This is an automated email from the ASF dual-hosted git repository.

adoroszlai pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new e70dd4e  AMBARI-24999. Disallow changing Kerberos-related configs in 
Add Service request (#2693)
e70dd4e is described below

commit e70dd4e7434bc3828629d329684a12b574dfd9d3
Author: Doroszlai, Attila <6454655+adorosz...@users.noreply.github.com>
AuthorDate: Wed Dec 5 18:11:40 2018 +0100

    AMBARI-24999. Disallow changing Kerberos-related configs in Add Service 
request (#2693)
---
 .../server/topology/addservice/RequestValidator.java | 10 ++++++++--
 .../topology/addservice/RequestValidatorTest.java    | 20 ++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
index 3106697..8b72114 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
@@ -48,6 +48,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Sets;
 import com.google.inject.assistedinject.Assisted;
 
@@ -58,6 +59,8 @@ public class RequestValidator {
 
   private static final Logger LOG = 
LoggerFactory.getLogger(RequestValidator.class);
 
+  private static final Set<String> NOT_ALLOWED_CONFIG_TYPES = 
ImmutableSet.of("kerberos-env", "krb5-conf");
+
   private final AddServiceRequest request;
   private final Cluster cluster;
   private final AmbariManagementController controller;
@@ -185,12 +188,15 @@ public class RequestValidator {
   @VisibleForTesting
   void validateConfiguration() {
     Configuration config = request.getConfiguration();
+
+    for (String type : NOT_ALLOWED_CONFIG_TYPES) {
+      checkArgument(!config.getProperties().containsKey(type), "Cannot change 
'%s' configuration in Add Service request", type);
+    }
+
     Configuration clusterConfig = getClusterDesiredConfigs();
     
clusterConfig.setParentConfiguration(state.getStack().getValidDefaultConfig());
     config.setParentConfiguration(clusterConfig);
 
-    // no validation here so far
-
     state = state.with(config);
   }
 
diff --git 
a/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
 
b/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
index 041b326..9b313e9 100644
--- 
a/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
+++ 
b/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
@@ -375,6 +375,26 @@ public class RequestValidatorTest extends EasyMockSupport {
     verifyConfigOverrides(requestConfig, clusterConfig, stackConfig, config);
   }
 
+  @Test
+  public void rejectsKerberosEnvChange() {
+    Configuration requestConfig = Configuration.newEmpty();
+    requestConfig.setProperty("kerberos-env", "some-property", "some-value");
+    
expect(request.getConfiguration()).andReturn(requestConfig.copy()).anyTimes();
+    replayAll();
+
+    assertThrows(IllegalArgumentException.class, 
validator::validateConfiguration);
+  }
+
+  @Test
+  public void rejectsKrb5ConfChange() {
+    Configuration requestConfig = Configuration.newEmpty();
+    requestConfig.setProperty("krb5-conf", "some-property", "some-value");
+    
expect(request.getConfiguration()).andReturn(requestConfig.copy()).anyTimes();
+    replayAll();
+
+    assertThrows(IllegalArgumentException.class, 
validator::validateConfiguration);
+  }
+
   private static void verifyConfigOverrides(Configuration requestConfig, 
Configuration clusterConfig, Configuration stackConfig, Configuration 
actualConfig) {
     requestConfig.getProperties().forEach(
       (type, properties) -> properties.forEach(

Reply via email to