This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new fa3c685 [AMBARI-25062] Optionally execute the post user creation hook
on existing users during LDAP sync
fa3c685 is described below
commit fa3c6850f2426b01d2fa5e1fb2876cf901fddadb
Author: Robert Levas <[email protected]>
AuthorDate: Fri Dec 21 05:16:37 2018 -0500
[AMBARI-25062] Optionally execute the post user creation hook on existing
users during LDAP sync
* [AMBARI-25062] Optionally execute the post user creation hook on existing
users during LDAP sync
* [AMBARI-25062] Optionally execute the post user creation hook on existing
users during LDAP sync
---
.../controller/AmbariManagementControllerImpl.java | 47 +++++-
.../ambari/server/controller/LdapSyncRequest.java | 31 +++-
.../internal/LdapSyncEventResourceProvider.java | 14 +-
.../server/orm/entities/LdapSyncSpecEntity.java | 25 ++-
.../server/security/authorization/Users.java | 19 ++-
.../security/ldap/AmbariLdapDataPopulator.java | 51 ++++--
.../ambari/server/security/ldap/LdapBatchDto.java | 5 +
ambari-server/src/main/python/ambari-server.py | 2 +
.../src/main/python/ambari_server/setupSecurity.py | 9 +
.../AmbariManagementControllerImplTest.java | 49 ++++--
.../server/controller/LdapSyncRequestTest.java | 42 ++++-
.../orm/entities/LdapSyncEventEntityTest.java | 2 +-
.../orm/entities/LdapSyncSpecEntityTest.java | 16 +-
.../security/ldap/AmbariLdapDataPopulatorTest.java | 64 +++----
.../server/security/ldap/LdapPerformanceTest.java | 8 +-
ambari-server/src/test/python/TestAmbariServer.py | 186 +++++++++++++++++++++
16 files changed, 471 insertions(+), 99 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 82bd14f..72454a2 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -185,6 +185,7 @@ import
org.apache.ambari.server.security.encryption.CredentialStoreType;
import org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator;
import org.apache.ambari.server.security.ldap.LdapBatchDto;
import org.apache.ambari.server.security.ldap.LdapSyncDto;
+import org.apache.ambari.server.security.ldap.LdapUserDto;
import
org.apache.ambari.server.serveraction.kerberos.KerberosInvalidConfigurationException;
import
org.apache.ambari.server.serveraction.kerberos.KerberosOperationException;
import org.apache.ambari.server.stack.ExtensionHelper;
@@ -5141,35 +5142,69 @@ public class AmbariManagementControllerImpl implements
AmbariManagementControlle
try {
final LdapBatchDto batchInfo = new LdapBatchDto();
+ boolean postProcessExistingUsers = false;
+ boolean postProcessExistingUsersInGroups = false;
if (userRequest != null) {
+ postProcessExistingUsers = userRequest.getPostProcessExistingUsers();
+
+ if(postProcessExistingUsers && !configs.isUserHookEnabled()) {
+ LOG.warn("Post processing existing users is requested while
processing users; however, the user post creation hook is turned off.");
+ postProcessExistingUsers = false;
+ }
+
switch (userRequest.getType()) {
case ALL:
- ldapDataPopulator.synchronizeAllLdapUsers(batchInfo);
+ ldapDataPopulator.synchronizeAllLdapUsers(batchInfo,
postProcessExistingUsers);
break;
case EXISTING:
- ldapDataPopulator.synchronizeExistingLdapUsers(batchInfo);
+ ldapDataPopulator.synchronizeExistingLdapUsers(batchInfo,
postProcessExistingUsers);
break;
case SPECIFIC:
-
ldapDataPopulator.synchronizeLdapUsers(userRequest.getPrincipalNames(),
batchInfo);
+
ldapDataPopulator.synchronizeLdapUsers(userRequest.getPrincipalNames(),
batchInfo, postProcessExistingUsers);
break;
}
}
if (groupRequest != null) {
+ postProcessExistingUsersInGroups =
groupRequest.getPostProcessExistingUsers();
+
+ if(postProcessExistingUsersInGroups && !configs.isUserHookEnabled()) {
+ LOG.warn("Post processing existing users is requested while
processing groups; however, the user post creation hook is turned off.");
+ postProcessExistingUsersInGroups = false;
+ }
+
switch (groupRequest.getType()) {
case ALL:
- ldapDataPopulator.synchronizeAllLdapGroups(batchInfo);
+ ldapDataPopulator.synchronizeAllLdapGroups(batchInfo,
postProcessExistingUsersInGroups);
break;
case EXISTING:
- ldapDataPopulator.synchronizeExistingLdapGroups(batchInfo);
+ ldapDataPopulator.synchronizeExistingLdapGroups(batchInfo,
postProcessExistingUsersInGroups);
break;
case SPECIFIC:
-
ldapDataPopulator.synchronizeLdapGroups(groupRequest.getPrincipalNames(),
batchInfo);
+
ldapDataPopulator.synchronizeLdapGroups(groupRequest.getPrincipalNames(),
batchInfo, postProcessExistingUsersInGroups);
break;
}
}
users.processLdapSync(batchInfo);
+
+ if (postProcessExistingUsers || postProcessExistingUsersInGroups) {
+ // Execute post user creation hook on ignored users. These users were
previously synced with
+ // Ambari but the post user creation script may not have been run on
them due to various
+ // reasons
+ Set<LdapUserDto> ignoredUsers = batchInfo.getUsersIgnored();
+ if(CollectionUtils.isNotEmpty(ignoredUsers)) {
+ Map<String, Set<String>> userGroupsMap = new HashMap<>();
+ for (LdapUserDto ignoredUser : ignoredUsers) {
+ // The set of groups is empty here since the groups are not used
in the script and the
+ // existing usage of the post user creation hook does not supply a
set of groups either.
+ userGroupsMap.put(ignoredUser.getUserName(),
Collections.emptySet());
+ }
+
+ users.executeUserHook(userGroupsMap);
+ }
+ }
+
return batchInfo;
} finally {
ldapSyncInProgress = false;
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/LdapSyncRequest.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/LdapSyncRequest.java
index 5180e3c..273668d 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/LdapSyncRequest.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/LdapSyncRequest.java
@@ -38,18 +38,26 @@ public class LdapSyncRequest {
*/
private final LdapSyncSpecEntity.SyncType type;
+ /**
+ * A Boolean value indicating whether to execute the post user creation hook
on previously
+ * existing users (if the post user creation hook feature has been enabled)
+ */
+ private final boolean postProcessExistingUsers;
+
// ----- Constructors ------------------------------------------------------
/**
* Construct an LdapSyncRequest.
*
- * @param type the request type
- * @param principalNames the principal names
+ * @param type the request type
+ * @param principalNames the principal names
+ * @param postProcessExistingUsers true, to process existing users; false,
otherwise
*/
- public LdapSyncRequest(LdapSyncSpecEntity.SyncType type, Set<String>
principalNames) {
- this.type = type;
+ public LdapSyncRequest(LdapSyncSpecEntity.SyncType type, Set<String>
principalNames, boolean postProcessExistingUsers) {
+ this.type = type;
this.principalNames = principalNames == null ? new HashSet<>() :
principalNames;
+ this.postProcessExistingUsers = postProcessExistingUsers;
}
/**
@@ -57,9 +65,8 @@ public class LdapSyncRequest {
*
* @param type the request type
*/
- public LdapSyncRequest(LdapSyncSpecEntity.SyncType type) {
- this.principalNames = new HashSet<>();
- this.type = type;
+ public LdapSyncRequest(LdapSyncSpecEntity.SyncType type, boolean
postProcessExistingUsers) {
+ this(type, null, postProcessExistingUsers);
}
@@ -91,4 +98,14 @@ public class LdapSyncRequest {
public LdapSyncSpecEntity.SyncType getType() {
return type;
}
+
+ /**
+ * Gets whether to (re)exectue the post user creation hook on previously
existing users
+ * (if the post user creation hook feature has been enabled), on not.
