ambari git commit: AMBARI-17014. Service admin and cluster operator can't modify service configs through API (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 041d89f2e -> 5aa9880b1
AMBARI-17014. Service admin and cluster operator can't modify service configs
through API (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5aa9880b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5aa9880b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5aa9880b
Branch: refs/heads/trunk
Commit: 5aa9880b13f9e54d1a85b79b2eec4c6822699740
Parents: 041d89f
Author: Robert Levas
Authored: Fri Jun 3 09:47:11 2016 -0400
Committer: Robert Levas
Committed: Fri Jun 3 09:47:11 2016 -0400
--
.../AmbariAuthorizationFilter.java | 2 ++
.../AmbariAuthorizationFilterTest.java | 20
2 files changed, 22 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/5aa9880b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index eeb1a8b..2b9f304 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -78,6 +78,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_CLUSTER_SERVICES_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/services.*";
private static final String API_CLUSTER_ALERT_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/alert.*";
private static final String API_CLUSTER_HOSTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/hosts.*";
+ private static final String API_CLUSTER_CONFIGURATIONS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/configurations.*";
private static final String API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/host_components.*";
private static final String API_STACK_VERSIONS_PATTERN = API_VERSION_PREFIX
+ "/stacks/.*?/versions/.*";
private static final String API_HOSTS_ALL_PATTERN = API_VERSION_PREFIX +
"/hosts.*";
@@ -307,6 +308,7 @@ public class AmbariAuthorizationFilter implements Filter {
requestURI.matches(VIEWS_CONTEXT_PATH_PATTERN) ||
requestURI.matches(API_WIDGET_LAYOUTS_PATTERN) ||
requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) ||
+requestURI.matches(API_CLUSTER_CONFIGURATIONS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN) ||
requestURI.matches(API_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_ALERT_TARGETS_ALL_PATTERN) ||
http://git-wip-us.apache.org/repos/asf/ambari/blob/5aa9880b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index ff47ac2..96b2cfb 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -79,6 +79,10 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT",
true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET",
true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential",
"DELETE", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "DELETE", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET",
true);
@@ -112,6 +1
ambari git commit: AMBARI-17014. Service admin and cluster operator can't modify service configs through API (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 d8355e62f -> 1c8b14604
AMBARI-17014. Service admin and cluster operator can't modify service configs
through API (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/1c8b1460
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/1c8b1460
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/1c8b1460
Branch: refs/heads/branch-2.4
Commit: 1c8b146040c277ff2cda26c36ce146b3b01dc07f
Parents: d8355e6
Author: Robert Levas
Authored: Fri Jun 3 09:48:05 2016 -0400
Committer: Robert Levas
Committed: Fri Jun 3 09:48:05 2016 -0400
--
.../AmbariAuthorizationFilter.java | 2 ++
.../AmbariAuthorizationFilterTest.java | 20
2 files changed, 22 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/1c8b1460/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index eeb1a8b..2b9f304 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -78,6 +78,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_CLUSTER_SERVICES_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/services.*";
private static final String API_CLUSTER_ALERT_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/alert.*";
private static final String API_CLUSTER_HOSTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/hosts.*";
+ private static final String API_CLUSTER_CONFIGURATIONS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/configurations.*";
private static final String API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/host_components.*";
private static final String API_STACK_VERSIONS_PATTERN = API_VERSION_PREFIX
+ "/stacks/.*?/versions/.*";
private static final String API_HOSTS_ALL_PATTERN = API_VERSION_PREFIX +
"/hosts.*";
@@ -307,6 +308,7 @@ public class AmbariAuthorizationFilter implements Filter {
requestURI.matches(VIEWS_CONTEXT_PATH_PATTERN) ||
requestURI.matches(API_WIDGET_LAYOUTS_PATTERN) ||
requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) ||
+requestURI.matches(API_CLUSTER_CONFIGURATIONS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN) ||
requestURI.matches(API_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_ALERT_TARGETS_ALL_PATTERN) ||
http://git-wip-us.apache.org/repos/asf/ambari/blob/1c8b1460/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index ff47ac2..96b2cfb 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -79,6 +79,10 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT",
true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET",
true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential",
"DELETE", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
+urlTests.put("/api/v1/clusters/c1/configurations", "DELETE", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET",
true);
@@ -112,6 +1
ambari git commit: AMBARI-17029. Cluster operator and ServiceAdministrator not allowed to create config group (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 3b8111f3a -> 2c08fa6b6
AMBARI-17029. Cluster operator and ServiceAdministrator not allowed to create
config group (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2c08fa6b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2c08fa6b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2c08fa6b
Branch: refs/heads/trunk
Commit: 2c08fa6b6db6fe18238311461ab928f7e8f23934
Parents: 3b8111f
Author: Robert Levas
Authored: Sat Jun 4 06:43:41 2016 -0400
Committer: Robert Levas
Committed: Sat Jun 4 06:43:49 2016 -0400
--
...usterKerberosDescriptorResourceProvider.java | 5 +-
.../AmbariAuthorizationFilter.java | 2 +
...rKerberosDescriptorResourceProviderTest.java | 53 +-
.../ConfigGroupResourceProviderTest.java| 184 +--
.../security/TestAuthenticationFactory.java | 2 +
.../AmbariAuthorizationFilterTest.java | 20 ++
6 files changed, 250 insertions(+), 16 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
index 6fe29db..1f5d1d8 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
@@ -77,7 +77,10 @@ public class ClusterKerberosDescriptorResourceProvider
extends ReadOnlyResourceP
private static final Set PROPERTY_IDS;
private static final Map KEY_PROPERTY_IDS;
- private static final Set REQUIRED_GET_AUTHORIZATIONS =
EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS);
+ private static final Set REQUIRED_GET_AUTHORIZATIONS =
EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS,
+ RoleAuthorization.CLUSTER_VIEW_CONFIGS,
+ RoleAuthorization.HOST_VIEW_CONFIGS,
+ RoleAuthorization.SERVICE_VIEW_CONFIGS);
static {
Set set;
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 2b9f304..922a215 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -80,6 +80,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_CLUSTER_HOSTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/hosts.*";
private static final String API_CLUSTER_CONFIGURATIONS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/configurations.*";
private static final String API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/host_components.*";
+ private static final String API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/config_groups.*";
private static final String API_STACK_VERSIONS_PATTERN = API_VERSION_PREFIX
+ "/stacks/.*?/versions/.*";
private static final String API_HOSTS_ALL_PATTERN = API_VERSION_PREFIX +
"/hosts.*";
private static final String API_ALERT_TARGETS_ALL_PATTERN =
API_VERSION_PREFIX + "/alert_targets.*";
@@ -310,6 +311,7 @@ public class AmbariAuthorizationFilter implements Filter {
requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_CONFIGURATIONS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN) ||
+requestURI.matches(API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN) ||
requestURI.matches(API_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_ALERT_TARGETS_ALL_PATTERN) ||
requestURI.matches(API_PRIVILEGES_ALL_PATTERN) ||
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/test/java/org/apache/ambari/serv
ambari git commit: AMBARI-17029. Cluster operator and ServiceAdministrator not allowed to create config group (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 12d7e9ec9 -> 82c3cfbf8
AMBARI-17029. Cluster operator and ServiceAdministrator not allowed to create
config group (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/82c3cfbf
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/82c3cfbf
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/82c3cfbf
Branch: refs/heads/branch-2.4
Commit: 82c3cfbf882e0e55f7e706351f134d5bfe2b7d10
Parents: 12d7e9e
Author: Robert Levas
Authored: Sat Jun 4 06:44:56 2016 -0400
Committer: Robert Levas
Committed: Sat Jun 4 06:44:56 2016 -0400
--
...usterKerberosDescriptorResourceProvider.java | 5 +-
.../AmbariAuthorizationFilter.java | 2 +
...rKerberosDescriptorResourceProviderTest.java | 53 +-
.../ConfigGroupResourceProviderTest.java| 184 +--
.../security/TestAuthenticationFactory.java | 2 +
.../AmbariAuthorizationFilterTest.java | 20 ++
6 files changed, 250 insertions(+), 16 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/82c3cfbf/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
index 6fe29db..1f5d1d8 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
@@ -77,7 +77,10 @@ public class ClusterKerberosDescriptorResourceProvider
extends ReadOnlyResourceP
