This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new fb70edd [AMBARI-24923] Create tproxy-configuration category in Ambari
Configurations data (#2645)
fb70edd is described below
commit fb70eddf5000e9b86302f67404c68385eb1010bb
Author: Robert Levas <[email protected]>
AuthorDate: Thu Nov 22 06:50:11 2018 -0500
[AMBARI-24923] Create tproxy-configuration category in Ambari
Configurations data (#2645)
* [AMBARI-24923] Create tproxy-configuration category in Ambari
Configurations data
* [AMBARI-24923] Create tproxy-configuration category in Ambari
Configurations data
---
.../AmbariServerConfigurationCategory.java | 9 +-
.../AmbariServerConfigurationKey.java | 155 ++++++++++++---------
.../configuration/ConfigurationPropertyType.java | 2 +-
.../internal/AmbariServerConfigurationHandler.java | 10 +-
.../internal/AmbariServerConfigurationUtils.java | 92 ++++++++++--
...erviceComponentConfigurationHandlerFactory.java | 5 +
.../ads/DefaultLdapAttributeDetectionService.java | 5 +-
.../AmbariServerConfigurationKeyTest.java | 60 ++++++++
.../AmbariServerConfigurationHandlerTest.java | 30 +++-
.../AmbariServerConfigurationUtilsTest.java | 129 +++++++++++++++++
10 files changed, 409 insertions(+), 88 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java
index aa166c7..520e472 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationCategory.java
@@ -19,6 +19,8 @@
package org.apache.ambari.server.configuration;
import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* AmbariServerConfigurationCategory is an enumeration of the different Ambari
server specific
@@ -26,8 +28,10 @@ import org.apache.commons.lang.StringUtils;
*/
public enum AmbariServerConfigurationCategory {
LDAP_CONFIGURATION("ldap-configuration"),
- SSO_CONFIGURATION("sso-configuration");
+ SSO_CONFIGURATION("sso-configuration"),
+ TPROXY_CONFIGURATION("tproxy-configuration");
+ private static final Logger LOG =
LoggerFactory.getLogger(AmbariServerConfigurationCategory.class);
private final String categoryName;
AmbariServerConfigurationCategory(String categoryName) {
@@ -54,7 +58,8 @@ public enum AmbariServerConfigurationCategory {
}
}
- throw new IllegalArgumentException(String.format("Invalid Ambari server
configuration category name: %s", categoryName));
+ LOG.warn("Invalid Ambari server configuration category: {}", categoryName);
+ return null;
}
/**
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
index 05caa75..5603d46 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
@@ -17,6 +17,10 @@ package org.apache.ambari.server.configuration;
import static
org.apache.ambari.server.configuration.ConfigurationPropertyType.PASSWORD;
import static
org.apache.ambari.server.configuration.ConfigurationPropertyType.PLAINTEXT;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
/**
* Constants representing supported LDAP related property names
*/
@@ -25,87 +29,98 @@ public enum AmbariServerConfigurationKey {
/* ********************************************************
* LDAP Configuration Keys
* ******************************************************** */
-
AMBARI_MANAGES_LDAP_CONFIGURATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.manage_services", PLAINTEXT, "false", "A Boolean value indicating
whether Ambari is to manage the LDAP configuration for services or not."),
- LDAP_ENABLED_SERVICES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.enabled_services", PLAINTEXT, null, "A comma-delimited list of
services that are expected to be configured for LDAP. A \"*\" indicates all
services."),
-
- LDAP_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.authentication.enabled", PLAINTEXT, "false", "An internal property
used for unit testing and development purposes."),
- SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.server.host", PLAINTEXT, "localhost", "The LDAP URL
host used for connecting to an LDAP server when authenticating users."),
- SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.server.port", PLAINTEXT, "33389", "The LDAP URL port
used for connecting to an LDAP server when authenticating users."),
- SECONDARY_SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.secondary.server.host", PLAINTEXT, null, "A second
LDAP URL host to use as a backup when authenticating users."),
- SECONDARY_SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.secondary.server.port", PLAINTEXT, null, "A second
LDAP URL port to use as a backup when authenticating users."),
- USE_SSL(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.use_ssl", PLAINTEXT, "false", "Determines whether to
use LDAP over SSL (LDAPS)."),
-
- TRUST_STORE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store", PLAINTEXT, "", ""), //TODO
- TRUST_STORE_TYPE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store.type", PLAINTEXT, null, "The type of
truststore used by the 'javax.net.ssl.trustStoreType' property."),
- TRUST_STORE_PATH(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store.path", PLAINTEXT, null, "The location of
the truststore to use when setting the 'javax.net.ssl.trustStore' property."),
- TRUST_STORE_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store.password", PASSWORD, null, "The password
to use when setting the 'javax.net.ssl.trustStorePassword' property"),
- ANONYMOUS_BIND(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.anonymous_bind", PLAINTEXT, "true", "Determines
whether LDAP requests can connect anonymously or if a managed user is required
to connect."),
-
- BIND_DN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.bind_dn", PLAINTEXT, null, "The DN of the manager
account to use when binding to LDAP if anonymous binding is disabled."),
- BIND_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.bind_password", PASSWORD, null, "The password for the
manager account used to bind to LDAP if anonymous binding is disabled."),
-
- ATTR_DETECTION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.detection", PLAINTEXT, "", ""), //TODO
-
- DN_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.dn_attr", PLAINTEXT, "dn", "The attribute used for
determining what the distinguished name property is."),
-
- USER_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.object_class", PLAINTEXT, "person", "The class to
which user objects in LDAP belong."),
- USER_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.name_attr", PLAINTEXT, "uid", "The attribute used
for determining the user name, such as 'uid'."),
