": "ERROR"}) + self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) + return + + cached_kinit_executor(status_params.kinit_path_local, + status_params.storm_user, + security_params['storm_jaas']['StormServer']['keyTab'], + security_params['storm_jaas']['StormServer']['principal'], + status_params.hostname, + status_params.tmp_dir, + 30) + self.put_structured_out({"securityState": "SECURED_KERBEROS"}) + else: + issues = [] + for cf in result_issues: + issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) + self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) + self.put_structured_out({"securityState": "UNSECURED"}) + except Exception as e: + self.put_structured_out({"securityState": "ERROR"}) + self.put_structured_out({"securityStateErrorInfo": str(e)}) + else: + self.put_structured_out({"securityState": "UNSECURED"}) + if __name__ == "__main__": DrpcServer().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py index 6af4010..4b11b82 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py @@ -27,7 +27,9 @@ from resource_management.libraries.functions.version import compare_versions, fo from storm import storm from service import service - +from resource_management.libraries.functions.security_commons import build_expectations, \ + cached_kinit_executor, get_params_from_filesystem, validate_security_config_properties, \ + FILE_TYPE_JAAS_CONF class Nimbus(Script): @@ -71,5 +73,58 @@ class Nimbus(Script): env.set_params(status_params) check_process_status(status_params.pid_nimbus) + def security_status(self, env): + import status_params + + env.set_params(status_params) + + if status_params.security_enabled: + # Expect the following files to be available in status_params.config_dir: + # storm_jaas.conf + + try: + props_value_check = None + props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] + props_read_check = ['StormServer/keyTab'] + storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, + props_read_check) + + storm_expectations = {} + storm_expectations.update(storm_env_expectations) + + security_params = get_params_from_filesystem(status_params.conf_dir, + {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) + + result_issues = validate_security_config_properties(security_params, storm_expectations) + if not result_issues: # If all validations passed successfully + # Double check the dict before calling execute + if ( 'storm_jaas' not in security_params + or 'StormServer' not in security_params['storm_jaas'] + or 'keyTab' not in security_params['storm_jaas']['StormServer'] + or 'principal' not in security_params['storm_jaas']['StormServer']): + self.put_structured_out({"securityState": "ERROR"}) + self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) + return + + cached_kinit_executor(status_params.kinit_path_local, + status_params.storm_user, + security_params['storm_jaas']['StormServer']['keyTab'], + security_params['storm_jaas']['StormServer']['principal'], + status_params.hostname, + status_params.tmp_dir, + 30) + self.put_structured_out({"securityState": "SECURED_KERBEROS"}) + else: + issues = [] + for cf in result_issues: + issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) + self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) + self.put_structured_out({"securityState": "UNSECURED"}) + except Exception as e: + self.put_structured_out({"securityState": "ERROR"}) + self.put_structured_out({"securityStateErrorInfo": str(e)}) + else: + self.put_structured_out({"securityState": "UNSECURED"}) + if __name__ == "__main__": Nimbus().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py index 570cd53..663eb8e 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/status_params.py @@ -18,7 +18,8 @@ limitations under the License. """ from resource_management.libraries.script import Script -from resource_management.libraries.functions.format import format +from resource_management.libraries.functions import get_kinit_path +from resource_management.libraries.functions import default, format config = Script.get_config() @@ -35,3 +36,13 @@ pid_files = {"logviewer":pid_logviewer, "supervisor": pid_supervisor, "drpc": pid_drpc, "rest_api": pid_rest_api} + +# Security related/required params +hostname = config['hostname'] +security_enabled = config['configurations']['cluster-env']['security_enabled'] +kinit_path_local = get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"]) +tmp_dir = Script.get_tmp_dir() +conf_dir = "/etc/storm/conf" +storm_user = config['configurations']['storm-env']['storm_user'] +storm_ui_principal = default('/configurations/storm-env/storm_ui_principal_name', None) +storm_ui_keytab = default('/configurations/storm-env/storm_ui_keytab', None) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py index 64ad379..1e317d5 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py @@ -27,6 +27,9 @@ from resource_management.libraries.script import Script from resource_management.libraries.functions import format from resource_management.core.resources.system import Execute from resource_management.libraries.functions.version import compare_versions, format_hdp_stack_version +from resource_management.libraries.functions.security_commons import build_expectations, \ + cached_kinit_executor, get_params_from_filesystem, validate_security_config_properties, \ + FILE_TYPE_JAAS_CONF class UiServer(Script): @@ -69,5 +72,59 @@ class UiServer(Script): env.set_params(status_params) check_process_status(status_params.pid_ui) + def security_status(self, env): + import status_params + + env.set_params(status_params) + + if status_params.security_enabled: + # Expect the following files to be available in status_params.config_dir: + # storm_jaas.conf + + try: + props_value_check = None + props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab'] + props_read_check = ['storm_ui_keytab'] + storm_env_expectations = build_expectations('storm_ui', props_value_check, props_empty_check, + props_read_check) + + storm_expectations = {} + storm_expectations.update(storm_env_expectations) + + security_params = {} + security_params['storm_ui'] = {} + security_params['storm_ui']['storm_ui_principal_name'] = status_params.storm_ui_principal + security_params['storm_ui']['storm_ui_keytab'] = status_params.storm_ui_keytab + + result_issues = validate_security_config_properties(security_params, storm_expectations) + if not result_issues: # If all validations passed successfully + # Double check the dict before calling execute + if ( 'storm_ui' not in security_params + or 'storm_ui_principal_name' not in security_params['storm_ui'] + or 'storm_ui_keytab' not in security_params['storm_ui']): + self.put_structured_out({"securityState": "ERROR"}) + self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) + return + + cached_kinit_executor(status_params.kinit_path_local, + status_params.storm_user, + security_params['storm_ui']['storm_ui_keytab'], + security_params['storm_ui']['storm_ui_principal_name'], + status_params.hostname, + status_params.tmp_dir, + 30) + self.put_structured_out({"securityState": "SECURED_KERBEROS"}) + else: + issues = [] + for cf in result_issues: + issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) + self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) + self.put_structured_out({"securityState": "UNSECURED"}) + except Exception as e: + self.put_structured_out({"securityState": "ERROR"}) + self.put_structured_out({"securityStateErrorInfo": str(e)}) + else: + self.put_structured_out({"securityState": "UNSECURED"}) + if __name__ == "__main__": UiServer().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py index f3223dd..1113409 100644 --- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py +++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py @@ -151,3 +151,105 @@ class TestStormDrpcServer(TestStormBase): self.assertResourceCalled("Execute", "hdp-select set storm-client 2.2.1.0-2067") + + @patch("resource_management.libraries.functions.security_commons.build_expectations") + @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem") + @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties") + @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor") + @patch("resource_management.libraries.script.Script.put_structured_out") + def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock): + # Test that function works when is called with correct parameters + import status_params + + security_params = {} + security_params = {} + security_params['storm_jaas'] = {} + security_params['storm_jaas']['StormServer'] = {} + security_params['storm_jaas']['StormServer']['keyTab'] = 'path/to/storm/service/keytab' + security_params['storm_jaas']['StormServer']['principal'] = 'storm_keytab' + result_issues = [] + + props_value_check = None + props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] + props_read_check = ['StormServer/keyTab'] + + get_params_mock.return_value = security_params + validate_security_config_mock.return_value = result_issues + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py", + classname = "DrpcServer", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + + build_exp_mock.assert_called_with('storm_jaas', props_value_check, props_empty_check, props_read_check) + put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"}) + self.assertTrue(cached_kinit_executor_mock.call_count, 2) + cached_kinit_executor_mock.assert_called_with(status_params.kinit_path_local, + status_params.storm_user, + security_params['storm_jaas']['StormServer']['keyTab'], + security_params['storm_jaas']['StormServer']['principal'], + status_params.hostname, + status_params.tmp_dir, + 30) + + # Testing that the exception throw by cached_executor is caught + cached_kinit_executor_mock.reset_mock() + cached_kinit_executor_mock.side_effect = Exception("Invalid command") + + try: + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py", + classname = "DrpcServer", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + except: + self.assertTrue(True) + + # Testing with a security_params which doesn't contains storm_jaas + empty_security_params = {} + cached_kinit_executor_mock.reset_mock() + get_params_mock.reset_mock() + put_structured_out_mock.reset_mock() + get_params_mock.return_value = empty_security_params + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py", + classname = "DrpcServer", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."}) + + # Testing with not empty result_issues + result_issues_with_params = {} + result_issues_with_params['storm_jaas']="Something bad happened" + + validate_security_config_mock.reset_mock() + get_params_mock.reset_mock() + validate_security_config_mock.return_value = result_issues_with_params + get_params_mock.return_value = security_params + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py", + classname = "DrpcServer", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) + + # Testing with security_enable = false + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py", + classname = "DrpcServer", + command = "security_status", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py index 7583d77..e607499 100644 --- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py +++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py @@ -150,3 +150,105 @@ class TestStormNimbus(TestStormBase): self.assertResourceCalled("Execute", "hdp-select set storm-nimbus 2.2.1.0-2067") + + @patch("resource_management.libraries.functions.security_commons.build_expectations") + @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem") + @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties") + @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor") + @patch("resource_management.libraries.script.Script.put_structured_out") + def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock): + # Test that function works when is called with correct parameters + import status_params + + security_params = {} + security_params = {} + security_params['storm_jaas'] = {} + security_params['storm_jaas']['StormServer'] = {} + security_params['storm_jaas']['StormServer']['keyTab'] = 