This is an automated email from the ASF dual-hosted git repository. rlevas pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new 55ae952 [AMBARI-23185] Added a new CLI option in the setup-ldap tool to indicate whether to force LDAP auth method even if another one - or none at all - is already configured (#615) 55ae952 is described below commit 55ae952958c9cd7bc526f2e0d5fa859a667dc8f2 Author: smolnar82 <34065904+smolna...@users.noreply.github.com> AuthorDate: Mon Mar 12 19:42:26 2018 +0100 [AMBARI-23185] Added a new CLI option in the setup-ldap tool to indicate whether to force LDAP auth method even if another one - or none at all - is already configured (#615) * AMBARI-23185. Enabled TestAmbariServer and fixed errors * AMBARI-23185. Added a new CLI option in the setup-ldap tool to indicate wheter to force LDAP ayth method even if another one - or none at all - is already configured * AMBARI-23185. Using better option name for LDAP setup enforcment and make it boolean * AMBARI-23185. In case there is not authentication method is configured we default the setup question to 'y' * AMBARI-23185. Code cleaning --- ambari-server/src/main/python/ambari-server.py | 1 + .../src/main/python/ambari_server/setupSecurity.py | 20 ++++--- ambari-server/src/test/python/TestAmbariServer.py | 61 +++++++++++++++++++++- 3 files changed, 72 insertions(+), 10 deletions(-) diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index 57ad80e..fe11bf4 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -567,6 +567,7 @@ def init_ldap_setup_parser_options(parser): parser.add_option('--ldap-sync-username-collisions-behavior', default=None, help="Handling behavior for username collisions [convert/skip] for LDAP sync", dest="ldap_sync_username_collisions_behavior") parser.add_option('--ldap-force-lowercase-usernames', default=None, help="Declares whether to force the ldap user name to be lowercase or leave as-is", dest="ldap_force_lowercase_usernames") parser.add_option('--ldap-pagination-enabled', default=None, help="Determines whether results from LDAP are paginated when requested", dest="ldap_pagination_enabled") + parser.add_option('--ldap-force-setup', action="store_true", default=False, help="Forces the use of LDAP even if other (i.e. PAM) authentication method is configured already or if there is no authentication method configured at all", dest="ldap_force_setup") parser.add_option('--ambari-admin-username', default=None, help="Ambari Admin username for LDAP setup", dest="ambari_admin_username") parser.add_option('--ambari-admin-password', default=None, help="Ambari Admin password for LDAP setup", dest="ambari_admin_password") diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py index bb21100..f30915b 100644 --- a/ambari-server/src/main/python/ambari_server/setupSecurity.py +++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py @@ -84,6 +84,7 @@ LDAP_MGR_USERNAME_PROPERTY = "ambari.ldap.connectivity.bind_dn" LDAP_MGR_PASSWORD_FILENAME = "ldap-password.dat" LDAP_ANONYMOUS_BIND="ambari.ldap.connectivity.anonymous_bind" LDAP_USE_SSL="ambari.ldap.connectivity.use_ssl" +NO_AUTH_METHOD_CONFIGURED = "no auth method" def read_master_key(isReset=False, options = None): passwordPattern = ".*" @@ -716,14 +717,17 @@ def setup_ldap(options): err = 'Ambari Server is not running.' raise FatalException(1, err) - current_client_security = get_value_from_properties(properties,CLIENT_SECURITY,"no auth method") - if current_client_security != 'ldap': - query = "Currently '" + current_client_security + "' is configured, do you wish to use LDAP instead [y/n] (n)? " - if get_YN_input(query, False): - pass - else: - err = "Currently '" + current_client_security + "' configured. Can not setup LDAP." - raise FatalException(1, err) + enforce_ldap = options.ldap_force_setup if options.ldap_force_setup is not None else False + if not enforce_ldap: + current_client_security = get_value_from_properties(properties, CLIENT_SECURITY, NO_AUTH_METHOD_CONFIGURED) + if