Repository: ambari Updated Branches: refs/heads/trunk 8a8d48fde -> d03c24b9f
http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java index 1b0f4fb..3491f18 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java @@ -30,6 +30,8 @@ import org.apache.ambari.server.actionmanager.HostRoleStatus; import org.apache.ambari.server.agent.CommandReport; import org.apache.ambari.server.agent.ExecutionCommand; import org.apache.ambari.server.controller.KerberosHelper; +import org.apache.ambari.server.orm.dao.HostDAO; +import org.apache.ambari.server.orm.entities.HostEntity; import org.apache.ambari.server.security.credential.PrincipalKeyCredential; import org.apache.ambari.server.serveraction.AbstractServerAction; import org.apache.ambari.server.state.Cluster; @@ -171,6 +173,8 @@ public abstract class KerberosServerAction extends AbstractServerAction { @Inject private KerberosHelper kerberosHelper; + @Inject + HostDAO hostDAO; /** * Given a (command parameter) Map and a property name, attempts to safely retrieve the requested * data. @@ -543,21 +547,8 @@ public abstract class KerberosServerAction extends AbstractServerAction { if (record != null) { String principal = record.get(KerberosIdentityDataFileReader.PRINCIPAL); - if (principal != null) { - String hostname = record.get(KerberosIdentityDataFileReader.HOSTNAME); - - if(KerberosHelper.AMBARI_SERVER_HOST_NAME.equals(hostname)) { - // Replace KerberosHelper.AMBARI_SERVER_HOST_NAME with the actual hostname where the Ambari - // server is... this host - hostname = StageUtils.getHostName(); - } - - // Evaluate the principal "pattern" found in the record to generate the "evaluated principal" - // by replacing the _HOST and _REALM variables. - String evaluatedPrincipal = principal.replace("_HOST", hostname).replace("_REALM", defaultRealm); - - commandReport = processIdentity(record, evaluatedPrincipal, operationHandler, kerberosConfiguration, requestSharedDataContext); + commandReport = processIdentity(record, principal, operationHandler, kerberosConfiguration, requestSharedDataContext); } } @@ -588,6 +579,14 @@ public abstract class KerberosServerAction extends AbstractServerAction { } } + protected Long ambariServerHostID(){ + String ambariServerHostName = StageUtils.getHostName(); + HostEntity ambariServerHostEntity = hostDAO.findByName(ambariServerHostName); + return (ambariServerHostEntity == null) + ? null + : ambariServerHostEntity.getHostId(); + } + /** * A Kerberos operation type * <ul> http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java index e1f8419..b9381b4 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareDisableKerberosServerAction.java @@ -107,7 +107,7 @@ public class PrepareDisableKerberosServerAction extends AbstractPrepareKerberosS Map<String, Map<String, String>> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false); processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory, - configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore, false); + configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore); // Add auth-to-local configurations to the set of changes Map<String, Set<String>> authToLocalProperties = kerberosHelper.translateConfigurationSpecifications(kerberosDescriptor.getAllAuthToLocalProperties()); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java index 335451f..671ad95 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareEnableKerberosServerAction.java @@ -119,7 +119,7 @@ public class PrepareEnableKerberosServerAction extends PrepareKerberosIdentities Map<String, Map<String, String>> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false); processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory, - configurations, kerberosConfigurations, true, propertiesToIgnore, false); + configurations, kerberosConfigurations, true, propertiesToIgnore); // Calculate the set of configurations to update and replace any variables // using the previously calculated Map of configurations for the host. http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java index 038d1b5..b0fca8d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.java @@ -123,8 +123,7 @@ public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerber Map<String, Map<String, String>> configurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false); processServiceComponentHosts(cluster, kerberosDescriptor, schToProcess, identityFilter, dataDirectory, - configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore, - hostFilter != null); + configurations, kerberosConfigurations, includeAmbariIdentity, propertiesToIgnore); kerberosHelper.applyStackAdvisorUpdates(cluster, services, configurations, kerberosConfigurations, propertiesToIgnore, propertiesToRemove, true); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java new file mode 100644 index 0000000..f66d273 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/stageutils/ResolvedKerberosKeytab.java @@ -0,0 +1,257 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.kerberos.stageutils; + +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.state.kerberos.VariableReplacementHelper; +import org.apache.commons.lang3.tuple.Pair; + +import com.google.common.collect.ImmutableSet; + +/** + * Class that represents keytab. Contains principals that mapped to host. + * Same keytab can have different set of principals on different hosts. + */ +// TODO This class need to replace {@link org.apache.ambari.server.serveraction.kerberos.KerberosIdentityDataFile} +// TODO and all related structures and become main item that {@link org.apache.ambari.server.serveraction.kerberos.KerberosServerAction} +// TODO operates with instead of identity records. +public class ResolvedKerberosKeytab { + + private String ownerName = null; + private String ownerAccess = null; + private String groupName = null; + private String groupAccess = null; + private String file = null; + private