-
USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "", ""), //TODO
- USER_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.search_base", PLAINTEXT,
"dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and
groups. This is only used when LDAP authentication is enabled."),
- USER_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.search_user_base", PLAINTEXT,
"ou=people,dc=ambari,dc=apache,dc=org", "The filter used when searching for
users in LDAP."),
-
- GROUP_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.object_class", PLAINTEXT, "posixGroup",
"Specifies the LDAP object class value that defines groups in the directory
service."),
- GROUP_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.name_attr", PLAINTEXT, "cn", "The attribute used
to determine the group name in LDAP."),
- GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.member_attr", PLAINTEXT, "member", "The LDAP
attribute which identifies group membership."),
- GROUP_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.search_base", PLAINTEXT,
"dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and
groups. This is only used when LDAP authentication is enabled."),
- GROUP_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.search_group_base", PLAINTEXT,
"ou=groups,dc=ambari,dc=apache,dc=org", "The filter used when searching for
groups in LDAP."),
-
- USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.user_search_filter", PLAINTEXT,
"(&({usernameAttribute}={0})(objectClass={userObjectClass}))", "A filter used
to lookup a user in LDAP based on the Ambari user name."),
-
USER_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.user_member_replace_pattern", PLAINTEXT, "", "Regex
pattern to use when replacing the user member attribute ID value with a
placeholder. This is used in cases where a UID of an LDAP member is not a full
CN or unique ID (e.g.: 'member:
<SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')"),
- USER_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.user_member_filter", PLAINTEXT, "", "Filter to use for
syncing user members of a group from LDAP (by default it is not used). For
example: (&(objectclass=posixaccount)(uid={member}))"),
-
-
ALTERNATE_USER_SEARCH_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.alternate_user_search_enabled", PLAINTEXT, "false",
"Determines whether a secondary (alternate) LDAP user search filer is used if
the primary filter fails to find a user."),
-
ALTERNATE_USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.alternate_user_search_filter", PLAINTEXT,
"(&(userPrincipalName={0})(objectClass={userObjectClass}))", "An alternate LDAP
user search filter which can be used if
'authentication.ldap.alternateUserSearchEnabled' is enabled and the primary
filter fails to find a user."),
-
- GROUP_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_search_filter", PLAINTEXT, "", "The DN to use when
searching for LDAP groups."),
-
GROUP_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_member_replace_pattern", PLAINTEXT, "", "Regex
pattern to use when replacing the group member attribute ID value with a
placeholder. This is used in cases where a UID of an LDAP member is not a full
CN or unique ID (e.g.: 'member:
<SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')"),
- GROUP_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_member_filter", PLAINTEXT, "", "Filter to use for
syncing group members of a group from LDAP. (by default it is not used). For
example: (&(objectclass=posixgroup)(cn={member}))"),
- GROUP_MAPPING_RULES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_mapping_rules", PLAINTEXT, "Ambari Administrators",
"A comma-separate list of groups which would give a user administrative access
to Ambari when syncing from LDAP. This is only used when
'authorization.ldap.groupSearchFilter' is blank. For instance: Hadoop Admins,
Hadoop Admins.*, DC Admins, .*Hadoop Operators"),
-
-
FORCE_LOWERCASE_USERNAMES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.force_lowercase_usernames", PLAINTEXT, "", "Declares
whether to force the ldap user name to be lowercase or leave as-is.\nThis is
useful when local user names are expected to be lowercase but the LDAP user
names are not."),
- REFERRAL_HANDLING(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.referrals", PLAINTEXT, "follow", "Determines whether to
follow LDAP referrals to other URLs when the LDAP controller doesn't have the
requested object."),
- PAGINATION_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.pagination_enabled", PLAINTEXT, "true", "Determines
whether results from LDAP are paginated when requested."),
- COLLISION_BEHAVIOR(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.collision_behavior", PLAINTEXT, "convert", "Determines
how to handle username collision while updating from LDAP."),
-
DISABLE_ENDPOINT_IDENTIFICATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.disable_endpoint_identification", PLAINTEXT, "false",
"Determines whether to disable endpoint identification (hostname verification)
during SSL handshake while updating from LDAP."),
+
AMBARI_MANAGES_LDAP_CONFIGURATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.manage_services", PLAINTEXT, "false", "A Boolean value indicating
whether Ambari is to manage the LDAP configuration for services or not.",
false),
+ LDAP_ENABLED_SERVICES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.enabled_services", PLAINTEXT, null, "A comma-delimited list of
services that are expected to be configured for LDAP. A \"*\" indicates all
services.", false),
+
+ LDAP_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.authentication.enabled", PLAINTEXT, "false", "An internal property
used for unit testing and development purposes.", false),
+ SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.server.host", PLAINTEXT, "localhost", "The LDAP URL
host used for connecting to an LDAP server when authenticating users.", false),
+ SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.server.port", PLAINTEXT, "33389", "The LDAP URL port
used for connecting to an LDAP server when authenticating users.", false),
+ SECONDARY_SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.secondary.server.host", PLAINTEXT, null, "A second
LDAP URL host to use as a backup when authenticating users.", false),
+ SECONDARY_SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.secondary.server.port", PLAINTEXT, null, "A second