+ *
+ * @return true, to process existing users; false, otherwise
+ */
+ public boolean getPostProcessExistingUsers() {
+ return postProcessExistingUsers;
+ }
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
index 52f7ded..7b03deb 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
@@ -129,6 +129,7 @@ public class LdapSyncEventResourceProvider extends
AbstractControllerResourcePro
*/
private static final String PRINCIPAL_TYPE_SPEC_KEY = "principal_type";
private static final String SYNC_TYPE_SPEC_KEY = "sync_type";
+ private static final String POST_PROCESS_EXISTING_USERS_SPEC_KEY =
"post_process_existing_users";
private static final String NAMES_SPEC_KEY = "names";
/**
@@ -318,6 +319,7 @@ public class LdapSyncEventResourceProvider extends
AbstractControllerResourcePro
LdapSyncSpecEntity.SyncType syncType = null;
LdapSyncSpecEntity.PrincipalType principalType = null;
+ boolean postProcessExistingUsers = false;
List<String> principalNames = Collections.emptyList();
@@ -332,6 +334,10 @@ public class LdapSyncEventResourceProvider extends
AbstractControllerResourcePro
} else if (key.equalsIgnoreCase(NAMES_SPEC_KEY)) {
String names = entry.getValue();
principalNames = Arrays.asList(names.split("\\s*,\\s*"));
+
+ } else if (key.equalsIgnoreCase(POST_PROCESS_EXISTING_USERS_SPEC_KEY))
{
+ postProcessExistingUsers = "true".equalsIgnoreCase(entry.getValue());
+
} else {
throw new IllegalArgumentException("Unknown spec key " + key + ".");
}
@@ -341,7 +347,7 @@ public class LdapSyncEventResourceProvider extends
AbstractControllerResourcePro
throw new IllegalArgumentException("LDAP event spec must include both
sync-type and principal-type.");
}
- LdapSyncSpecEntity spec = new LdapSyncSpecEntity(principalType,
syncType, principalNames);
+ LdapSyncSpecEntity spec = new LdapSyncSpecEntity(principalType,
syncType, principalNames, postProcessExistingUsers);
specList.add(spec);
}
entity.setSpecs(specList);
@@ -502,13 +508,13 @@ public class LdapSyncEventResourceProvider extends
AbstractControllerResourcePro
switch (spec.getSyncType()) {
case ALL:
- return new LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL);
+ return new LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL,
spec.getPostProcessExistingUsers());
case EXISTING:
- return new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING);
+ return new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING,
spec.getPostProcessExistingUsers());
case SPECIFIC:
Set<String> principalNames = new HashSet<>(spec.getPrincipalNames());
if (request == null ) {
- request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,
principalNames);
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,
principalNames, spec.getPostProcessExistingUsers());
} else {
request.addPrincipalNames(principalNames);
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntity.java
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntity.java
index a02bd52..c881bc3 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntity.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntity.java
@@ -40,20 +40,27 @@ public class LdapSyncSpecEntity {
*/
private List<String> principalNames;
+ /**
+ * A Boolean value indicating whether to (re)exectue the post user creation
hook on previously
+ * existing users (if the post user creation hook feature has been enabled)
+ */
+ private boolean postProcessExistingUsers;
// ----- Constructors ------------------------------------------------------
/**
* Construct an LdapSyncSpecEntity.
*
- * @param principalType the principal type
- * @param syncType the sync type
- * @param principalNames the list of principal names; may not be null
+ * @param principalType the principal type
+ * @param syncType the sync type
+ * @param principalNames the list of principal names; may not be
null
+ * @param postProcessExistingUsers true, to process existing users; false,
otherwise
*/
- public LdapSyncSpecEntity(PrincipalType principalType, SyncType syncType,
List<String> principalNames) {
+ public LdapSyncSpecEntity(PrincipalType principalType, SyncType syncType,
List<String> principalNames, boolean postProcessExistingUsers) {
this.principalType = principalType;
this.syncType = syncType;
this.principalNames = principalNames;
+ this.postProcessExistingUsers = postProcessExistingUsers;
assert principalNames != null;
@@ -98,6 +105,16 @@ public class LdapSyncSpecEntity {
return principalNames;
}
+ /**
+ * Gets whether to execute the post user creation hook on previously
existing users
+ * (if the post user creation hook feature has been enabled), on not.
+ *
+ * @return true, to process existing users; false, otherwise
+ */
+ public boolean getPostProcessExistingUsers() {
+ return postProcessExistingUsers;
+ }
+
// ----- enum : PrincipalType ----------------------------------------------
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index 3e750c6..7ea5da6 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@ -310,11 +310,28 @@ public class Users {
userDAO.create(userEntity);
// execute user initialization hook if required ()
-
hookServiceProvider.get().execute(hookContextFactory.createUserHookContext(validatedUserName));
+ executeUserHook(validatedUserName);
return userEntity;
}
+ /**
+ * Triggers the post user creation hook, if enabled
+ *
+ * @param username the username of the user to process
+ */
+ public void executeUserHook(String username) {
+
hookServiceProvider.get().execute(hookContextFactory.createUserHookContext(username));
+ }
+
+ /**
+ * Triggers the post user creation hook, if enabled
+ *
+ * @param userGroupsMap a map of user names to relevant groups
+ */
+ public void executeUserHook(Map<String, Set<String>> userGroupsMap) {
+
hookServiceProvider.get().execute(hookContextFactory.createBatchUserHookContext(userGroupsMap));
+ }
/**
* Removes a user from the Ambari database.
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
index c4a25ce..9b11846 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
@@ -190,9 +190,11 @@ public class AmbariLdapDataPopulator {
/**
* Performs synchronization of all groups.
*
+ * @param collectIgnoredUsers true, to collect the set of existing users
that would normally be ignored;
+ * false, to continue to ignore them
* @throws AmbariException if synchronization failed for any reason
*/
- public LdapBatchDto synchronizeAllLdapGroups(LdapBatchDto batchInfo) throws
AmbariException {
+ public LdapBatchDto synchronizeAllLdapGroups(LdapBatchDto batchInfo, boolean
collectIgnoredUsers) throws AmbariException {
LOG.trace("Synchronize All LDAP groups...");
Set<LdapGroupDto> externalLdapGroupInfo = getExternalLdapGroupInfo();
@@ -201,7 +203,7 @@ public class AmbariLdapDataPopulator {
for (LdapGroupDto groupDto : externalLdapGroupInfo) {
addLdapGroup(batchInfo, internalGroupsMap, groupDto);
- refreshGroupMembers(batchInfo, groupDto, internalUsersMap,
internalGroupsMap, null, false);
+ refreshGroupMembers(batchInfo, groupDto, internalUsersMap,
internalGroupsMap, null, false, collectIgnoredUsers);
}
for (Entry<String, Group> internalGroup : internalGroupsMap.entrySet()) {
if (internalGroup.getValue().isLdapGroup()) {
@@ -217,9 +219,11 @@ public class AmbariLdapDataPopulator {
/**
* Performs synchronization of given sets of all users.