Set<Pair<Long, String>> mappedPrincipals = null; + private boolean isAmbariServerKeytab = false; + private boolean mustWriteAmbariJaasFile = false; + + public ResolvedKerberosKeytab( + String file, + String ownerName, + String ownerAccess, + String groupName, + String groupAccess, + Set<Pair<Long, String>> mappedPrincipals, + boolean isAmbariServerKeytab, + boolean writeAmbariJaasFile + ) { + this.ownerName = ownerName; + this.ownerAccess = ownerAccess; + this.groupName = groupName; + this.groupAccess = groupAccess; + this.file = file; + this.mappedPrincipals = mappedPrincipals; + this.isAmbariServerKeytab = isAmbariServerKeytab; + this.mustWriteAmbariJaasFile = writeAmbariJaasFile; + } + + /** + * Gets the path to the keytab file + * <p/> + * The value may include variable placeholders to be replaced as needed + * <ul> + * <li> + * ${variable} placeholders are replaced on the server - see + * {@link VariableReplacementHelper#replaceVariables(String, Map)} + * </li> + * </ul> + * + * @return a String declaring the keytab file's absolute path + * @see VariableReplacementHelper#replaceVariables(String, Map) + */ + public String getFile() { + return file; + } + + /** + * Sets the path to the keytab file + * + * @param file a String declaring this keytab's file path + * @see #getFile() + */ + public void setFile(String file) { + this.file = file; + } + + /** + * Gets the local username to set as the owner of the keytab file + * + * @return a String declaring the name of the user to own the keytab file + */ + public String getOwnerName() { + return ownerName; + } + + /** + * Sets the local username to set as the owner of the keytab file + * + * @param name a String declaring the name of the user to own the keytab file + */ + public void setOwnerName(String name) { + this.ownerName = name; + } + + /** + * Gets the access permissions that should be set on the keytab file related to the file's owner + * + * @return a String declaring the access permissions that should be set on the keytab file related + * to the file's owner + * @see #ownerAccess + */ + public String getOwnerAccess() { + return ownerAccess; + } + + /** + * Sets the access permissions that should be set on the keytab file related to the file's owner + * + * @param access a String declaring the access permissions that should be set on the keytab file + * related to the file's owner + * @see #ownerAccess + */ + public void setOwnerAccess(String access) { + this.ownerAccess = access; + } + + /** + * Gets the local group name to set as the group owner of the keytab file + * + * @return a String declaring the name of the group to own the keytab file + */ + public String getGroupName() { + return groupName; + } + + /** + * Sets the local group name to set as the group owner of the keytab file + * + * @param name a String declaring the name of the group to own the keytab file + */ + public void setGroupName(String name) { + this.groupName = name; + } + + /** + * Gets the access permissions that should be set on the keytab file related to the file's group + * + * @return a String declaring the access permissions that should be set on the keytab file related + * to the file's group + * @see #groupAccess + */ + public String getGroupAccess() { + return groupAccess; + } + + /** + * Sets the access permissions that should be set on the keytab file related to the file's group + * + * @param access a String declaring the access permissions that should be set on the keytab file + * related to the file's group + * @see #groupAccess + */ + public void setGroupAccess(String access) { + this.groupAccess = access; + } + + /** + * Gets evaluated host-to-principal set associated with given keytab. + * + * @return a Set with mappedPrincipals associated with given keytab + */ + public Set<Pair<Long, String>> getMappedPrincipals() { + return mappedPrincipals; + } + + /** + * Sets evaluated host-to-principal set associated with given keytab. + * + * @param mappedPrincipals a Map with host-to-principal mapping associated with given keytab + */ + public void setMappedPrincipals(Set<Pair<Long, String>> mappedPrincipals) { + this.mappedPrincipals = mappedPrincipals; + } + + /** + * Gets set of hosts associated with given keytab. + * + * @return a Set with hosts + */ + public Set<Long> getHosts() { + ImmutableSet.Builder<Long> builder = ImmutableSet.builder(); + for (Pair<Long, String> principal : getMappedPrincipals()) { + if (principal.getLeft() != null) { + builder.add(principal.getLeft()); + } + } + return builder.build(); + } + + /** + * Gets a set of principals associated with given keytab. + * + * @return a Set of principals + */ + public Set<String> getPrincipals() { + ImmutableSet.Builder<String> builder = ImmutableSet.builder(); + for (Pair<Long, String> principal : getMappedPrincipals()) { + builder.add(principal.getRight()); + } + return builder.build(); + } + + /** + * Indicates if given keytab is Ambari Server keytab and can be distributed to host with Ambari Server side action. + * + * @return true, if given keytab is Ambari Server keytab. + */ + public boolean isAmbariServerKeytab() { + return isAmbariServerKeytab; + } + + /** + * Sets flag to indicate if given keytab is Ambari Server keytab and can be distributed to host with Ambari Server + * side action. + * + * @param isAmbariServerKeytab flag value + */ + public void setAmbariServerKeytab(boolean isAmbariServerKeytab) { + this.isAmbariServerKeytab = isAmbariServerKeytab; + } + + /** + * Indicates if this keytab must be written to Ambari Server jaas file. + * + * @return true, if this keytab must be written to Ambari Server jaas file. + */ + public boolean isMustWriteAmbariJaasFile() { + return mustWriteAmbariJaasFile; + } + + /** + * Sets flag to indicate if this keytab must be written to Ambari Server jaas file. + * + * @param mustWriteAmbariJaasFile flag value + */ + public void setMustWriteAmbariJaasFile(boolean