KNOX-1215 - Hadoop Group Lookup Provider Config Wizard
Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/a587795d Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/a587795d Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/a587795d Branch: refs/heads/master Commit: a587795d455df1a9c3b1d8d0ef2a23f965dd2127 Parents: c8a58d3 Author: Phil Zampino <[email protected]> Authored: Thu Mar 22 08:36:16 2018 -0400 Committer: Phil Zampino <[email protected]> Committed: Thu Mar 29 09:50:53 2018 -0400 ---------------------------------------------------------------------- .../grouplookup-id-assertion-provider-config.ts | 104 ++++++++++++++++++- .../identity-assertion-wizard.ts | 2 +- .../applications/admin-ui/app/index.html | 2 +- .../app/inline.28a8d98092b6bd6d51ba.bundle.js | 1 + .../app/inline.5922232c90debf8486c1.bundle.js | 1 - .../app/main.631c768090fd2016d0d1.bundle.js | 1 + .../app/main.a6b3f9152a52845c9e6c.bundle.js | 1 - 7 files changed, 105 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts ---------------------------------------------------------------------- diff --git a/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts b/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts index 6562f26..a4aaeb1 100644 --- a/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts +++ b/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts @@ -16,20 +16,48 @@ */ import {IdentityAssertionProviderConfig} from "./identity-assertion-provider-config"; +import {ValidationUtils} from "../utils/validation-utils"; export class GroupLookupAssertionProviderConfig extends IdentityAssertionProviderConfig { - static TODO = 'ToDo'; // TODO: PJZ: Actual properties for + private static GROUP_MAPPING: string = 'Group Mapping'; + private static URL: string = 'LDAP URL'; + private static BIND_USER: string = 'Bind User'; + private static BIND_PWD: string = 'Bind Password'; + private static USER_SEARCH_FILTER: string = 'User Search Filter'; + private static USER_BASE: string = 'User Search Base'; + private static GROUP_SEARCH_FILTER: string = 'Group Search Filter'; + private static MEMBER_SEARCH_ATTR: string = 'Group Member Attribute'; + private static GROUP_SEARCH_ATTR: string = 'Group Name Attribute'; - private static displayPropertyNames = [ GroupLookupAssertionProviderConfig.TODO ]; + + private static displayPropertyNames = [ GroupLookupAssertionProviderConfig.URL, + GroupLookupAssertionProviderConfig.BIND_USER, + GroupLookupAssertionProviderConfig.BIND_PWD, + GroupLookupAssertionProviderConfig.USER_BASE, + GroupLookupAssertionProviderConfig.USER_SEARCH_FILTER, + GroupLookupAssertionProviderConfig.GROUP_SEARCH_FILTER, + GroupLookupAssertionProviderConfig.MEMBER_SEARCH_ATTR, + GroupLookupAssertionProviderConfig.GROUP_SEARCH_ATTR + ]; private static displayPropertyNameBindings: Map<string, string> = new Map([ - [GroupLookupAssertionProviderConfig.TODO, 'todo'] + [GroupLookupAssertionProviderConfig.GROUP_MAPPING, 'hadoop.security.group.mapping'], + [GroupLookupAssertionProviderConfig.BIND_USER, 'hadoop.security.group.mapping.ldap.bind.user'], + [GroupLookupAssertionProviderConfig.BIND_PWD, 'hadoop.security.group.mapping.ldap.bind.password'], + [GroupLookupAssertionProviderConfig.URL, 'hadoop.security.group.mapping.ldap.url'], + [GroupLookupAssertionProviderConfig.USER_BASE, 'hadoop.security.group.mapping.ldap.base'], + [GroupLookupAssertionProviderConfig.USER_SEARCH_FILTER, 'hadoop.security.group.mapping.ldap.search.filter.user'], + [GroupLookupAssertionProviderConfig.GROUP_SEARCH_FILTER, 'hadoop.security.group.mapping.ldap.search.filter.group'], + [GroupLookupAssertionProviderConfig.MEMBER_SEARCH_ATTR, 'hadoop.security.group.mapping.ldap.search.attr.member'], + [GroupLookupAssertionProviderConfig.GROUP_SEARCH_ATTR, 'hadoop.security.group.mapping.ldap.search.attr.group.name'] ]); constructor() { super('HadoopGroupProvider'); + this.setParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.GROUP_MAPPING), + 'org.apache.hadoop.security.LdapGroupsMapping'); } getDisplayPropertyNames(): string[] { @@ -40,4 +68,74 @@ export class GroupLookupAssertionProviderConfig extends IdentityAssertionProvide return GroupLookupAssertionProviderConfig.displayPropertyNameBindings.get(name); } + isPasswordParam(name: string): boolean { + return (name === GroupLookupAssertionProviderConfig.BIND_PWD); + } + + isValidParamValue(paramName: string): boolean { + let isValid: boolean; + + switch (paramName) { + case GroupLookupAssertionProviderConfig.BIND_USER: + isValid = this.isBindUserValid(); + break; + case GroupLookupAssertionProviderConfig.URL: + isValid = this.isLdapURLValid(); + break; + case GroupLookupAssertionProviderConfig.BIND_PWD: + case GroupLookupAssertionProviderConfig.USER_BASE: + case GroupLookupAssertionProviderConfig.USER_SEARCH_FILTER: + case