private static final Set PROPERTY_IDS;
private static final Map KEY_PROPERTY_IDS;
- private static final Set REQUIRED_GET_AUTHORIZATIONS =
EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS);
+ private static final Set REQUIRED_GET_AUTHORIZATIONS =
EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS,
+ RoleAuthorization.CLUSTER_VIEW_CONFIGS,
+ RoleAuthorization.HOST_VIEW_CONFIGS,
+ RoleAuthorization.SERVICE_VIEW_CONFIGS);
static {
Set set;
http://git-wip-us.apache.org/repos/asf/ambari/blob/82c3cfbf/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 2b9f304..922a215 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -80,6 +80,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_CLUSTER_HOSTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/hosts.*";
private static final String API_CLUSTER_CONFIGURATIONS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/configurations.*";
private static final String API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/host_components.*";
+ private static final String API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN =
API_VERSION_PREFIX + "/clusters/.*?/config_groups.*";
private static final String API_STACK_VERSIONS_PATTERN = API_VERSION_PREFIX
+ "/stacks/.*?/versions/.*";
private static final String API_HOSTS_ALL_PATTERN = API_VERSION_PREFIX +
"/hosts.*";
private static final String API_ALERT_TARGETS_ALL_PATTERN =
API_VERSION_PREFIX + "/alert_targets.*";
@@ -310,6 +311,7 @@ public class AmbariAuthorizationFilter implements Filter {
requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_CONFIGURATIONS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN) ||
+requestURI.matches(API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN) ||
requestURI.matches(API_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_ALERT_TARGETS_ALL_PATTERN) ||
requestURI.matches(API_PRIVILEGES_ALL_PATTERN) ||
http://git-wip-us.apache.org/repos/asf/ambari/blob/82c3cfbf/ambari-server/src/test/java/org/apache/ambari/serv
ambari git commit: AMBARI-17043. Fix description of SERVICE.ADD_DELETE_SERVICES permission (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 9e15b2b65 -> c85d0d15e
AMBARI-17043. Fix description of SERVICE.ADD_DELETE_SERVICES permission (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c85d0d15
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c85d0d15
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c85d0d15
Branch: refs/heads/trunk
Commit: c85d0d15e5c015a069c888c25583e7bfe767acd8
Parents: 9e15b2b
Author: Robert Levas
Authored: Tue Jun 7 15:07:59 2016 -0400
Committer: Robert Levas
Committed: Tue Jun 7 15:08:03 2016 -0400
--
.../org/apache/ambari/server/upgrade/UpgradeCatalog230.java | 2 +-
.../org/apache/ambari/server/upgrade/UpgradeCatalog240.java | 7 +--
ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql | 2 +-
ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql | 2 +-
ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql | 2 +-
.../src/main/resources/Ambari-DDL-Postgres-CREATE.sql | 2 +-
.../main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql| 2 +-
.../src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 2 +-
.../src/main/resources/Ambari-DDL-SQLServer-CREATE.sql| 2 +-
.../apache/ambari/server/upgrade/UpgradeCatalog240Test.java | 4 +++-
10 files changed, 16 insertions(+), 11 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/c85d0d15/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
index be9c2e2..ec3d765 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
@@ -194,7 +194,7 @@ public class UpgradeCatalog230 extends
AbstractUpgradeCatalog {
createRoleAuthorization(roleAuthorizationDAO, "SERVICE.MOVE", "Move to
another host");
createRoleAuthorization(roleAuthorizationDAO, "SERVICE.ENABLE_HA", "Enable
HA");
createRoleAuthorization(roleAuthorizationDAO, "SERVICE.TOGGLE_ALERTS",
"Enable/disable service-level alerts");
-createRoleAuthorization(roleAuthorizationDAO,
"SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster");
+createRoleAuthorization(roleAuthorizationDAO,
"SERVICE.ADD_DELETE_SERVICES", "Add/delete services");
createRoleAuthorization(roleAuthorizationDAO, "HOST.VIEW_METRICS", "View
metrics");
createRoleAuthorization(roleAuthorizationDAO, "HOST.VIEW_STATUS_INFO",
"View status information");
http://git-wip-us.apache.org/repos/asf/ambari/blob/c85d0d15/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
index 01322b2..11a6a87 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
@@ -27,7 +27,6 @@ import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@@ -372,6 +371,7 @@ public class UpgradeCatalog240 extends
AbstractUpgradeCatalog {
updateHDFSWidgetDefinition();
updateTezViewProperty();
upgradeCapSchedulerView();
+fixAuthorizationDescriptions();
}
protected void updateClusterInheritedPermissionsConfig() throws SQLException
{
@@ -2426,5 +2426,8 @@ public class UpgradeCatalog240 extends
AbstractUpgradeCatalog {
}
}
-
+ void fixAuthorizationDescriptions() throws SQLException {
+// Change the description of the SERVICE.ADD_DELETE_SERVICES authorization
to "Add/delete services"
+dbAccessor.executeUpdate("UPDATE roleauthorization SET
authorization_name='Add/delete services' WHERE
authorization_id='SERVICE.ADD_DELETE_SERVICES'");
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c85d0d15/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
--
diff --git a/ambari-server/src/main/resources/Ambar
ambari git commit: AMBARI-17043. Fix description of SERVICE.ADD_DELETE_SERVICES permission (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 88c8d46cb -> 8ae8d0bec
AMBARI-17043. Fix description of SERVICE.ADD_DELETE_SERVICES permission (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8ae8d0be
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8ae8d0be
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8ae8d0be
Branch: refs/heads/branch-2.4
Commit: 8ae8d0bece67ed34fbf898cb9182d20cb3755ad8
Parents: 88c8d46
Author: Robert Levas
Authored: Tue Jun 7 15:08:49 2016 -0400
Committer: Robert Levas
Committed: Tue Jun 7 15:08:49 2016 -0400
--
.../org/apache/ambari/server/upgrade/UpgradeCatalog230.java | 2 +-
.../org/apache/ambari/server/upgrade/UpgradeCatalog240.java | 7 +--
ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql | 2 +-
ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql | 2 +-
ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql | 2 +-
.../src/main/resources/Ambari-DDL-Postgres-CREATE.sql | 2 +-
.../main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql| 2 +-
.../src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 2 +-
.../src/main/resources/Ambari-DDL-SQLServer-CREATE.sql| 2 +-
.../apache/ambari/server/upgrade/UpgradeCatalog240Test.java | 4 +++-
10 files changed, 16 insertions(+), 11 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae8d0be/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
index be9c2e2..ec3d765 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
@@ -194,7 +194,7 @@ public class UpgradeCatalog230 extends
AbstractUpgradeCatalog {
createRoleAuthorization(roleAuthorizationDAO, "SERVICE.MOVE", "Move to
another host");
createRoleAuthorization(roleAuthorizationDAO, "SERVICE.ENABLE_HA", "Enable
HA");
createRoleAuthorization(roleAuthorizationDAO, "SERVICE.TOGGLE_ALERTS",
"Enable/disable service-level alerts");
-createRoleAuthorization(roleAuthorizationDAO,
"SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster");
+createRoleAuthorization(roleAuthorizationDAO,
"SERVICE.ADD_DELETE_SERVICES", "Add/delete services");
createRoleAuthorization(roleAuthorizationDAO, "HOST.VIEW_METRICS", "View
metrics");
createRoleAuthorization(roleAuthorizationDAO, "HOST.VIEW_STATUS_INFO",
"View status information");
http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae8d0be/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
index 1653c95..b0f4974 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
@@ -27,7 +27,6 @@ import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@@ -372,6 +371,7 @@ public class UpgradeCatalog240 extends
AbstractUpgradeCatalog {
updateHDFSWidgetDefinition();
updateTezViewProperty();
upgradeCapSchedulerView();
+fixAuthorizationDescriptions();
}
protected void updateClusterInheritedPermissionsConfig() throws SQLException
{
@@ -2419,5 +2419,8 @@ public class UpgradeCatalog240 extends
AbstractUpgradeCatalog {
}
}
-
+ void fixAuthorizationDescriptions() throws SQLException {
+// Change the description of the SERVICE.ADD_DELETE_SERVICES authorization
to "Add/delete services"
+dbAccessor.executeUpdate("UPDATE roleauthorization SET
authorization_name='Add/delete services' WHERE
authorization_id='SERVICE.ADD_DELETE_SERVICES'");
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae8d0be/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
--
diff --git a/ambari-server/src/main/reso
ambari git commit: AMBARI-16247. Authorizations given to role-based principals must be dereferenced upon user login (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 671f3bde8 -> 8c1564e08
AMBARI-16247. Authorizations given to role-based principals must be
dereferenced upon user login (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8c1564e0
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8c1564e0
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8c1564e0
Branch: refs/heads/trunk
Commit: 8c1564e083169196cf53b8c1a570bcf3c5f65e68
Parents: 671f3bd
Author: Robert Levas
Authored: Wed Jun 8 11:52:01 2016 -0400
Committer: Robert Levas
Committed: Wed Jun 8 11:52:01 2016 -0400
--
.../server/security/authorization/Users.java| 46 +-
.../security/authorization/UsersTest.java | 145 +++
2 files changed, 188 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/8c1564e0/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index 545095d..f1abb90 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@ -44,7 +44,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
@@ -447,7 +446,7 @@ public class Users {
/**
* Grants AMBARI.ADMINISTRATOR privilege to provided user.