mustWriteAmbariJaasFile) { + this.mustWriteAmbariJaasFile = mustWriteAmbariJaasFile; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java index 5af7c6b..ca78dbb 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosAction.java @@ -38,8 +38,14 @@ import org.apache.ambari.server.actionmanager.HostRoleStatus; import org.apache.ambari.server.agent.CommandReport; import org.apache.ambari.server.controller.AmbariManagementController; import org.apache.ambari.server.controller.KerberosHelper; +import org.apache.ambari.server.orm.dao.HostDAO; +import org.apache.ambari.server.orm.dao.KerberosKeytabDAO; +import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO; +import org.apache.ambari.server.orm.dao.KerberosPrincipalHostDAO; +import org.apache.ambari.server.orm.entities.HostEntity; import org.apache.ambari.server.orm.entities.RepositoryVersionEntity; import org.apache.ambari.server.serveraction.kerberos.PreconfigureServiceType; +import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosKeytab; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.ConfigHelper; import org.apache.ambari.server.state.Host; @@ -56,6 +62,7 @@ import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor; import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor; import org.apache.ambari.server.state.kerberos.VariableReplacementHelper; import org.apache.ambari.server.state.stack.upgrade.Direction; +import org.apache.ambari.server.utils.StageUtils; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; @@ -82,6 +89,18 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { @Inject private VariableReplacementHelper variableReplacementHelper; + @Inject + private HostDAO hostDAO; + + @Inject + private KerberosKeytabDAO kerberosKeytabDAO; + + @Inject + KerberosPrincipalHostDAO kerberosPrincipalHostDAO; + + @Inject + KerberosPrincipalDAO kerberosPrincipalDAO; + @Override public CommandReport execute(ConcurrentMap<String, Object> requestSharedDataContext) throws AmbariException, InterruptedException { Map<String, String> commandParameters = getCommandParameters(); @@ -131,7 +150,7 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { } } - processServiceComponentHosts(cluster, kerberosDescriptor, configurations, kerberosConfigurations, propertiesToIgnore); + processServiceComponentHosts(cluster, kerberosDescriptor, configurations, kerberosConfigurations, propertiesToIgnore, getDefaultRealm(configurations)); // Calculate the set of configurations to update and replace any variables // using the previously calculated Map of configurations for the host. @@ -280,7 +299,7 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { private void processServiceComponentHosts(Cluster cluster, KerberosDescriptor kerberosDescriptor, Map<String, Map<String, String>> currentConfigurations, Map<String, Map<String, String>> kerberosConfigurations, - Map<String, Set<String>> propertiesToBeIgnored) + Map<String, Set<String>> propertiesToBeIgnored, String realm) throws AmbariException { Collection<Host> hosts = cluster.getHosts(); @@ -292,7 +311,7 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { try { Map<String, Set<String>> propertiesToIgnore = null; - + HashMap<String, ResolvedKerberosKeytab> resolvedKeytabs = new HashMap<>(); for (Host host : hosts) { // Iterate over the components installed on the current host to get the service and // component-level Kerberos descriptors in order to determine which principals, @@ -323,7 +342,8 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { // Add service-level principals (and keytabs) kerberosHelper.addIdentities(null, serviceIdentities, - null, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations, false); + null, hostName, host.getHostId(), serviceName, componentName, kerberosConfigurations, currentConfigurations, + resolvedKeytabs, realm); propertiesToIgnore = gatherPropertiesToIgnore(serviceIdentities, propertiesToIgnore); KerberosComponentDescriptor componentDescriptor = serviceDescriptor.getComponent(componentName); @@ -338,7 +358,8 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { // Add component-level principals (and keytabs) kerberosHelper.addIdentities(null, componentIdentities, - null, hostName, serviceName, componentName, kerberosConfigurations, currentConfigurations, false); + null, hostName, host.getHostId(), serviceName, componentName, kerberosConfigurations, currentConfigurations, + resolvedKeytabs,realm); propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore); } } @@ -359,7 +380,8 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { List<KerberosIdentityDescriptor> componentIdentities = Collections.singletonList(identity); kerberosHelper.addIdentities(null, componentIdentities, - null, KerberosHelper.AMBARI_SERVER_HOST_NAME, "AMBARI", componentName, kerberosConfigurations, currentConfigurations, false); + null, KerberosHelper.AMBARI_SERVER_HOST_NAME, ambariServerHostID(), "AMBARI", componentName, kerberosConfigurations, currentConfigurations, + resolvedKeytabs, realm); propertiesToIgnore = gatherPropertiesToIgnore(componentIdentities, propertiesToIgnore); } } @@ -367,6 +389,11 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { if ((propertiesToBeIgnored != null) && (propertiesToIgnore != null)) { propertiesToBeIgnored.putAll(propertiesToIgnore); } + + // create database records for keytabs that must be presented on cluster + for (ResolvedKerberosKeytab keytab : resolvedKeytabs.values()) { + kerberosHelper.processResolvedKeytab(keytab); + } } catch (IOException e) { throw new AmbariException(e.getMessage(), e); } @@ -582,5 +609,14 @@ public class PreconfigureKerberosAction extends AbstractUpgradeServerAction { } } } + + protected Long ambariServerHostID(){ + String ambariServerHostName = StageUtils.getHostName(); + HostEntity ambariServerHostEntity = hostDAO.findByName(ambariServerHostName); + return (ambariServerHostEntity == null) + ? null + : ambariServerHostEntity.getHostId(); + } + } http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java index 1104d19..ea0ceae 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/ServiceImpl.java @@ -601,7 +601,7 @@ public class ServiceImpl implements Service { List<Component> result = new ArrayList<>(); for (ServiceComponent component : getServiceComponents().values()) { for (ServiceComponentHost host : component.getServiceComponentHosts().values()) { - result.add(new Component(host.getHostName(), getName(), component.getName())); + result.add(new Component(host.getHostName(), getName(), component.getName(), host.getHost().getHostId())); } } return result; http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java index 3b8f6da..e30c2ce 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java @@ -1280,7 +1280,7 @@ public class ServiceComponentHostImpl implements ServiceComponentHost { ServiceComponentUninstalledEvent event = new ServiceComponentUninstalledEvent( clusterId, stackName, stackVersion, serviceName, componentName, - hostName, recoveryEnabled); + hostName, recoveryEnabled, host.getHostId()); eventPublisher.publish(event); } http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql index 2b4d15c..7d63494 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql @@ -922,12 +922,23 @@ CREATE TABLE kerberos_principal ( CONSTRAINT PK_kerberos_principal PRIMARY KEY (principal_name) ); +CREATE TABLE kerberos_keytab ( + keytab_path VARCHAR(255) NOT NULL, + CONSTRAINT PK_krb_keytab_path_host_id PRIMARY KEY (keytab_path) +); + + CREATE TABLE kerberos_principal_host ( principal_name VARCHAR(255) NOT NULL, + keytab_path VARCHAR(255) NOT NULL, + is_distributed SMALLINT NOT NULL DEFAULT 0, host_id BIGINT NOT NULL, - CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, host_id), + CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, keytab_path, host_id), CONSTRAINT FK_krb_pr_host_id FOREIGN KEY (host_id) REFERENCES hosts (host_id), - CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name)); + CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name), + CONSTRAINT FK_krb_pr_host_keytab_path FOREIGN KEY (keytab_path) REFERENCES kerberos_keytab (keytab_path) +); + CREATE TABLE kerberos_descriptor ( http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index b487205..af17353 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -940,12 +940,21 @@ CREATE TABLE kerberos_principal ( CONSTRAINT PK_kerberos_principal PRIMARY KEY (principal_name) ); +CREATE TABLE kerberos_keytab ( + keytab_path VARCHAR(255) NOT NULL, + CONSTRAINT PK_krb_keytab_path_host_id PRIMARY KEY (keytab_path) +); + CREATE TABLE kerberos_principal_host ( principal_name VARCHAR(255) NOT NULL, + keytab_path VARCHAR(255) NOT NULL, + is_distributed SMALLINT NOT NULL DEFAULT 0, host_id BIGINT NOT NULL, - CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, host_id), + CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, keytab_path, host_id), CONSTRAINT FK_krb_pr_host_id FOREIGN KEY (host_id) REFERENCES hosts (host_id), - CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name)); + CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name), + CONSTRAINT FK_krb_pr_host_keytab_path FOREIGN KEY (keytab_path) REFERENCES kerberos_keytab (keytab_path) +); CREATE TABLE kerberos_descriptor ( http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index bb87618..89c7971 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -919,12 +919,21 @@ CREATE TABLE kerberos_principal ( CONSTRAINT PK_kerberos_principal PRIMARY KEY (principal_name) ); +CREATE TABLE kerberos_keytab ( + keytab_path VARCHAR2(255) NOT NULL, + CONSTRAINT PK_krb_keytab_path_host_id PRIMARY KEY (keytab_path) +); + CREATE TABLE kerberos_principal_host ( principal_name VARCHAR2(255) NOT NULL, + keytab_path VARCHAR2(255) NOT NULL, + is_distributed NUMBER(1) DEFAULT 0 NOT NULL, host_id NUMBER(19) NOT NULL, - CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, host_id), + CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, keytab_path, host_id), CONSTRAINT FK_krb_pr_host_id FOREIGN KEY (host_id) REFERENCES hosts (host_id), - CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name)); + CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name), + CONSTRAINT FK_krb_pr_host_keytab_path FOREIGN KEY (keytab_path) REFERENCES kerberos_keytab (keytab_path) +); CREATE TABLE kerberos_descriptor ( http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index 7c0611d..3d2bd3a 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -921,12 +921,19 @@ CREATE TABLE kerberos_principal ( cached_keytab_path VARCHAR(255), CONSTRAINT PK_kerberos_principal PRIMARY KEY (principal_name)); +CREATE TABLE kerberos_keytab ( + keytab_path VARCHAR(255) NOT NULL, + CONSTRAINT PK_krb_keytab_path_host_id PRIMARY KEY (keytab_path)); + CREATE TABLE kerberos_principal_host ( principal_name VARCHAR(255) NOT NULL, + keytab_path VARCHAR(255) NOT NULL, + is_distributed SMALLINT NOT NULL DEFAULT 0, host_id BIGINT NOT NULL, - CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, host_id), + CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, keytab_path, host_id), CONSTRAINT FK_krb_pr_host_id FOREIGN KEY (host_id) REFERENCES hosts (host_id), - CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name)); + CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name), + CONSTRAINT FK_krb_pr_host_keytab_path FOREIGN KEY (keytab_path) REFERENCES kerberos_keytab (keytab_path)); CREATE TABLE kerberos_descriptor( kerberos_descriptor_name VARCHAR(255) NOT NULL, http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index e240c5a..55a6c61 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -918,12 +918,21 @@ CREATE TABLE kerberos_principal ( CONSTRAINT PK_kerberos_principal PRIMARY KEY (principal_name) ); +CREATE TABLE kerberos_keytab ( + keytab_path VARCHAR(255) NOT NULL, + CONSTRAINT PK_krb_keytab_path_host_id