This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new bf7ce08 [AMBARI-23332] Recommend SSO configuration values for ATLAS
and RANGER in the stack advisor
bf7ce08 is described below
commit bf7ce08399c07ac60c43f9d66f9f8f69719dfccc
Author: Robert Levas <[email protected]>
AuthorDate: Thu Mar 29 12:42:44 2018 -0400
[AMBARI-23332] Recommend SSO configuration values for ATLAS and RANGER in
the stack advisor
---
.../stacks/HDP/2.6/services/ATLAS/metainfo.xml | 6 +++
.../stacks/HDP/2.6/services/RANGER/metainfo.xml | 6 +++
.../stacks/HDP/2.6/services/stack_advisor.py | 46 +++++++++++++++-------
.../main/resources/stacks/ambari_configuration.py | 15 ++++++-
.../python/stacks/test_ambari_configuration.py | 6 +++
5 files changed, 62 insertions(+), 17 deletions(-)
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/metainfo.xml
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/metainfo.xml
index 3a57a47..79f6370 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/metainfo.xml
+++
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/metainfo.xml
@@ -32,6 +32,12 @@
<config-type>hdfs-site</config-type>
<config-type>core-site</config-type>
</configuration-dependencies>
+
+ <sso>
+ <supported>true</supported>
+
<enabledConfiguration>application-properties/atlas.sso.knox.enabled</enabledConfiguration>
+ </sso>
+
</service>
</services>
</metainfo>
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
index 3516bef..ba41b29 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
+++
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
@@ -25,6 +25,12 @@
<name>RANGER</name>
<extends>common-services/RANGER/0.7.0</extends>
<version>0.7.0</version>
+
+ <sso>
+ <supported>true</supported>
+
<enabledConfiguration>ranger-admin-site/ranger.sso.enabled</enabledConfiguration>
+ </sso>
+
</service>
</services>
</metainfo>
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
index 7338eda..7c9527c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py
@@ -114,19 +114,20 @@ class HDP26StackAdvisor(HDP25StackAdvisor):
knox_port =
services['configurations']["gateway-site"]["properties"]['gateway.port']
putAtlasApplicationProperty('atlas.sso.knox.providerurl',
'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port))
- # If SSO should be enabled for this service
- if ambari_configuration.should_enable_sso('ATLAS'):
- putAtlasApplicationProperty('atlas.sso.knox.enabled', "true")
+ if ambari_configuration and ambari_configuration.is_managing_services():
+ # If SSO should be enabled for this service
+ if ambari_configuration.should_enable_sso('ATLAS'):
+ putAtlasApplicationProperty('atlas.sso.knox.enabled', "true")
- ambari_sso_details = ambari_configuration.get_ambari_sso_details()
- if ambari_sso_details:
- putAtlasApplicationProperty('atlas.sso.knox.providerurl',
ambari_sso_details.get_jwt_provider_url())
- putAtlasApplicationProperty('atlas.sso.knox.publicKey',
ambari_sso_details.get_jwt_public_key(False, True))
- putAtlasApplicationProperty('atlas.sso.knox.browser.useragent',
'Mozilla,Chrome')
+ ambari_sso_details = ambari_configuration.get_ambari_sso_details()
+ if ambari_sso_details:
+ putAtlasApplicationProperty('atlas.sso.knox.providerurl',
ambari_sso_details.get_jwt_provider_url())
