Repository: ambari Updated Branches: refs/heads/branch-2.4 dc340e8c6 -> ebdbe6f3e
AMBARI-16437. Add conditional constraints for Kerberos identities to control when they are created (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ebdbe6f3 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ebdbe6f3 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ebdbe6f3 Branch: refs/heads/branch-2.4 Commit: ebdbe6f3ec54c09b930bc827fc9aab59c96b90bf Parents: dc340e8 Author: Robert Levas <[email protected]> Authored: Sat May 28 08:18:28 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Sat May 28 08:18:28 2016 -0400 ---------------------------------------------------------------------- .../server/controller/KerberosHelperImpl.java | 64 +++++++++++----- .../AbstractPrepareKerberosServerAction.java | 10 ++- .../AbstractKerberosDescriptorContainer.java | 49 +++++++----- .../kerberos/KerberosIdentityDescriptor.java | 80 +++++++++++++++++++- .../server/upgrade/UpgradeCatalog240.java | 2 +- .../server/controller/KerberosHelperTest.java | 32 ++++---- .../state/kerberos/KerberosDescriptorTest.java | 4 +- .../KerberosIdentityDescriptorTest.java | 17 +++++ 8 files changed, 196 insertions(+), 62 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java index c67c55d..1c46a93 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java @@ -353,6 +353,11 @@ public class KerberosHelperImpl implements KerberosHelper { Map<String, Set<String>> propertiesToIgnore = new HashMap<String, Set<String>>(); + // Create the context to use for filtering Kerberos Identities based on the state of the cluster + Map<String, Object> filterContext = new HashMap<String, Object>(); + filterContext.put("configurations", configurations); + filterContext.put("services", services); + for (String serviceName : services) { // Set properties... KerberosServiceDescriptor serviceDescriptor = kerberosDescriptor.getService(serviceName); @@ -363,7 +368,7 @@ public class KerberosHelperImpl implements KerberosHelper { if (componentDescriptor != null) { Map<String, Map<String, String>> identityConfigurations; - identityConfigurations = getIdentityConfigurations(serviceDescriptor.getIdentities(true)); + identityConfigurations = getIdentityConfigurations(serviceDescriptor.getIdentities(true, filterContext)); if (identityConfigurations != null) { for (Map.Entry<String, Map<String, String>> entry : identityConfigurations.entrySet()) { String configType = entry.getKey(); @@ -382,7 +387,7 @@ public class KerberosHelperImpl implements KerberosHelper { } } - identityConfigurations = getIdentityConfigurations(componentDescriptor.getIdentities(true)); + identityConfigurations = getIdentityConfigurations(componentDescriptor.getIdentities(true, filterContext)); if (identityConfigurations != null) { for (Map.Entry<String, Map<String, String>> entry : identityConfigurations.entrySet()) { String configType = entry.getKey(); @@ -699,6 +704,11 @@ public class KerberosHelperImpl implements KerberosHelper { throw new AmbariException(message, e); } + // Create the context to use for filtering Kerberos Identities based on the state of the cluster + Map<String, Object> filterContext = new HashMap<String, Object>(); + filterContext.put("configurations", configurations); + filterContext.put("services", services); + for (String serviceName : services) { // Set properties... KerberosServiceDescriptor serviceDescriptor = kerberosDescriptor.getService(serviceName); @@ -710,7 +720,7 @@ public class KerberosHelperImpl implements KerberosHelper { List<KerberosIdentityDescriptor> identityDescriptors; // Handle the service-level Kerberos identities - identityDescriptors = serviceDescriptor.getIdentities(true); + identityDescriptors = serviceDescriptor.getIdentities(true, filterContext); if (identityDescriptors != null) { for (KerberosIdentityDescriptor identityDescriptor : identityDescriptors) { createUserIdentity(identityDescriptor, kerberosConfiguration, kerberosOperationHandler, configurations); @@ -718,7 +728,7 @@ public class KerberosHelperImpl implements KerberosHelper { } // Handle the component-level Kerberos identities - identityDescriptors = componentDescriptor.getIdentities(true); + identityDescriptors = componentDescriptor.getIdentities(true, filterContext); if (identityDescriptors != null) { for (KerberosIdentityDescriptor identityDescriptor : identityDescriptors) { createUserIdentity(identityDescriptor, kerberosConfiguration, kerberosOperationHandler, configurations); @@ -831,9 +841,14 @@ public class KerberosHelperImpl implements KerberosHelper { // Additional realms that need to be handled according to the Kerberos Descriptor String additionalRealms = kerberosDescriptor.getProperty("additional_realms"); + // Create the context to use for filtering Kerberos Identities based on the state of the cluster + Map<String, Object> filterContext = new HashMap<String, Object>(); + filterContext.put("configurations", existingConfigurations); + filterContext.put("services", cluster.getServices().keySet()); + // Determine which properties need to be set AuthToLocalBuilder authToLocalBuilder = new AuthToLocalBuilder(realm, additionalRealms, caseInsensitiveUser); - addIdentities(authToLocalBuilder, kerberosDescriptor.getIdentities(), null, existingConfigurations); + addIdentities(authToLocalBuilder, kerberosDescriptor.getIdentities(true, filterContext), null, existingConfigurations); authToLocalProperties = kerberosDescriptor.getAuthToLocalProperties(); if (authToLocalProperties != null) { @@ -847,7 +862,7 @@ public class KerberosHelperImpl implements KerberosHelper { for (KerberosServiceDescriptor service : services.values()) { if (installedServices.containsKey(service.getName())) { Service svc = installedServices.get(service.getName()); - addIdentities(authToLocalBuilder, service.getIdentities(true), null, existingConfigurations); + addIdentities(authToLocalBuilder, service.getIdentities(true, filterContext), null, existingConfigurations); authToLocalProperties = service.getAuthToLocalProperties(); if (authToLocalProperties != null) { @@ -897,7 +912,7 @@ public class KerberosHelperImpl implements KerberosHelper { if (addSvcCompIdentities) { LOG.info("Adding identity for " + component.getName() + " to auth to local mapping"); - addIdentities(authToLocalBuilder, component.getIdentities(true), null, existingConfigurations); + addIdentities(authToLocalBuilder, component.getIdentities(true, filterContext), null, existingConfigurations); authToLocalProperties = component.getAuthToLocalProperties(); if (authToLocalProperties != null) { @@ -905,8 +920,6 @@ public class KerberosHelperImpl implements KerberosHelper { } } - - } } } @@ -1281,22 +1294,30 @@ public class KerberosHelperImpl implements KerberosHelper { if (kerberosDescriptor != null) { Map<String, String> kerberosDescriptorProperties = kerberosDescriptor.getProperties(); + Set<String> existingServices = cluster.getServices().keySet(); + for (String hostname : hosts) { + // Calculate the current host-specific configurations. These will be used to replace + // variables within the Kerberos descriptor data + Map<String, Map<String, String>> configurations = calculateConfigurations(cluster, + hostname.equals(ambariServerHostname) ? null : hostname, + kerberosDescriptorProperties); + + // Create the context to use for filtering Kerberos Identities based on the state of the cluster + Map<String, Object> filterContext = new HashMap<String, Object>(); + filterContext.put("configurations", configurations); + filterContext.put("services", existingServices); + + Map<String, KerberosIdentityDescriptor> hostActiveIdentities = new HashMap<String, KerberosIdentityDescriptor>(); List<KerberosIdentityDescriptor> identities = getActiveIdentities(cluster, hostname, - serviceName, componentName, kerberosDescriptor); + serviceName, componentName, kerberosDescriptor, filterContext); if (hostname.equals(ambariServerHostname)) { addAmbariServerIdentity(kerberosEnvConfig.getProperties(), kerberosDescriptor, identities); } if (!identities.isEmpty()) { - // Calculate the current host-specific configurations. These will be used to replace - // variables within the Kerberos descriptor data - Map<String, Map<String, String>> configurations = calculateConfigurations(cluster, hostname.equals - (ambariServerHostname) ? null : hostname, - kerberosDescriptorProperties); - for (KerberosIdentityDescriptor identity : identities) { KerberosPrincipalDescriptor principalDescriptor = identity.getPrincipalDescriptor(); String principal = null; @@ -1352,7 +1373,8 @@ public class KerberosHelperImpl implements KerberosHelper { hostActiveIdentities.put(uniqueKey, new KerberosIdentityDescriptor( identity.getName(), resolvedPrincipalDescriptor, - resolvedKeytabDescriptor)); + resolvedKeytabDescriptor, + identity.getWhen())); } } } @@ -2305,13 +2327,15 @@ public class KerberosHelperImpl implements KerberosHelper { * components * @param kerberosDescriptor the relevant Kerberos Descriptor @return a list of KerberosIdentityDescriptors representing the active identities for the * requested service component + * @param filterContext the context to use for filtering identities based on the state of the cluster * @throws AmbariException if an error occurs processing the cluster's active identities */ private List<KerberosIdentityDescriptor> getActiveIdentities(Cluster cluster, String hostname, String serviceName, String componentName, - KerberosDescriptor kerberosDescriptor) + KerberosDescriptor kerberosDescriptor, + Map<String, Object> filterContext) throws AmbariException { List<KerberosIdentityDescriptor> identities = new ArrayList<KerberosIdentityDescriptor>(); @@ -2329,14 +2353,14 @@ public class KerberosHelperImpl implements KerberosHelper { KerberosServiceDescriptor serviceDescriptor = kerberosDescriptor.getService(schServiceName); if (serviceDescriptor != null) { - List<KerberosIdentityDescriptor> serviceIdentities = serviceDescriptor.getIdentities(true); + List<KerberosIdentityDescriptor> serviceIdentities = serviceDescriptor.getIdentities(true, filterContext); if (serviceIdentities != null) { identities.addAll(serviceIdentities); } KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(schComponentName); if (componentDescriptor != null) { - List<KerberosIdentityDescriptor> componentIdentities = componentDescriptor.getIdentities(true); + List<KerberosIdentityDescriptor> componentIdentities = componentDescriptor.getIdentities(true, filterContext); if (componentIdentities != null) { identities.addAll(componentIdentities); } http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java index 0dbd357..b6b0713 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.java @@ -36,7 +36,6 @@ import org.slf4j.LoggerFactory; import java.io.File; import java.io.IOException; import java.lang.reflect.Type; -import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashMap; @@ -89,6 +88,11 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer // variables within the Kerberos descriptor data Map<String, Map<String, String>> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptorProperties); + // Create the context to use for filtering Kerberos Identities based on the state of the cluster + Map<String, Object> filterContext = new HashMap<String, Object>(); + filterContext.put("configurations", configurations); + filterContext.put("services", cluster.getServices().keySet()); + actionLog.writeStdOut(String.format("Writing Kerberos identity data metadata file to %s", identityDataFile.getAbsolutePath())); try { kerberosIdentityDataFileWriter = kerberosIdentityDataFileWriterFactory.createKerberosIdentityDataFileWriter(identityDataFile); @@ -118,7 +122,7 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer KerberosServiceDescriptor serviceDescriptor = kerberosDescriptor.getService(serviceName); if (serviceDescriptor != null) { - List<KerberosIdentityDescriptor> serviceIdentities = serviceDescriptor.getIdentities(true); + List<KerberosIdentityDescriptor> serviceIdentities = serviceDescriptor.getIdentities(true, filterContext); // Add service-level principals (and keytabs) kerberosHelper.addIdentities(kerberosIdentityDataFileWriter, serviceIdentities, @@ -128,7 +132,7 @@ public abstract class AbstractPrepareKerberosServerAction extends KerberosServer KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(componentName); if (componentDescriptor != null) { - List<KerberosIdentityDescriptor> componentIdentities = componentDescriptor.getIdentities(true); + List<KerberosIdentityDescriptor> componentIdentities = componentDescriptor.getIdentities(true, filterContext); // Calculate the set of configurations to update and replace any variables // using the previously calculated Map of configurations for the host. http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java index bb2ed1c..64d9292 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java @@ -162,14 +162,14 @@ public abstract class AbstractKerberosDescriptorContainer extends AbstractKerber * <p/> * The returned KerberosIdentityDescriptors are not merged with data from referenced * KerberosConfigurationDescriptors. This is the same calling - * {@link AbstractKerberosDescriptorContainer#getIdentities(boolean)} and setting the argument to - * 'false' + * {@link AbstractKerberosDescriptorContainer#getIdentities(boolean, Map)} and setting the + * argument to 'false' * * @return the relevant List of KerberosIdentityDescriptors */ public List<KerberosIdentityDescriptor> getIdentities() { try { - return getIdentities(false); + return getIdentities(false, null); } catch (AmbariException e) { // AmbariException will not be thrown unless an error occurs while trying to dereference // identities. This method does not attempt to dereference identities. @@ -200,19 +200,20 @@ public abstract class AbstractKerberosDescriptorContainer extends AbstractKerber * (false) * @return a List of the requested KerberosIdentityDescriptors */ - public List<KerberosIdentityDescriptor> getIdentities(boolean resolveReferences) throws AmbariException { - if (resolveReferences) { - if (identities == null) { - return Collections.emptyList(); - } else { - List<KerberosIdentityDescriptor> list = new ArrayList<KerberosIdentityDescriptor>(); - - // For each KerberosIdentityDescriptor, copy it and then attempt to find the referenced - // KerberosIdentityDescriptor. - // * If a reference is found, copy that, update it with the initial KerberosIdentityDescriptor - // and then add it to the list. - // * If a reference is not found, simply add the initial KerberosIdentityDescriptor to the list - for (KerberosIdentityDescriptor identity : identities) { + public List<KerberosIdentityDescriptor> getIdentities(boolean resolveReferences, Map<String,Object> contextForFilter) throws AmbariException { + if (identities == null) { + return Collections.emptyList(); + } else { + List<KerberosIdentityDescriptor> list = new ArrayList<KerberosIdentityDescriptor>(); + + for (KerberosIdentityDescriptor identity : identities) { + KerberosIdentityDescriptor identityToAdd; + + if (resolveReferences) { + // Copy this KerberosIdentityDescriptor and then attempt to find the referenced one. + // * If a reference is found, copy that, update it with the initial KerberosIdentityDescriptor + // and then add it to the list. + // * If a reference is not found, simply add the initial KerberosIdentityDescriptor to the list KerberosIdentityDescriptor referencedIdentity; try { referencedIdentity = getReferencedIdentityDescriptor(identity.getName()); @@ -226,16 +227,22 @@ public abstract class AbstractKerberosDescriptorContainer extends AbstractKerber if (referencedIdentity != null) { KerberosIdentityDescriptor detachedIdentity = new KerberosIdentityDescriptor(referencedIdentity.toMap()); detachedIdentity.update(identity); - list.add(detachedIdentity); + + identityToAdd = detachedIdentity; } else { - list.add(identity); + identityToAdd = identity; } + } else { + identityToAdd = identity; } - return list; + // Make sure this Kerberos Identity is not to be filtered out based on its "when" clause + if ((identityToAdd != null) && ((contextForFilter == null) || identityToAdd.shouldInclude(contextForFilter))) { + list.add(identityToAdd); + } } - } else { - return identities; + + return list; } } http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java index d31dd21..2631d35 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptor.java @@ -17,6 +17,9 @@ */ package org.apache.ambari.server.state.kerberos; +import org.apache.ambari.server.collections.Predicate; +import org.apache.ambari.server.collections.PredicateUtils; + import java.util.Map; /** @@ -86,16 +89,25 @@ public class KerberosIdentityDescriptor extends AbstractKerberosDescriptor { private String password = null; /** + * An expression used to determine when this {@link KerberosIdentityDescriptor} is relevant for the + * cluster. If the process expression is not <code>null</code> and evaluates to <code>false</code> + * then this {@link KerberosIdentityDescriptor} will be ignored when processing identities. + */ + private Predicate when = null; + + /** * Creates a new KerberosIdentityDescriptor * * @param name the name of this identity descriptor * @param principal a KerberosPrincipalDescriptor * @param keytab a KerberosKeytabDescriptor + * @param when a predicate */ - public KerberosIdentityDescriptor(String name, KerberosPrincipalDescriptor principal, KerberosKeytabDescriptor keytab) { + public KerberosIdentityDescriptor(String name, KerberosPrincipalDescriptor principal, KerberosKeytabDescriptor keytab, Predicate when) { setName(name); setPrincipalDescriptor(principal); setKeytabDescriptor(keytab); + setWhen(when); } /** @@ -126,6 +138,11 @@ public class KerberosIdentityDescriptor extends AbstractKerberosDescriptor { if (item instanceof Map) { setKeytabDescriptor(new KerberosKeytabDescriptor((Map<?, ?>) item)); } + + item = data.get("when"); + if (item instanceof Map) { + setWhen(PredicateUtils.fromMap((Map<String, Object>) item)); + } } } @@ -193,6 +210,48 @@ public class KerberosIdentityDescriptor extends AbstractKerberosDescriptor { this.password = password; } + + /** + * Gets the expression (or {@link Predicate}) to use to determine when to include this Kerberos + * identity while processing Kerberos identities. + * <p> + * <code>null</code> indicates there is nothing to evaluate and this Kerberos identity is to always + * be included when processing Kerberos identities. + * + * @return a predicate + */ + public Predicate getWhen() { + return when; + } + + /** + * Sets the expression (or {@link Predicate}) to use to determine when to include this Kerberos + * identity while processing Kerberos identities. + * <p> + * <code>null</code> indicates there is nothing to evaluate and this Kerberos identity is to always + * be included when processing Kerberos identities. + * + * @param when a predicate + */ + public void setWhen(Predicate when) { + this.when = when; + } + + /** + * Processes the expression indicating when this {@link KerberosIdentityDescriptor} is to be included + * in the set of Kerberos identities to process. + * <p> + * <code>True</code> will be returned if the expression is <code>null</code> or if it evaluates + * as such. + * + * @param context A Map of context values, including at least the list of services and available configurations + * @return true if this {@link KerberosIdentityDescriptor} is to be included when processing the + * Kerberos identities; otherwise false. + */ + public boolean shouldInclude(Map<String, Object> context) { + return (this.when == null) || this.when.evaluate(context); + } + /** * Updates this KerberosIdentityDescriptor with data from another KerberosIdentityDescriptor * <p/> @@ -219,6 +278,11 @@ public class KerberosIdentityDescriptor extends AbstractKerberosDescriptor { } else { existingKeytabDescriptor.update(updates.getKeytabDescriptor()); } + + Predicate updatedWhen = updates.getWhen(); + if(updatedWhen != null) { + setWhen(updatedWhen); + } } } @@ -246,6 +310,10 @@ public class KerberosIdentityDescriptor extends AbstractKerberosDescriptor { dataMap.put("password", password); } + if(when != null) { + dataMap.put("when", PredicateUtils.toMap(when)); + } + return dataMap; } @@ -257,7 +325,10 @@ public class KerberosIdentityDescriptor extends AbstractKerberosDescriptor { : getPrincipalDescriptor().hashCode()) + ((getKeytabDescriptor() == null) ? 