PRIMARY KEY (keytab_path) +); + CREATE TABLE kerberos_principal_host ( principal_name VARCHAR(255) NOT NULL, + keytab_path VARCHAR(255) NOT NULL, + is_distributed SMALLINT NOT NULL DEFAULT 0, host_id NUMERIC(19) NOT NULL, - CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, host_id), + CONSTRAINT PK_kerberos_principal_host PRIMARY KEY (principal_name, keytab_path, host_id), CONSTRAINT FK_krb_pr_host_id FOREIGN KEY (host_id) REFERENCES hosts (host_id), - CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name)); + CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name), + CONSTRAINT FK_krb_pr_host_keytab_path FOREIGN KEY (keytab_path) REFERENCES kerberos_keytab (keytab_path) +); CREATE TABLE kerberos_descriptor ( http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index 3839ee4..e5e8af5 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -941,12 +941,21 @@ CREATE TABLE kerberos_principal ( CONSTRAINT PK_kerberos_principal PRIMARY KEY CLUSTERED (principal_name) ); +CREATE TABLE kerberos_keytab ( + keytab_path VARCHAR(255) NOT NULL, + CONSTRAINT PK_krb_keytab_path_host_id PRIMARY KEY CLUSTERED (keytab_path) +); + CREATE TABLE kerberos_principal_host ( principal_name VARCHAR(255) NOT NULL, + keytab_path VARCHAR(255) NOT NULL, + is_distributed SMALLINT NOT NULL DEFAULT 0, host_id BIGINT NOT NULL, - CONSTRAINT PK_kerberos_principal_host PRIMARY KEY CLUSTERED (principal_name, host_id), + CONSTRAINT PK_kerberos_principal_host PRIMARY KEY CLUSTERED (principal_name, keytab_path, host_id), CONSTRAINT FK_krb_pr_host_id FOREIGN KEY (host_id) REFERENCES hosts (host_id), - CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name)); + CONSTRAINT FK_krb_pr_host_principalname FOREIGN KEY (principal_name) REFERENCES kerberos_principal (principal_name), + CONSTRAINT FK_krb_pr_host_keytab_path FOREIGN KEY (keytab_path) REFERENCES kerberos_keytab (keytab_path) +); CREATE TABLE kerberos_descriptor ( http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/META-INF/persistence.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/META-INF/persistence.xml b/ambari-server/src/main/resources/META-INF/persistence.xml index 0f8e964..67eef70 100644 --- a/ambari-server/src/main/resources/META-INF/persistence.xml +++ b/ambari-server/src/main/resources/META-INF/persistence.xml @@ -45,6 +45,7 @@ <class>org.apache.ambari.server.orm.entities.HostStateEntity</class> <class>org.apache.ambari.server.orm.entities.HostVersionEntity</class> <class>org.apache.ambari.server.orm.entities.KerberosPrincipalEntity</class> + <class>org.apache.ambari.server.orm.entities.KerberosKeytabEntity</class> <class>org.apache.ambari.server.orm.entities.KerberosPrincipalHostEntity</class> <class>org.apache.ambari.server.orm.entities.KeyValueEntity</class> <class>org.apache.ambari.server.orm.entities.MemberEntity</class> http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py index 21accdd..fcaa547 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py @@ -441,10 +441,9 @@ class KerberosScript(Script): if principal is not None: curr_content = Script.structuredOut - if "keytabs" not in curr_content: - curr_content['keytabs'] = {} - - curr_content['keytabs'][principal.replace("_HOST", params.hostname)] = '_REMOVED_' + if "removedKeytabs" not in curr_content: + curr_content['removedKeytabs'] = {} + curr_content['removedKeytabs'][principal.replace("_HOST", params.hostname)] = keytab_file_path self.put_structured_out(curr_content) http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/package/scripts/kerberos_common.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/package/scripts/kerberos_common.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/package/scripts/kerberos_common.py index 21accdd..fcaa547 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/package/scripts/kerberos_common.py +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/package/scripts/kerberos_common.py @@ -441,10 +441,9 @@ class KerberosScript(Script): if principal is not None: curr_content = Script.structuredOut - if "keytabs" not in curr_content: - curr_content['keytabs'] = {} - - curr_content['keytabs'][principal.replace("_HOST", params.hostname)] = '_REMOVED_' + if "removedKeytabs" not in curr_content: + curr_content['removedKeytabs'] = {} + curr_content['removedKeytabs'][principal.replace("_HOST", params.hostname)] = keytab_file_path self.put_structured_out(curr_content) http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java index 20ff949..b4ff5c1 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java @@ -1549,7 +1549,7 @@ public class TestHeartbeatHandler { kerberosIdentityDataFileWriter.writeRecord("c6403.ambari.apache.org", "HDFS", "DATANODE", "dn/_HOST@_REALM", "service", "/etc/security/keytabs/dn.service.keytab", - "hdfs", "r", "hadoop", "", "false", "false"); + "hdfs", "r", "hadoop", "", "false"); kerberosIdentityDataFileWriter.close(); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index 7ed52d2..a3074ae 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -3456,6 +3456,8 @@ public class KerberosHelperTest extends EasyMockSupport { if (managingIdentities) { final Host host = createMockHost("host1"); + expect(host.getHostId()).andReturn(1l).anyTimes(); + expect(cluster.getHosts()).andReturn(Collections.singleton(host)).anyTimes(); final ServiceComponentHost schKerberosClient = createMock(ServiceComponentHost.class); @@ -3463,6 +3465,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(schKerberosClient.getServiceComponentName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes(); expect(schKerberosClient.getHostName()).andReturn("host1").anyTimes(); expect(schKerberosClient.getState()).andReturn(State.INSTALLED).anyTimes(); + expect(schKerberosClient.getHost()).andReturn(host).anyTimes(); final ServiceComponent serviceComponentKerberosClient = createNiceMock(ServiceComponent.class); expect(serviceComponentKerberosClient.getName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes(); @@ -3622,12 +3625,15 @@ public class KerberosHelperTest extends EasyMockSupport { private void testDeleteTestIdentity(final PrincipalKeyCredential PrincipalKeyCredential) throws Exception { KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class); + Host host1 = createMock(Host.class); + expect(host1.getHostId()).andReturn(1l).anyTimes(); final ServiceComponentHost schKerberosClient = createMock(ServiceComponentHost.class); expect(schKerberosClient.getServiceName()).andReturn(Service.Type.KERBEROS.name()).anyTimes(); expect(schKerberosClient.getServiceComponentName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes(); expect(schKerberosClient.getHostName()).andReturn("host1").anyTimes(); expect(schKerberosClient.getState()).andReturn(State.INSTALLED).anyTimes(); + expect(schKerberosClient.getHost()).andReturn(host1).anyTimes(); final ServiceComponentHost sch1 = createMock(ServiceComponentHost.class); expect(sch1.getServiceName()).andReturn("SERVICE1").anyTimes(); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java index 9c94f35..59fbba0 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java @@ -139,11 +139,12 @@ public class HostKerberosIdentityResourceProviderTest extends EasyMockSupport { expect(principalDescriptor1.getLocalUsername()).andReturn("principal1"); KerberosKeytabDescriptor keytabDescriptor1 = createStrictMock(KerberosKeytabDescriptor.class); - expect(keytabDescriptor1.getOwnerAccess()).andReturn("rw").times(1); - expect(keytabDescriptor1.getGroupAccess()).andReturn("r").times(1); expect(keytabDescriptor1.getFile()).andReturn("/etc/security/keytabs/principal1.headless.keytab").times(1); - expect(keytabDescriptor1.getOwnerName()).andReturn("principal1").times(1); - expect(keytabDescriptor1.getGroupName()).andReturn("principal1").times(1); + expect(keytabDescriptor1.getOwnerAccess()).andReturn("rw").once(); + expect(keytabDescriptor1.getGroupAccess()).andReturn("r").once(); + expect(keytabDescriptor1.getFile()).andReturn("/etc/security/keytabs/principal1.headless.keytab").times(1); + expect(keytabDescriptor1.getOwnerName()).andReturn("principal1").once(); + expect(keytabDescriptor1.getGroupName()).andReturn("principal1").once(); KerberosIdentityDescriptor identity1 = createStrictMock(KerberosIdentityDescriptor.class); expect(identity1.getPrincipalDescriptor()).andReturn(principalDescriptor1).times(1); @@ -189,8 +190,7 @@ public class HostKerberosIdentityResourceProviderTest extends EasyMockSupport { expect(kerberosPrincipalDAO.exists("[email protected]")).andReturn(false).times(1); KerberosPrincipalHostDAO kerberosPrincipalHostDAO = createStrictMock(KerberosPrincipalHostDAO.class); - expect(kerberosPrincipalHostDAO.exists("[email protected]", 100L)).andReturn(true).times(1); - expect(kerberosPrincipalHostDAO.exists("principal2/[email protected]", 100L)).andReturn(false).times(1); + expect(kerberosPrincipalHostDAO.exists("[email protected]", 100L, "/etc/security/keytabs/principal1.headless.keytab")).andReturn(true).times(1); HostEntity host100 = createStrictMock(HostEntity.class); expect(host100.getHostId()).andReturn(100L).times(1); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java index 2518da9..ff0f687 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java @@ -77,7 +77,7 @@ public class KerberosIdentityCleanerTest extends EasyMockSupport { @Test public void removesAllKerberosIdentitesOfComponentAfterComponentWasUninstalled() throws Exception { installComponent(OOZIE, OOZIE_SERVER, HOST); - kerberosHelper.deleteIdentities(cluster, singletonList(new Component(HOST, OOZIE, OOZIE_SERVER)), newHashSet("/OOZIE/OOZIE_SERVER/oozie_server1", "/OOZIE/OOZIE_SERVER/oozie_server2")); + kerberosHelper.deleteIdentities(cluster, singletonList(new Component(HOST, OOZIE, OOZIE_SERVER, -1l)), newHashSet("/OOZIE/OOZIE_SERVER/oozie_server1", "/OOZIE/OOZIE_SERVER/oozie_server2")); expectLastCall().once(); replayAll(); uninstallComponent(OOZIE, OOZIE_SERVER, HOST); @@ -95,7 +95,7 @@ public class KerberosIdentityCleanerTest extends EasyMockSupport { public void skipsRemovingIdentityThatIsSharedByPrincipalName() throws Exception { installComponent(OOZIE, OOZIE_SERVER, HOST); installComponent(OOZIE_2, OOZIE_SERVER_2, HOST); - kerberosHelper.deleteIdentities(cluster, singletonList(new Component(HOST, OOZIE, OOZIE_SERVER)), newHashSet("/OOZIE/OOZIE_SERVER/oozie_server1")); + kerberosHelper.deleteIdentities(cluster, singletonList(new Component(HOST, OOZIE, OOZIE_SERVER, -1l)), newHashSet("/OOZIE/OOZIE_SERVER/oozie_server1")); expectLastCall().once(); replayAll(); uninstallComponent(OOZIE, OOZIE_SERVER, HOST); @@ -106,7 +106,7 @@ public class KerberosIdentityCleanerTest extends EasyMockSupport { public void skipsRemovingIdentityThatIsSharedByKeyTabFilePath() throws Exception { installComponent(YARN, RESOURCE_MANAGER, HOST); installComponent(YARN_2, RESOURCE_MANAGER_2, HOST); - kerberosHelper.deleteIdentities(cluster, singletonList(new Component(HOST, YARN, RESOURCE_MANAGER)), newHashSet("/YARN/RESOURCE_MANAGER/rm_unique")); + kerberosHelper.deleteIdentities(cluster, singletonList(new Component(HOST, YARN, RESOURCE_MANAGER, -1l)), newHashSet("/YARN/RESOURCE_MANAGER/rm_unique")); expectLastCall().once(); replayAll(); uninstallComponent(YARN, RESOURCE_MANAGER, HOST); @@ -141,7 +141,7 @@ public class KerberosIdentityCleanerTest extends EasyMockSupport { } private ArrayList<Component> hdfsComponents() { - return newArrayList(new Component(HOST, HDFS, NAMENODE), new Component(HOST, HDFS, DATANODE)); + return newArrayList(new Component(HOST, HDFS, NAMENODE, 0l), new Component(HOST, HDFS, DATANODE, 0l)); } private void installComponent(String serviceName, String componentName, String... hostNames) { @@ -163,7 +163,7 @@ public class KerberosIdentityCleanerTest extends EasyMockSupport { } private void uninstallComponent(String service, String