*
+ * @param collectIgnoredUsers true, to collect the set of existing users
that would normally be ignored;
+ * false, to continue to ignore them
* @throws AmbariException if synchronization failed for any reason
*/
- public LdapBatchDto synchronizeAllLdapUsers(LdapBatchDto batchInfo) throws
AmbariException {
+ public LdapBatchDto synchronizeAllLdapUsers(LdapBatchDto batchInfo, boolean
collectIgnoredUsers) throws AmbariException {
LOG.trace("Synchronize All LDAP users...");
Set<LdapUserDto> externalLdapUserInfo = getExternalLdapUserInfo();
Map<String, User> internalUsersMap = getInternalUsers();
@@ -236,6 +240,8 @@ public class AmbariLdapDataPopulator {
batchInfo.getUsersToBecomeLdap().add(userDto);
LOG.trace("Convert user '{}' to LDAP user.", userName);
}
+ } else if (collectIgnoredUsers) {
+ batchInfo.getUsersIgnored().add(userDto);
}
internalUsersMap.remove(userName);
} else {
@@ -257,10 +263,12 @@ public class AmbariLdapDataPopulator {
/**
* Performs synchronization of given set of groupnames.
*
- * @param groups set of groups to synchronize
+ * @param groups set of groups to synchronize
+ * @param collectIgnoredUsers true, to collect the set of existing users
that would normally be ignored;
+ * false, to continue to ignore them
* @throws AmbariException if synchronization failed for any reason
*/
- public LdapBatchDto synchronizeLdapGroups(Set<String> groups, LdapBatchDto
batchInfo) throws AmbariException {
+ public LdapBatchDto synchronizeLdapGroups(Set<String> groups, LdapBatchDto
batchInfo, boolean collectIgnoredUsers) throws AmbariException {
LOG.trace("Synchronize LDAP groups...");
final Set<LdapGroupDto> specifiedGroups = new HashSet<>();
for (String group : groups) {
@@ -277,7 +285,7 @@ public class AmbariLdapDataPopulator {
for (LdapGroupDto groupDto : specifiedGroups) {
addLdapGroup(batchInfo, internalGroupsMap, groupDto);
- refreshGroupMembers(batchInfo, groupDto, internalUsersMap,
internalGroupsMap, null, true);
+ refreshGroupMembers(batchInfo, groupDto, internalUsersMap,
internalGroupsMap, null, true, collectIgnoredUsers);
}
return batchInfo;
@@ -286,10 +294,12 @@ public class AmbariLdapDataPopulator {
/**
* Performs synchronization of given set of user names.
*
- * @param users set of users to synchronize
+ * @param users set of users to synchronize
+ * @param collectIgnoredUsers true, to collect the set of existing users
that would normally be ignored;
+ * false, to continue to ignore them
* @throws AmbariException if synchronization failed for any reason
*/
- public LdapBatchDto synchronizeLdapUsers(Set<String> users, LdapBatchDto
batchInfo) throws AmbariException {
+ public LdapBatchDto synchronizeLdapUsers(Set<String> users, LdapBatchDto
batchInfo, boolean collectIgnoredUsers) throws AmbariException {
LOG.trace("Synchronize LDAP users...");
final Set<LdapUserDto> specifiedUsers = new HashSet<>();
@@ -314,6 +324,8 @@ public class AmbariLdapDataPopulator {
} else {
batchInfo.getUsersToBecomeLdap().add(userDto);
}
+ } else if (collectIgnoredUsers) {
+ batchInfo.getUsersIgnored().add(userDto);
}
internalUsersMap.remove(userName);
} else {
@@ -327,9 +339,11 @@ public class AmbariLdapDataPopulator {
/**
* Performs synchronization of existent users and groups.
*
+ * @param collectIgnoredUsers true, to collect the set of existing users
that would normally be ignored;
+ * false, to continue to ignore them
* @throws AmbariException if synchronization failed for any reason
*/
- public LdapBatchDto synchronizeExistingLdapGroups(LdapBatchDto batchInfo)
throws AmbariException {
+ public LdapBatchDto synchronizeExistingLdapGroups(LdapBatchDto batchInfo,
boolean collectIgnoredUsers) throws AmbariException {
LOG.trace("Synchronize Existing LDAP groups...");
final Map<String, Group> internalGroupsMap = getInternalGroups();
final Map<String, User> internalUsersMap = getInternalUsers();
@@ -345,7 +359,7 @@ public class AmbariLdapDataPopulator {
batchInfo.getGroupsToBeRemoved().add(groupDto);
} else {
LdapGroupDto groupDto = groupDtos.iterator().next();
- refreshGroupMembers(batchInfo, groupDto, internalUsersMap,
internalGroupsMap, null, true);
+ refreshGroupMembers(batchInfo, groupDto, internalUsersMap,
internalGroupsMap, null, true, collectIgnoredUsers);
}
}
}
@@ -356,9 +370,11 @@ public class AmbariLdapDataPopulator {
/**
* Performs synchronization of existent users and groups.
*
+ * @param collectIgnoredUsers true, to collect the set of existing users
that would normally be ignored;
+ * false, to continue to ignore them
* @throws AmbariException if synchronization failed for any reason
*/
- public LdapBatchDto synchronizeExistingLdapUsers(LdapBatchDto batchInfo)
throws AmbariException {
+ public LdapBatchDto synchronizeExistingLdapUsers(LdapBatchDto batchInfo,
boolean collectIgnoredUsers) throws AmbariException {
LOG.trace("Synchronize Existing LDAP users...");
final Map<String, User> internalUsersMap = getInternalUsers();
@@ -370,6 +386,10 @@ public class AmbariLdapDataPopulator {
userDto.setUserName(user.getUserName());
userDto.setDn(null); // Setting to null since we do not know what
the DN for this user was.
batchInfo.getUsersToBeRemoved().add(userDto);
+ } else if (collectIgnoredUsers) {
+ LdapUserDto userDto = new LdapUserDto();
+ userDto.setUserName(user.getUserName());
+ batchInfo.getUsersIgnored().add(userDto);
}
}
}
@@ -385,10 +405,13 @@ public class AmbariLdapDataPopulator {
* @param internalUsers map of internal users
* @param groupMemberAttributes set of group member attributes that have
already been refreshed
* @param recursive if disabled, it won't refresh members
recursively (its not needed in case of all groups are processed)
+ * @param collectIgnoredUsers true, to collect the set of existing users
that would normally be ignored;
+ * false, to continue to ignore them
* @throws AmbariException if group refresh failed
*/
protected void refreshGroupMembers(LdapBatchDto batchInfo, LdapGroupDto
group, Map<String, User> internalUsers,
- Map<String, Group> internalGroupsMap,
Set<String> groupMemberAttributes, boolean recursive)
+ Map<String, Group> internalGroupsMap,
Set<String> groupMemberAttributes, boolean recursive,
+ boolean collectIgnoredUsers)
throws AmbariException {
Set<LdapUserDto> externalMembers = new HashSet<>();
@@ -408,7 +431,7 @@ public class AmbariLdapDataPopulator {
if (subGroup != null) {
groupMemberAttributes.add(memberAttributeValue);
addLdapGroup(batchInfo, internalGroupsMap, subGroup);
- refreshGroupMembers(batchInfo, subGroup, internalUsers,
internalGroupsMap, groupMemberAttributes, true);
+ refreshGroupMembers(batchInfo, subGroup, internalUsers,
internalGroupsMap, groupMemberAttributes, true, collectIgnoredUsers);
}
}
}
@@ -435,6 +458,8 @@ public class AmbariLdapDataPopulator {
} else {
batchInfo.getUsersToBecomeLdap().add(externalMember);
}
+ } else if (collectIgnoredUsers) {
+ batchInfo.getUsersIgnored().add(externalMember);
}
if (!internalMembers.containsKey(userName)) {
batchInfo.getMembershipToAdd().add(new
LdapUserGroupMemberDto(groupName, externalMember.getUserName()));
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/LdapBatchDto.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/LdapBatchDto.java
index 8025a5a..3fcd535 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/LdapBatchDto.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/ldap/LdapBatchDto.java
@@ -29,6 +29,7 @@ public class LdapBatchDto {
private final Set<LdapGroupDto> groupsToBeRemoved = new HashSet<>();
private final Set<LdapGroupDto> groupsProcessedInternal = new HashSet<>();
private final Set<LdapUserDto> usersSkipped = new HashSet<>();
+ private final Set<LdapUserDto> usersIgnored = new HashSet<>();
private final Set<LdapUserDto> usersToBecomeLdap = new HashSet<>();
private final Set<LdapUserDto> usersToBeCreated = new HashSet<>();
private final Set<LdapUserDto> usersToBeRemoved = new HashSet<>();
@@ -39,6 +40,10 @@ public class LdapBatchDto {
return usersSkipped;
}
+ public Set<LdapUserDto> getUsersIgnored() {
+ return usersIgnored;
+ }
+
public Set<LdapGroupDto> getGroupsToBecomeLdap() {
return groupsToBecomeLdap;
}
diff --git a/ambari-server/src/main/python/ambari-server.py
b/ambari-server/src/main/python/ambari-server.py
index 65a8aaa..4539879 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -539,6 +539,8 @@ def init_ldap_sync_parser_options(parser):
dest="ldap_sync_users")
parser.add_option('--groups', default=None, help="LDAP sync groups option.