+ putAtlasApplicationProperty('atlas.sso.knox.publicKey',
ambari_sso_details.get_jwt_public_key(False, True))
+ putAtlasApplicationProperty('atlas.sso.knox.browser.useragent',
'Mozilla,chrome')
- # If SSO should be disabled for this service
- elif ambari_configuration.should_disable_sso('ATLAS'):
- putAtlasApplicationProperty('atlas.sso.knox.enabled', "false")
+ # If SSO should be disabled for this service
+ elif ambari_configuration.should_disable_sso('ATLAS'):
+ putAtlasApplicationProperty('atlas.sso.knox.enabled', "false")
# Set the proxy user
knox_service_user =
services['configurations']['knox-env']['properties']['knox_user'] \
@@ -560,13 +561,28 @@ class HDP26StackAdvisor(HDP25StackAdvisor):
self.recommendRangerConfigurationsForSSO(configurations, clusterData,
services, hosts)
+
def recommendRangerConfigurationsForSSO(self, configurations, clusterData,
services, hosts):
ambari_configuration = self.get_ambari_configuration(services)
- # If SSO should be enabled for this service, continue
- if ambari_configuration.should_enable_sso('RANGER'):
- #TODO: See AMBARI-23332
- pass
+ if ambari_configuration and ambari_configuration.is_managing_services():
+ putRangerAdminSiteProperty = self.putProperty(configurations,
"ranger-admin-site", services)
+
+ # If SSO should be enabled for this service, continue
+ if ambari_configuration.should_enable_sso('RANGER'):
+ putRangerAdminSiteProperty('ranger.sso.enabled', "true")
+
+ ambari_sso_details = ambari_configuration.get_ambari_sso_details()
+ if ambari_sso_details:
+ putRangerAdminSiteProperty('ranger.sso.providerurl',
ambari_sso_details.get_jwt_provider_url())
+ putRangerAdminSiteProperty('ranger.sso.publicKey',
ambari_sso_details.get_jwt_public_key(False, True))
+ putRangerAdminSiteProperty('ranger.sso.cookiename',
ambari_sso_details.get_jwt_cookie_name())
+ putRangerAdminSiteProperty('ranger.sso.browser.useragent',
'Mozilla,chrome')
+
+ # If SSO should be disabled for this service
+ elif ambari_configuration.should_disable_sso('RANGER'):
+ putRangerAdminSiteProperty('ranger.sso.enabled', "false")
+
def validateRangerUsersyncConfigurations(self, properties,
recommendedDefaults, configurations, services, hosts):
ranger_usersync_properties = properties
diff --git a/ambari-server/src/main/resources/stacks/ambari_configuration.py
b/ambari-server/src/main/resources/stacks/ambari_configuration.py
index e77ce92..3c007f1 100644
--- a/ambari-server/src/main/resources/stacks/ambari_configuration.py
+++ b/ambari-server/src/main/resources/stacks/ambari_configuration.py
@@ -130,6 +130,17 @@ class AmbariConfiguration(object):
"""
return
self.get_category_property_value(self.get_ambari_sso_configuration(),
property_name)
+ def is_managing_services(self):
+ """
+ Tests the configuration data to determine if Ambari should be configuring
servcies to enable SSO integration.
+
+ The relevant property is "sso-configuration/ambari.sso.manage_services",
which is expected
+ to be a "true" or "false".
+
+ :return: True, if Ambari should manage services' SSO configurations
+ """
+ return "true" ==
self.get_ambari_sso_configuration_value("ambari.sso.manage_services")
+
def get_services_to_enable(self):
"""
Safely gets the list of services that Ambari should enabled for SSO.