LDAP URL port to use as a backup when authenticating users.", false),
+ USE_SSL(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.use_ssl", PLAINTEXT, "false", "Determines whether to
use LDAP over SSL (LDAPS).", false),
+
+ TRUST_STORE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store", PLAINTEXT, "", "", false), //TODO
+ TRUST_STORE_TYPE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store.type", PLAINTEXT, null, "The type of
truststore used by the 'javax.net.ssl.trustStoreType' property.", false),
+ TRUST_STORE_PATH(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store.path", PLAINTEXT, null, "The location of
the truststore to use when setting the 'javax.net.ssl.trustStore' property.",
false),
+ TRUST_STORE_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.trust_store.password", PASSWORD, null, "The password
to use when setting the 'javax.net.ssl.trustStorePassword' property", false),
+ ANONYMOUS_BIND(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.anonymous_bind", PLAINTEXT, "true", "Determines
whether LDAP requests can connect anonymously or if a managed user is required
to connect.", false),
+
+ BIND_DN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.bind_dn", PLAINTEXT, null, "The DN of the manager
account to use when binding to LDAP if anonymous binding is disabled.", false),
+ BIND_PASSWORD(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.connectivity.bind_password", PASSWORD, null, "The password for the
manager account used to bind to LDAP if anonymous binding is disabled.", false),
+
+ ATTR_DETECTION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.detection", PLAINTEXT, "", "", false), //TODO
+
+ DN_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.dn_attr", PLAINTEXT, "dn", "The attribute used for
determining what the distinguished name property is.", false),
+
+ USER_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.object_class", PLAINTEXT, "person", "The class to
which user objects in LDAP belong.", false),
+ USER_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.name_attr", PLAINTEXT, "uid", "The attribute used
for determining the user name, such as 'uid'.", false),
+
USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "", "", false),
//TODO
+ USER_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.search_base", PLAINTEXT,
"dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and
groups. This is only used when LDAP authentication is enabled.", false),
+ USER_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.search_user_base", PLAINTEXT,
"ou=people,dc=ambari,dc=apache,dc=org", "The filter used when searching for
users in LDAP.", false),
+
+ GROUP_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.object_class", PLAINTEXT, "posixGroup",
"Specifies the LDAP object class value that defines groups in the directory
service.", false),
+ GROUP_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.name_attr", PLAINTEXT, "cn", "The attribute used
to determine the group name in LDAP.", false),
+ GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.member_attr", PLAINTEXT, "member", "The LDAP
attribute which identifies group membership.", false),
+ GROUP_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.search_base", PLAINTEXT,
"dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and
groups. This is only used when LDAP authentication is enabled.", false),
+ GROUP_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.group.search_group_base", PLAINTEXT,
"ou=groups,dc=ambari,dc=apache,dc=org", "The filter used when searching for
groups in LDAP.", false),
+
+ USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.user_search_filter", PLAINTEXT,
"(&({usernameAttribute}={0})(objectClass={userObjectClass}))", "A filter used
to lookup a user in LDAP based on the Ambari user name.", false),
+
USER_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.user_member_replace_pattern", PLAINTEXT, "", "Regex
pattern to use when replacing the user member attribute ID value with a
placeholder. This is used in cases where a UID of an LDAP member is not a full
CN or unique ID (e.g.: 'member:
<SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')", false),
+ USER_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.user_member_filter", PLAINTEXT, "", "Filter to use for
syncing user members of a group from LDAP (by default it is not used). For
example: (&(objectclass=posixaccount)(uid={member}))", false),
+
+
ALTERNATE_USER_SEARCH_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.alternate_user_search_enabled", PLAINTEXT, "false",
"Determines whether a secondary (alternate) LDAP user search filer is used if
the primary filter fails to find a user.", false),
+
ALTERNATE_USER_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.alternate_user_search_filter", PLAINTEXT,
"(&(userPrincipalName={0})(objectClass={userObjectClass}))", "An alternate LDAP
user search filter which can be used if
'authentication.ldap.alternateUserSearchEnabled' is enabled and the primary
filter fails to find a user.", false),
+
+ GROUP_SEARCH_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_search_filter", PLAINTEXT, "", "The DN to use when
searching for LDAP groups.", false),
+
GROUP_MEMBER_REPLACE_PATTERN(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_member_replace_pattern", PLAINTEXT, "", "Regex
pattern to use when replacing the group member attribute ID value with a
placeholder. This is used in cases where a UID of an LDAP member is not a full
CN or unique ID (e.g.: 'member:
<SID=123>;<GID=123>;cn=myCn,dc=org,dc=apache')", false),
+ GROUP_MEMBER_FILTER(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_member_filter", PLAINTEXT, "", "Filter to use for
syncing group members of a group from LDAP. (by default it is not used). For
example: (&(objectclass=posixgroup)(cn={member}))", false),
+ GROUP_MAPPING_RULES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.group_mapping_rules", PLAINTEXT, "Ambari Administrators",
"A comma-separate list of groups which would give a user administrative access
to Ambari when syncing from LDAP. This is only used when
'authorization.ldap.groupSearchFilter' is blank. For instance: Hadoop Admins,
Hadoop Admins.*, DC Admins, .*Hadoop Operators", false),
+
+
FORCE_LOWERCASE_USERNAMES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.force_lowercase_usernames", PLAINTEXT, "", "Declares