Specifies the path to a CSV file of group names to be synchronized.",
dest="ldap_sync_groups")
+ parser.add_option('--post-process-existing-users', action="store_true",
default=False, help="While performing an LDAP sync, reprocess existing users by
executing the post creation hook on them, if the feature is enabled",
+ dest="ldap_sync_post_process_existing_users")
parser.add_option('--ldap-sync-admin-name', default=None, help="Username for
LDAP sync", dest="ldap_sync_admin_name")
parser.add_option('--ldap-sync-admin-password', default=None, help="Password
for LDAP sync", dest="ldap_sync_admin_password")
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py
b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index f5baa02..e6c47f9 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -291,6 +291,11 @@ class LdapSyncOptions:
except AttributeError:
self.ldap_sync_admin_password = None
+ try:
+ self.ldap_sync_post_process_existing_users =
options.ldap_sync_post_process_existing_users
+ except AttributeError:
+ self.ldap_sync_post_process_existing_users = False
+
def no_ldap_sync_options_set(self):
return not self.ldap_sync_all and not self.ldap_sync_existing and
self.ldap_sync_users is None and self.ldap_sync_groups is None
@@ -417,6 +422,10 @@ def sync_ldap(options):
new_specs =
[{"principal_type":"groups","sync_type":"specific","names":""}]
get_ldap_event_spec_names(ldap_sync_options.ldap_sync_groups, specs,
new_specs)
+ if ldap_sync_options.ldap_sync_post_process_existing_users:
+ for spec in bodies[0]["Event"]["specs"]:
+ spec["post_process_existing_users"] = "true"
+
if get_verbose():
sys.stdout.write('\nCalling API ' + url + ' : ' + str(bodies) + '\n')
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
index 3442aaf..c34d3be 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
@@ -2228,7 +2228,27 @@ public class AmbariManagementControllerImplTest {
}
@Test
- public void testSynchronizeLdapUsersAndGroups() throws Exception {
+ public void testSynchronizeLdapUsersAndGroupsHookDisabled() throws Exception
{
+ testSynchronizeLdapUsersAndGroups(false, false);
+ }
+
+ @Test
+ public void testSynchronizeLdapUsersAndGroupsHookEnabled() throws Exception {
+ testSynchronizeLdapUsersAndGroups(false, true);
+ }
+
+ @Test
+ public void
testSynchronizeLdapUsersAndGroupsPostProcessExistingUsersHookDisabled() throws
Exception {
+ testSynchronizeLdapUsersAndGroups(true, false);
+ }
+
+ @Test
+ public void
testSynchronizeLdapUsersAndGroupsPostProcessExistingUsersHookEnabled() throws
Exception {
+ testSynchronizeLdapUsersAndGroups(true, true);
+ }
+
+ private void testSynchronizeLdapUsersAndGroups(boolean
postProcessExistingUsers, boolean postUserCreationHookEnabled) throws Exception
{
+ boolean collectIgnoredUsers = postProcessExistingUsers &&
postUserCreationHookEnabled;
Set<String> userSet = new HashSet<>();
userSet.add("user1");
@@ -2246,14 +2266,14 @@ public class AmbariManagementControllerImplTest {
Capture<LdapBatchDto> ldapBatchDtoCapture = EasyMock.newCapture();
// set expectations
-
expect(ldapDataPopulator.synchronizeAllLdapUsers(capture(ldapBatchDtoCapture))).andReturn(ldapBatchDto);
-
expect(ldapDataPopulator.synchronizeAllLdapGroups(capture(ldapBatchDtoCapture))).andReturn(ldapBatchDto);
+
expect(ldapDataPopulator.synchronizeAllLdapUsers(capture(ldapBatchDtoCapture),
eq(collectIgnoredUsers))).andReturn(ldapBatchDto);
+
expect(ldapDataPopulator.synchronizeAllLdapGroups(capture(ldapBatchDtoCapture),
eq(collectIgnoredUsers))).andReturn(ldapBatchDto);
-
expect(ldapDataPopulator.synchronizeExistingLdapUsers(capture(ldapBatchDtoCapture))).andReturn(ldapBatchDto);
-
expect(ldapDataPopulator.synchronizeExistingLdapGroups(capture(ldapBatchDtoCapture))).andReturn(ldapBatchDto);
+
expect(ldapDataPopulator.synchronizeExistingLdapUsers(capture(ldapBatchDtoCapture),
eq(collectIgnoredUsers))).andReturn(ldapBatchDto);
+
expect(ldapDataPopulator.synchronizeExistingLdapGroups(capture(ldapBatchDtoCapture),
eq(collectIgnoredUsers))).andReturn(ldapBatchDto);
- expect(ldapDataPopulator.synchronizeLdapUsers(eq(userSet),
capture(ldapBatchDtoCapture))).andReturn(ldapBatchDto);
- expect(ldapDataPopulator.synchronizeLdapGroups(eq(groupSet),
capture(ldapBatchDtoCapture))).andReturn(ldapBatchDto);
+ expect(ldapDataPopulator.synchronizeLdapUsers(eq(userSet),
capture(ldapBatchDtoCapture), eq(collectIgnoredUsers))).andReturn(ldapBatchDto);
+ expect(ldapDataPopulator.synchronizeLdapGroups(eq(groupSet),
capture(ldapBatchDtoCapture), eq(collectIgnoredUsers))).andReturn(ldapBatchDto);
users.processLdapSync(capture(ldapBatchDtoCapture));
expectLastCall().anyTimes();
@@ -2261,20 +2281,23 @@ public class AmbariManagementControllerImplTest {
//replay
replay(ldapDataPopulator, clusters, actionDBAccessor, ambariMetaInfo,
users, ldapBatchDto);
+ Configuration configs = injector.getInstance(Configuration.class);
+
configs.setProperty(Configuration.POST_USER_CREATION_HOOK_ENABLED.getKey(),
String.valueOf(postUserCreationHookEnabled));
+
AmbariManagementControllerImpl controller =
injector.getInstance(AmbariManagementControllerImpl.class);
- LdapSyncRequest userRequest = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL);
- LdapSyncRequest groupRequest = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL);
+ LdapSyncRequest userRequest = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL, postProcessExistingUsers);
+ LdapSyncRequest groupRequest = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL, postProcessExistingUsers);
controller.synchronizeLdapUsersAndGroups(userRequest, groupRequest);
- userRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING);
- groupRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING);
+ userRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING,
postProcessExistingUsers);
+ groupRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING,
postProcessExistingUsers);
controller.synchronizeLdapUsersAndGroups(userRequest, groupRequest);
- userRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,
userSet);
- groupRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,
groupSet);
+ userRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,
userSet, postProcessExistingUsers);
+ groupRequest = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,
groupSet, postProcessExistingUsers);
controller.synchronizeLdapUsersAndGroups(userRequest, groupRequest);
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/controller/LdapSyncRequestTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/LdapSyncRequestTest.java
index 54e8a07..1ba5d6c 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/controller/LdapSyncRequestTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/controller/LdapSyncRequestTest.java
@@ -34,7 +34,7 @@ public class LdapSyncRequestTest {
Set<String> names = new HashSet<>();
names.add("name1");
- LdapSyncRequest request = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,names);
+ LdapSyncRequest request = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,names, false);
names = new HashSet<>();
names.add("name2");
@@ -56,7 +56,7 @@ public class LdapSyncRequestTest {
names.add("name2");
names.add("name3");
- LdapSyncRequest request = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,names);