component, String host) throws KerberosMissingAdminCredentialsException { - kerberosIdentityCleaner.componentRemoved(new ServiceComponentUninstalledEvent(CLUSTER_ID, "any", "any", service, component, host, false)); + kerberosIdentityCleaner.componentRemoved(new ServiceComponentUninstalledEvent(CLUSTER_ID, "any", "any", service, component, host, false, -1l)); } private void uninstallService(String service, List<Component> components) throws KerberosMissingAdminCredentialsException { http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/events/listeners/upgrade/HostVersionOutOfSyncListenerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/events/listeners/upgrade/HostVersionOutOfSyncListenerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/events/listeners/upgrade/HostVersionOutOfSyncListenerTest.java index 24d4f55..108159c 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/events/listeners/upgrade/HostVersionOutOfSyncListenerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/events/listeners/upgrade/HostVersionOutOfSyncListenerTest.java @@ -514,7 +514,7 @@ public class HostVersionOutOfSyncListenerTest { ServiceComponentUninstalledEvent event = new ServiceComponentUninstalledEvent( c1.getClusterId(), clusterStackId.getStackName(), clusterStackId.getStackVersion(), - "HDFS", "DATANODE", sch.getHostName(), false); + "HDFS", "DATANODE", sch.getHostName(), false, -1l); m_eventPublisher.publish(event); } http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java index 5522132..d580e6a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerActionTest.java @@ -20,6 +20,7 @@ package org.apache.ambari.server.serveraction.kerberos; import static org.easymock.EasyMock.anyBoolean; import static org.easymock.EasyMock.anyObject; +import static org.easymock.EasyMock.createNiceMock; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.verify; @@ -33,12 +34,15 @@ import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentMap; +import javax.persistence.EntityManager; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.agent.CommandReport; import org.apache.ambari.server.audit.AuditLogger; import org.apache.ambari.server.controller.KerberosHelper; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; +import org.apache.ambari.server.state.Host; import org.apache.ambari.server.state.Service; import org.apache.ambari.server.state.ServiceComponentHost; import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor; @@ -52,6 +56,7 @@ import org.junit.Test; import com.google.inject.AbstractModule; import com.google.inject.Guice; import com.google.inject.Injector; +import com.google.inject.Provider; public class AbstractPrepareKerberosServerActionTest { private class PrepareKerberosServerAction extends AbstractPrepareKerberosServerAction{ @@ -79,6 +84,8 @@ public class AbstractPrepareKerberosServerActionTest { bind(KerberosIdentityDataFileWriterFactory.class).toInstance(kerberosIdentityDataFileWriterFactory); bind(Clusters.class).toInstance(clusters); bind(AuditLogger.class).toInstance(auditLogger); + Provider<EntityManager> entityManagerProvider = EasyMock.createNiceMock(Provider.class); + bind(EntityManager.class).toProvider(entityManagerProvider); } }); @@ -131,10 +138,12 @@ public class AbstractPrepareKerberosServerActionTest { expect(serviceComponentHostHDFS.getHostName()).andReturn(hostName).atLeastOnce(); expect(serviceComponentHostHDFS.getServiceName()).andReturn(hdfsService).atLeastOnce(); expect(serviceComponentHostHDFS.getServiceComponentName()).andReturn(hdfsComponent).atLeastOnce(); + expect(serviceComponentHostHDFS.getHost()).andReturn(createNiceMock(Host.class)).atLeastOnce(); expect(serviceComponentHostZK.getHostName()).andReturn(hostName).atLeastOnce(); expect(serviceComponentHostZK.getServiceName()).andReturn(zookeeperService).atLeastOnce(); expect(serviceComponentHostZK.getServiceComponentName()).andReturn(zkComponent).atLeastOnce(); + expect(serviceComponentHostZK.getHost()).andReturn(createNiceMock(Host.class)).atLeastOnce(); expect(kerberosDescriptor.getService(hdfsService)).andReturn(serviceDescriptor).once(); @@ -150,7 +159,7 @@ public class AbstractPrepareKerberosServerActionTest { identityFilter, "", configurations, kerberosConfigurations, - false, propertiesToIgnore, false); + false, propertiesToIgnore); verify(kerberosHelper); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerActionTest.java index c232117..39dee24 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ConfigureAmbariIdentitiesServerActionTest.java @@ -18,6 +18,9 @@ package org.apache.ambari.server.serveraction.kerberos; +import static org.easymock.EasyMock.anyObject; +import static org.easymock.EasyMock.anyString; +import static org.easymock.EasyMock.eq; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.expectLastCall; @@ -75,13 +78,11 @@ public class ConfigureAmbariIdentitiesServerActionTest extends EasyMockSupport { Injector injector = createInjector(); HostEntity hostEntity; - if (ambariServerHasAgent) { KerberosPrincipalHostDAO kerberosPrincipalHostDAO = injector.getInstance(KerberosPrincipalHostDAO.class); - expect(kerberosPrincipalHostDAO.exists(principal, 1L)).andReturn(false).once(); - kerberosPrincipalHostDAO.create(principal, 1L); - expectLastCall().once(); - + expect(kerberosPrincipalHostDAO.exists(eq(principal), eq(1L), anyString())).andReturn(false).anyTimes(); + kerberosPrincipalHostDAO.create(anyObject()); + expectLastCall().anyTimes(); hostEntity = createMock(HostEntity.class); expect(hostEntity.getHostId()).andReturn(1L).once(); } else { http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java index 8b679bf..c9301f3 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java @@ -30,6 +30,8 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; +import javax.persistence.EntityManager; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.Role; import org.apache.ambari.server.RoleCommand; @@ -44,6 +46,7 @@ import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.Host; import org.apache.ambari.server.state.ServiceComponentHost; +import org.easymock.EasyMock; import org.easymock.EasyMockSupport; import org.junit.Rule; import org.junit.Test; @@ -52,6 +55,7 @@ import org.junit.rules.TemporaryFolder; import com.google.inject.AbstractModule; import com.google.inject.Guice; import com.google.inject.Injector; +import com.google.inject.Provider; import junit.framework.Assert; @@ -193,6 +197,7 @@ public class FinalizeKerberosServerActionTest extends EasyMockSupport { bind(KerberosHelper.class).toInstance(createMock(KerberosHelper.class)); bind(Clusters.class).toInstance(clusters); bind(AuditLogger.class).toInstance(createNiceMock(AuditLogger.class)); + bind(EntityManager.class).toProvider(EasyMock.createNiceMock(Provider.class)); } }); } http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java index cfe0fee..323ba8e 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosIdentityDataFileTest.java @@ -54,7 +54,7 @@ public class KerberosIdentityDataFileTest { "principal" + i, "principal_type" + i, "keytabFilePath" + i, "keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i, "keytabFileGroupName" + i, "keytabFileGroupAccess" + i, - "false", "false"); + "false"); } // Add some odd characters @@ -62,7 +62,7 @@ public class KerberosIdentityDataFileTest { "principal", "principal_type", "keytabFilePath", "'keytabFileOwnerName'", "<keytabFileOwnerAccess>", "\"keytabFileGroupName\"", "keytab,File,Group,Access", - "false", "false"); + "false"); writer.close(); Assert.assertTrue(writer.isClosed()); @@ -153,7 +153,7 @@ public class KerberosIdentityDataFileTest { "principal", "principal_type", "keytabFilePath", "keytabFileOwnerName", "keytabFileOwnerAccess", "keytabFileGroupName", "keytabFileGroupAccess", - "true", "false"); + "true"); writer.close(); Assert.assertTrue(writer.isClosed()); @@ -179,7 +179,7 @@ public class KerberosIdentityDataFileTest { "principal", "principal_type", "keytabFilePath", "keytabFileOwnerName", "keytabFileOwnerAccess", "keytabFileGroupName", "keytabFileGroupAccess", - "true", "false"); + "true"); writer.close(); Assert.assertTrue(writer.isClosed()); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java index a43db4d..7bf26c5 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java @@ -32,6 +32,8 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; +import javax.persistence.EntityManager; + import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.actionmanager.HostRoleCommand; import org.apache.ambari.server.actionmanager.HostRoleStatus; @@ -51,6 +53,7 @@ import org.junit.Test; import com.google.inject.AbstractModule; import com.google.inject.Guice; import com.google.inject.Injector; +import com.google.inject.Provider; import junit.framework.Assert; @@ -76,6 +79,8 @@ public class KerberosServerActionTest { @Override protected void configure() { bind(KerberosHelper.class).toInstance(createNiceMock(KerberosHelper.class)); + Provider<EntityManager> entityManagerProvider = createNiceMock(Provider.class); + bind(EntityManager.class).toProvider(entityManagerProvider); bind(KerberosServerAction.class).toInstance(new KerberosServerAction() { @Override @@ -120,7 +125,7 @@ public class KerberosServerActionTest { "principal|_HOST|_REALM" + i, "principal_type", "keytabFilePath" + i, "keytabFileOwnerName" + i, "keytabFileOwnerAccess" + i, "keytabFileGroupName" + i, "keytabFileGroupAccess" + i, - "false", "false"); + "false"); } writer.close(); @@ -202,8 +207,7 @@ public class KerberosServerActionTest { Assert.assertEquals(HostRoleStatus.COMPLETED.toString(), report.getStatus()); for (Map.Entry<String, Object> entry : sharedMap.entrySet()) { - Assert.assertEquals(entry.getValue(), - entry.getKey().replace("_HOST", "hostName").replace("_REALM", "REALM.COM")); + Assert.assertEquals(entry.getValue(), entry.getKey()); } verify(kerberosHelper); http://git-wip-us.apache.org/repos/asf/ambari/blob/d03c24b9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java index a7bf33c..a08f7a0 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/PreconfigureKerberosActionTest.java @@ -70,8 +70,11 @@ import org.apache.ambari.server.metadata.CachedRoleCommandOrderProvider; import org.apache.ambari.server.metadata.RoleCommandOrderProvider; import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.ArtifactDAO; +import org.apache.ambari.server.orm.dao.HostDAO; import org.apache.ambari.server.orm.dao.HostRoleCommandDAO; import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO; +import org.apache.ambari.server.orm.entities.HostEntity; +import org.apache.ambari.server.orm.entities.KerberosKeytabEntity; import org.apache.ambari.server.orm.entities.RepositoryVersionEntity; import org.apache.ambari.server.orm.entities.UpgradeEntity; import org.apache.ambari.server.security.encryption.CredentialStoreService; @@ -179,6 +182,12 @@ public class PreconfigureKerberosActionTest extends EasyMockSupport { Injector injector = getInjector(); + HostDAO hostDAO = injector.getInstance(HostDAO.class); + EntityManager entityManager = injector.getInstance(EntityManager.class); + + expect(hostDAO.findByName(anyString())).andReturn(createNiceMock(HostEntity.class)).anyTimes(); + expect(entityManager.find(eq(KerberosKeytabEntity.class), anyString())).andReturn(createNiceMock(KerberosKeytabEntity.class)).anyTimes(); + ExecutionCommand executionCommand = createMockExecutionCommand(getDefaultCommandParams()); UpgradeEntity upgradeProgress = createMock(UpgradeEntity.class); @@ -590,6 +599,7 @@ public class PreconfigureKerberosActionTest extends EasyMockSupport { bind(Clusters.class).toInstance(createMock(Clusters.class)); bind(StackAdvisorHelper.class).toInstance(createMock(StackAdvisorHelper.class)); bind(ConfigHelper.class).toInstance(createMock(ConfigHelper.class)); + bind(HostDAO.class).toInstance(createMock(HostDAO.class)); } }); }