GroupLookupAssertionProviderConfig.GROUP_SEARCH_FILTER: + case GroupLookupAssertionProviderConfig.MEMBER_SEARCH_ATTR: + case GroupLookupAssertionProviderConfig.GROUP_SEARCH_ATTR: + default: + isValid = true; + } + + return isValid; + } + + private isBindUserValid(): boolean { + let isValid: boolean = true; + + let url = this.getParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.BIND_USER)); + if (url) { + isValid = ValidationUtils.isValidDNTemplate(url); + if (!isValid) { + console.debug(GroupLookupAssertionProviderConfig.BIND_USER + ' value is not a valid DN'); + } + } + + return isValid; + } + + private isLdapURLValid(): boolean { + let isValid: boolean = true; + + let url = this.getParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.URL)); + if (url) { + isValid = ValidationUtils.isValidLdapURL(url); + if (!isValid) { + console.debug(GroupLookupAssertionProviderConfig.URL+ ' value is not valid.'); + } + } else { + isValid = false; // URL must be specified + } + + return isValid; + } + + private isDnTemplateValid(): boolean { + let isValid: boolean = true; + + let dnTemplate = this.getParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.BIND_USER)); + if (dnTemplate) { + isValid = ValidationUtils.isValidDNTemplate(dnTemplate); + if (!isValid) { + console.debug(GroupLookupAssertionProviderConfig.BIND_USER + ' value is not valid.'); + } + } + return isValid; + } + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts ---------------------------------------------------------------------- diff --git a/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts b/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts index 95970a0..c704472 100644 --- a/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts +++ b/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts @@ -32,7 +32,7 @@ export class IdentityAssertionWizard extends CategoryWizard { private static CONCAT: string = 'Concatenation'; private static SWITCHCASE: string = 'SwitchCase'; private static REGEXP: string = 'Regular Expression'; - private static GROUP_LOOKUP: string = 'Group Lookup'; + private static GROUP_LOOKUP: string = 'Hadoop Group Lookup (LDAP)'; private static assertionTypes: string[] = [ IdentityAssertionWizard.DEFAULT, IdentityAssertionWizard.CONCAT, http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-applications/src/main/resources/applications/admin-ui/app/index.html ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/index.html b/gateway-applications/src/main/resources/applications/admin-ui/app/index.html index e482f6e..1e51bc4 100644 --- a/gateway-applications/src/main/resources/applications/admin-ui/app/index.html +++ b/gateway-applications/src/main/resources/applications/admin-ui/app/index.html @@ -11,4 +11,4 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ---><!doctype html><html><head><meta charset="utf-8"><title>Apache Knox Manager</title><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" type="image/x-icon" href="favicon.ico"><meta name="viewport" content="width=device-width,initial-scale=1"><!-- Latest compiled and minified CSS --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"; integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"><!-- Optional theme --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css"; integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"><!-- Custom styles for this template --><link href="assets/sticky-footer.css" rel="stylesheet"><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js";></script><!-- Latest compiled and minified JavaScript --><scr ipt src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"; integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script><script src="assets/vkbeautify.js"></script><link href="styles.2ee5b7f4cd59a6cf015e.bundle.css" rel="stylesheet"/></head><body><div class="navbar-wrapper"><div class="container-fluid"><nav class="navbar navbar-inverse navbar-static-top"><div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span></button> <a class="navbar-brand" href="#"><img style="max-width:200px; margin-top: -9px;" src="assets/knox-logo-transparent.gif" alt="Apache Knox Manager"></a></div></div></nav></div><!-- Content --><resource-management></res ource-management><footer class="footer"><div class="container-fluid"><div>Knox Manager Version 0.1.0</div><gateway-version></gateway-version></div></footer><script type="text/javascript" src="inline.5922232c90debf8486c1.bundle.js"></script><script type="text/javascript" src="scripts.c50bb762c438ae0f8842.bundle.js"></script><script type="text/javascript" src="main.a6b3f9152a52845c9e6c.bundle.js"></script></div></body></html> \ No newline at end of file +--><!doctype html><html><head><meta charset="utf-8"><title>Apache Knox Manager</title><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" type="image/x-icon" href="favicon.ico"><meta name="viewport" content="width=device-width,initial-scale=1"><!