This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new f3e6276 AMBARI-24951. New CLI option and question to populate
existing 'ambari.ldap.attributes.user.group_member_attr' Ambari configuration
property (#2656)
f3e6276 is described below
commit f3e627666a6c9c6eda73d5ee8977e7d941c104a7
Author: Sandor Molnar <[email protected]>
AuthorDate: Tue Nov 27 15:10:07 2018 +0100
AMBARI-24951. New CLI option and question to populate existing
'ambari.ldap.attributes.user.group_member_attr' Ambari configuration property
(#2656)
---
.../server/configuration/AmbariServerConfigurationKey.java | 2 +-
ambari-server/src/main/python/ambari-server.py | 1 +
ambari-server/src/main/python/ambari_server/setupSecurity.py | 1 +
ambari-server/src/test/python/TestAmbariServer.py | 12 ++++++++----
4 files changed, 11 insertions(+), 5 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
index 5603d46..a0b66f9 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
@@ -54,7 +54,7 @@ public enum AmbariServerConfigurationKey {
USER_OBJECT_CLASS(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.object_class", PLAINTEXT, "person", "The class to
which user objects in LDAP belong.", false),
USER_NAME_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.name_attr", PLAINTEXT, "uid", "The attribute used
for determining the user name, such as 'uid'.", false),
-
USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "", "", false),
//TODO
+
USER_GROUP_MEMBER_ATTRIBUTE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.group_member_attr", PLAINTEXT, "memberof", "The
LDAP attribute which identifies user group membership.", false),
USER_SEARCH_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.user.search_base", PLAINTEXT,
"dc=ambari,dc=apache,dc=org", "The base DN to use when filtering LDAP users and
groups. This is only used when LDAP authentication is enabled.", false),
USER_BASE(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
"ambari.ldap.attributes.search_user_base", PLAINTEXT,
"ou=people,dc=ambari,dc=apache,dc=org", "The filter used when searching for
users in LDAP.", false),
diff --git a/ambari-server/src/main/python/ambari-server.py
b/ambari-server/src/main/python/ambari-server.py
index e5a943f..fccd758 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -560,6 +560,7 @@ def init_ldap_setup_parser_options(parser):
parser.add_option('--ldap-type', default=None, help="Specify ldap type [{}]
for offering defaults for missing options.".format("/".join(LDAP_TYPES)),
dest="ldap_type")
parser.add_option('--ldap-user-class', default=None, help="User Attribute
Object Class for LDAP", dest="ldap_user_class")
parser.add_option('--ldap-user-attr', default=None, help="User Attribute
Name for LDAP", dest="ldap_user_attr")
+ parser.add_option('--ldap-user-group-member-attr', default=None, help="User
Group Member Attribute for LDAP", dest="ldap_user_group_member_attr")
parser.add_option('--ldap-group-class', default=None, help="Group Attribute
Object Class for LDAP", dest="ldap_group_class")
parser.add_option('--ldap-group-attr', default=None, help="Group Attribute
Name for LDAP", dest="ldap_group_attr")
parser.add_option('--ldap-member-attr', default=None, help="Group Membership
Attribute Name for LDAP", dest="ldap_member_attr")
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py
b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index e281c16..76c4731 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -731,6 +731,7 @@ def init_ldap_properties_list_reqd(properties, options):
LdapPropTemplate(properties, options.ldap_ssl,
"ambari.ldap.connectivity.use_ssl", "Use SSL [true/false]{0}: ",
REGEX_TRUE_FALSE, False, LdapDefaultMap({LDAP_AD:'false', LDAP_IPA:'true',
LDAP_GENERIC:'false'})),
LdapPropTemplate(properties, options.ldap_user_class,
"ambari.ldap.attributes.user.object_class", "User object class{0}: ",
REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'user', LDAP_IPA:'posixAccount',
LDAP_GENERIC:'posixUser'})),
LdapPropTemplate(properties, options.ldap_user_attr,
"ambari.ldap.attributes.user.name_attr", "User ID attribute{0}: ",
REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'sAMAccountName',
LDAP_IPA:'uid', LDAP_GENERIC:'uid'})),
+ LdapPropTemplate(properties, options.ldap_user_group_member_attr,
"ambari.ldap.attributes.user.group_member_attr", "User group member