*
- * @param user user
+ * @param userId user id
*/
public synchronized void grantAdminPrivilege(Integer userId) {
final UserEntity user = userDAO.findByPK(userId);
@@ -466,7 +465,7 @@ public class Users {
/**
* Revokes AMBARI.ADMINISTRATOR privilege from provided user.
*
- * @param user user
+ * @param userId user id
*/
public synchronized void revokeAdminPrivilege(Integer userId) {
final UserEntity user = userDAO.findByPK(userId);
@@ -711,6 +710,23 @@ public class Users {
entityManagerProvider.get().getEntityManagerFactory().getCache().evictAll();
}
+ /**
+ * Gets the explicit and implicit authorities for the given user.
+ *
+ * The explicit authorities are the authorities that have be explicitly set
by assigning roles to
+ * a user. For example the Cluster Operator role on a given cluster gives
that the ability to
+ * start and stop services in that cluster, among other privileges for that
particular cluster.
+ *
+ * The implicit authorities are the authorities that have been given to the
roles themselves which
+ * in turn are granted to the users that have been assigned those roles. For
example if the
+ * Cluster User role for a given cluster has been given View User access on
a specified File View
+ * instance, then all users who have the Cluster User role for that cluster
will implicitly be
+ * granted View User access on that File View instance.
+ *
+ * @param userName the username for the relevant user
+ * @param userType the user type for the relevant user
+ * @return the users collection of implicit and explicit granted authorities
+ */
public Collection getUserAuthorities(String
userName, UserType userType) {
UserEntity userEntity = userDAO.findUserByNameAndType(userName, userType);
if (userEntity == null) {
@@ -730,12 +746,36 @@ public class Users {
List privilegeEntities =
privilegeDAO.findAllByPrincipal(principalEntities);
+// A list of principals representing roles/permissions. This collection of
roles will be used to
+// find additional authorizations inherited by the authenticated user
based on the assigned roles.
+// For example a File View instance may be set to be accessible to all
authenticated user with
+// the Cluster User role.
+List rolePrincipals = new ArrayList();
+
Set authorities = new
HashSet<>(privilegeEntities.size());
for (PrivilegeEntity privilegeEntity : privilegeEntities) {
+ // Add the principal representing the role associated with this
PrivilegeEntity to the collection
+ // of roles for the authenticated user.
+ PrincipalEntity rolePrincipal =
privilegeEntity.getP
ambari git commit: AMBARI-16247. Authorizations given to role-based principals must be dereferenced upon user login (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 065c2a8cf -> 6ffa3f8fa
AMBARI-16247. Authorizations given to role-based principals must be
dereferenced upon user login (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6ffa3f8f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6ffa3f8f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6ffa3f8f
Branch: refs/heads/branch-2.4
Commit: 6ffa3f8fa86b258e09cf83c91b7dbe650c3ea41e
Parents: 065c2a8
Author: Robert Levas
Authored: Wed Jun 8 11:53:04 2016 -0400
Committer: Robert Levas
Committed: Wed Jun 8 11:53:04 2016 -0400
--
.../server/security/authorization/Users.java| 46 +-
.../security/authorization/UsersTest.java | 145 +++
2 files changed, 188 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/6ffa3f8f/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index 545095d..f1abb90 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@ -44,7 +44,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
@@ -447,7 +446,7 @@ public class Users {
/**
* Grants AMBARI.ADMINISTRATOR privilege to provided user.
*
- * @param user user
+ * @param userId user id
*/
public synchronized void grantAdminPrivilege(Integer userId) {
final UserEntity user = userDAO.findByPK(userId);
@@ -466,7 +465,7 @@ public class Users {
/**
* Revokes AMBARI.ADMINISTRATOR privilege from provided user.
*
- * @param user user
+ * @param userId user id
*/
public synchronized void revokeAdminPrivilege(Integer userId) {
final UserEntity user = userDAO.findByPK(userId);
@@ -711,6 +710,23 @@ public class Users {
entityManagerProvider.get().getEntityManagerFactory().getCache().evictAll();
}
+ /**
+ * Gets the explicit and implicit authorities for the given user.
+ *
+ * The explicit authorities are the authorities that have be explicitly set
by assigning roles to
+ * a user. For example the Cluster Operator role on a given cluster gives
that the ability to
+ * start and stop services in that cluster, among other privileges for that
particular cluster.
+ *
+ * The implicit authorities are the authorities that have been given to the
roles themselves which
+ * in turn are granted to the users that have been assigned those roles. For
example if the
+ * Cluster User role for a given cluster has been given View User access on
a specified File View
+ * instance, then all users who have the Cluster User role for that cluster
will implicitly be
+ * granted View User access on that File View instance.
+ *
+ * @param userName the username for the relevant user
+ * @param userType the user type for the relevant user
+ * @return the users collection of implicit and explicit granted authorities
+ */
public Collection getUserAuthorities(String
userName, UserType userType) {
UserEntity userEntity = userDAO.findUserByNameAndType(userName, userType);
if (userEntity == null) {
@@ -730,12 +746,36 @@ public class Users {
List privilegeEntities =
privilegeDAO.findAllByPrincipal(principalEntities);
+// A list of principals representing roles/permissions. This collection of
roles will be used to
+// find additional authorizations inherited by the authenticated user
based on the assigned roles.
+// For example a File View instance may be set to be accessible to all
authenticated user with
+// the Cluster User role.
+List rolePrincipals = new ArrayList();
+
Set authorities = new
HashSet<>(privilegeEntities.size());
for (PrivilegeEntity privilegeEntity : privilegeEntities) {
+ // Add the principal representing the role associated with this
PrivilegeEntity to the collection
+ // of roles for the authenticated user.
+ PrincipalEntity role
ambari git commit: AMBARI-1717. Add SERVICE.VIEW_OPERATIONAL_LOGS authorization to SERVICE.ADMINISTRATOR role and above (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 962976585 -> a44ca7735
AMBARI-1717. Add SERVICE.VIEW_OPERATIONAL_LOGS authorization to
SERVICE.ADMINISTRATOR role and above (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a44ca773
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a44ca773
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a44ca773
Branch: refs/heads/trunk
Commit: a44ca77356c19f37ceac27ae119cc1719973bdd3
Parents: 9629765
Author: Robert Levas
Authored: Tue Jun 14 08:23:28 2016 -0400
Committer: Robert Levas
Committed: Tue Jun 14 08:23:33 2016 -0400
--
.../admin-web/app/scripts/services/Cluster.js | 1 +
.../server/orm/dao/RoleAuthorizationDAO.java| 10 ++
.../authorization/RoleAuthorization.java| 1 +
.../server/upgrade/AbstractUpgradeCatalog.java | 102 ++
.../server/upgrade/UpgradeCatalog230.java | 107 ---
.../server/upgrade/UpgradeCatalog240.java | 84 +--
.../main/resources/Ambari-DDL-Derby-CREATE.sql | 5 +
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 5 +
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 5 +
.../resources/Ambari-DDL-Postgres-CREATE.sql| 5 +
.../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 5 +
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 5 +
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 5 +
.../server/upgrade/UpgradeCatalog230Test.java | 30 +-
.../server/upgrade/UpgradeCatalog240Test.java | 3 +
15 files changed, 251 insertions(+), 122 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
--
diff --git
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
index 33ed7ed..3160cd0 100644
---
a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
+++
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js
@@ -48,6 +48,7 @@ angular.module('ambariAdminConsole')
"SERVICE.MANAGE_ALERTS",
"SERVICE.TOGGLE_ALERTS",
"SERVICE.ADD_DELETE_SERVICES",
+ "SERVICE.VIEW_OPERATIONAL_LOGS",
"HOST.VIEW_CONFIGS",
"HOST.VIEW_METRICS",
"HOST.VIEW_STATUS_INFO",
http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
index aa74224..f25fc6c 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
@@ -55,6 +55,16 @@ public class RoleAuthorizationDAO {
}
/**
+ * Create or updates a role authorization.