+ LdapSyncRequest request = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC,names, false);
Set<String> principalNames = request.getPrincipalNames();
Assert.assertEquals(3, principalNames.size());
@@ -69,16 +69,46 @@ public class LdapSyncRequestTest {
public void testGetType() throws Exception {
Set<String> names = new HashSet<>();
- LdapSyncRequest request = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC, names);
+ LdapSyncRequest request = new
LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC, names, false);
Assert.assertEquals(LdapSyncSpecEntity.SyncType.SPECIFIC,
request.getType());
- request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL);
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL, false);
Assert.assertEquals(LdapSyncSpecEntity.SyncType.ALL, request.getType());
- request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING);
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING, false);
Assert.assertEquals(LdapSyncSpecEntity.SyncType.EXISTING,
request.getType());
}
-}
+
+ @Test
+ public void testGetPostProcessExistingUsers() throws Exception {
+ Set<String> names = new HashSet<>();
+
+ LdapSyncRequest request;
+
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC, names,
false);
+
+ Assert.assertFalse(request.getPostProcessExistingUsers());
+
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.SPECIFIC, names,
true);
+
+ Assert.assertTrue(request.getPostProcessExistingUsers());
+
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL, false);
+
+ Assert.assertFalse(request.getPostProcessExistingUsers());
+
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.ALL, true);
+
+ Assert.assertTrue(request.getPostProcessExistingUsers());
+
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING, false);
+
+ Assert.assertFalse(request.getPostProcessExistingUsers());
+
+ request = new LdapSyncRequest(LdapSyncSpecEntity.SyncType.EXISTING, true);
+
+ Assert.assertTrue(request.getPostProcessExistingUsers());
+ }}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncEventEntityTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncEventEntityTest.java
index 676dd1f..982feac 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncEventEntityTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncEventEntityTest.java
@@ -63,7 +63,7 @@ public class LdapSyncEventEntityTest {
public void testSetGetSpecs() throws Exception {
LdapSyncEventEntity event = new LdapSyncEventEntity(1L);
LdapSyncSpecEntity spec = new
LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.GROUPS,
- LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList());
+ LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList(), false);
event.setSpecs(Collections.singletonList(spec));
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntityTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntityTest.java
index bacee4a..e365a34 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntityTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntityTest.java
@@ -32,22 +32,22 @@ public class LdapSyncSpecEntityTest {
@Test
public void testGetPrincipalType() throws Exception {
LdapSyncSpecEntity entity = new
LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.USERS,
- LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList());
+ LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList(), false);
Assert.assertEquals(LdapSyncSpecEntity.PrincipalType.USERS,
entity.getPrincipalType());
entity = new LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.GROUPS,
- LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList());
+ LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList(), false);
Assert.assertEquals(LdapSyncSpecEntity.PrincipalType.GROUPS,
entity.getPrincipalType());
}
@Test
public void testGetSyncType() throws Exception {
LdapSyncSpecEntity entity = new
LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.USERS,
- LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList());
+ LdapSyncSpecEntity.SyncType.ALL, Collections.emptyList(), false);
Assert.assertEquals(LdapSyncSpecEntity.SyncType.ALL, entity.getSyncType());
entity = new LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.USERS,
- LdapSyncSpecEntity.SyncType.EXISTING, Collections.emptyList());
+ LdapSyncSpecEntity.SyncType.EXISTING, Collections.emptyList(), false);
Assert.assertEquals(LdapSyncSpecEntity.SyncType.EXISTING,
entity.getSyncType());
}
@@ -58,7 +58,7 @@ public class LdapSyncSpecEntityTest {
names.add("fred");
LdapSyncSpecEntity entity = new
LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.USERS,
- LdapSyncSpecEntity.SyncType.SPECIFIC, names);
+ LdapSyncSpecEntity.SyncType.SPECIFIC, names, false);
Assert.assertEquals(names, entity.getPrincipalNames());
}
@@ -66,7 +66,7 @@ public class LdapSyncSpecEntityTest {
public void testIllegalConstruction() throws Exception {
try {
new LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.USERS,
- LdapSyncSpecEntity.SyncType.SPECIFIC, Collections.emptyList());
+ LdapSyncSpecEntity.SyncType.SPECIFIC, Collections.emptyList(),
false);
Assert.fail("expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
// expected
@@ -78,7 +78,7 @@ public class LdapSyncSpecEntityTest {
try {
new LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.USERS,
- LdapSyncSpecEntity.SyncType.ALL, names);
+ LdapSyncSpecEntity.SyncType.ALL, names, false);
Assert.fail("expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
// expected
@@ -86,7 +86,7 @@ public class LdapSyncSpecEntityTest {
try {
new LdapSyncSpecEntity(LdapSyncSpecEntity.PrincipalType.USERS,
- LdapSyncSpecEntity.SyncType.EXISTING, names);
+ LdapSyncSpecEntity.SyncType.EXISTING, names, false);
Assert.fail("expected IllegalArgumentException");
} catch (IllegalArgumentException e) {
// expected
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
index a015b18..4bdc354 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
@@ -292,7 +292,7 @@ public class AmbariLdapDataPopulatorTest {
expect(populator.getLdapGroups("group2")).andReturn(Collections.emptySet());
LdapGroupDto externalGroup1 = createNiceMock(LdapGroupDto.class);
LdapBatchDto batchInfo = new LdapBatchDto();
- populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1),
EasyMock.anyObject(), EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1),
EasyMock.anyObject(), EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(),
eq(false));
expectLastCall();
expect(populator.getLdapGroups("group4")).andReturn(Collections.singleton(externalGroup1));
expect(populator.getLdapGroups("group5")).andReturn(Collections.emptySet());
@@ -301,7 +301,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeExistingLdapGroups(batchInfo);
+ LdapBatchDto result = populator.synchronizeExistingLdapGroups(batchInfo,
false);
verifyGroupsInSet(result.getGroupsToBeRemoved(), Sets.newHashSet("group2",
"group5"));
assertTrue(result.getGroupsToBecomeLdap().isEmpty());
@@ -364,7 +364,7 @@ public class AmbariLdapDataPopulatorTest {
replay(dataPopulator);
// WHEN
- dataPopulator.synchronizeExistingLdapGroups(batchInfo);
+ dataPopulator.synchronizeExistingLdapGroups(batchInfo, false);
// THEN
verify(dataPopulator, group1, group2);
@@ -421,14 +421,14 @@ public class AmbariLdapDataPopulatorTest {