whether to force the ldap user name to be lowercase or leave as-is.\nThis is
useful when local user names are expected to be lowercase but the LDAP user
names are not.", false),
+ REFERRAL_HANDLING(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.referrals", PLAINTEXT, "follow", "Determines whether to
follow LDAP referrals to other URLs when the LDAP controller doesn't have the
requested object.", false),
+ PAGINATION_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.pagination_enabled", PLAINTEXT, "true", "Determines
whether results from LDAP are paginated when requested.", false),
+ COLLISION_BEHAVIOR(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.collision_behavior", PLAINTEXT, "convert", "Determines
how to handle username collision while updating from LDAP.", false),
+
DISABLE_ENDPOINT_IDENTIFICATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.advanced.disable_endpoint_identification", PLAINTEXT, "false",
"Determines whether to disable endpoint identification (hostname verification)
during SSL handshake while updating from LDAP.", false),
/* ********************************************************
* SSO Configuration Keys
* ******************************************************** */
- SSO_MANAGE_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.manage_services", PLAINTEXT, "false", "A Boolean value indicating
whether Ambari is to manage the SSO configuration for services or not."),
- SSO_ENABLED_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.enabled_services", PLAINTEXT, null, "A comma-delimited list of
services that are expected to be configured for SSO. A \"*\" indicates all
services."),
+ SSO_MANAGE_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.manage_services", PLAINTEXT, "false", "A Boolean value indicating
whether Ambari is to manage the SSO configuration for services or not.", false),
+ SSO_ENABLED_SERVICES(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.enabled_services", PLAINTEXT, null, "A comma-delimited list of
services that are expected to be configured for SSO. A \"*\" indicates all
services.", false),
+
+ SSO_PROVIDER_URL(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.provider.url", PLAINTEXT, null, "The URL for SSO provider to use in
the absence of a JWT token when handling a JWT request.", false),
+
SSO_PROVIDER_CERTIFICATE(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.provider.certificate", PLAINTEXT, null, "The x509 certificate
containing the public key to use when verifying the authenticity of a JWT token
from the SSO provider.", false),
+
SSO_PROVIDER_ORIGINAL_URL_PARAM_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.provider.originalUrlParamName", PLAINTEXT, "originalUrl", "The
original URL to use when constructing the URL for SSO provider.", false),
- SSO_PROVIDER_URL(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.provider.url", PLAINTEXT, null, "The URL for SSO provider to use in
the absence of a JWT token when handling a JWT request."),
-
SSO_PROVIDER_CERTIFICATE(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.provider.certificate", PLAINTEXT, null, "The x509 certificate
containing the public key to use when verifying the authenticity of a JWT token
from the SSO provider."),
-
SSO_PROVIDER_ORIGINAL_URL_PARAM_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.provider.originalUrlParamName", PLAINTEXT, "originalUrl", "The
original URL to use when constructing the URL for SSO provider."),
+ SSO_JWT_AUDIENCES(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.jwt.audiences", PLAINTEXT, null, "A list of the JWT audiences
expected. Leaving this blank will allow for any audience.", false),
+ SSO_JWT_COOKIE_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.jwt.cookieName", PLAINTEXT, "hadoop-jwt", "The name of the cookie
which will be used to extract the JWT token from the request.", false),
- SSO_JWT_AUDIENCES(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.jwt.audiences", PLAINTEXT, null, "A list of the JWT audiences
expected. Leaving this blank will allow for any audience."),
- SSO_JWT_COOKIE_NAME(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.jwt.cookieName", PLAINTEXT, "hadoop-jwt", "The name of the cookie
which will be used to extract the JWT token from the request."),
+
SSO_AUTHENTICATION_ENABLED(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.authentication.enabled", PLAINTEXT, "false", "Determines whether to
use JWT authentication when logging into Ambari.", false),
-
SSO_AUTHENTICATION_ENABLED(AmbariServerConfigurationCategory.SSO_CONFIGURATION,
"ambari.sso.authentication.enabled", PLAINTEXT, "false", "Determines whether to
use JWT authentication when logging into Ambari.");
+ /* ********************************************************
+ * Trusted Proxy Configuration Keys
+ * ******************************************************** */
+
TPROXY_AUTHENTICATION_ENABLED(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION,
"ambari.tproxy.authentication.enabled", PLAINTEXT, "false", "Determines
whether to allow a proxy user to specifiy a proxied user when logging into
Ambari.", false),
+ TPROXY_ALLOWED_HOSTS(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION,
"ambari\\.tproxy\\.proxyuser\\..+\\.hosts", PLAINTEXT, "*", "List of hosts from
which trusted-proxy user can connect.", true),
+ TPROXY_ALLOWED_USERS(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION,
"ambari\\.tproxy\\.proxyuser\\..+\\.users", PLAINTEXT, "*", "List of users
which the trusted-proxy user can proxy for.", true),
+
TPROXY_ALLOWED_GROUPS(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION,
"ambari\\.tproxy\\.proxyuser\\..+\\.groups", PLAINTEXT, "*", "List of groups
which the trusted-proxy user can proxy user for.", true);
+ private static final Logger LOG =
LoggerFactory.getLogger(AmbariServerConfigurationKey.class);
private final AmbariServerConfigurationCategory configurationCategory;
private final String propertyName;
private final ConfigurationPropertyType configurationPropertyType;
private final String defaultValue;
private final String description;
+ private final boolean regex;
- AmbariServerConfigurationKey(AmbariServerConfigurationCategory
configurationCategory, String propName, ConfigurationPropertyType
configurationPropertyType, String defaultValue, String description) {
+ AmbariServerConfigurationKey(AmbariServerConfigurationCategory