+ *
+ * @param roleAuthorizationEntity entity to create or update
+ */
+ @Transactional
+ public RoleAuthorizationEntity merge(RoleAuthorizationEntity
roleAuthorizationEntity) {
+return entityManagerProvider.get().merge(roleAuthorizationEntity);
+ }
+
+ /**
* Find a authorization entity with the given id.
*
* @param id type id
http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
index ee948fe..e22c21f 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
@@ -59,6 +59,7 @@ public enum RoleAuthorization {
HOST_VIEW_METRICS("HOST.VIEW_METRICS"),
HOST_VIEW_STATUS_INFO("HOST.VIEW_STATUS_INFO"),
SERVICE_ADD_DELETE_SERVICES("SERVICE.ADD_DELETE_SERVICES"),
+ SERVICE_VIEW_OPERATIONAL_LOGS("SERVICE.VIEW_OPERATIONAL_LOGS"),
SERVICE_COMPARE_CONFIGS("SERVICE.COMPARE_CONFIGS"),
SERVICE_DECOMMISSION_RECOMMISSION("SERVICE.DECOMMISSION_RECOMMISSION"),
SER
ambari git commit: AMBARI-17177. Add SERVICE.VIEW_OPERATIONAL_LOGS authorization to SERVICE.ADMINISTRATOR role and above (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 e67d6b2fe -> 1b5b54688
AMBARI-17177. Add SERVICE.VIEW_OPERATIONAL_LOGS authorization to
SERVICE.ADMINISTRATOR role and above (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/1b5b5468
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/1b5b5468
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/1b5b5468
Branch: refs/heads/branch-2.4
Commit: 1b5b546880edbc701673fa0e4e4aac5428b5001e
Parents: e67d6b2
Author: Robert Levas
Authored: Tue Jun 14 10:25:13 2016 -0400
Committer: Robert Levas
Committed: Tue Jun 14 10:25:13 2016 -0400
--
.../server/orm/dao/RoleAuthorizationDAO.java| 10 ++
.../authorization/RoleAuthorization.java| 1 +
.../server/upgrade/AbstractUpgradeCatalog.java | 102 ++
.../server/upgrade/UpgradeCatalog230.java | 107 ---
.../server/upgrade/UpgradeCatalog240.java | 84 +--
.../main/resources/Ambari-DDL-Derby-CREATE.sql | 5 +
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 5 +
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 5 +
.../resources/Ambari-DDL-Postgres-CREATE.sql| 5 +
.../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 5 +
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 5 +
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 5 +
.../server/upgrade/UpgradeCatalog230Test.java | 30 +-
.../server/upgrade/UpgradeCatalog240Test.java | 3 +
14 files changed, 250 insertions(+), 122 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/1b5b5468/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
index aa74224..f25fc6c 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
@@ -55,6 +55,16 @@ public class RoleAuthorizationDAO {
}
/**
+ * Create or updates a role authorization.
+ *
+ * @param roleAuthorizationEntity entity to create or update
+ */
+ @Transactional
+ public RoleAuthorizationEntity merge(RoleAuthorizationEntity
roleAuthorizationEntity) {
+return entityManagerProvider.get().merge(roleAuthorizationEntity);
+ }
+
+ /**
* Find a authorization entity with the given id.
*
* @param id type id
http://git-wip-us.apache.org/repos/asf/ambari/blob/1b5b5468/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
index ee948fe..e22c21f 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
@@ -59,6 +59,7 @@ public enum RoleAuthorization {
HOST_VIEW_METRICS("HOST.VIEW_METRICS"),
HOST_VIEW_STATUS_INFO("HOST.VIEW_STATUS_INFO"),
SERVICE_ADD_DELETE_SERVICES("SERVICE.ADD_DELETE_SERVICES"),
+ SERVICE_VIEW_OPERATIONAL_LOGS("SERVICE.VIEW_OPERATIONAL_LOGS"),
SERVICE_COMPARE_CONFIGS("SERVICE.COMPARE_CONFIGS"),
SERVICE_DECOMMISSION_RECOMMISSION("SERVICE.DECOMMISSION_RECOMMISSION"),
SERVICE_ENABLE_HA("SERVICE.ENABLE_HA"),
http://git-wip-us.apache.org/repos/asf/ambari/blob/1b5b5468/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
index 6fe3083..04871fd 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
@@ -25,6 +25,7 @@ import java.io.StringReader;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
+import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
@@ -44,9 +45,14 @@ import org.apache.ambari.server.or
ambari git commit: AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk cfc161299 -> 380763275
AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via
rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/38076327
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/38076327
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/38076327
Branch: refs/heads/trunk
Commit: 38076327525986b780942f33eff01d2de4a70ce2
Parents: cfc1612
Author: Shi Wang
Authored: Mon Nov 21 14:03:32 2016 -0500
Committer: Robert Levas
Committed: Mon Nov 21 14:03:48 2016 -0500
--
.../common-services/HDFS/2.1.0.2.0/kerberos.json | 2 +-
.../HIVE/0.12.0.2.0/package/scripts/webhcat.py| 10 --
.../resources/stacks/HDP/2.5/services/HDFS/kerberos.json | 2 +-
3 files changed, 2 insertions(+), 12 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/38076327/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index e8c96cb..f30c9e4 100644
---
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -56,7 +56,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": "r"
+ "access": ""
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/38076327/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
--
diff --git
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
index a7feb60..00b057c 100644
---
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
+++
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
@@ -70,16 +70,6 @@ def webhcat():
group=params.user_group,
cd_access="a")
- if params.security_enabled:
-kinit_if_needed = format("{kinit_path_local} -kt {hdfs_user_keytab}
{hdfs_principal_name};")
- else:
-kinit_if_needed = ""
-
- if kinit_if_needed:
-Execute(kinit_if_needed,
-user=params.webhcat_user,
-path='/bin'
-)
# Replace _HOST with hostname in relevant principal-related properties
webhcat_site = params.config['configurations']['webhcat-site'].copy()
http://git-wip-us.apache.org/repos/asf/ambari/blob/38076327/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
index 974a69c..9000e95 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
+++
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
@@ -66,7 +66,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": "r"
+ "access": ""
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
ambari git commit: AMBARI-18938. NPE when authenticating via a Centrify LDAP proxy (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 487153312 -> e73e783a8
AMBARI-18938. NPE when authenticating via a Centrify LDAP proxy (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e73e783a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e73e783a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e73e783a
Branch: refs/heads/trunk
Commit: e73e783a8b5377b809a829c362900d3cad15d69f
Parents: 4871533
Author: Robert Levas
Authored: Tue Nov 22 15:28:12 2016 -0500
Committer: Robert Levas
Committed: Tue Nov 22 15:28:12 2016 -0500
--
.../AmbariLdapAuthenticationProvider.java | 23 +-
.../AmbariLdapBindAuthenticator.java| 233 ---
.../AmbariLdapBindAuthenticatorTest.java| 226 +++---
3 files changed, 354 insertions(+), 128 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/e73e783a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
index 6905757..b5776a3 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -24,7 +24,6 @@ import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
-import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
@@ -72,17 +71,21 @@ public class AmbariLdapAuthenticationProvider implements
AuthenticationProvider
return new AmbariAuthentication(auth, userId);
} catch (AuthenticationException e) {
-LOG.debug("Got exception during LDAP authentification attempt", e);
+LOG.debug("Got exception during LDAP authentication attempt", e);
// Try to help in troubleshooting
Throwable cause = e.getCause();
-if (cause != null) {
- // Below we check the cause of an AuthenticationException . If it is
- // caused by another AuthenticationException, than probably
- // the problem is with LDAP ManagerDN/password
- if ((cause != e) && (cause instanceof
- org.springframework.ldap.AuthenticationException)) {
+if ((cause != null) && (cause != e)) {
+ // Below we check the cause of an AuthenticationException to see
what the actual cause is
+ // and then send an appropriate message to the caller.
