Repository: ambari Updated Branches: refs/heads/branch-2.4 8964b5a9b -> 0b8e52274
AMBARI-17221. Smart configs for Atlas to setup authentication as either LDAP or AD (alejandro) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0b8e5227 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0b8e5227 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0b8e5227 Branch: refs/heads/branch-2.4 Commit: 0b8e522745a9b308d894724a3065623635c77cbe Parents: 8964b5a Author: Alejandro Fernandez <afernan...@hortonworks.com> Authored: Wed Jun 29 15:04:33 2016 -0700 Committer: Alejandro Fernandez <afernan...@hortonworks.com> Committed: Wed Jun 29 15:04:33 2016 -0700 ---------------------------------------------------------------------- .../configuration/application-properties.xml | 159 ++++- .../ATLAS/0.1.0.2.3/metainfo.xml | 7 + .../ATLAS/0.1.0.2.3/themes/theme.json | 619 +++++++++++++++++++ .../0.5.0/configuration/ranger-admin-site.xml | 4 +- .../configuration/application-properties.xml | 20 +- .../stacks/HDP/2.5/services/stack_advisor.py | 39 ++ 6 files changed, 838 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/0b8e5227/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/application-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/application-properties.xml b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/application-properties.xml index 25df1c5..1437251 100644 --- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/application-properties.xml +++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/application-properties.xml @@ -230,4 +230,161 @@ <description/> <on-ambari-upgrade add="true"/> </property> -</configuration> + + <!-- The type determines whether to show LDAP or AD settings in smart config's theme.json file. --> + <property> + <name>atlas.authentication.method.ldap.type</name> + <value/> + <description>The LDAP type (ldap or ad).</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>ldap</value> + <label>LDAP</label> + </entry> + <entry> + <value>ad</value> + <label>AD</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <!-- LDAP properties. They all begin with "atlas.authentication.method.ldap." + Must allow empty values since the user can pick either LDAP or AD. + --> + <property> + <name>atlas.authentication.method.ldap.url</name> + <value> </value> + <description>The LDAP URL.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.userDNpattern</name> + <value>uid=</value> + <description>User DN Pattern. This pattern is used to create a distinguished name (DN) for a user during login</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.groupSearchBase</name> + <value> </value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.groupSearchFilter</name> + <value> </value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.groupRoleAttribute</name> + <value>cn</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.base.dn</name> + <value> </value> + <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.bind.dn</name> + <value> </value> + <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search. </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.bind.password</name> + <value>admin</value> + <property-type>PASSWORD</property-type> + <description>Password for the account that can search</description> + <value-attributes> + <type>password</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.referral</name> + <value>ignore</value> + <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.user.searchfilter</name> + <value> </value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.default.role</name> + <value>ROLE_USER</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + + + <!-- AD properties. They all begin with "atlas.authentication.method.ldap.ad." + Must allow empty values since the user can pick either LDAP or AD. + --> + <property> + <name>atlas.authentication.method.ldap.ad.domain</name> + <display-name>Domain Name (Only for AD)</display-name> + <value> </value> + <description>AD domain, only used if Authentication method is AD</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.ad.url</name> + <value> </value> + <description>AD URL, only used if Authentication method is AD</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.ad.base.dn</name> + <value> </value> + <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.ad.bind.dn</name> + <value> </value> + <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search. </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.ad.bind.password</name> + <value>admin</value> + <property-type>PASSWORD</property-type> + <description>Password for the account that can search</description> + <value-attributes> + <type>password</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.ad.referral</name> + <value>ignore</value> + <description>Set to follow if multiple AD servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.ad.user.searchfilter</name> + <value>(sAMAccountName={0})</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>atlas.authentication.method.ldap.ad.default.role</name> + <value>ROLE_USER</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0b8e5227/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/metainfo.xml b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/metainfo.xml index 1ca4237..b2fc143 100644 --- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/metainfo.xml @@ -111,6 +111,13 @@ <config-type>core-site</config-type> </configuration-dependencies> + <themes> + <theme> + <fileName>theme.json</fileName> + <default>true</default> + </theme> + </themes> + </service> </services> </metainfo> http://git-wip-us.apache.org/repos/asf/ambari/blob/0b8e5227/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/themes/theme.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/themes/theme.json b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/themes/theme.json new file mode 100644 index 0000000..414633e --- /dev/null +++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/themes/theme.json @@ -0,0 +1,619 @@ +{ + "name": "default", + "description": "Default theme for Atlas service", + "configuration": { + "layouts": [ + { + "name": "default", + "tabs": [ + { + "name": "authentication_settings", + "display-name": "Authentication", + "layout": { + "tab-columns": "3", + "tab-rows": "2", + "sections": [ + { + "name": "section-authentication-type", + "display-name": "Authentication Type", + "row-index": "0", + "column-index": "0", + "row-span": "1", + "column-span": "3", + "section-columns": "3", + "section-rows": "1", + "subsections": [ + { + "name": "subsection-authentication-type", + "row-index": "0", + "column-index": "0", + "row-span": "1", + "column-span": "3" + } + ] + }, + { + "name": "section-authentication", + "display-name": "LDAP", + "row-index": "1", + "column-index": "0", + "row-span": "1", + "column-span": "3", + "section-columns": "3", + "section-rows": "1", + "subsections": [ + { + "name": "subsection-authentication", + "row-index": "0", + "column-index": "0", + "row-span": "1", + "column-span": "3" + } + ] + } + ] + } + } + ] + } + ], + "placement": { + "configuration-layout": "default", + "configs": [ + { + "config": "application-properties/atlas.authentication.method.ldap.type", + "subsection-name": "subsection-authentication-type" + }, + + + { + "config": "application-properties/atlas.authentication.method.ldap.url", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.userDNpattern", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.groupSearchBase", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.groupSearchFilter", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.groupRoleAttribute", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.base.dn", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.bind.dn", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.bind.password", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.referral", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.user.searchfilter", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.default.role", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ldap", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + + + { + "config": "application-properties/atlas.authentication.method.ldap.ad.url", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.ad.domain", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.ad.base.dn", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.ad.bind.dn", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.ad.bind.password", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.ad.referral", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.ad.user.searchfilter", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "config": "application-properties/atlas.authentication.method.ldap.ad.default.role", + "subsection-name": "subsection-authentication", + "depends-on": [ + { + "configs":[ + "application-properties/atlas.authentication.method.ldap.type" + ], + "if": "${application-properties/atlas.authentication.method.ldap.type} === ad", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + } + ] + }, + "widgets": [ + { + "config":"application-properties/atlas.authentication.method.ldap.type", + "widget":{ + "type":"combo" + } + }, + + + { + "config":"application-properties/atlas.authentication.method.ldap.url", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.userDNpattern", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.groupSearchBase", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.groupSearchFilter", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.groupRoleAttribute", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.base.dn", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.bind.dn", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.bind.password", + "widget":{ + "type":"password" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.referral", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.user.searchfilter", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.default.role", + "widget":{ + "type":"text-field" + } + }, + + + { + "config":"application-properties/atlas.authentication.method.ldap.ad.url", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.ad.domain", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.ad.base.dn", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.ad.bind.dn", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.ad.bind.password", + "widget":{ + "type":"password" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.ad.referral", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.ad.user.searchfilter", + "widget":{ + "type":"text-field" + } + }, + { + "config":"application-properties/atlas.authentication.method.ldap.ad.default.role", + "widget":{ + "type":"text-field" + } + } + ] + } +} + http://git-wip-us.apache.org/repos/asf/ambari/blob/0b8e5227/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml index 5606ce6..1b2b5e0 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml @@ -282,7 +282,7 @@ <property> <name>ranger.ldap.referral</name> <value>ignore</value> - <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description> + <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> <value-attributes> <overridable>false</overridable> </value-attributes> @@ -348,7 +348,7 @@ <property> <name>ranger.ldap.ad.referral</name> <value>ignore</value> - <description>"Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed"</description> + <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> <value-attributes> <overridable>false</overridable> </value-attributes> http://git-wip-us.apache.org/repos/asf/ambari/blob/0b8e5227/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml index 8b523d3..5f3d603 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/application-properties.xml @@ -116,14 +116,20 @@ <name>atlas.authentication.method.ldap.type</name> <value>ldap</value> <description>The LDAP type (ldap or ad).</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>atlas.authentication.method.ldap.url</name> - <value/> - <description>The LDAP URL.</description> <value-attributes> - <empty-value-valid>true</empty-value-valid> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>ldap</value> + <label>LDAP</label> + </entry> + <entry> + <value>ad</value> + <label>AD</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> </value-attributes> <on-ambari-upgrade add="true"/> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/0b8e5227/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py index 3dcb426..9426571 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py @@ -65,6 +65,45 @@ class HDP25StackAdvisor(HDP24StackAdvisor): application_properties = getSiteProperties(configurations, "application-properties") validationItems = [] + #<editor-fold desc="LDAP and AD"> + auth_type = application_properties['atlas.authentication.method.ldap.type'] + Logger.info("Validating Atlas configs, authentication type: %s" % str(auth_type)) + + # Required props + ldap_props = {"atlas.authentication.method.ldap.url": "", + "atlas.authentication.method.ldap.userDNpattern": "uid=", + "atlas.authentication.method.ldap.groupSearchBase": "", + "atlas.authentication.method.ldap.groupSearchFilter": "", + "atlas.authentication.method.ldap.groupRoleAttribute": "cn", + "atlas.authentication.method.ldap.base.dn": "", + "atlas.authentication.method.ldap.bind.dn": "", + "atlas.authentication.method.ldap.bind.password": "", + "atlas.authentication.method.ldap.referral": "ignore", + "atlas.authentication.method.ldap.user.searchfilter": "", + "atlas.authentication.method.ldap.default.role": "ROLE_USER" + } + ad_props = {"atlas.authentication.method.ldap.ad.domain": "", + "atlas.authentication.method.ldap.ad.url": "", + "atlas.authentication.method.ldap.ad.base.dn": "", + "atlas.authentication.method.ldap.ad.bind.dn": "", + "atlas.authentication.method.ldap.ad.bind.password": "", + "atlas.authentication.method.ldap.ad.referral": "ignore", + "atlas.authentication.method.ldap.ad.user.searchfilter": "(sAMAccountName={0})", + "atlas.authentication.method.ldap.ad.default.role": "ROLE_USER" + } + + props_to_require = set() + if auth_type.lower() == "ldap": + props_to_require = set(ldap_props.keys()) + elif auth_type.lower() == "ad": + props_to_require = set(ad_props.keys()) + + for prop in props_to_require: + if prop not in application_properties or application_properties[prop] is None or application_properties[prop] == "": + validationItems.append({"config-name": prop, + "item": self.getErrorItem("If authentication type is %s, this property is required." % auth_type)}) + #</editor-fold> + if application_properties['atlas.graph.index.search.backend'] == 'solr5' and \ not application_properties['atlas.graph.index.search.solr.zookeeper-url']: validationItems.append({"config-name": "atlas.graph.index.search.solr.zookeeper-url",