0 - : getKeytabDescriptor().hashCode()); + : getKeytabDescriptor().hashCode()) + + ((getWhen() == null) + ? 0 + : getWhen().hashCode()); } @Override @@ -283,6 +354,11 @@ public class KerberosIdentityDescriptor extends AbstractKerberosDescriptor { (getPassword() == null) ? (descriptor.getPassword() == null) : getPassword().equals(descriptor.getPassword()) + ) && + ( + (getWhen() == null) + ? (descriptor.getWhen() == null) + : getWhen().equals(descriptor.getWhen()) ); } else { return false; http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java index 77d4444..408df4f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java @@ -2088,7 +2088,7 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { componentDescriptor.removeIdentity("hbase_queryserver_hbase"); // Add the new identity - componentDescriptor.putIdentity(new KerberosIdentityDescriptor("/spnego", newPrincipalDescriptor, newKeytabDescriptor)); + componentDescriptor.putIdentity(new KerberosIdentityDescriptor("/spnego", newPrincipalDescriptor, newKeytabDescriptor, null)); artifactEntity.setArtifactData(kerberosDescriptor.toMap()); artifactDAO.merge(artifactEntity); http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index 5393fd6..c707a90 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -1952,19 +1952,19 @@ public class KerberosHelperTest extends EasyMockSupport { final KerberosIdentityDescriptor identityDescriptor1 = createMock(KerberosIdentityDescriptor.class); expect(identityDescriptor1.getPrincipalDescriptor()).andReturn(principalDescriptor1).times(1); -// expect(identityDescriptor1.getName()).andReturn("1").times(1); + expect(identityDescriptor1.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); final KerberosIdentityDescriptor identityDescriptor2 = createMock(KerberosIdentityDescriptor.class); expect(identityDescriptor2.getPrincipalDescriptor()).andReturn(principalDescriptor2).times(1); -// expect(identityDescriptor2.getName()).andReturn("2").times(1); + expect(identityDescriptor2.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); final KerberosIdentityDescriptor identityDescriptor3 = createMock(KerberosIdentityDescriptor.class); expect(identityDescriptor3.getPrincipalDescriptor()).andReturn(principalDescriptor3).times(1); -// expect(identityDescriptor3.getName()).andReturn("3").times(1); + expect(identityDescriptor3.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); final KerberosServiceDescriptor serviceDescriptor1 = createMock(KerberosServiceDescriptor.class); expect(serviceDescriptor1.getName()).andReturn("SERVICE1").times(2); - expect(serviceDescriptor1.getIdentities(true)).andReturn(Arrays.asList( + expect(serviceDescriptor1.getIdentities(eq(true), anyObject(Map.class))).andReturn(Arrays.asList( identityDescriptor1, identityDescriptor2, identityDescriptor3 @@ -1983,14 +1983,14 @@ public class KerberosHelperTest extends EasyMockSupport { final KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.getProperty("additional_realms")).andReturn(null).times(1); - expect(kerberosDescriptor.getIdentities()).andReturn(null).times(1); + expect(kerberosDescriptor.getIdentities(eq(true), anyObject(Map.class))).andReturn(null).times(1); expect(kerberosDescriptor.getAuthToLocalProperties()).andReturn(null).times(1); expect(kerberosDescriptor.getServices()).andReturn(Collections.singletonMap("SERVICE1", serviceDescriptor1)).times(1); final Service service1 = createNiceMock(Service.class); final Cluster cluster = createNiceMock(Cluster.class); - expect(cluster.getServices()).andReturn(Collections.singletonMap("SERVICE1", service1)).times(1); + expect(cluster.getServices()).andReturn(Collections.singletonMap("SERVICE1", service1)).anyTimes(); Map<String, Map<String, String>> kerberosConfigurations = new HashMap<String, Map<String, String>>(); @@ -2253,7 +2253,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(kerberosDescriptor.getService("SERVICE2")).andReturn(serviceDescriptor2).atLeastOnce(); expect(kerberosDescriptor.getService("SERVICE3")).andReturn(serviceDescriptor3).atLeastOnce(); expect(kerberosDescriptor.getProperty("additional_realms")).andReturn(null).atLeastOnce(); - expect(kerberosDescriptor.getIdentities()).andReturn(null).atLeastOnce(); + expect(kerberosDescriptor.getIdentities(eq(true), anyObject(Map.class))).andReturn(null).atLeastOnce(); expect(kerberosDescriptor.getAuthToLocalProperties()).andReturn(Collections.singleton("core-site/auth.to.local")).atLeastOnce(); final ResourceProvider artifactResourceProvider = createMock(ArtifactResourceProvider.class); @@ -3820,30 +3820,36 @@ public class KerberosHelperTest extends EasyMockSupport { expect(identityDescriptor1.getName()).andReturn("identity1").anyTimes(); expect(identityDescriptor1.getPrincipalDescriptor()).andReturn(principalDescriptor1).anyTimes(); expect(identityDescriptor1.getKeytabDescriptor()).andReturn(keytabDescriptor1).anyTimes(); + expect(identityDescriptor1.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); + expect(identityDescriptor1.getWhen()).andReturn(null).anyTimes(); final KerberosIdentityDescriptor identityDescriptor2 = createMock(KerberosIdentityDescriptor.class); expect(identityDescriptor2.getName()).andReturn("identity2").anyTimes(); expect(identityDescriptor2.getPrincipalDescriptor()).andReturn(principalDescriptor2).anyTimes(); expect(identityDescriptor2.getKeytabDescriptor()).andReturn(keytabDescriptor2).anyTimes(); + expect(identityDescriptor2.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); + expect(identityDescriptor2.getWhen()).andReturn(null).anyTimes(); final KerberosIdentityDescriptor identityDescriptorService1 = createMock(KerberosIdentityDescriptor.class); expect(identityDescriptorService1.getName()).andReturn("identity3").anyTimes(); expect(identityDescriptorService1.getPrincipalDescriptor()).andReturn(principalDescriptorService1).anyTimes(); expect(identityDescriptorService1.getKeytabDescriptor()).andReturn(keytabDescriptorService1).anyTimes(); + expect(identityDescriptorService1.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); + expect(identityDescriptorService1.getWhen()).andReturn(null).anyTimes(); final KerberosComponentDescriptor componentDescriptor1 = createMock(KerberosComponentDescriptor.class); - expect(componentDescriptor1.getIdentities(true)).andReturn(Collections.singletonList(identityDescriptor1)).anyTimes(); + expect(componentDescriptor1.getIdentities(eq(true), anyObject(Map.class))).andReturn(Collections.singletonList(identityDescriptor1)).anyTimes(); final KerberosComponentDescriptor componentDescriptor2 = createMock(KerberosComponentDescriptor.class); - expect(componentDescriptor2.getIdentities(true)).andReturn(Collections.singletonList(identityDescriptor2)).anyTimes(); + expect(componentDescriptor2.getIdentities(eq(true), anyObject(Map.class))).andReturn(Collections.singletonList(identityDescriptor2)).anyTimes(); final KerberosServiceDescriptor serviceDescriptor1 = createMock(KerberosServiceDescriptor.class); expect(serviceDescriptor1.getComponent("COMPONENT1")).andReturn(componentDescriptor1).anyTimes(); - expect(serviceDescriptor1.getIdentities(true)).andReturn(Collections.singletonList(identityDescriptorService1)).anyTimes(); + expect(serviceDescriptor1.getIdentities(eq(true), anyObject(Map.class))).andReturn(Collections.singletonList(identityDescriptorService1)).anyTimes(); final KerberosServiceDescriptor serviceDescriptor2 = createMock(KerberosServiceDescriptor.class); expect(serviceDescriptor2.getComponent("COMPONENT2")).andReturn(componentDescriptor2).anyTimes(); - expect(serviceDescriptor2.getIdentities(true)).andReturn(null).anyTimes(); + expect(serviceDescriptor2.getIdentities(eq(true), anyObject(Map.class))).andReturn(null).anyTimes(); final KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.getProperties()).andReturn(new HashMap<String, String>() { @@ -3934,7 +3940,7 @@ public class KerberosHelperTest extends EasyMockSupport { KerberosServiceDescriptor descriptor = createMock(KerberosServiceDescriptor.class); expect(descriptor.getName()).andReturn(serviceName).anyTimes(); expect(descriptor.getComponents()).andReturn(componentMap).anyTimes(); - expect(descriptor.getIdentities(true)).andReturn(identities).anyTimes(); + expect(descriptor.getIdentities(eq(true), anyObject(Map.class))).andReturn(identities).anyTimes(); expect(descriptor.getAuthToLocalProperties()).andReturn(null).anyTimes(); return descriptor; } @@ -3955,7 +3961,7 @@ public class KerberosHelperTest extends EasyMockSupport { throws AmbariException { KerberosComponentDescriptor descriptor = createMock(KerberosComponentDescriptor.class); expect(descriptor.getName()).andReturn(componentName).anyTimes(); - expect(descriptor.getIdentities(true)).andReturn(identities).anyTimes(); + expect(descriptor.getIdentities(eq(true), anyObject(Map.class))).andReturn(identities).anyTimes(); expect(descriptor.getConfigurations(true)).andReturn(configurations).anyTimes(); expect(descriptor.getAuthToLocalProperties()).andReturn(null).anyTimes(); return descriptor; http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java index d80d7cc..004cd66 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java @@ -163,7 +163,7 @@ public class KerberosDescriptorTest { KerberosComponentDescriptor component = service.getComponent("A_DIFFERENT_COMPONENT_NAME"); Assert.assertNotNull(component); - List<KerberosIdentityDescriptor> resolvedIdentities = component.getIdentities(true); + List<KerberosIdentityDescriptor> resolvedIdentities = component.getIdentities(true, null); KerberosIdentityDescriptor resolvedIdentity = null; Assert.assertNotNull(resolvedIdentities); Assert.assertEquals(3, resolvedIdentities.size()); @@ -176,7 +176,7 @@ public class KerberosDescriptorTest { } Assert.assertNotNull(resolvedIdentity); - List<KerberosIdentityDescriptor> identities = component.getIdentities(false); + List<KerberosIdentityDescriptor> identities = component.getIdentities(false, null); Assert.assertNotNull(identities); Assert.assertEquals(3, identities.size()); http://git-wip-us.apache.org/repos/asf/ambari/blob/ebdbe6f3/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptorTest.java index 0ea7b26..79a861d 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosIdentityDescriptorTest.java @@ -23,7 +23,9 @@ import junit.framework.Assert; import org.apache.ambari.server.AmbariException; import org.junit.Test; +import java.util.Arrays; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; public class KerberosIdentityDescriptorTest { @@ -34,6 +36,8 @@ public class KerberosIdentityDescriptorTest { " \"principal\":" + KerberosPrincipalDescriptorTest.JSON_VALUE + "," + " \"keytab\":" + KerberosKeytabDescriptorTest.JSON_VALUE + + "," + + " \"when\": {\"contains\" : [\"services\", \"HIVE\"]}" + "}"; public static final Map<String, Object> MAP_VALUE = @@ -151,4 +155,17 @@ public class KerberosIdentityDescriptorTest { validateUpdatedData(identityDescriptor); } + + @Test + public void testShouldInclude() { + KerberosIdentityDescriptor identityDescriptor = createFromJSON(); + + Map<String, Object> context = new HashMap<String, Object>(); + + context.put("services", new HashSet<String>(Arrays.asList("HIVE", "HDFS", "ZOOKEEPER"))); + Assert.assertTrue(identityDescriptor.shouldInclude(context)); + + context.put("services", new HashSet<String>(Arrays.asList("NOT_HIVE", "HDFS", "ZOOKEEPER"))); + Assert.assertFalse(identityDescriptor.shouldInclude(context)); + } } \ No newline at end of file
