This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new e70dd4e AMBARI-24999. Disallow changing Kerberos-related configs in
Add Service request (#2693)
e70dd4e is described below
commit e70dd4e7434bc3828629d329684a12b574dfd9d3
Author: Doroszlai, Attila <[email protected]>
AuthorDate: Wed Dec 5 18:11:40 2018 +0100
AMBARI-24999. Disallow changing Kerberos-related configs in Add Service
request (#2693)
---
.../server/topology/addservice/RequestValidator.java | 10 ++++++++--
.../topology/addservice/RequestValidatorTest.java | 20 ++++++++++++++++++++
2 files changed, 28 insertions(+), 2 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
b/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
index 3106697..8b72114 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/topology/addservice/RequestValidator.java
@@ -48,6 +48,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.inject.assistedinject.Assisted;
@@ -58,6 +59,8 @@ public class RequestValidator {
private static final Logger LOG =
LoggerFactory.getLogger(RequestValidator.class);
+ private static final Set<String> NOT_ALLOWED_CONFIG_TYPES =
ImmutableSet.of("kerberos-env", "krb5-conf");
+
private final AddServiceRequest request;
private final Cluster cluster;
private final AmbariManagementController controller;
@@ -185,12 +188,15 @@ public class RequestValidator {
@VisibleForTesting
void validateConfiguration() {
Configuration config = request.getConfiguration();
+
+ for (String type : NOT_ALLOWED_CONFIG_TYPES) {
+ checkArgument(!config.getProperties().containsKey(type), "Cannot change
'%s' configuration in Add Service request", type);
+ }
+
Configuration clusterConfig = getClusterDesiredConfigs();
clusterConfig.setParentConfiguration(state.getStack().getValidDefaultConfig());
config.setParentConfiguration(clusterConfig);
- // no validation here so far
-
state = state.with(config);
}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
index 041b326..9b313e9 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/topology/addservice/RequestValidatorTest.java
@@ -375,6 +375,26 @@ public class RequestValidatorTest extends EasyMockSupport {
verifyConfigOverrides(requestConfig, clusterConfig, stackConfig, config);
}
+ @Test
+ public void rejectsKerberosEnvChange() {
+ Configuration requestConfig = Configuration.newEmpty();
+ requestConfig.setProperty("kerberos-env", "some-property", "some-value");
+
expect(request.getConfiguration()).andReturn(requestConfig.copy()).anyTimes();
+ replayAll();
+
+ assertThrows(IllegalArgumentException.class,
validator::validateConfiguration);
+ }
+
+ @Test
+ public void rejectsKrb5ConfChange() {
+ Configuration requestConfig = Configuration.newEmpty();
+ requestConfig.setProperty("krb5-conf", "some-property", "some-value");
+
expect(request.getConfiguration()).andReturn(requestConfig.copy()).anyTimes();
+ replayAll();
+
+ assertThrows(IllegalArgumentException.class,
validator::validateConfiguration);
+ }
+
private static void verifyConfigOverrides(Configuration requestConfig,
Configuration clusterConfig, Configuration stackConfig, Configuration
actualConfig) {
requestConfig.getProperties().forEach(
(type, properties) -> properties.forEach(
