AMBARI-19363. Log Search: external authentication roles are hard coded (oleewere)
Change-Id: Ic3d67d22f4a82e09ed940160e1fa1099937ca049 Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6b198cc7 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6b198cc7 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6b198cc7 Branch: refs/heads/branch-dev-patch-upgrade Commit: 6b198cc71ffd5b1ee5332ee036eb1272ee767c8b Parents: 773d155 Author: oleewere <[email protected]> Authored: Wed Jan 4 20:24:29 2017 +0100 Committer: oleewere <[email protected]> Committed: Thu Jan 5 13:14:38 2017 +0100 ---------------------------------------------------------------------- .../configuration/logsearch-properties.xml | 7 +++++++ .../LOGSEARCH/0.5.0/package/scripts/params.py | 1 - .../stacks/2.4/LOGSEARCH/test_logsearch.py | 2 +- .../test/python/stacks/2.4/configs/default.json | 3 ++- .../configs/services/logsearch_properties.js | 21 +++++++++++++------- 5 files changed, 24 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/6b198cc7/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml index 8fc71d5..47872ee 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/configuration/logsearch-properties.xml @@ -174,6 +174,13 @@ <on-ambari-upgrade add="true"/> </property> <property> + <name>logsearch.roles.allowed</name> + <value>AMBARI.ADMINISTRATOR,CLUSTER.ADMINISTRATOR</value> + <display-name>Roles allowed</display-name> + <description>Comma separated roles for external authentication</description> + <on-ambari-upgrade add="true"/> + </property> + <property> <name>logsearch.auth.jwt.enabled</name> <value>false</value> <display-name>JWT authentication enabled</display-name> http://git-wip-us.apache.org/repos/asf/ambari/blob/6b198cc7/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py index 811b3ea..5ffd5e6 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/package/scripts/params.py @@ -218,7 +218,6 @@ logsearch_properties['logsearch.login.credentials.file'] = logsearch_admin_crede logsearch_properties['logsearch.auth.file.enabled'] = 'true' logsearch_properties['logsearch.auth.ldap.enabled'] = 'false' logsearch_properties['logsearch.auth.simple.enabled'] = 'false' -logsearch_properties['logsearch.roles.allowed'] = 'AMBARI.ADMINISTRATOR' logsearch_properties['logsearch.protocol'] = logsearch_ui_protocol http://git-wip-us.apache.org/repos/asf/ambari/blob/6b198cc7/ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py b/ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py index 00dd641..33ac715 100644 --- a/ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py +++ b/ambari-server/src/test/python/stacks/2.4/LOGSEARCH/test_logsearch.py @@ -105,7 +105,7 @@ class TestLogSearch(RMFTestCase): 'logsearch.collection.service.logs.replication.factor': '1', 'logsearch.login.credentials.file': 'logsearch-admin.json', 'logsearch.protocol': 'http', - 'logsearch.roles.allowed': 'AMBARI.ADMINISTRATOR', + 'logsearch.roles.allowed': 'AMBARI.ADMINISTRATOR,CLUSTER.ADMINISTRATOR', 'logsearch.service.logs.split.interval.mins': '1', 'logsearch.solr.audit.logs.zk_connect_string': 'c6401.ambari.apache.org:2181/infra-solr', 'logsearch.solr.collection.audit.logs': 'audit_logs', http://git-wip-us.apache.org/repos/asf/ambari/blob/6b198cc7/ambari-server/src/test/python/stacks/2.4/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.4/configs/default.json b/ambari-server/src/test/python/stacks/2.4/configs/default.json index a601f0b..30e12e9 100644 --- a/ambari-server/src/test/python/stacks/2.4/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.4/configs/default.json @@ -302,7 +302,8 @@ "logsearch.solr.metrics.collector.hosts" : "{metrics_collector_hosts}", "logsearch.auth.external_auth.enabled" : "false", "logsearch.auth.external_auth.host_url" : "{ambari_server_auth_host_url}", - "logsearch.auth.external_auth.login_url" : "/api/v1/users/$USERNAME/privileges?fields=*" + "logsearch.auth.external_auth.login_url" : "/api/v1/users/$USERNAME/privileges?fields=*", + "logsearch.roles.allowed": "AMBARI.ADMINISTRATOR,CLUSTER.ADMINISTRATOR" }, "logfeeder-properties": { "logfeeder.checkpoint.folder" : "/etc/ambari-logsearch-logfeeder/conf/checkpoints", http://git-wip-us.apache.org/repos/asf/ambari/blob/6b198cc7/ambari-web/app/data/configs/services/logsearch_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/configs/services/logsearch_properties.js b/ambari-web/app/data/configs/services/logsearch_properties.js index 94588ef..f003d04 100644 --- a/ambari-web/app/data/configs/services/logsearch_properties.js +++ b/ambari-web/app/data/configs/services/logsearch_properties.js @@ -431,52 +431,59 @@ module.exports = [ "serviceName": "LOGSEARCH" }, { - "name": "logsearch.auth.jwt.audiances", + "name": "logsearch.roles.allowed", "serviceName": "LOGSEARCH", "filename": "logsearch-properties.xml", "category": "Advanced logsearch-properties", "index": 12 }, { - "name": "logsearch.auth.jwt.cookie.name", + "name": "logsearch.auth.jwt.audiances", "serviceName": "LOGSEARCH", "filename": "logsearch-properties.xml", "category": "Advanced logsearch-properties", "index": 13 }, { - "name": "logsearch.auth.jwt.query.param.original_url", + "name": "logsearch.auth.jwt.cookie.name", "serviceName": "LOGSEARCH", "filename": "logsearch-properties.xml", "category": "Advanced logsearch-properties", "index": 14 }, { - "name": "logsearch.spnego.kerberos.enabled", + "name": "logsearch.auth.jwt.query.param.original_url", "serviceName": "LOGSEARCH", "filename": "logsearch-properties.xml", "category": "Advanced logsearch-properties", "index": 15 }, { - "name": "logsearch.spnego.kerberos.keytab", + "name": "logsearch.spnego.kerberos.enabled", "serviceName": "LOGSEARCH", "filename": "logsearch-properties.xml", "category": "Advanced logsearch-properties", "index": 16 }, { - "name": "logsearch.spnego.kerberos.principal", + "name": "logsearch.spnego.kerberos.keytab", "serviceName": "LOGSEARCH", "filename": "logsearch-properties.xml", "category": "Advanced logsearch-properties", "index": 17 }, { - "name": "logsearch.spnego.kerberos.host", + "name": "logsearch.spnego.kerberos.principal", "serviceName": "LOGSEARCH", "filename": "logsearch-properties.xml", "category": "Advanced logsearch-properties", "index": 18 + }, + { + "name": "logsearch.spnego.kerberos.host", + "serviceName": "LOGSEARCH", + "filename": "logsearch-properties.xml", + "category": "Advanced logsearch-properties", + "index": 19 } ];