configurationCategory, String propName, ConfigurationPropertyType
configurationPropertyType, String defaultValue, String description, boolean
regex) {
this.configurationCategory = configurationCategory;
this.propertyName = propName;
this.configurationPropertyType = configurationPropertyType;
this.defaultValue = defaultValue;
this.description = description;
+ this.regex = regex;
}
public AmbariServerConfigurationCategory getConfigurationCategory() {
@@ -128,15 +143,23 @@ public enum AmbariServerConfigurationKey {
return description;
}
+ public boolean isRegex() {
+ return regex;
+ }
+
public static AmbariServerConfigurationKey
translate(AmbariServerConfigurationCategory category, String keyName) {
- for (AmbariServerConfigurationKey key : values()) {
- if (key.configurationCategory.equals(category) &&
key.propertyName.equals(keyName)) {
- return key;
+ if (category != null && StringUtils.isNotEmpty(keyName)) {
+ for (AmbariServerConfigurationKey key : values()) {
+ if (key.configurationCategory.equals(category)) {
+ if ((key.regex && keyName.matches(key.propertyName)) ||
key.propertyName.equals(keyName)) {
+ return key;
+ }
+ }
}
}
String categoryName = (category == null) ? "null" :
category.getCategoryName();
- throw new IllegalArgumentException(String.format("Invalid Ambari server
configuration key: %s:%s", categoryName, keyName));
-
+ LOG.warn("Invalid Ambari server configuration key: {}:{}", categoryName,
keyName);
+ return null;
}
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java
index 2e61c19..736a7ad 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/ConfigurationPropertyType.java
@@ -18,5 +18,5 @@ package org.apache.ambari.server.configuration;
* Constants representing types for AMBARI-level properties that are being
stored in the DB
*/
public enum ConfigurationPropertyType {
- PLAINTEXT, PASSWORD;
+ PLAINTEXT, PASSWORD, UNKNOWN;
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java
index a9890c3..6d331ab 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandler.java
@@ -32,6 +32,7 @@ import java.util.stream.Collectors;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.api.services.RootServiceComponentConfiguration;
+import org.apache.ambari.server.configuration.AmbariServerConfigurationKey;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.events.AmbariConfigurationChangedEvent;
@@ -114,7 +115,14 @@ public class AmbariServerConfigurationHandler extends
RootServiceComponentConfig
final Iterator<Map.Entry<String, String>> propertiesIterator =
properties.entrySet().iterator();
while (propertiesIterator.hasNext()) {
Map.Entry<String, String> property = propertiesIterator.next();
- if (AmbariServerConfigurationUtils.isPassword(categoryName,
property.getKey())) {
+
+ // Ensure the incoming property is valid
+ AmbariServerConfigurationKey key =
AmbariServerConfigurationUtils.getConfigurationKey(categoryName,
property.getKey());
+ if(key == null) {
+ throw new IllegalArgumentException(String.format("Invalid Ambari
server configuration key: %s:%s", categoryName, property.getKey()));
+ }
+
+ if (AmbariServerConfigurationUtils.isPassword(key)) {
final String passwordFileOrCredentialStoreAlias =
fetchPasswordFileNameOrCredentialStoreAlias(categoryName, property.getKey());
if (StringUtils.isNotBlank(passwordFileOrCredentialStoreAlias)) { //if
blank -> this is the first time setup; we simply need to store the alias/file
name
if (updatePasswordIfNeeded(categoryName, property.getKey(),
property.getValue())) {
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java
index 104acd6..7d9c50e 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtils.java
@@ -28,33 +28,80 @@ import
org.apache.ambari.server.configuration.ConfigurationPropertyType;
public class AmbariServerConfigurationUtils {
/**
+ * Returns the relevant {@link AmbariServerConfigurationKey}
+ *
* @param category the name of the category
* @param propertyName the name of the property
- * @return the type of the given category/property if such category/property
+ * @return the {@link AmbariServerConfigurationKey representing the given
category/property if such category/property
* exists; {@code null} otherwise
- * @throws IllegalStateException if there is no property found with the
given name
+ */
+ public static AmbariServerConfigurationKey getConfigurationKey(String
category, String propertyName) {
+ return
getConfigurationKey(AmbariServerConfigurationCategory.translate(category),
propertyName);
+ }
+
+ /**
+ * Returns the relevant {@link AmbariServerConfigurationKey}
+ *
+ * @param category the {@link AmbariServerConfigurationCategory}
+ * @param propertyName the name of the property
+ * @return the {@link AmbariServerConfigurationKey representing the given
category/property if such category/property
+ * exists; {@code null} otherwise
+ */
+ public static AmbariServerConfigurationKey
getConfigurationKey(AmbariServerConfigurationCategory category, String
propertyName) {
+ return AmbariServerConfigurationKey.translate(category, propertyName);
+ }
+
+ /**
+ * Returns the {@link ConfigurationPropertyType} for the specified Ambari
Server configuration property
+ *
+ * @param category the name of the category
+ * @param propertyName the name of the property
+ * @return the type of the given category/property if such category/property
+ * exists; {@link ConfigurationPropertyType#UNKNOWN} otherwise
*/
public static ConfigurationPropertyType getConfigurationPropertyType(String
category, String propertyName) {
- return
getConfigurationPropertyType(AmbariServerConfigurationCategory.translate(category),
propertyName);
+ return getConfigurationPropertyType(getConfigurationKey(category,
propertyName));
}
/**
+ * Returns the {@link ConfigurationPropertyType} for the specified Ambari
Server configuration property
+ *
* @param category the category
* @param propertyName the name of the property
* @return the type of the given category/property if such category/property
- * exists; {@code null} otherwise
- * @throws IllegalStateException if there is no property found with the
given name
+ * exists; {@link ConfigurationPropertyType#UNKNOWN} otherwise
*/
public static ConfigurationPropertyType
getConfigurationPropertyType(AmbariServerConfigurationCategory category, String
propertyName) {
- return AmbariServerConfigurationKey.translate(category,
propertyName).getConfigurationPropertyType();