Set<LdapGroupDto> externalGroups = createSet(externalGroup3,
externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup),
- EasyMock.anyObject(), EasyMock.anyObject(), EasyMock.anyObject(),
anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), EasyMock.anyObject(),
anyBoolean(), eq(false));
expectLastCall();
}
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup1),
- EasyMock.anyObject(), EasyMock.anyObject(), EasyMock.anyObject(),
anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), EasyMock.anyObject(),
anyBoolean(), eq(false));
expectLastCall();
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2),
EasyMock.anyObject(),
- EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
expect(populator.getLdapGroups("x*")).andReturn(externalGroups);
expect(populator.getLdapGroups("group1")).andReturn(Collections.singleton(externalGroup1));
@@ -438,7 +438,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeLdapGroups(createSet("x*",
"group1", "group2"), batchInfo);
+ LdapBatchDto result = populator.synchronizeLdapGroups(createSet("x*",
"group1", "group2"), batchInfo, false);
verifyGroupsInSet(result.getGroupsToBecomeLdap(),
Sets.newHashSet("group1"));
verifyGroupsInSet(result.getGroupsToBeCreated(),
Sets.newHashSet("xgroup1", "xgroup2"));
@@ -504,11 +504,11 @@ public class AmbariLdapDataPopulatorTest {
Set<LdapGroupDto> externalGroups = createSet(externalGroup3,
externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup),
EasyMock.anyObject(), EasyMock.anyObject(),
- EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
}
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup2),
EasyMock.anyObject(),
- EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
expect(populator.getLdapGroups("x*")).andReturn(externalGroups);
expect(populator.getLdapGroups("group2")).andReturn(Collections.singleton(externalGroup2));
@@ -517,7 +517,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeLdapGroups(createSet("x*",
"group2"), batchInfo);
+ LdapBatchDto result = populator.synchronizeLdapGroups(createSet("x*",
"group2"), batchInfo, false);
verifyGroupsInSet(result.getGroupsToBeCreated(),
Sets.newHashSet("xgroup1", "xgroup2"));
assertTrue(result.getGroupsToBeRemoved().isEmpty());
@@ -581,7 +581,7 @@ public class AmbariLdapDataPopulatorTest {
Set<LdapGroupDto> externalGroups = createSet(externalGroup1,
externalGroup2, externalGroup3, externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup),
EasyMock.anyObject(),
- EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
}
expect(populator.getLdapGroups("group*")).andReturn(externalGroups);
@@ -590,7 +590,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeLdapGroups(createSet("group*"),
batchInfo);
+ LdapBatchDto result = populator.synchronizeLdapGroups(createSet("group*"),
batchInfo, false);
verifyGroupsInSet(result.getGroupsToBecomeLdap(),
Sets.newHashSet("group1", "group4"));
assertTrue(result.getGroupsToBeCreated().isEmpty());
@@ -660,7 +660,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- populator.synchronizeLdapGroups(createSet("x*", "group1", "group2"),
batchInfo);
+ populator.synchronizeLdapGroups(createSet("x*", "group1", "group2"),
batchInfo, false);
}
@SuppressWarnings("unchecked")
@@ -716,7 +716,7 @@ public class AmbariLdapDataPopulatorTest {
Set<LdapGroupDto> externalGroups = createSet(externalGroup1,
externalGroup2, externalGroup3, externalGroup4);
for (LdapGroupDto externalGroup : externalGroups) {
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup),
EasyMock.anyObject(),
- EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
}
@@ -727,7 +727,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo);
+ LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo, false);
verifyGroupsInSet(result.getGroupsToBeRemoved(),
Sets.newHashSet("group2"));
verifyGroupsInSet(result.getGroupsToBecomeLdap(),
Sets.newHashSet("group3"));
@@ -777,7 +777,7 @@ public class AmbariLdapDataPopulatorTest {
Set<LdapGroupDto> externalGroups = createSet(externalGroup1,
externalGroup2);
for (LdapGroupDto externalGroup : externalGroups) {
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup),
EasyMock.anyObject(),
- EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
}
expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups);
@@ -787,7 +787,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo);
+ LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo, false);
verifyGroupsInSet(result.getGroupsToBeCreated(), Sets.newHashSet("group3",
"group4"));
assertTrue(result.getGroupsToBecomeLdap().isEmpty());
@@ -843,7 +843,7 @@ public class AmbariLdapDataPopulatorTest {
Set<LdapGroupDto> externalGroups = createSet(externalGroup1);
for (LdapGroupDto externalGroup : externalGroups) {
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup),
EasyMock.anyObject(),
- EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
}
expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups);
@@ -853,7 +853,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo);
+ LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo, false);
verifyGroupsInSet(result.getGroupsToBeRemoved(), Sets.newHashSet("group2",
"group4"));
assertTrue(result.getGroupsToBeCreated().isEmpty());
@@ -908,7 +908,7 @@ public class AmbariLdapDataPopulatorTest {
Set<LdapGroupDto> externalGroups = createSet(externalGroup1,
externalGroup2);
for (LdapGroupDto externalGroup : externalGroups) {
populator.refreshGroupMembers(eq(batchInfo), eq(externalGroup),
EasyMock.anyObject(),
- EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean());
+ EasyMock.anyObject(), EasyMock.anyObject(), anyBoolean(), eq(false));
expectLastCall();
}
expect(populator.getExternalLdapGroupInfo()).andReturn(externalGroups);
@@ -918,7 +918,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo);
+ LdapBatchDto result = populator.synchronizeAllLdapGroups(batchInfo, false);
verifyGroupsInSet(result.getGroupsToBecomeLdap(),
Sets.newHashSet("group2", "group3"));
assertTrue(result.getGroupsToBeCreated().isEmpty());
@@ -983,7 +983,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBeRemoved(),
Sets.newHashSet("synced_user1"));
verifyUsersInSet(result.getUsersToBeCreated(),
Sets.newHashSet("external_user1", "external_user2"));
@@ -1044,7 +1044,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto(), false);
verifyUsersInSet(result.getUsersSkipped(), Sets.newHashSet("local1",
"local2"));
assertTrue(result.getUsersToBeCreated().isEmpty());
@@ -1098,7 +1098,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBeCreated(), Sets.newHashSet("user3",
"user4"));
assertTrue(result.getUsersToBecomeLdap().isEmpty());
@@ -1150,7 +1150,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBeRemoved(), Sets.newHashSet("user3",
"user1"));
assertTrue(result.getUsersToBecomeLdap().isEmpty());
@@ -1210,7 +1210,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeAllLdapUsers(new
LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBecomeLdap(), Sets.newHashSet("user3"));
assertTrue(result.getUsersToBeRemoved().isEmpty());
@@ -1265,7 +1265,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeExistingLdapUsers(new
LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeExistingLdapUsers(new
LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBeRemoved(),
Sets.newHashSet("synced_user1"));
assertTrue(result.getUsersToBeCreated().isEmpty());
@@ -1332,7 +1332,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeLdapUsers(createSet("user1",
"user2", "xuser*"), new LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeLdapUsers(createSet("user1",
"user2", "xuser*"), new LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBeCreated(), Sets.newHashSet("xuser3",
"xuser4"));
verifyUsersInSet(result.getUsersToBecomeLdap(), Sets.newHashSet("user1"));
@@ -1396,7 +1396,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeLdapUsers(createSet("user2",
"xuser*"), new LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeLdapUsers(createSet("user2",
"xuser*"), new LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBeCreated(), Sets.newHashSet("xuser3",
"xuser4"));
assertTrue(result.getUsersToBecomeLdap().isEmpty());
@@ -1461,7 +1461,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- LdapBatchDto result = populator.synchronizeLdapUsers(createSet("user2",
"user1", "user6"), new LdapBatchDto());
+ LdapBatchDto result = populator.synchronizeLdapUsers(createSet("user2",
"user1", "user6"), new LdapBatchDto(), false);
verifyUsersInSet(result.getUsersToBecomeLdap(), Sets.newHashSet("user1",
"user6"));
assertTrue(result.getUsersToBeCreated().isEmpty());
@@ -1510,7 +1510,7 @@ public class AmbariLdapDataPopulatorTest {
populator.setLdapTemplate(ldapTemplate);
populator.setLdapServerProperties(ldapServerProperties);
- populator.synchronizeLdapUsers(createSet("user1", "user2", "xuser*"), new
LdapBatchDto());
+ populator.synchronizeLdapUsers(createSet("user1", "user2", "xuser*"), new
LdapBatchDto(), false);
}
@SuppressWarnings("unchecked")
@@ -1593,7 +1593,7 @@ public class AmbariLdapDataPopulatorTest {
Map<String, Group> internalGroups = new HashMap<>();
internalGroups.put("group2", group2);
- populator.refreshGroupMembers(batchInfo, externalGroup, internalUsers,
internalGroups, null, true);
+ populator.refreshGroupMembers(batchInfo, externalGroup, internalUsers,
internalGroups, null, true, false);
verifyMembershipInSet(batchInfo.getMembershipToAdd(),
Sets.newHashSet("user1", "user2", "user6"));
verifyMembershipInSet(batchInfo.getMembershipToRemove(),
Sets.newHashSet("user3", "user4"));
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/LdapPerformanceTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/LdapPerformanceTest.java
index 9e3f0e9..c9cc635 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/LdapPerformanceTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/LdapPerformanceTest.java
@@ -104,14 +104,14 @@ public class LdapPerformanceTest {
System.out.println("Data fetch: " + (System.currentTimeMillis() - time));
time = System.currentTimeMillis();
LdapBatchDto batchDto = new LdapBatchDto();
- populator.synchronizeLdapUsers(userNames, batchDto);
- populator.synchronizeLdapGroups(groupNames, batchDto);
+ populator.synchronizeLdapUsers(userNames, batchDto, false);
+ populator.synchronizeLdapGroups(groupNames, batchDto, false);
this.users.processLdapSync(batchDto);
System.out.println("Initial sync: " + (System.currentTimeMillis() - time));
time = System.currentTimeMillis();
batchDto = new LdapBatchDto();
- populator.synchronizeLdapUsers(userNames, batchDto);
- populator.synchronizeLdapGroups(groupNames, batchDto);
+ populator.synchronizeLdapUsers(userNames, batchDto, false);
+ populator.synchronizeLdapGroups(groupNames, batchDto, false);
this.users.processLdapSync(batchDto);
System.out.println("Subsequent sync: " + (System.currentTimeMillis() -
time));
}
diff --git a/ambari-server/src/test/python/TestAmbariServer.py
b/ambari-server/src/test/python/TestAmbariServer.py
index 2f4fbcb..b868471 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -7769,6 +7769,7 @@ class TestAmbariServer(TestCase):
options = self._create_empty_options_mock()
options.ldap_sync_all = True
options.ldap_sync_existing = False
+ options.ldap_sync_post_process_existing_users = False
sync_ldap(options)
@@ -7782,6 +7783,49 @@ class TestAmbariServer(TestCase):
self.assertTrue(response.read.called)
pass
+ @patch("urllib2.urlopen")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_ldap_enabled")
+ @patch("ambari_server.setupSecurity.is_server_runing")
+ @patch("ambari_server.setupSecurity.is_root")
+ @patch("ambari_server.setupSecurity.logger")
+ def test_ldap_sync_all_post_process_existing_users(self, logger_mock,
is_root_method, is_server_runing_mock, is_ldap_enabled_mock,
get_ambari_properties_mock,
+ get_validated_string_input_mock, urlopen_mock):
+
+ is_root_method.return_value = True
+ is_server_runing_mock.return_value = (True, 0)
+ is_ldap_enabled_mock.return_value = 'true'
+ properties = Properties()
+ properties.process_pair(CLIENT_API_PORT_PROPERTY, '8080')
+ get_ambari_properties_mock.return_value = properties
+ get_validated_string_input_mock.side_effect = ['admin', 'admin']
+
+ response = MagicMock()
+ response.getcode.side_effect = [201, 200, 200]
+ response.read.side_effect = ['{"resources" : [{"href" :
"http://c6401.ambari.apache.org:8080/api/v1/ldap_sync_events/16","Event"; :
{"id" : 16}}]}',
+ '{"Event":{"status" : "RUNNING","summary" :
{"groups" : {"created" : 0,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 0,"removed" : 0},"users" : {"created" : 0,"removed" : 0,"updated"
: 0}}}}',
+ '{"Event":{"status" : "COMPLETE","summary" :
{"groups" : {"created" : 1,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 5,"removed" : 0},"users" : {"created" : 5,"removed" : 0,"updated"
: 0}}}}']
+
+ urlopen_mock.return_value = response
+
+ options = self._create_empty_options_mock()
+ options.ldap_sync_all = True
+ options.ldap_sync_existing = False
+ options.ldap_sync_post_process_existing_users = True
+
+ sync_ldap(options)
+
+ url = '{0}://{1}:{2!s}{3}'.format('http', '127.0.0.1', '8080',
'/api/v1/ldap_sync_events')
+ request = urlopen_mock.call_args_list[0][0][0]
+
+ self.assertEquals(url, str(request.get_full_url()))
+ self.assertEquals('[{"Event": {"specs": [{"post_process_existing_users":
"true", "principal_type": "users", "sync_type": "all"},
{"post_process_existing_users": "true", "principal_type": "groups",
"sync_type": "all"}]}}]', request.data)
+
+ self.assertTrue(response.getcode.called)
+ self.assertTrue(response.read.called)
+ pass
+
@patch("__builtin__.open")
@patch("os.path.exists")
@patch("urllib2.urlopen")
@@ -7817,6 +7861,7 @@ class TestAmbariServer(TestCase):
options.ldap_sync_existing = False
options.ldap_sync_users = 'users.txt'
options.ldap_sync_groups = None
+ options.ldap_sync_post_process_existing_users = False
sync_ldap(options)
@@ -7837,6 +7882,53 @@ class TestAmbariServer(TestCase):
@patch("ambari_server.setupSecurity.is_server_runing")
@patch("ambari_server.setupSecurity.is_root")
@patch("ambari_server.setupSecurity.logger")
+ def test_ldap_sync_users_post_process_existing_users(self, logger_mock,
is_root_method, is_server_runing_mock, is_ldap_enabled_mock,
get_ambari_properties_mock,
+ get_validated_string_input_mock, urlopen_mock,
os_path_exists_mock, open_mock):
+
+ os_path_exists_mock.return_value = 1
+ f = MagicMock()
+ f.__enter__().read.return_value = "bob, tom"
+
+ open_mock.return_value = f