'path/to/storm/service/keytab' + security_params['storm_jaas']['StormServer']['principal'] = 'storm_keytab' + result_issues = [] + + props_value_check = None + props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] + props_read_check = ['StormServer/keyTab'] + + get_params_mock.return_value = security_params + validate_security_config_mock.return_value = result_issues + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py", + classname = "Nimbus", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + + build_exp_mock.assert_called_with('storm_jaas', props_value_check, props_empty_check, props_read_check) + put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"}) + self.assertTrue(cached_kinit_executor_mock.call_count, 2) + cached_kinit_executor_mock.assert_called_with(status_params.kinit_path_local, + status_params.storm_user, + security_params['storm_jaas']['StormServer']['keyTab'], + security_params['storm_jaas']['StormServer']['principal'], + status_params.hostname, + status_params.tmp_dir, + 30) + + # Testing that the exception throw by cached_executor is caught + cached_kinit_executor_mock.reset_mock() + cached_kinit_executor_mock.side_effect = Exception("Invalid command") + + try: + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py", + classname = "Nimbus", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + except: + self.assertTrue(True) + + # Testing with a security_params which doesn't contains storm_jaas + empty_security_params = {} + cached_kinit_executor_mock.reset_mock() + get_params_mock.reset_mock() + put_structured_out_mock.reset_mock() + get_params_mock.return_value = empty_security_params + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py", + classname = "Nimbus", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."}) + + # Testing with not empty result_issues + result_issues_with_params = {} + result_issues_with_params['storm_jaas']="Something bad happened" + + validate_security_config_mock.reset_mock() + get_params_mock.reset_mock() + validate_security_config_mock.return_value = result_issues_with_params + get_params_mock.return_value = security_params + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py", + classname = "Nimbus", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) + + # Testing with security_enable = false + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py", + classname = "Nimbus", + command = "security_status", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py index 3bec89d..8a04369 100644 --- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py +++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py @@ -149,3 +149,85 @@ class TestStormUiServer(TestStormBase): self.assertResourceCalled("Execute", "hdp-select set storm-client 2.2.1.0-2067") + + @patch("resource_management.libraries.functions.security_commons.build_expectations") + @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties") + @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor") + @patch("resource_management.libraries.script.Script.put_structured_out") + def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, build_exp_mock): + # Test that function works when is called with correct parameters + result_issues = [] + + security_params = {} + security_params['storm_ui'] = {} + security_params['storm_ui']['storm_ui_principal_name'] = 'HTTP/_HOST' + security_params['storm_ui']['storm_ui_keytab'] = '/etc/security/keytabs/spnego.service.keytab' + + props_value_check = None + props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab'] + props_read_check = ['storm_ui_keytab'] + + validate_security_config_mock.return_value = result_issues + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py", + classname = "UiServer", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + + import status_params + + build_exp_mock.assert_called_with('storm_ui', props_value_check, props_empty_check, props_read_check) + put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"}) + self.assertTrue(cached_kinit_executor_mock.call_count, 2) + + cached_kinit_executor_mock.assert_called_with(status_params.kinit_path_local, + status_params.storm_user, + security_params['storm_ui']['storm_ui_keytab'], + security_params['storm_ui']['storm_ui_principal_name'], + status_params.hostname, + status_params.tmp_dir, + 30) + + # Testing that the exception throw by cached_executor is caught + cached_kinit_executor_mock.reset_mock() + cached_kinit_executor_mock.side_effect = Exception("Invalid command") + + try: + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py", + classname = "UiServer", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + except: + self.assertTrue(True) + + # Testing with not empty result_issues + result_issues_with_params = {} + result_issues_with_params['storm_ui']="Something bad happened" + + validate_security_config_mock.reset_mock() + validate_security_config_mock.return_value = result_issues_with_params + + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py", + classname = "UiServer", + command = "security_status", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) + + # Testing with security_enable = false + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py", + classname = "UiServer", + command = "security_status", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/95b46692/ambari-server/src/test/python/stacks/2.1/configs/secured.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.1/configs/secured.json b/ambari-server/src/test/python/stacks/2.1/configs/secured.json index b2a6053..7f8fd68 100644 --- a/ambari-server/src/test/python/stacks/2.1/configs/secured.json +++ b/ambari-server/src/test/python/stacks/2.1/configs/secured.json @@ -604,7 +604,9 @@ "storm_log_dir": "/var/log/storm", "storm_pid_dir": "/var/run/storm", "storm_user": "storm", - "storm_principal_name": "storm" + "storm_principal_name": "storm", + "storm_ui_keytab" : "/etc/security/keytabs/spnego.service.keytab", + "storm_ui_principal_name" : "HTTP/_HOST" }, "falcon-env": { "falcon_port": "15000",