-- Latest compiled and minified CSS --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"; integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"><!-- Optional theme --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css"; integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"><!-- Custom styles for this template --><link href="assets/sticky-footer.css" rel="stylesheet"><script src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js";></script><!-- Latest compiled and minified JavaScript --><scr ipt src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"; integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script><script src="assets/vkbeautify.js"></script><link href="styles.2ee5b7f4cd59a6cf015e.bundle.css" rel="stylesheet"/></head><body><div class="navbar-wrapper"><div class="container-fluid"><nav class="navbar navbar-inverse navbar-static-top"><div class="container-fluid"><div class="navbar-header"><button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span></button> <a class="navbar-brand" href="#"><img style="max-width:200px; margin-top: -9px;" src="assets/knox-logo-transparent.gif" alt="Apache Knox Manager"></a></div></div></nav></div><!-- Content --><resource-management></res ource-management><footer class="footer"><div class="container-fluid"><div>Knox Manager Version 0.1.0</div><gateway-version></gateway-version></div></footer><script type="text/javascript" src="inline.28a8d98092b6bd6d51ba.bundle.js"></script><script type="text/javascript" src="scripts.c50bb762c438ae0f8842.bundle.js"></script><script type="text/javascript" src="main.631c768090fd2016d0d1.bundle.js"></script></div></body></html> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js new file mode 100644 index 0000000..b1de9f0 --- /dev/null +++ b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js @@ -0,0 +1 @@ +!function(e){var n=window.webpackJsonp;window.webpackJsonp=function(r,c,u){for(var a,i,f,l=0,s=[];l<r.length;l++)t[i=r[l]]&&s.push(t[i][0]),t[i]=0;for(a in c)Object.prototype.hasOwnProperty.call(c,a)&&(e[a]=c[a]);for(n&&n(r,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=o(o.s=u[l]);return f};var r={},t={2:0};function o(n){if(r[n])return r[n].exports;var t=r[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.e=function(e){var n=t[e];if(0===n)return new Promise(function(e){e()});if(n)return n[2];var r=new Promise(function(r,o){n=t[e]=[r,o]});n[2]=r;var c=document.getElementsByTagName("head")[0],u=document.createElement("script");u.type="text/javascript",u.charset="utf-8",u.async=!0,u.timeout=12e4,o.nc&&u.setAttribute("nonce",o.nc),u.src=o.p+""+e+"."+{0:"631c768090fd2016d0d1",1:"aed76669724804835353"}[e]+".chunk.js";var a=setTimeout(i,12e4);function i(){u.onerror=u.onload=null,clearTimeout(a);var n=t[e];0!==n&&(n&&n[1](new Error("Loading chu nk "+e+" failed.")),t[e]=void 0)}return u.onerror=u.onload=i,c.appendChild(u),r},o.m=e,o.c=r,o.d=function(e,n,r){o.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},o.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(n,"a",n),n},o.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},o.p="",o.oe=function(e){throw console.error(e),e}}([]); \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js deleted file mode 100644 index 7f97753..0000000 --- a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js +++ /dev/null @@ -1 +0,0 @@ -!function(e){var n=window.webpackJsonp;window.webpackJsonp=function(r,c,a){for(var u,i,f,l=0,s=[];l<r.length;l++)t[i=r[l]]&&s.push(t[i][0]),t[i]=0;for(u in c)Object.prototype.hasOwnProperty.call(c,u)&&(e[u]=c[u]);for(n&&n(r,c,a);s.length;)s.shift()();if(a)for(l=0;l<a.length;l++)f=o(o.s=a[l]);return f};var r={},t={2:0};function o(n){if(r[n])return r[n].exports;var t=r[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.e=function(e){var n=t[e];if(0===n)return new Promise(function(e){e()});if(n)return n[2];var r=new Promise(function(r,o){n=t[e]=[r,o]});n[2]=r;var c=document.getElementsByTagName("head")[0],a=document.createElement("script");a.type="text/javascript",a.charset="utf-8",a.async=!0,a.timeout=12e4,o.nc&&a.setAttribute("nonce",o.nc),a.src=o.p+""+e+"."+{0:"a6b3f9152a52845c9e6c",1:"aed76669724804835353"}[e]+".chunk.js";var u=setTimeout(i,12e4);function i(){a.onerror=a.onload=null,clearTimeout(u);var n=t[e];0!==n&&(n&&n[1](new Error("Loading chu nk "+e+" failed.")),t[e]=void 0)}return a.onerror=a.onload=i,c.appendChild(a),r},o.m=e,o.c=r,o.d=function(e,n,r){o.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},o.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(n,"a",n),n},o.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},o.p="",o.oe=function(e){throw console.error(e),e}}([]); \ No newline at end of file
