-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/60861/
-----------------------------------------------------------
Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader.
Bugs: AMBARI-21418
https://issues.apache.org/jira/browse/AMBARI-21418
Repository: ambari
Description
-------
When auth to local rules are rebuilt (add new service to kerberized cluster,
regenerate keytab, enable kerberos) ambari strips down the /L suffix from the
rules that were added by the user.
The desired behaviour is the following:
1. Ambari shouldn't touch the custom rules that were added by the user
2. Ambari is allowed to regenerate and modify the ambari managed rule based on
the case_insensitive_username_rules
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
1d4abdd
ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java
c08247d
Diff: https://reviews.apache.org/r/60861/diff/1/
Testing
-------
Tested the following scenarios:
1.
- added a custom rule with /L flag:
RULE:[1:$1@$0](.*@HDP01.LOCAL)s/.*/ambari-qa//L
- rebuilt auth to local rules
- check that the custom rule is still there and it still has the /L suffix,
and no other rules are changed
2.
- set case_insensitive_username_rules = false
- added a /L suffix to an ambari managed rule
- rebuilt auth to local rules
- checked that the ambari managed rule has no /L suffix
3.
- set case_insensitive_username_rules = true
- removed the /L suffix from the ambari managed rule
- rebuilt auth to local rules
- checked that the ambari managed rule has the /L suffix
4.
- set case_insensitive_username_rules = false
- rebuilt auth to local rules
- set case_insensitive_username_rules = true
- rebuilt auth to local rules
- checked that /L suffix was added to the ambari managed rule
existing tests: PENDING
Thanks,
Attila Magyar
