----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/60861/#review181054 -----------------------------------------------------------
Ship it! Ship It! - Sebastian Toader On July 17, 2017, 1:44 p.m., Attila Magyar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/60861/ > ----------------------------------------------------------- > > (Updated July 17, 2017, 1:44 p.m.) > > > Review request for Ambari, Laszlo Puskas, Robert Levas, and Sebastian Toader. > > > Bugs: AMBARI-21418 > https://issues.apache.org/jira/browse/AMBARI-21418 > > > Repository: ambari > > > Description > ------- > > When auth to local rules are rebuilt (add new service to kerberized cluster, > regenerate keytab, enable kerberos) ambari strips down the /L suffix from the > rules that were added by the user. > > The desired behaviour is the following: > 1. Ambari shouldn't touch the custom rules that were added by the user > 2. Ambari is allowed to regenerate and modify the ambari managed rule based > on the case_insensitive_username_rules > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java > 1d4abdd > > ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java > c08247d > > > Diff: https://reviews.apache.org/r/60861/diff/1/ > > > Testing > ------- > > Tested the following scenarios: > 1. > - added a custom rule with /L flag: > RULE:\[1:$1@$0\]\(.*@HDP01.LOCAL\)s/.\*/ambari-qa//L > - rebuilt auth to local rules > - check that the custom rule is still there and it still has the /L suffix, > and no other rules are changed > 2. > - set case_insensitive_username_rules = false > - added a /L suffix to an ambari managed rule > - rebuilt auth to local rules > - checked that the ambari managed rule has no /L suffix > 3. > - set case_insensitive_username_rules = true > - removed the /L suffix from the ambari managed rule > - rebuilt auth to local rules > - checked that the ambari managed rule has the /L suffix > 4. > - set case_insensitive_username_rules = false > - rebuilt auth to local rules > - set case_insensitive_username_rules = true > - rebuilt auth to local rules > - checked that /L suffix was added to the ambari managed rule > > existing tests: > > Results : > Tests run: 4813, Failures: 0, Errors: 0, Skipped: 35 > ---------------------------------------------------------------------- > Total run:1145 > Total errors:0 > Total failures:0 > OK > > > Thanks, > > Attila Magyar > >
