[jira] [Commented] (AMBARI-25062) Optionally execute the post user creation hook on existing users during LDAP sync

Tue, 26 Feb 2019 09:54:43 -0800 


    [ 
https://issues.apache.org/jira/browse/AMBARI-25062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16778349#comment-16778349
 ] 

Hudson commented on AMBARI-25062:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #10471 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/10471/])
[AMBARI-25062] Optionally execute the post user creation hook on 
(vishalsuvagia: 
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=f937d5cacd0be7fb9d95ddd095f472d3d6c87669])
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulator.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntityTest.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/orm/entities/LdapSyncEventEntityTest.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/orm/entities/LdapSyncSpecEntity.java
* (edit) ambari-server/src/main/python/ambari-server.py
* (edit) ambari-server/src/main/python/ambari_server/setupSecurity.py
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/LdapPerformanceTest.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/LdapSyncRequest.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/controller/LdapSyncRequestTest.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/internal/LdapSyncEventResourceProvider.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
* (edit) ambari-server/src/test/python/TestAmbariServer.py
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/security/ldap/LdapBatchDto.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java


> Optionally execute the post user creation hook on existing users during LDAP 
> sync
> ---------------------------------------------------------------------------------
>
>                 Key: AMBARI-25062
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25062
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.8.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 2.8.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Optionally execute the post user creation hook on existing users during LDAP 
> sync. 
> The post user creation hook is executed on users when created or imported 
> into Ambari.  This hook is executed given the following criteria is met:
> # The post user creation hook is enabled (ambari.properties - 
> {{ambari.post.user.creation.hook.enabled = true}}, default: {{false}})
> # The post user creation hook is set and available (ambari.properties - 
> {{ambari.post.user.creation.hook = <path to script>}}, default: 
> {{/var/lib/ambari-server/resources/scripts/post-user-creation-hook.sh}})
> # HDFS is installed and running.
> It is possible to have executed the LDAP sync process before all of the 
> criteria has been met.  Therefore, it would be beneficial to trigger the post 
> user creation hook to be executed on these users when the criteria has been 
> met. 
> To do this, an optional property should be set on the LDAP sync request - 
> {{post_process_existing_users}}.  The {{post_process_existing_users}} 
> property is part of a "spec" object and should be set to either "true" or 
> "false", if set at all.  If set to "true", the post user creation hook will 
> be executed on all user's that come back from the LDAP query that also exist 
> in the Ambari database as LDAP users. 
> Example REST API calls:
> {noformat:title=Sync All Users and Groups}
> POST /api/v1/ldap_sync_events
> [
>   {
>     "Event": {
>       "specs": [
>         {
>           "principal_type": "users",
>           "sync_type": "all",
>           "post_process_existing_users" : "true"
>         },
>         {
>           "principal_type": "groups",
>           "sync_type": "all",
>           "post_process_existing_users" : "true"
>         }
>       ]
>     }
>   }
> ]
> {noformat}
> {noformat:title=Sync Specific Users}
> POST /api/v1/ldap_sync_events
> [
>   {
>     "Event": {
>       "specs": [
>         {
>           "principal_type": "users",
>           "sync_type": "specific",
>           "names" : "user1, user2, user3",
>           "post_process_existing_users" : "true"
>         }
>       ]
>     }
>   }
> ]
> {noformat}
> {noformat:title=Sync Specific Groups}
> POST /api/v1/ldap_sync_events
> [
>   {
>     "Event": {
>       "specs": [
>         {
>           "principal_type": "groups",
>           "sync_type": "specific",
>           "names" : "hadoop_users, hadoop_admins",
>           "post_process_existing_users" : "true"
>         }
>       ]
>     }
>   }
> ]
> {noformat}
> Using the Ambari sync-ldap CLI, an optional argument named 
> "--post-process-existing-users" may be added to enable this feature.
> Example CLI calls:
> {noformat:title=Sync All Users and Groups}
> ambari-server sync-ldap --all --post-process-existing-users
> {noformat}
> {noformat:title=Sync Specific Users}
> ambari-server sync-ldap --users users.txt --post-process-existing-users
> {noformat}
> {noformat:title=Sync Specific Groups}
> ambari-server sync-ldap --groups groups.txt --post-process-existing-users
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to