AMBARI-19087. Clean up how dfs.cluster.administrators is handled wrt user/group creation (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/eb04efb2 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/eb04efb2 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/eb04efb2 Branch: refs/heads/branch-feature-AMBARI-18901 Commit: eb04efb2375f25cacede71a02442d6c22f135df2 Parents: 338c2c5 Author: Andrew Onishuk <[email protected]> Authored: Thu Dec 8 14:00:53 2016 +0200 Committer: Andrew Onishuk <[email protected]> Committed: Thu Dec 8 14:00:53 2016 +0200 ---------------------------------------------------------------------- .../common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml | 2 +- .../2.0.6/hooks/before-ANY/scripts/shared_initialization.py | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/eb04efb2/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml index 22ab02a..aad2db0 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/hdfs-site.xml @@ -395,7 +395,7 @@ <property> <name>dfs.cluster.administrators</name> <value> hdfs</value> - <description>ACL for who all can view the default servlets in the HDFS</description> + <description>ACL for the admins, this configuration is used to control who can access the default servlets in the namenode, etc. The value should be a comma separated list of users and groups. The user list comes first and is separated by a space followed by the group list, e.g. "user1,user2 group1,group2". Both users and groups are optional, so "user1", " group1", "", "user1 group1", "user1,user2 group1,group2" are all valid (note the leading space in " group1"). '*' grants access to all users and groups, e.g. '*', '* ' and ' *' are all valid.</description> <on-ambari-upgrade add="true"/> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/eb04efb2/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py index 320872e..f97789b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py @@ -105,13 +105,17 @@ def create_users_and_groups(user_and_groups): import params - parts = re.split('\s', user_and_groups) + parts = re.split('\s+', user_and_groups) if len(parts) == 1: parts.append("") users_list = parts[0].split(",") if parts[0] else [] groups_list = parts[1].split(",") if parts[1] else [] + # skip creating groups and users if * is provided as value. + users_list = filter(lambda x: x != '*' , users_list) + groups_list = filter(lambda x: x != '*' , groups_list) + if users_list: User(users_list, fetch_nonlocal_groups = params.fetch_nonlocal_groups