+ if (cause instanceof
org.springframework.ldap.CommunicationException) {
+if (LOG.isDebugEnabled()) {
+ LOG.warn("Failed to communicate with the LDAP server: " +
cause.getMessage(), e);
+} else {
+ LOG.warn("Failed to communicate with the LDAP server: " +
cause.getMessage());
+}
+ } else if (cause instanceof
org.springframework.ldap.AuthenticationException) {
LOG.warn("Looks like LDAP manager credentials (that are used for "
+
-"connecting to LDAP server) are invalid.", e);
+"connecting to LDAP server) are invalid.", e);
}
}
throw new InvalidUsernamePasswordCombinationException(e);
http://git-wip-us.apache.org/repos/asf/ambari/blob/e73e783a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
index b34ef6a..b4ef889 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/au
ambari git commit: AMBARI-18938. NPE when authenticating via a Centrify LDAP proxy (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 38834dd5d -> 809d4c4f0
AMBARI-18938. NPE when authenticating via a Centrify LDAP proxy (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/809d4c4f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/809d4c4f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/809d4c4f
Branch: refs/heads/branch-2.5
Commit: 809d4c4f0a1de4100f2d33ef6a0df2d366b6ae2e
Parents: 38834dd
Author: Robert Levas
Authored: Tue Nov 22 15:57:34 2016 -0500
Committer: Robert Levas
Committed: Tue Nov 22 15:57:34 2016 -0500
--
.../AmbariLdapAuthenticationProvider.java | 23 +-
.../AmbariLdapBindAuthenticator.java| 233 ---
.../AmbariLdapBindAuthenticatorTest.java| 226 +++---
3 files changed, 354 insertions(+), 128 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/809d4c4f/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
index 6905757..b5776a3 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProvider.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -24,7 +24,6 @@ import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
-import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
@@ -72,17 +71,21 @@ public class AmbariLdapAuthenticationProvider implements
AuthenticationProvider
return new AmbariAuthentication(auth, userId);
} catch (AuthenticationException e) {
-LOG.debug("Got exception during LDAP authentification attempt", e);
+LOG.debug("Got exception during LDAP authentication attempt", e);
// Try to help in troubleshooting
Throwable cause = e.getCause();
-if (cause != null) {
- // Below we check the cause of an AuthenticationException . If it is
- // caused by another AuthenticationException, than probably
- // the problem is with LDAP ManagerDN/password
- if ((cause != e) && (cause instanceof
- org.springframework.ldap.AuthenticationException)) {
+if ((cause != null) && (cause != e)) {
+ // Below we check the cause of an AuthenticationException to see
what the actual cause is
+ // and then send an appropriate message to the caller.
+ if (cause instanceof
org.springframework.ldap.CommunicationException) {
+if (LOG.isDebugEnabled()) {
+ LOG.warn("Failed to communicate with the LDAP server: " +
cause.getMessage(), e);
+} else {
+ LOG.warn("Failed to communicate with the LDAP server: " +
cause.getMessage());
+}
+ } else if (cause instanceof
org.springframework.ldap.AuthenticationException) {
LOG.warn("Looks like LDAP manager credentials (that are used for "
+
-"connecting to LDAP server) are invalid.", e);
+"connecting to LDAP server) are invalid.", e);
}
}
throw new InvalidUsernamePasswordCombinationException(e);
http://git-wip-us.apache.org/repos/asf/ambari/blob/809d4c4f/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
index b34ef6a..b4ef889 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
+++
b/ambari-server/src/main/java/org/
ambari git commit: Revert "AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)"
Repository: ambari
Updated Branches:
refs/heads/trunk 29db2273e -> 4551c9f9c
Revert "AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang
via rlevas)"
This reverts commit 38076327525986b780942f33eff01d2de4a70ce2.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4551c9f9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4551c9f9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4551c9f9
Branch: refs/heads/trunk
Commit: 4551c9f9cbc3e1723a331b038dfee954098f3b44
Parents: 29db227
Author: Robert Levas
Authored: Wed Nov 23 09:32:37 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 23 09:32:37 2016 -0500
--
.../common-services/HDFS/2.1.0.2.0/kerberos.json | 2 +-
.../HIVE/0.12.0.2.0/package/scripts/webhcat.py| 10 ++
.../resources/stacks/HDP/2.5/services/HDFS/kerberos.json | 2 +-
3 files changed, 12 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index f30c9e4..e8c96cb 100644
---
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -56,7 +56,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": ""
+ "access": "r"
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
--
diff --git
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
index 00b057c..a7feb60 100644
---
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
+++
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
@@ -70,6 +70,16 @@ def webhcat():
group=params.user_group,
cd_access="a")
+ if params.security_enabled:
+kinit_if_needed = format("{kinit_path_local} -kt {hdfs_user_keytab}
{hdfs_principal_name};")
+ else:
+kinit_if_needed = ""
+
+ if kinit_if_needed:
+Execute(kinit_if_needed,
+user=params.webhcat_user,
+path='/bin'
+)
# Replace _HOST with hostname in relevant principal-related properties
webhcat_site = params.config['configurations']['webhcat-site'].copy()
http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
index 9000e95..974a69c 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
+++
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
@@ -66,7 +66,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": ""
+ "access": "r"
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
ambari git commit: AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 255725dfc -> cad0130d9
AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via
rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/cad0130d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/cad0130d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/cad0130d
Branch: refs/heads/trunk
Commit: cad0130d9d4a64a6bda1992758c5c7c05e06b39e
Parents: 255725d
Author: Shi Wang
Authored: Mon Nov 28 12:39:05 2016 -0500
Committer: Robert Levas
Committed: Mon Nov 28 12:39:10 2016 -0500
--
.../common-services/HDFS/2.1.0.2.0/kerberos.json | 2 +-
.../HIVE/0.12.0.2.0/package/scripts/webhcat.py| 10 --
.../resources/stacks/HDP/2.5/services/HDFS/kerberos.json | 2 +-
.../test/python/stacks/2.0.6/HIVE/test_webhcat_server.py | 4
4 files changed, 2 insertions(+), 16 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index e8c96cb..f30c9e4 100644
---
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -56,7 +56,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": "r"
+ "access": ""
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
--
diff --git
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
index a7feb60..00b057c 100644
---
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
+++
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
@@ -70,16 +70,6 @@ def webhcat():
group=params.user_group,
cd_access="a")
- if params.security_enabled:
-kinit_if_needed = format("{kinit_path_local} -kt {hdfs_user_keytab}
{hdfs_principal_name};")
- else:
-kinit_if_needed = ""
-
- if kinit_if_needed:
-Execute(kinit_if_needed,
-user=params.webhcat_user,
-path='/bin'
-)
# Replace _HOST with hostname in relevant principal-related properties
webhcat_site = params.config['configurations']['webhcat-site'].copy()
http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
index 974a69c..9000e95 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
+++
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
@@ -66,7 +66,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": "r"
+ "access": ""
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/cad0130d/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
--
diff --git
a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
index 2b26dd8..8df6295 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
@@ -252,10 +252,6 @@ class TestWebHCatServer(RMFTestCase):
create_parents = True,
cd_access =
ambari git commit: AMBARI-18755. Deployment failing at creating principal [addendum] (rlevas)