+ return getConfigurationPropertyType(getConfigurationKey(category,
propertyName));
+ }
+
+ /**
+ * Returns the {@link ConfigurationPropertyType} for the specified Ambari
Server configuration property
+ *
+ * @param configurationKey a {@link AmbariServerConfigurationKey}
+ * @return the type of the given category/property if such category/property
+ * exists; {@link ConfigurationPropertyType#UNKNOWN} otherwise
+ */
+ private static ConfigurationPropertyType
getConfigurationPropertyType(AmbariServerConfigurationKey configurationKey) {
+ return (configurationKey == null) ? ConfigurationPropertyType.UNKNOWN :
configurationKey.getConfigurationPropertyType();
}
/**
* @param category the name of the category
* @param propertyName the name of the property
* @return the String representation of the type if such category/property
- * exists; {@code null} otherwise * @throws IllegalStateException if
- * there is no property found with the given name
+ * exists; {@code null} otherwise
+ */
+ public static String
getConfigurationPropertyTypeName(AmbariServerConfigurationCategory category,
String propertyName) {
+ final ConfigurationPropertyType configurationPropertyType =
getConfigurationPropertyType(category, propertyName);
+ return configurationPropertyType == null ? null :
configurationPropertyType.name();
+ }
+
+ /**
+ * @param category the name of the category
+ * @param propertyName the name of the property
+ * @return the String representation of the type if such category/property
+ * exists; {@code null} otherwise
*/
public static String getConfigurationPropertyTypeName(String category,
String propertyName) {
final ConfigurationPropertyType configurationPropertyType =
getConfigurationPropertyType(category, propertyName);
@@ -62,18 +109,37 @@ public class AmbariServerConfigurationUtils {
}
/**
- * Indicates whether the given property's type is
- * <p>
- * {@link ConfigurationPropertyType#PASSWORD}
+ * Indicates whether the given property's type is a {@link
ConfigurationPropertyType#PASSWORD}
*
* @param category the name of the category
* @param propertyName the name of the property
* @return {@code true} in case the given property's type is
* {@link ConfigurationPropertyType#PASSWORD}; {@code false} otherwise
- * @throws IllegalStateException if there is no property found with the
given name
*/
public static boolean isPassword(String category, String propertyName) {
- return
ConfigurationPropertyType.PASSWORD.equals(getConfigurationPropertyType(category,
propertyName));
+ return isPassword(getConfigurationKey(category, propertyName));
}
+ /**
+ * Indicates whether the given property's type is a {@link
ConfigurationPropertyType#PASSWORD}
+ *
+ * @param category the name of the category
+ * @param propertyName the name of the property
+ * @return {@code true} in case the given property's type is
+ * {@link ConfigurationPropertyType#PASSWORD}; {@code false} otherwise
+ */
+ public static boolean isPassword(AmbariServerConfigurationCategory category,
String propertyName) {
+ return isPassword(getConfigurationKey(category, propertyName));
+ }
+
+ /**
+ * Indicates whether the given property's type is a {@link
ConfigurationPropertyType#PASSWORD}
+ *
+ * @param configurationKey the Ambari Server configiration key
+ * @return {@code true} in case the given property's type is
+ * {@link ConfigurationPropertyType#PASSWORD}; {@code false} otherwise
+ */
+ public static boolean isPassword(AmbariServerConfigurationKey
configurationKey) {
+ return
ConfigurationPropertyType.PASSWORD.equals(getConfigurationPropertyType(configurationKey));
+ }
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java
index 309785d..b0bf0cf 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RootServiceComponentConfigurationHandlerFactory.java
@@ -41,6 +41,9 @@ public class RootServiceComponentConfigurationHandlerFactory {
@Inject
private AmbariServerSSOConfigurationHandler ssoConfigurationHandler;
+ @Inject
+ private AmbariServerConfigurationHandler tproxyConfigurationHandler;
+
/**
* Returns the internal configuration handler used to support various
configuration storage facilities.
*
@@ -56,6 +59,8 @@ public class RootServiceComponentConfigurationHandlerFactory {
return ldapConfigurationHandler;
} else if
(AmbariServerConfigurationCategory.SSO_CONFIGURATION.getCategoryName().equals(categoryName))
{
return ssoConfigurationHandler;
+ } else if
(AmbariServerConfigurationCategory.TPROXY_CONFIGURATION.getCategoryName().equals(categoryName))
{
+ return tproxyConfigurationHandler;
} else {
return defaultConfigurationHandler;
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
index eb7a79b..a6050ac 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ads/DefaultLdapAttributeDetectionService.java
@@ -155,7 +155,10 @@ public class DefaultLdapAttributeDetectionService
implements LdapAttributeDetect
for (Map.Entry<String, String> detecteMapEntry :
detectedAttributes.entrySet()) {
LOG.info("Setting detected configuration value: [{}] - > [{}]",
detecteMapEntry.getKey(), detecteMapEntry.getValue());
-
ambariLdapConfiguration.setValueFor(AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
detecteMapEntry.getKey()), detecteMapEntry.getValue());
+ AmbariServerConfigurationKey key =
AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
detecteMapEntry.getKey());
+ if(key != null) {
+ ambariLdapConfiguration.setValueFor(key, detecteMapEntry.getValue());
+ }
}
}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKeyTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKeyTest.java
new file mode 100644
index 0000000..ff92b82
--- /dev/null
+++
b/ambari-server/src/test/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKeyTest.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.configuration;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class AmbariServerConfigurationKeyTest {
+
+ @Test
+ public void testTranslateNullCategory() {
+ Assert.assertNull(AmbariServerConfigurationKey.translate(null,
"some.property"));
+ }
+
+ @Test
+ public void testTranslateNullPropertyName() {
+
Assert.assertNull(AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
null));
+ }
+
+ @Test
+ public void testTranslateInvalidPropertyName() {
+
Assert.assertNull(AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"invalid_property_name"));
+ }
+
+ @Test
+ public void testTranslateExpected() {
+ Assert.assertSame(AmbariServerConfigurationKey.LDAP_ENABLED,