+ is_root_method.return_value = True
+ is_server_runing_mock.return_value = (True, 0)
+ is_ldap_enabled_mock.return_value = 'true'
+ get_validated_string_input_mock.side_effect = ['admin', 'admin']
+
+ response = MagicMock()
+ response.getcode.side_effect = [201, 200, 200]
+ response.read.side_effect = ['{"resources" : [{"href" :
"http://c6401.ambari.apache.org:8080/api/v1/ldap_sync_events/16","Event"; :
{"id" : 16}}]}',
+ '{"Event":{"status" : "RUNNING","summary" :
{"groups" : {"created" : 0,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 0,"removed" : 0},"users" : {"created" : 0,"removed" : 0,"updated"
: 0}}}}',
+ '{"Event":{"status" : "COMPLETE","summary" :
{"groups" : {"created" : 1,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 5,"removed" : 0},"users" : {"created" : 5,"removed" : 0,"updated"
: 0}}}}']
+
+ urlopen_mock.return_value = response
+
+ options = self._create_empty_options_mock()
+ options.ldap_sync_all = False
+ options.ldap_sync_existing = False
+ options.ldap_sync_users = 'users.txt'
+ options.ldap_sync_groups = None
+ options.ldap_sync_post_process_existing_users = True
+
+ sync_ldap(options)
+
+ request = urlopen_mock.call_args_list[0][0][0]
+
+ self.assertEquals('[{"Event": {"specs": [{"post_process_existing_users":
"true", "principal_type": "users", "sync_type": "specific", "names": "bob,
tom"}]}}]', request.data)
+
+ self.assertTrue(response.getcode.called)
+ self.assertTrue(response.read.called)
+ pass
+
+ @patch("__builtin__.open")
+ @patch("os.path.exists")
+ @patch("urllib2.urlopen")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_ldap_enabled")
+ @patch("ambari_server.setupSecurity.is_server_runing")
+ @patch("ambari_server.setupSecurity.is_root")
+ @patch("ambari_server.setupSecurity.logger")
def test_ldap_sync_groups(self, logger_mock, is_root_method,
is_server_runing_mock, is_ldap_enabled_mock, get_ambari_properties_mock,
get_validated_string_input_mock, urlopen_mock,
os_path_exists_mock, open_mock):
@@ -7863,6 +7955,7 @@ class TestAmbariServer(TestCase):
options.ldap_sync_existing = False
options.ldap_sync_users = None
options.ldap_sync_groups = 'groups.txt'
+ options.ldap_sync_post_process_existing_users = False
sync_ldap(options)
@@ -7874,6 +7967,53 @@ class TestAmbariServer(TestCase):
self.assertTrue(response.read.called)
pass
+ @patch("__builtin__.open")
+ @patch("os.path.exists")
+ @patch("urllib2.urlopen")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_ldap_enabled")
+ @patch("ambari_server.setupSecurity.is_server_runing")
+ @patch("ambari_server.setupSecurity.is_root")
+ @patch("ambari_server.setupSecurity.logger")
+ def test_ldap_sync_groups_post_process_existing_users(self, logger_mock,
is_root_method, is_server_runing_mock, is_ldap_enabled_mock,
get_ambari_properties_mock,
+ get_validated_string_input_mock, urlopen_mock,
os_path_exists_mock, open_mock):
+
+ os_path_exists_mock.return_value = 1
+ f = MagicMock()
+ f.__enter__().read.return_value = "group1, group2"
+
+ open_mock.return_value = f
+ is_root_method.return_value = True
+ is_server_runing_mock.return_value = (True, 0)
+ is_ldap_enabled_mock.return_value = 'true'
+ get_validated_string_input_mock.side_effect = ['admin', 'admin']
+
+ response = MagicMock()
+ response.getcode.side_effect = [201, 200, 200]
+ response.read.side_effect = ['{"resources" : [{"href" :
"http://c6401.ambari.apache.org:8080/api/v1/ldap_sync_events/16","Event"; :
{"id" : 16}}]}',
+ '{"Event":{"status" : "RUNNING","summary" :
{"groups" : {"created" : 0,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 0,"removed" : 0},"users" : {"created" : 0,"removed" : 0,"updated"
: 0}}}}',
+ '{"Event":{"status" : "COMPLETE","summary" :
{"groups" : {"created" : 1,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 5,"removed" : 0},"users" : {"created" : 5,"removed" : 0,"updated"
: 0}}}}']
+
+ urlopen_mock.return_value = response
+
+ options = self._create_empty_options_mock()
+ options.ldap_sync_all = False
+ options.ldap_sync_existing = False
+ options.ldap_sync_users = None
+ options.ldap_sync_groups = 'groups.txt'
+ options.ldap_sync_post_process_existing_users = True
+
+ sync_ldap(options)
+
+ request = urlopen_mock.call_args_list[0][0][0]
+
+ self.assertEquals('[{"Event": {"specs": [{"post_process_existing_users":
"true", "principal_type": "groups", "sync_type": "specific", "names": "group1,
group2"}]}}]', request.data)
+
+ self.assertTrue(response.getcode.called)
+ self.assertTrue(response.read.called)
+ pass
+
@patch("urllib2.urlopen")
@patch("ambari_server.setupSecurity.get_validated_string_input")
@patch("ambari_server.setupSecurity.get_ambari_properties")
@@ -7948,9 +8088,55 @@ class TestAmbariServer(TestCase):
options.ldap_sync_existing = True
options.ldap_sync_users = None
options.ldap_sync_groups = None
+ options.ldap_sync_post_process_existing_users = False
+
+ sync_ldap(options)
+
+ request = urlopen_mock.call_args_list[0][0][0]
+
+ self.assertEquals('[{"Event": {"specs": [{"principal_type": "users",
"sync_type": "existing"}, {"principal_type": "groups", "sync_type":
"existing"}]}}]', request.data)
+
+ self.assertTrue(response.getcode.called)
+ self.assertTrue(response.read.called)
+ pass
+
+ @patch("urllib2.urlopen")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_ldap_enabled")
+ @patch("ambari_server.setupSecurity.is_server_runing")
+ @patch("ambari_server.setupSecurity.is_root")
+ @patch("ambari_server.setupSecurity.logger")
+ def test_ldap_sync_existing_post_process_existing_users(self, logger_mock,
is_root_method, is_server_runing_mock, is_ldap_enabled_mock,
get_ambari_properties_mock,
+ get_validated_string_input_mock, urlopen_mock):
+
+ is_root_method.return_value = True
+ is_server_runing_mock.return_value = (True, 0)
+ is_ldap_enabled_mock.return_value = 'true'
+ get_ambari_properties_mock.return_value = Properties()
+ get_validated_string_input_mock.side_effect = ['admin', 'admin']
+
+ response = MagicMock()
+ response.getcode.side_effect = [201, 200, 200]
+ response.read.side_effect = ['{"resources" : [{"href" :
"http://c6401.ambari.apache.org:8080/api/v1/ldap_sync_events/16","Event"; :
{"id" : 16}}]}',
+ '{"Event":{"status" : "RUNNING","summary" :
{"groups" : {"created" : 0,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 0,"removed" : 0},"users" : {"created" : 0,"removed" : 0,"updated"
: 0}}}}',
+ '{"Event":{"status" : "COMPLETE","summary" :
{"groups" : {"created" : 1,"removed" : 0,"updated" : 0},"memberships" :
{"created" : 5,"removed" : 0},"users" : {"created" : 5,"removed" : 0,"updated"
: 0}}}}']
+
+ urlopen_mock.return_value = response
+
+ options = self._create_empty_options_mock()
+ options.ldap_sync_all = False
+ options.ldap_sync_existing = True
+ options.ldap_sync_users = None
+ options.ldap_sync_groups = None
+ options.ldap_sync_post_process_existing_users = True
sync_ldap(options)
+ request = urlopen_mock.call_args_list[0][0][0]
+
+ self.assertEquals('[{"Event": {"specs": [{"post_process_existing_users":
"true", "principal_type": "users", "sync_type": "existing"},
{"post_process_existing_users": "true", "principal_type": "groups",
"sync_type": "existing"}]}}]', request.data)
+
self.assertTrue(response.getcode.called)
self.assertTrue(response.read.called)
pass