current_client_security != 'ldap': + query = "Currently '{0}' is configured, do you wish to use LDAP instead [y/n] ({1})? " + ldap_setup_default = 'y' if current_client_security == NO_AUTH_METHOD_CONFIGURED else 'n' + if get_YN_input(query.format(current_client_security, ldap_setup_default), ldap_setup_default == 'y'): + pass + else: + err = "Currently '" + current_client_security + "' configured. Can not setup LDAP." + raise FatalException(1, err) isSecure = get_is_secure(properties) diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py index e7e8475..61bfeed 100644 --- a/ambari-server/src/test/python/TestAmbariServer.py +++ b/ambari-server/src/test/python/TestAmbariServer.py @@ -136,7 +136,7 @@ CURR_AMBARI_VERSION = "2.0.0" @patch.object(platform, "linux_distribution", new = MagicMock(return_value=('Redhat', '6.4', 'Final'))) @patch("ambari_server.dbConfiguration_linux.get_postgre_hba_dir", new = MagicMock(return_value = "/var/lib/pgsql/data")) @patch("ambari_server.dbConfiguration_linux.get_postgre_running_status", new = MagicMock(return_value = "running")) -class TestAmbariServer:#(TestCase): +class TestAmbariServer(TestCase): def setUp(self): out = StringIO.StringIO() sys.stdout = out @@ -3171,7 +3171,7 @@ class TestAmbariServer:#(TestCase): pass @not_for_platform(PLATFORM_WINDOWS) - @patch("subprocess.Popen") + @patch.object(subprocess32, "Popen") def test_check_ambari_java_version_is_valid(self, popenMock): # case 1: jdk7 is picked for stacks properties = Properties() @@ -7590,6 +7590,62 @@ class TestAmbariServer:#(TestCase): sys.stdout = sys.__stdout__ pass + @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value)) + @patch("urllib2.urlopen") + @patch("ambari_server.setupSecurity.get_YN_input") + @patch("ambari_server.setupSecurity.get_validated_string_input") + @patch("ambari_server.setupSecurity.get_ambari_properties") + @patch("ambari_server.setupSecurity.is_server_runing") + def test_setup_ldap_enforcement_cli_option(self, is_server_runing_method, get_ambari_properties_method, + get_validated_string_input_method, get_YN_input_method, urlopen_method): + out = StringIO.StringIO() + sys.stdout = out + + is_server_runing_method.return_value = (True, 0) + + def yn_input_side_effect(*args, **kwargs): + if 'do you wish to use LDAP instead' in args[0]: + raise Exception("ShouldNotBeInvoked") # should not be asked + else: + return False if 'TrustStore' in args[0] else True + + get_YN_input_method.side_effect = yn_input_side_effect + get_ambari_properties_method.return_value = Properties() + + def valid_input_side_effect(*args, **kwargs): + if 'lower-case' in args[0] or 'paginated' in args[0]: + return 'false' + if 'Bind anonymously' in args[0]: + return 'true' + if 'username collisions' in args[0]: + return 'skip' + if 'URL Port' in args[0]: + return '1' + if 'Ambari Admin' in args[0]: + return 'admin' + if 'Primary URL' in args[0]: + return kwargs['answer'] + if args[1] == "true" or args[1] == "false": + return args[1] + else: + return "test" + + get_validated_string_input_method.side_effect = valid_input_side_effect + + response = MagicMock() + response.getcode.return_value = 200 + urlopen_method.return_value = response + + options = self._create_empty_options_mock() + options.ldap_force_setup = True + + setup_ldap(options) + + self.assertTrue(urlopen_method.called) + + sys.stdout = sys.__stdout__ + pass + @patch("urllib2.urlopen") @patch("ambari_server.setupSecurity.get_validated_string_input") @patch("ambari_server.setupSecurity.get_ambari_properties") @@ -8674,6 +8730,7 @@ class TestAmbariServer:#(TestCase): options.ldap_save_settings = None options.ldap_referral = None options.ldap_bind_anonym = None + options.ldap_force_setup = None options.ambari_admin_username = None options.ambari_admin_password = None options.ldap_sync_admin_name = None -- To stop receiving notification emails like this one, please contact rle...@apache.org.