Repository: ambari Updated Branches: refs/heads/trunk 32c9f5a83 -> 1e65ba694 AMBARI-18755. Deployment failing at creating principal [addendum] (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/1e65ba69 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/1e65ba69 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/1e65ba69 Branch: refs/heads/trunk Commit: 1e65ba6943a10d04c38f780f476eca3806e2d9f3 Parents: 32c9f5a Author: Robert Levas Authored: Wed Nov 30 19:16:53 2016 -0500 Committer: Robert Levas Committed: Wed Nov 30 19:16:53 2016 -0500 -- ambari-server/docs/configuration/index.md | 33 +++- .../server/configuration/Configuration.java | 7 + .../kerberos/MITKerberosOperationHandler.java | 22 + .../ambari/server/utils/ShellCommandUtil.java | 11 ++- .../MITKerberosOperationHandlerTest.java| 23 ++ .../server/utils/TestShellCommandUtil.java | 13 +--- 6 files changed, 89 insertions(+), 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/1e65ba69/ambari-server/docs/configuration/index.md -- diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md index 77d3a4d..6ff263c 100644 --- a/ambari-server/docs/configuration/index.md +++ b/ambari-server/docs/configuration/index.md @@ -49,15 +49,17 @@ The following are the properties which can be used to configure Ambari. | agent.stack.retry.tries | The number of times an Ambari Agent should retry package installation when it fails due to a repository error. This property is related to `agent.stack.retry.on_repo_unavailability`. |`5` | | agent.task.timeout | The time, in seconds, before agent commands are killed. This does not include package installation commands. |`900` | | agent.threadpool.size.max | The size of the Jetty connection pool used for handling incoming Ambari Agent requests. |`25` | +| alerts.ambari.snmp.dispatcher.udp.port | The UDP port to use when binding the Ambari SNMP dispatcher on Ambari Server startup. If no port is specified, then a random port will be used. | | | alerts.cache.enabled | Determines whether current alerts should be cached. Enabling this can increase performance on large cluster, but can also result in lost alert data if the cache is not flushed frequently. |`false` | | alerts.cache.flush.interval | The time, in minutes, after which cached alert information is flushed to the database This property is related to `alerts.cache.enabled`. |`10` | | alerts.cache.size | The size of the alert cache. This property is related to `alerts.cache.enabled`. |`5` | | alerts.execution.scheduler.maxThreads | The number of threads used to handle alerts received from the Ambari Agents. The value should be increased as the size of the cluster increases. |`2` | | alerts.snmp.dispatcher.udp.port | The UDP port to use when binding the SNMP dispatcher on Ambari Server startup. If no port is specified, then a random port will be used. | | -| alerts.ambari.snmp.dispatcher.udp.port | The UDP port to use when binding the SNMP dispatcher on Ambari Server startup. If no port is specified, then a random port will be used. | | -| alerts.template.file | The full path to the XML file that describes the different alert templates. | | +| alerts.template.file | The full path to the XML file that describes the different alert templates. | | | ambari.display.url | The URL to use when creating messages which should include the Ambari Server URL.The following are examples of valid values:`http://ambari.apache.org:8080` | | | ambari.ldap.isConfigured | An internal property used for unit testing and development purposes. |`false` | +| ambari.post.user.creation.hook | The location of the post user creation hook on the ambari server hosting machine. |`/var/lib/ambari-server/resources/scripts/post-user-creation-hook.sh` | +| ambari.post.user.creation.hook.enabled | Indicates whether the post user creation is enabled or not. By default is false. |`false` | | ambari.python.wrap | The name of the shell script used to wrap all invocations of Python by Ambari. |`ambari-python-wrap` | | anonymous.audit.name | The name of the user given to requests which are executed without any credentials. |`_anonymous` | | api.authenticated.user | The username of the default user assumed to be executing API calls. When set, authentication is not required in order to login to Ambari or use the REST APIs. | | @@ -105,6 +107,7 @@ The following are the properties which can be used to configure Ambari. | authentication.ldap.usernameAttribute | The attribute used for determining the user n
ambari git commit: AMBARI-18755. Deployment failing at creating principal [addendum] (rlevas)
Repository: ambari Updated Branches: refs/heads/branch-2.5 707f07f63 -> a5ce8230e AMBARI-18755. Deployment failing at creating principal [addendum] (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a5ce8230 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a5ce8230 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a5ce8230 Branch: refs/heads/branch-2.5 Commit: a5ce8230e59d515e6bcbe0db949ef6bfcd447c7a Parents: 707f07f Author: Robert Levas Authored: Wed Nov 30 19:57:28 2016 -0500 Committer: Robert Levas Committed: Wed Nov 30 19:57:28 2016 -0500 -- ambari-server/docs/configuration/index.md | 25 +--- .../server/configuration/Configuration.java | 7 ++ .../kerberos/MITKerberosOperationHandler.java | 22 - .../ambari/server/utils/ShellCommandUtil.java | 11 - .../MITKerberosOperationHandlerTest.java| 23 ++ .../server/utils/TestShellCommandUtil.java | 13 ++ 6 files changed, 81 insertions(+), 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/a5ce8230/ambari-server/docs/configuration/index.md -- diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md index 77d3a4d..34dafc2 100644 --- a/ambari-server/docs/configuration/index.md +++ b/ambari-server/docs/configuration/index.md @@ -49,15 +49,17 @@ The following are the properties which can be used to configure Ambari. | agent.stack.retry.tries | The number of times an Ambari Agent should retry package installation when it fails due to a repository error. This property is related to `agent.stack.retry.on_repo_unavailability`. |`5` | | agent.task.timeout | The time, in seconds, before agent commands are killed. This does not include package installation commands. |`900` | | agent.threadpool.size.max | The size of the Jetty connection pool used for handling incoming Ambari Agent requests. |`25` | +| alerts.ambari.snmp.dispatcher.udp.port | The UDP port to use when binding the Ambari SNMP dispatcher on Ambari Server startup. If no port is specified, then a random port will be used. | | | alerts.cache.enabled | Determines whether current alerts should be cached. Enabling this can increase performance on large cluster, but can also result in lost alert data if the cache is not flushed frequently. |`false` | | alerts.cache.flush.interval | The time, in minutes, after which cached alert information is flushed to the database This property is related to `alerts.cache.enabled`. |`10` | | alerts.cache.size | The size of the alert cache. This property is related to `alerts.cache.enabled`. |`5` | | alerts.execution.scheduler.maxThreads | The number of threads used to handle alerts received from the Ambari Agents. The value should be increased as the size of the cluster increases. |`2` | | alerts.snmp.dispatcher.udp.port | The UDP port to use when binding the SNMP dispatcher on Ambari Server startup. If no port is specified, then a random port will be used. | | -| alerts.ambari.snmp.dispatcher.udp.port | The UDP port to use when binding the SNMP dispatcher on Ambari Server startup. If no port is specified, then a random port will be used. | | -| alerts.template.file | The full path to the XML file that describes the different alert templates. | | +| alerts.template.file | The full path to the XML file that describes the different alert templates. | | | ambari.display.url | The URL to use when creating messages which should include the Ambari Server URL.The following are examples of valid values:`http://ambari.apache.org:8080` | | | ambari.ldap.isConfigured | An internal property used for unit testing and development purposes. |`false` | +| ambari.post.user.creation.hook | The location of the post user creation hook on the ambari server hosting machine. |`/var/lib/ambari-server/resources/scripts/post-user-creation-hook.sh` | +| ambari.post.user.creation.hook.enabled | Indicates whether the post user creation is enabled or not. By default is false. |`false` | | ambari.python.wrap | The name of the shell script used to wrap all invocations of Python by Ambari. |`ambari-python-wrap` | | anonymous.audit.name | The name of the user given to requests which are executed without any credentials. |`_anonymous` | | api.authenticated.user | The username of the default user assumed to be executing API calls. When set, authentication is not required in order to login to Ambari or use the REST APIs. | | @@ -105,6 +107,7 @@ The following are the properties which can be used to configure Ambari. | authentication.ldap.usernameAttribute | The attribute used
ambari git commit: AMBARI-19040. Fix NPE in UpgradeCatalog250Test.testExecuteDMLUpdates (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 1e65ba694 -> 7f04e79ab
AMBARI-19040. Fix NPE in UpgradeCatalog250Test.testExecuteDMLUpdates (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7f04e79a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7f04e79a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7f04e79a
Branch: refs/heads/trunk
Commit: 7f04e79ab33dc173eb174fd9fcc60bbb54d2c947
Parents: 1e65ba6
Author: Robert Levas
Authored: Wed Nov 30 20:38:34 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 30 20:38:34 2016 -0500
--
.../org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java | 5 +
1 file changed, 5 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/7f04e79a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 14fc20b..978e2dc 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -212,11 +212,13 @@ public class UpgradeCatalog250Test {
Method updateAmsConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateAMSConfigs");
Method addNewConfigurationsFromXml =
AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml");