+
AmbariServerConfigurationKey.translate(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
AmbariServerConfigurationKey.LDAP_ENABLED.key()));
+ }
+
+ @Test
+ public void testTranslateRegex() {
+ AmbariServerConfigurationKey keyWithRegex =
AmbariServerConfigurationKey.TPROXY_ALLOWED_HOSTS;
+ Assert.assertTrue(keyWithRegex.isRegex());
+
+ Assert.assertSame(keyWithRegex,
+
AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(),
"ambari.tproxy.proxyuser.knox.hosts"));
+ Assert.assertSame(keyWithRegex,
+
AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(),
"ambari.tproxy.proxyuser.not.knox.hosts"));
+
+ AmbariServerConfigurationKey translatedKey =
AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(),
"ambari.tproxy.proxyuser.not.knox.groups");
+ Assert.assertNotNull(translatedKey);
+ Assert.assertNotSame(keyWithRegex, translatedKey);
+
+
Assert.assertNull(AmbariServerConfigurationKey.translate(keyWithRegex.getConfigurationCategory(),
"ambari.tproxy.proxyuser.not.knox.invalid"));
+ }
+
+}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java
index 4c0082e..25ce41d 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationHandlerTest.java
@@ -22,10 +22,12 @@ package org.apache.ambari.server.controller.internal;
import static
org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.LDAP_CONFIGURATION;
import static
org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.SSO_CONFIGURATION;
+import static
org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.TPROXY_CONFIGURATION;
import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.LDAP_ENABLED;
import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.SERVER_HOST;
import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.SSO_ENABLED_SERVICES;
import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.SSO_MANAGE_SERVICES;
+import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.TPROXY_AUTHENTICATION_ENABLED;
import static org.easymock.EasyMock.anyObject;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
@@ -58,13 +60,24 @@ public class AmbariServerConfigurationHandlerTest extends
EasyMockSupport {
ssoEntities.add(createEntity(SSO_CONFIGURATION.getCategoryName(),
SSO_MANAGE_SERVICES.key(), "true"));
ssoEntities.add(createEntity(SSO_CONFIGURATION.getCategoryName(),
SSO_ENABLED_SERVICES.key(), "AMBARI,SERVICE1"));
- List<AmbariConfigurationEntity> allEntities = new ArrayList<>(ssoEntities);
- allEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(),
LDAP_ENABLED.key(), "true"));
- allEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(),
SERVER_HOST.key(), "host1"));
+ List<AmbariConfigurationEntity> ldapEntities = new ArrayList<>();
+ ldapEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(),
LDAP_ENABLED.key(), "true"));
+ ldapEntities.add(createEntity(LDAP_CONFIGURATION.getCategoryName(),
SERVER_HOST.key(), "host1"));
+
+ List<AmbariConfigurationEntity> tproxyEntities = new ArrayList<>();
+ tproxyEntities.add(createEntity(TPROXY_CONFIGURATION.getCategoryName(),
TPROXY_AUTHENTICATION_ENABLED.key(), "true"));
+ tproxyEntities.add(createEntity(TPROXY_CONFIGURATION.getCategoryName(),
"ambari.tproxy.proxyuser.knox.hosts", "host1"));
+
+ List<AmbariConfigurationEntity> allEntities = new ArrayList<>();
+ allEntities.addAll(ssoEntities);
+ allEntities.addAll(ldapEntities);
+ allEntities.addAll(tproxyEntities);
AmbariConfigurationDAO ambariConfigurationDAO =
createMock(AmbariConfigurationDAO.class);
expect(ambariConfigurationDAO.findAll()).andReturn(allEntities).once();
expect(ambariConfigurationDAO.findByCategory(SSO_CONFIGURATION.getCategoryName())).andReturn(ssoEntities).once();
+
expect(ambariConfigurationDAO.findByCategory(LDAP_CONFIGURATION.getCategoryName())).andReturn(ldapEntities).once();
+
expect(ambariConfigurationDAO.findByCategory(TPROXY_CONFIGURATION.getCategoryName())).andReturn(tproxyEntities).once();
expect(ambariConfigurationDAO.findByCategory("invalid
category")).andReturn(null).once();
AmbariEventPublisher publisher = createMock(AmbariEventPublisher.class);
@@ -75,14 +88,23 @@ public class AmbariServerConfigurationHandlerTest extends
EasyMockSupport {
replayAll();
Map<String, RootServiceComponentConfiguration> allConfigurations =
handler.getComponentConfigurations(null);
- Assert.assertEquals(2, allConfigurations.size());
+ Assert.assertEquals(3, allConfigurations.size());
Assert.assertTrue(allConfigurations.containsKey(SSO_CONFIGURATION.getCategoryName()));
Assert.assertTrue(allConfigurations.containsKey(LDAP_CONFIGURATION.getCategoryName()));
+
Assert.assertTrue(allConfigurations.containsKey(TPROXY_CONFIGURATION.getCategoryName()));
Map<String, RootServiceComponentConfiguration> ssoConfigurations =
handler.getComponentConfigurations(SSO_CONFIGURATION.getCategoryName());
Assert.assertEquals(1, ssoConfigurations.size());
Assert.assertTrue(ssoConfigurations.containsKey(SSO_CONFIGURATION.getCategoryName()));
+ Map<String, RootServiceComponentConfiguration> ldapConfigurations =
handler.getComponentConfigurations(LDAP_CONFIGURATION.getCategoryName());
+ Assert.assertEquals(1, ldapConfigurations.size());
+
Assert.assertTrue(ldapConfigurations.containsKey(LDAP_CONFIGURATION.getCategoryName()));
+
+ Map<String, RootServiceComponentConfiguration> tproxyConfigurations =
handler.getComponentConfigurations(TPROXY_CONFIGURATION.getCategoryName());
+ Assert.assertEquals(1, tproxyConfigurations.size());
+
Assert.assertTrue(tproxyConfigurations.containsKey(TPROXY_CONFIGURATION.getCategoryName()));
+
Map<String, RootServiceComponentConfiguration> invalidConfigurations =
handler.getComponentConfigurations("invalid category");
Assert.assertNull(invalidConfigurations);
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtilsTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtilsTest.java
new file mode 100644
index 0000000..4fe250f
--- /dev/null
+++
b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariServerConfigurationUtilsTest.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import static
org.apache.ambari.server.configuration.AmbariServerConfigurationCategory.TPROXY_CONFIGURATION;
+import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.BIND_PASSWORD;
+import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.TPROXY_ALLOWED_GROUPS;
+import static
org.apache.ambari.server.configuration.AmbariServerConfigurationKey.TPROXY_AUTHENTICATION_ENABLED;
+import static
