AMBARI-20513. Storm alerts appear after disabling security [upgrade] (magyari_sandor)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/64fc0e23 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/64fc0e23 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/64fc0e23 Branch: refs/heads/branch-feature-AMBARI-12556 Commit: 64fc0e23c599682d53e337a58dd573825d551504 Parents: ca2c835 Author: Sandor Magyari <[email protected]> Authored: Wed Mar 22 14:54:04 2017 +0100 Committer: Sandor Magyari <[email protected]> Committed: Thu Mar 23 08:24:31 2017 +0100 ---------------------------------------------------------------------- .../main/resources/stacks/HDP/2.2/services/stack_advisor.py | 4 ++-- .../src/test/python/stacks/2.2/common/test_stack_advisor.py | 8 ++++++++ .../src/test/python/stacks/2.5/common/test_stack_advisor.py | 3 +++ 3 files changed, 13 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/64fc0e23/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py index d753c51..800edbe 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py @@ -918,7 +918,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): putStormSiteProperty = self.putProperty(configurations, "storm-site", services) putStormSiteAttributes = self.putPropertyAttribute(configurations, "storm-site") storm_site = getServicesSiteProperties(services, "storm-site") - security_enabled = (storm_site is not None and "storm.zookeeper.superACL" in storm_site) + security_enabled = self.isSecurityEnabled(services) if "ranger-env" in services["configurations"] and "ranger-storm-plugin-properties" in services["configurations"] and \ "ranger-storm-plugin-enabled" in services["configurations"]["ranger-env"]["properties"]: putStormRangerPluginProperty = self.putProperty(configurations, "ranger-storm-plugin-properties", services) @@ -945,7 +945,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): if security_enabled: if rangerPluginEnabled and (rangerPluginEnabled.lower() == 'Yes'.lower()): putStormSiteProperty('nimbus.authorizer',rangerClass) - elif (services["configurations"]["storm-site"]["properties"]["nimbus.authorizer"] == rangerClass): + else: putStormSiteProperty('nimbus.authorizer', nonRangerClass) else: putStormSiteAttributes('nimbus.authorizer', 'delete', 'true') http://git-wip-us.apache.org/repos/asf/ambari/blob/64fc0e23/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py index a2b7714..571ff26 100644 --- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py @@ -3045,6 +3045,7 @@ class TestHDP22StackAdvisor(TestCase): "StackServices": { "service_name" : "STORM", "service_version" : "2.6.0.2.2" + } }, { @@ -3066,6 +3067,11 @@ class TestHDP22StackAdvisor(TestCase): "stack_version": "2.2" }, "configurations": { + "cluster-env": { + "properties": { + "security_enabled": "false" + } + }, "storm-site": { "properties": { "nimbus.authorizer" : "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer" @@ -3097,6 +3103,7 @@ class TestHDP22StackAdvisor(TestCase): services['configurations']['storm-site']['properties']['nimbus.authorizer'] = '' services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled'] = 'Yes' services['configurations']['storm-site']['properties']['storm.zookeeper.superACL'] = 'sasl:{{storm_bare_jaas_principal}}' + services['configurations']['cluster-env']['properties']['security_enabled'] = 'true' self.stackAdvisor.recommendStormConfigurations(configurations, clusterData, services, None) self.assertEquals(configurations['storm-site']['properties']['nimbus.authorizer'], 'com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer', "Test nimbus.authorizer with Ranger Storm plugin enabled in kerberos environment") @@ -3106,6 +3113,7 @@ class TestHDP22StackAdvisor(TestCase): services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled'] = 'No' services['configurations']['storm-site']['properties']['storm.zookeeper.superACL'] = 'sasl:{{storm_bare_jaas_principal}}' services['configurations']['storm-site']['properties']['nimbus.authorizer'] = 'com.xasecure.authorization.storm.authorizer.XaSecureStormAuthorizer' + services['configurations']['cluster-env']['properties']['security_enabled'] = 'true' self.stackAdvisor.recommendStormConfigurations(configurations, clusterData, services, None) self.assertEquals(configurations['storm-site']['properties']['nimbus.authorizer'], 'backtype.storm.security.auth.authorizer.SimpleACLAuthorizer', "Test nimbus.authorizer with Ranger Storm plugin being disabled in kerberos environment") http://git-wip-us.apache.org/repos/asf/ambari/blob/64fc0e23/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py index 255d5c5..6d4e05f 100644 --- a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py @@ -5398,6 +5398,7 @@ class TestHDP25StackAdvisor(TestCase): configurations['storm-site']['properties'] = {} configurations['storm-site']['property_attributes'] = {} services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled'] = 'Yes' + services['configurations']['cluster-env']['properties']['security_enabled'] = 'false' self.stackAdvisor.recommendStormConfigurations(configurations, clusterData, services, None) self.assertEquals(configurations['storm-site']['property_attributes']['nimbus.authorizer'], {'delete': 'true'}, "Test nimbus.authorizer with Ranger Storm plugin enabled in non-kerberos environment") self.assertEquals(configurations['storm-site']['properties']['storm.cluster.metrics.consumer.register'], '[{"class": "org.apache.hadoop.metrics2.sink.storm.StormTimelineMetricsReporter"}]') @@ -5414,6 +5415,7 @@ class TestHDP25StackAdvisor(TestCase): services['configurations']['storm-site']['properties']['nimbus.authorizer'] = '' services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled'] = 'Yes' services['configurations']['storm-site']['properties']['storm.zookeeper.superACL'] = 'sasl:{{storm_bare_jaas_principal}}' + services['configurations']['cluster-env']['properties']['security_enabled'] = 'true' self.stackAdvisor.recommendStormConfigurations(configurations, clusterData, services, None) self.assertEquals(configurations['storm-site']['properties']['nimbus.authorizer'], 'org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer', "Test nimbus.authorizer with Ranger Storm plugin enabled in kerberos environment") @@ -5423,6 +5425,7 @@ class TestHDP25StackAdvisor(TestCase): services['configurations']['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled'] = 'No' services['configurations']['storm-site']['properties']['storm.zookeeper.superACL'] = 'sasl:{{storm_bare_jaas_principal}}' services['configurations']['storm-site']['properties']['nimbus.authorizer'] = 'org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer' + services['configurations']['cluster-env']['properties']['security_enabled'] = 'true' self.stackAdvisor.recommendStormConfigurations(configurations, clusterData, services, None) self.assertEquals(configurations['storm-site']['properties']['nimbus.authorizer'], 'org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer', "Test nimbus.authorizer with Ranger Storm plugin being disabled in kerberos environment")