Method updateKafkaConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateKafkaConfigs");
+Method updateHiveLlapConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateHiveLlapConfigs");
UpgradeCatalog250 upgradeCatalog250 =
createMockBuilder(UpgradeCatalog250.class)
.addMockedMethod(updateAmsConfigs)
.addMockedMethod(addNewConfigurationsFromXml)
.addMockedMethod(updateKafkaConfigs)
+.addMockedMethod(updateHiveLlapConfigs)
.createMock();
upgradeCatalog250.updateAMSConfigs();
@@ -228,6 +230,9 @@ public class UpgradeCatalog250Test {
upgradeCatalog250.updateKafkaConfigs();
expectLastCall().once();
+upgradeCatalog250.updateHiveLlapConfigs();
+expectLastCall().once();
+
replay(upgradeCatalog250);
upgradeCatalog250.executeDMLUpdates();
ambari git commit: AMBARI-19040. Fix NPE in UpgradeCatalog250Test.testExecuteDMLUpdates (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 a5ce8230e -> 7b53d0704
AMBARI-19040. Fix NPE in UpgradeCatalog250Test.testExecuteDMLUpdates (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7b53d070
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7b53d070
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7b53d070
Branch: refs/heads/branch-2.5
Commit: 7b53d07040fee054fa3592da69d9d7f68b3adfd9
Parents: a5ce823
Author: Robert Levas
Authored: Wed Nov 30 20:40:12 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 30 20:40:12 2016 -0500
--
.../org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java | 5 +
1 file changed, 5 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/7b53d070/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 4135919..ce0b387 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -211,11 +211,13 @@ public class UpgradeCatalog250Test {
public void testExecuteDMLUpdates() throws Exception {
Method updateAmsConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateAMSConfigs");
Method updateKafkaConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateKafkaConfigs");
+Method updateHiveLlapConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateHiveLlapConfigs");
Method addNewConfigurationsFromXml =
AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml");
UpgradeCatalog250 upgradeCatalog250 =
createMockBuilder(UpgradeCatalog250.class)
.addMockedMethod(updateAmsConfigs)
.addMockedMethod(updateKafkaConfigs)
+ .addMockedMethod(updateHiveLlapConfigs)
.addMockedMethod(addNewConfigurationsFromXml)
.createMock();
@@ -229,6 +231,9 @@ public class UpgradeCatalog250Test {
upgradeCatalog250.updateKafkaConfigs();
expectLastCall().once();
+upgradeCatalog250.updateHiveLlapConfigs();
+expectLastCall().once();
+
replay(upgradeCatalog250);
upgradeCatalog250.executeDMLUpdates();
ambari git commit: AMBARI-19086. LDAP sync creates groups with Local type (Attila Doroszla via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk b5122e258 -> a00c5
AMBARI-19086. LDAP sync creates groups with Local type (Attila Doroszla via
rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a00c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a00c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a00c
Branch: refs/heads/trunk
Commit: a00c54a8063c1728d2f3ba24db04504864da
Parents: b5122e2
Author: Attila Doroszlai
Authored: Mon Dec 5 16:42:14 2016 -0500
Committer: Robert Levas
Committed: Mon Dec 5 16:42:14 2016 -0500
--
.../apache/ambari/server/orm/entities/GroupEntity.java| 5 +++--
.../ambari/server/security/authorization/Users.java | 10 --
.../server/security/ldap/AmbariLdapDataPopulatorTest.java | 3 ++-
3 files changed, 9 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/a00c/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
index 58b2e5d..dc71b61 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
@@ -101,7 +101,7 @@ public class GroupEntity {
return ldapGroup == 0 ? Boolean.FALSE : Boolean.TRUE;
}
- public void setLdapGroup(Boolean ldapGroup) {
+ private void setLdapGroup(Boolean ldapGroup) {
if (ldapGroup == null) {
this.ldapGroup = null;
} else {
@@ -113,8 +113,9 @@ public class GroupEntity {
return groupType;
}
- public void setgroupType(GroupType groupType) {
+ public void setGroupType(GroupType groupType) {
this.groupType = groupType;
+setLdapGroup(groupType == GroupType.LDAP);
}
public Set getMemberEntities() {
http://git-wip-us.apache.org/repos/asf/ambari/blob/a00c/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index 2cd538c..e69bbc9 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@ -49,10 +49,8 @@ import
org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
-import org.apache.ambari.server.security.ClientSecurityType;
import org.apache.ambari.server.security.ldap.LdapBatchDto;
import org.apache.ambari.server.security.ldap.LdapUserGroupMemberDto;
import org.apache.commons.lang.StringUtils;
@@ -277,7 +275,7 @@ public class Users {
public synchronized void setGroupLdap(String groupName) throws
AmbariException {
GroupEntity groupEntity = groupDAO.findGroupByName(groupName);
if (groupEntity != null) {
- groupEntity.setLdapGroup(true);
+ groupEntity.setGroupType(GroupType.LDAP);
groupDAO.merge(groupEntity);
} else {
throw new AmbariException("Group " + groupName + " doesn't exist");
@@ -435,7 +433,7 @@ public class Users {
final GroupEntity groupEntity = new GroupEntity();
groupEntity.setGroupName(groupName);
groupEntity.setPrincipal(principalEntity);
-groupEntity.setgroupType(groupType);
+groupEntity.setGroupType(groupType);
groupDAO.create(groupEntity);
}
@@ -701,7 +699,7 @@ public class Users {
final Set groupsToBecomeLdap = new HashSet();
for (String groupName : batchInfo.getGroupsToBecomeLdap()) {
final GroupEntity groupEntity = groupDAO.findGroupByName(groupName);
- groupEntity.setLdapGroup(true);
+ groupEntity.setGroupType(GroupType.LDAP);
allGroups.put(groupEntity.getGroupName(), groupEntity);
groupsToBecomeLdap.add(groupEntity);
}
@@ -737,7 +735,7 @@ public class Users {
final GroupEntity groupEntity = new GroupEntity();
groupEntity.setGroupName(groupName);
groupEntity.
ambari git commit: AMBARI-19086. LDAP sync creates groups with Local type (Attila Doroszla via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 0693f552b -> 7492e65f7
AMBARI-19086. LDAP sync creates groups with Local type (Attila Doroszla via
rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7492e65f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7492e65f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7492e65f
Branch: refs/heads/branch-2.5
Commit: 7492e65f7374cd7b01e9b1f2dd0e5b21a1d10ff1
Parents: 0693f55
Author: Attila Doroszlai
Authored: Mon Dec 5 16:43:26 2016 -0500
Committer: Robert Levas
Committed: Mon Dec 5 16:43:26 2016 -0500
--
.../apache/ambari/server/orm/entities/GroupEntity.java| 5 +++--
.../ambari/server/security/authorization/Users.java | 10 --
.../server/security/ldap/AmbariLdapDataPopulatorTest.java | 3 ++-
3 files changed, 9 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/7492e65f/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
index 58b2e5d..dc71b61 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
@@ -101,7 +101,7 @@ public class GroupEntity {
return ldapGroup == 0 ? Boolean.FALSE : Boolean.TRUE;
}
- public void setLdapGroup(Boolean ldapGroup) {
+ private void setLdapGroup(Boolean ldapGroup) {
if (ldapGroup == null) {
this.ldapGroup = null;
} else {
@@ -113,8 +113,9 @@ public class GroupEntity {
return groupType;
}
- public void setgroupType(GroupType groupType) {
+ public void setGroupType(GroupType groupType) {
this.groupType = groupType;
+setLdapGroup(groupType == GroupType.LDAP);
}
public Set getMemberEntities() {
http://git-wip-us.apache.org/repos/asf/ambari/blob/7492e65f/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index 2f7bdd0..4b3237b 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@ -49,10 +49,8 @@ import
org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
-import org.apache.ambari.server.security.ClientSecurityType;
import org.apache.ambari.server.security.ldap.LdapBatchDto;
import org.apache.ambari.server.security.ldap.LdapUserGroupMemberDto;
import org.apache.commons.lang.StringUtils;
@@ -277,7 +275,7 @@ public class Users {
public synchronized void setGroupLdap(String groupName) throws
AmbariException {
GroupEntity groupEntity = groupDAO.findGroupByName(groupName);
if (groupEntity != null) {
- groupEntity.setLdapGroup(true);
+ groupEntity.setGroupType(GroupType.LDAP);
groupDAO.merge(groupEntity);
} else {
throw new AmbariException("Group " + groupName + " doesn't exist");
@@ -435,7 +433,7 @@ public class Users {
final GroupEntity groupEntity = new GroupEntity();
groupEntity.setGroupName(groupName);
groupEntity.setPrincipal(principalEntity);
-groupEntity.setgroupType(groupType);
+groupEntity.setGroupType(groupType);
groupDAO.create(groupEntity);
}
@@ -701,7 +699,7 @@ public class Users {
final Set groupsToBecomeLdap = new HashSet();
for (String groupName : batchInfo.getGroupsToBecomeLdap()) {
final GroupEntity groupEntity = groupDAO.findGroupByName(groupName);
- groupEntity.setLdapGroup(true);
+ groupEntity.setGroupType(GroupType.LDAP);
allGroups.put(groupEntity.getGroupName(), groupEntity);
groupsToBecomeLdap.add(groupEntity);
}
@@ -737,7 +735,7 @@ public class Users {
final GroupEntity groupEntity = new GroupEntity();
groupEntity.setGroupName(groupName);
groupEntity.