attribute{0}: ", REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'memberof',
LDAP_IPA:'member', LDAP_GENERIC:'memberof'})),
LdapPropTemplate(properties, options.ldap_group_class,
"ambari.ldap.attributes.group.object_class", "Group object class{0}: ",
REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'group', LDAP_IPA:'posixGroup',
LDAP_GENERIC:'posixGroup'})),
LdapPropTemplate(properties, options.ldap_group_attr,
"ambari.ldap.attributes.group.name_attr", "Group name attribute{0}: ",
REGEX_ANYTHING, False, LdapDefault("cn")),
LdapPropTemplate(properties, options.ldap_member_attr,
"ambari.ldap.attributes.group.member_attr", "Group member attribute{0}: ",
REGEX_ANYTHING, False, LdapDefaultMap({LDAP_AD:'member', LDAP_IPA:'member',
LDAP_GENERIC:'memberUid'})),
diff --git a/ambari-server/src/test/python/TestAmbariServer.py
b/ambari-server/src/test/python/TestAmbariServer.py
index 4e5db52..fc0ffe9 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -7065,6 +7065,7 @@ class TestAmbariServer(TestCase):
"ambari.ldap.connectivity.use_ssl": "false",
"ambari.ldap.attributes.user.object_class": "user",
"ambari.ldap.attributes.user.name_attr": "uid",
+ "ambari.ldap.attributes.user.group_member_attr": "memberof",
"ambari.ldap.attributes.group.object_class": "group",
"ambari.ldap.attributes.group.name_attr": "cn",
"ambari.ldap.attributes.group.member_attr": "member",
@@ -7112,6 +7113,7 @@ class TestAmbariServer(TestCase):
"ambari.ldap.connectivity.use_ssl": "false",
"ambari.ldap.attributes.user.object_class": "user",
"ambari.ldap.attributes.user.name_attr": "uid",
+ "ambari.ldap.attributes.user.group_member_attr": "memberof",
"ambari.ldap.attributes.group.object_class": "group",
"ambari.ldap.attributes.group.name_attr": "cn",
"ambari.ldap.attributes.group.member_attr": "member",
@@ -7159,7 +7161,7 @@ class TestAmbariServer(TestCase):
properties.process_pair(CLIENT_API_PORT_PROPERTY, '8080')
get_ambari_properties_method.return_value = properties
- raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', 'b', 'b', 'hody',
'b', '2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base',
'follow', 'true', 'skip', 'false', 'false', 'admin']
+ raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', 'b', 'b', 'hody',
'b', '2', 'false', 'user', 'uid', 'memberof', 'group', 'cn', 'member', 'dn',
'base', 'follow', 'true', 'skip', 'false', 'false', 'admin']
get_password_mock.side_effect = ['admin']
set_silent(False)
get_YN_input_method.return_value = True
@@ -7189,11 +7191,11 @@ class TestAmbariServer(TestCase):
self.assertTrue(urlopen_mock.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(get_YN_input_method.called)
- self.assertEquals(21, raw_input_mock.call_count)
+ self.assertEquals(22, raw_input_mock.call_count)
self.assertEqual(1, get_password_mock.call_count)
raw_input_mock.reset_mock()
- raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', '', '', 'b', '2',
'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base', 'follow',
'true', 'skip', 'false', 'false', 'admin']
+ raw_input_mock.side_effect = [LDAP_GENERIC, 'a', '3', '', '', 'b', '2',
'false', 'user', 'uid', 'memberof', 'group', 'cn', 'member', 'dn', 'base',
'follow', 'true', 'skip', 'false', 'false', 'admin']
get_password_mock.reset_mock()
get_password_mock.side_effect = ['admin']
@@ -7219,7 +7221,7 @@ class TestAmbariServer(TestCase):
self.assertTrue(urlopen_mock.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(get_YN_input_method.called)
- self.assertEquals(20, raw_input_mock.call_count)
+ self.assertEquals(21, raw_input_mock.call_count)
self.assertEqual(1, get_password_mock.call_count)
sys.stdout = sys.__stdout__
@@ -7276,6 +7278,7 @@ class TestAmbariServer(TestCase):
"ambari.ldap.connectivity.use_ssl": "false",
"ambari.ldap.attributes.user.object_class": "test",
"ambari.ldap.attributes.user.name_attr": "test",
+ "ambari.ldap.attributes.user.group_member_attr": "test",
"ambari.ldap.attributes.user.search_base": "test",
"ambari.ldap.connectivity.anonymous_bind": "false",
"ambari.ldap.advanced.collision_behavior": "skip",
@@ -8815,6 +8818,7 @@ class TestAmbariServer(TestCase):
options.ldap_ssl = None
options.ldap_user_class = None
options.ldap_user_attr = None
+ options.ldap_user_group_member_attr = None
options.ldap_group_class = None
options.ldap_group_attr = None
options.ldap_member_attr = None