org.apache.ambari.server.configuration.ConfigurationPropertyType.PASSWORD;
+import static
org.apache.ambari.server.configuration.ConfigurationPropertyType.UNKNOWN;
+
+import
org.apache.ambari.server.configuration.AmbariServerConfigurationCategory;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class AmbariServerConfigurationUtilsTest {
+
+ @Test
+ public void testGetConfigurationKey() {
+ Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED,
+
AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED,
+
AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS,
+
AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
TPROXY_ALLOWED_GROUPS.key()));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS,
+
AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.knox.groups"));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS,
+
AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.not.knox.groups"));
+
Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"invalid.tproxy.proxyuser.not.knox.groups"));
+
+
Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey((AmbariServerConfigurationCategory)
null, TPROXY_AUTHENTICATION_ENABLED.key()));
+
Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey((String)
null, TPROXY_AUTHENTICATION_ENABLED.key()));
+
Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey("invalid",
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+
Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_CONFIGURATION.getCategoryName(),
null));
+
Assert.assertNull(AmbariServerConfigurationUtils.getConfigurationKey(TPROXY_CONFIGURATION.getCategoryName(),
"invalid"));
+ }
+
+ @Test
+ public void testGetConfigurationPropertyType() {
+
Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+
Assert.assertSame(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
TPROXY_ALLOWED_GROUPS.key()));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.knox.groups"));
+ Assert.assertSame(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.not.knox.groups"));
+ Assert.assertSame(UNKNOWN,
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"invalid.tproxy.proxyuser.not.knox.groups"));
+
+ Assert.assertSame(UNKNOWN,
AmbariServerConfigurationUtils.getConfigurationPropertyType((AmbariServerConfigurationCategory)
null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertSame(UNKNOWN,
AmbariServerConfigurationUtils.getConfigurationPropertyType((String) null,
TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertSame(UNKNOWN,
AmbariServerConfigurationUtils.getConfigurationPropertyType("invalid",
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ Assert.assertSame(UNKNOWN,
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_CONFIGURATION.getCategoryName(),
null));
+ Assert.assertSame(UNKNOWN,
AmbariServerConfigurationUtils.getConfigurationPropertyType(TPROXY_CONFIGURATION.getCategoryName(),
"invalid"));
+ }
+
+ @Test
+ public void testGetConfigurationPropertyTypeName() {
+
Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType().name(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+
Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType().name(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+
Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType().name(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
TPROXY_ALLOWED_GROUPS.key()));
+
Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType().name(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.knox.groups"));
+
Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType().name(),
+
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.not.knox.groups"));
+ Assert.assertEquals(UNKNOWN.name(),
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"invalid.tproxy.proxyuser.not.knox.groups"));
+
+ Assert.assertEquals(UNKNOWN.name(),
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName((AmbariServerConfigurationCategory)
null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertEquals(UNKNOWN.name(),
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName((String) null,
TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertEquals(UNKNOWN.name(),
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName("invalid",
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ Assert.assertEquals(UNKNOWN.name(),
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_CONFIGURATION.getCategoryName(),
null));
+ Assert.assertEquals(UNKNOWN.name(),
AmbariServerConfigurationUtils.getConfigurationPropertyTypeName(TPROXY_CONFIGURATION.getCategoryName(),
"invalid"));
+ }
+
+ @Test
+ public void isPassword() {
+
Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType()
== PASSWORD,
+
AmbariServerConfigurationUtils.isPassword(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+
Assert.assertEquals(TPROXY_AUTHENTICATION_ENABLED.getConfigurationPropertyType()
== PASSWORD,
+
AmbariServerConfigurationUtils.isPassword(TPROXY_AUTHENTICATION_ENABLED.getConfigurationCategory().getCategoryName(),
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+ // Test Regex Key
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType()
== PASSWORD,
+
AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
TPROXY_ALLOWED_GROUPS.key()));
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType()
== PASSWORD,
+
AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.knox.groups"));
+ Assert.assertEquals(TPROXY_ALLOWED_GROUPS.getConfigurationPropertyType()
== PASSWORD,
+
AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"ambari.tproxy.proxyuser.not.knox.groups"));
+
+
Assert.assertFalse(AmbariServerConfigurationUtils.isPassword(TPROXY_ALLOWED_GROUPS.getConfigurationCategory().getCategoryName(),
"invalid.tproxy.proxyuser.not.knox.groups"));
+
+
Assert.assertFalse(AmbariServerConfigurationUtils.isPassword((AmbariServerConfigurationCategory)
null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword((String)
null, TPROXY_AUTHENTICATION_ENABLED.key()));
+ Assert.assertFalse(AmbariServerConfigurationUtils.isPassword("invalid",
TPROXY_AUTHENTICATION_ENABLED.key()));
+
+
Assert.assertFalse(AmbariServerConfigurationUtils.isPassword(TPROXY_CONFIGURATION.getCategoryName(),
null));
+
Assert.assertFalse(AmbariServerConfigurationUtils.isPassword(TPROXY_CONFIGURATION.getCategoryName(),
"invalid"));
+
+ // This is known to be a password
+
Assert.assertTrue(AmbariServerConfigurationUtils.isPassword(BIND_PASSWORD));
+ }
+}
\ No newline at end of file