@@ -155,7 +166,7 @@ class AmbariConfiguration(object):
:param service_name: the name of the service to test
:return: True, if SSO should be enabled; False, otherwise
"""
- if "true" ==
self.get_ambari_sso_configuration_value("ambari.sso.manage_services"):
+ if self.is_managing_services():
services_to_enable = self.get_services_to_enable()
return "*" in services_to_enable or service_name.lower() in
services_to_enable
else:
@@ -172,7 +183,7 @@ class AmbariConfiguration(object):
:param service_name: the name of the service to test
:return: true, if SSO should be disabled; false, otherwise
"""
- if "true" ==
self.get_ambari_sso_configuration_value("ambari.sso.manage_services"):
+ if self.is_managing_services():
services_to_enable = self.get_services_to_enable()
return "*" not in services_to_enable and service_name.lower() not in
services_to_enable
else:
diff --git a/ambari-server/src/test/python/stacks/test_ambari_configuration.py
b/ambari-server/src/test/python/stacks/test_ambari_configuration.py
index bd62265..43d559f 100644
--- a/ambari-server/src/test/python/stacks/test_ambari_configuration.py
+++ b/ambari-server/src/test/python/stacks/test_ambari_configuration.py
@@ -96,6 +96,7 @@ class TestAmbariConfiguration(TestCase):
ambari_configuration = self.ambari_configuration_class(services_json)
self.assertIsNotNone(ambari_configuration.get_ambari_sso_configuration())
self.assertEquals("AMBARI",
ambari_configuration.get_ambari_sso_configuration_value("ambari.sso.enabled_services"))
+ self.assertFalse(ambari_configuration.is_managing_services())
self.assertFalse(ambari_configuration.should_enable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_disable_sso("AMBARI"))
@@ -111,6 +112,7 @@ class TestAmbariConfiguration(TestCase):
ambari_configuration = self.ambari_configuration_class(services_json)
self.assertIsNotNone(ambari_configuration.get_ambari_sso_configuration())
self.assertEquals("AMBARI, RANGER",
ambari_configuration.get_ambari_sso_configuration_value("ambari.sso.enabled_services"))
+ self.assertFalse(ambari_configuration.is_managing_services())
self.assertFalse(ambari_configuration.should_enable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_disable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_enable_sso("RANGER"))
@@ -128,6 +130,7 @@ class TestAmbariConfiguration(TestCase):
ambari_configuration = self.ambari_configuration_class(services_json)
self.assertIsNotNone(ambari_configuration.get_ambari_sso_configuration())
self.assertEquals("*",
ambari_configuration.get_ambari_sso_configuration_value("ambari.sso.enabled_services"))
+ self.assertFalse(ambari_configuration.is_managing_services())
self.assertFalse(ambari_configuration.should_enable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_disable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_enable_sso("RANGER"))
@@ -146,6 +149,7 @@ class TestAmbariConfiguration(TestCase):
ambari_configuration = self.ambari_configuration_class(services_json)
self.assertIsNotNone(ambari_configuration.get_ambari_sso_configuration())
self.assertEquals("AMBARI",
ambari_configuration.get_ambari_sso_configuration_value("ambari.sso.enabled_services"))
+ self.assertTrue(ambari_configuration.is_managing_services())
self.assertTrue(ambari_configuration.should_enable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_disable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_enable_sso("RANGER"))
@@ -163,6 +167,7 @@ class TestAmbariConfiguration(TestCase):
ambari_configuration = self.ambari_configuration_class(services_json)
self.assertIsNotNone(ambari_configuration.get_ambari_sso_configuration())
self.assertEquals("AMBARI, RANGER",
ambari_configuration.get_ambari_sso_configuration_value("ambari.sso.enabled_services"))
+ self.assertTrue(ambari_configuration.is_managing_services())
self.assertTrue(ambari_configuration.should_enable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_disable_sso("AMBARI"))
self.assertTrue(ambari_configuration.should_enable_sso("RANGER"))
@@ -180,6 +185,7 @@ class TestAmbariConfiguration(TestCase):
ambari_configuration = self.ambari_configuration_class(services_json)
self.assertIsNotNone(ambari_configuration.get_ambari_sso_configuration())
self.assertEquals("*",
ambari_configuration.get_ambari_sso_configuration_value("ambari.sso.enabled_services"))
+ self.assertTrue(ambari_configuration.is_managing_services())
self.assertTrue(ambari_configuration.should_enable_sso("AMBARI"))
self.assertFalse(ambari_configuration.should_disable_sso("AMBARI"))
self.assertTrue(ambari_configuration.should_enable_sso("RANGER"))
--
To stop receiving notification emails like this one, please contact
[email protected].