Repository: ambari Updated Branches: refs/heads/branch-2.5 aa729a5bb -> 805dbe42a
Revert: BUG-78694. LDAP sync requires user to be root Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/805dbe42 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/805dbe42 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/805dbe42 Branch: refs/heads/branch-2.5 Commit: 805dbe42a0c809faacf8b86c769199c300eac1b9 Parents: aa729a5 Author: Eugene Chekanskiy <echekans...@hortonworks.com> Authored: Sun Jul 16 20:37:52 2017 +0300 Committer: Eugene Chekanskiy <echekans...@hortonworks.com> Committed: Sun Jul 16 20:37:52 2017 +0300 ---------------------------------------------------------------------- .../src/main/python/ambari_server/setupSecurity.py | 4 ++++ ambari-server/src/test/python/TestAmbariServer.py | 13 ++++++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/805dbe42/ambari-server/src/main/python/ambari_server/setupSecurity.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py index f175d7c..ea3b9e5 100644 --- a/ambari-server/src/main/python/ambari_server/setupSecurity.py +++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py @@ -275,6 +275,10 @@ class LdapSyncOptions: # def sync_ldap(options): logger.info("Sync users and groups with configured LDAP.") + if not is_root(): + err = 'Ambari-server sync-ldap should be run with ' \ + 'root-level privileges' + raise FatalException(4, err) properties = get_ambari_properties() http://git-wip-us.apache.org/repos/asf/ambari/blob/805dbe42/ambari-server/src/test/python/TestAmbariServer.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py index fb0bb70..1ac77ab2 100644 --- a/ambari-server/src/test/python/TestAmbariServer.py +++ b/ambari-server/src/test/python/TestAmbariServer.py @@ -7747,12 +7747,13 @@ class TestAmbariServer(TestCase): @patch("urllib2.urlopen") @patch("urllib2.Request") @patch("base64.encodestring") + @patch("ambari_server.setupSecurity.is_root") @patch("ambari_server.setupSecurity.is_server_runing") @patch("ambari_server.setupSecurity.get_ambari_properties") @patch("ambari_server.setupSecurity.get_validated_string_input") @patch("ambari_server.setupSecurity.logger") def test_sync_ldap_forbidden(self, logger_mock, get_validated_string_input_method, get_ambari_properties_method, - is_server_runing_method, + is_server_runing_method, is_root_method, encodestring_method, request_constructor, urlopen_method): options = self._create_empty_options_mock() @@ -7761,6 +7762,16 @@ class TestAmbariServer(TestCase): options.ldap_sync_users = None options.ldap_sync_groups = None + is_root_method.return_value = False + try: + sync_ldap(options) + self.fail("Should throw exception if not root") + except FatalException as fe: + # Expected + self.assertTrue("root-level" in fe.reason) + pass + is_root_method.return_value = True + is_server_runing_method.return_value = (None, None) try: sync_ldap(options)