ambari git commit: AMBARI-18804. Manage Ambari principals should be set to off when upgrading Ambari from versions < 2.4.0 (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 6ebd84875 -> fb86a2b67
AMBARI-18804. Manage Ambari principals should be set to off when upgrading
Ambari from versions < 2.4.0 (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fb86a2b6
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fb86a2b6
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fb86a2b6
Branch: refs/heads/branch-2.5
Commit: fb86a2b67ce728054ea3f43f4f8a5ae65df36cc8
Parents: 6ebd848
Author: Robert Levas
Authored: Mon Nov 7 12:37:10 2016 -0500
Committer: Robert Levas
Committed: Mon Nov 7 12:37:10 2016 -0500
--
.../server/upgrade/UpgradeCatalog240.java | 20 +---
.../server/upgrade/UpgradeCatalog240Test.java | 6 ++
2 files changed, 15 insertions(+), 11 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/fb86a2b6/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
index dab20a0..b711c25 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
@@ -19,8 +19,6 @@
package org.apache.ambari.server.upgrade;
import com.google.common.collect.Lists;
-import com.google.common.reflect.TypeToken;
-import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
@@ -48,7 +46,6 @@ import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
-import org.apache.ambari.server.orm.dao.WidgetDAO;
import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
import org.apache.ambari.server.orm.entities.ArtifactEntity;
import org.apache.ambari.server.orm.entities.ClusterEntity;
@@ -64,7 +61,6 @@ import
org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.orm.entities.ViewEntityEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
-import org.apache.ambari.server.orm.entities.WidgetEntity;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.Users;
@@ -87,8 +83,6 @@ import
org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
-import org.apache.ambari.server.state.stack.WidgetLayout;
-import org.apache.ambari.server.state.stack.WidgetLayoutInfo;
import org.apache.ambari.server.view.DefaultMasker;
import org.apache.ambari.view.ClusterType;
import org.apache.ambari.view.MaskException;
@@ -100,9 +94,6 @@ import org.springframework.jdbc.support.JdbcUtils;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.persistence.TypedQuery;
-import java.io.File;
-import java.io.FileReader;
-import java.lang.reflect.Type;
import java.sql.Clob;
import java.sql.ResultSet;
import java.sql.SQLException;
@@ -2216,10 +2207,17 @@ public class UpgradeCatalog240 extends
AbstractUpgradeCatalog {
// Update the kerberos-env properties to change kdc_host to kdc_hosts
config = cluster.getDesiredConfigByType("kerberos-env");
if (config != null) {
+Map updates = new HashMap();
+Set removes = new HashSet();
+
// Rename kdc_host to kdc_hosts
String value = config.getProperties().get("kdc_host");
-Map updates = Collections.singletonMap("kdc_hosts",
value);
-Set removes = Collections.singleton("kdc_host");
+updates.put("kdc_hosts", value);
+removes.add("kdc_host");
+
+// Ensure create_ambari_principal is set to "false" since it is
expected that Ambari's
+// principal, keytab file, and JAAS file has already been manually
configured.
+updates.put("create_ambari_principal", "false");
updateConfigurationPropertiesForCluster(cluster, "kerberos-env",
updates, removes, true, false);
}
h
ambari git commit: AMBARI-18804. Manage Ambari principals should be set to off when upgrading Ambari from versions < 2.4.0 (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 d314e3478 -> 3a0d571be
AMBARI-18804. Manage Ambari principals should be set to off when upgrading
Ambari from versions < 2.4.0 (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3a0d571b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3a0d571b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3a0d571b
Branch: refs/heads/branch-2.4
Commit: 3a0d571befd05615130ef3a63ce72f176dba60e8
Parents: d314e34
Author: Robert Levas
Authored: Mon Nov 7 12:38:25 2016 -0500
Committer: Robert Levas
Committed: Mon Nov 7 12:38:25 2016 -0500
--
.../server/upgrade/UpgradeCatalog240.java | 20 +---
.../server/upgrade/UpgradeCatalog240Test.java | 6 ++
2 files changed, 15 insertions(+), 11 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/3a0d571b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
index dab20a0..b711c25 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
@@ -19,8 +19,6 @@
package org.apache.ambari.server.upgrade;
import com.google.common.collect.Lists;
-import com.google.common.reflect.TypeToken;
-import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
@@ -48,7 +46,6 @@ import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
-import org.apache.ambari.server.orm.dao.WidgetDAO;
import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
import org.apache.ambari.server.orm.entities.ArtifactEntity;
import org.apache.ambari.server.orm.entities.ClusterEntity;
@@ -64,7 +61,6 @@ import
org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.orm.entities.ViewEntityEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
-import org.apache.ambari.server.orm.entities.WidgetEntity;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.Users;
@@ -87,8 +83,6 @@ import
org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
-import org.apache.ambari.server.state.stack.WidgetLayout;
-import org.apache.ambari.server.state.stack.WidgetLayoutInfo;
import org.apache.ambari.server.view.DefaultMasker;
import org.apache.ambari.view.ClusterType;
import org.apache.ambari.view.MaskException;
@@ -100,9 +94,6 @@ import org.springframework.jdbc.support.JdbcUtils;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.persistence.TypedQuery;
-import java.io.File;
-import java.io.FileReader;
-import java.lang.reflect.Type;
import java.sql.Clob;
import java.sql.ResultSet;
import java.sql.SQLException;
@@ -2216,10 +2207,17 @@ public class UpgradeCatalog240 extends
AbstractUpgradeCatalog {
// Update the kerberos-env properties to change kdc_host to kdc_hosts
config = cluster.getDesiredConfigByType("kerberos-env");
if (config != null) {
+Map updates = new HashMap();
+Set removes = new HashSet();
+
// Rename kdc_host to kdc_hosts
String value = config.getProperties().get("kdc_host");
-Map updates = Collections.singletonMap("kdc_hosts",
value);
-Set removes = Collections.singleton("kdc_host");
+updates.put("kdc_hosts", value);
+removes.add("kdc_host");
+
+// Ensure create_ambari_principal is set to "false" since it is
expected that Ambari's
+// principal, keytab file, and JAAS file has already been manually
configured.
+updates.put("create_ambari_principal", "false");
updateConfigurationPropertiesForCluster(cluster, "kerberos-env",
updates, removes, true, false);
}
h
ambari git commit: AMBARI-18804. Manage Ambari principals should be set to off when upgrading Ambari from versions < 2.4.0 (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk d99df76a8 -> a17c3ed2f
AMBARI-18804. Manage Ambari principals should be set to off when upgrading
Ambari from versions < 2.4.0 (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a17c3ed2
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a17c3ed2
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a17c3ed2
Branch: refs/heads/trunk
Commit: a17c3ed2f285df3c974c6fc5002e5ad728e45a56
Parents: d99df76
Author: Robert Levas
Authored: Mon Nov 7 12:35:42 2016 -0500
Committer: Robert Levas
Committed: Mon Nov 7 12:35:42 2016 -0500
--
.../server/upgrade/UpgradeCatalog240.java | 20 +---
.../server/upgrade/UpgradeCatalog240Test.java | 6 ++
2 files changed, 15 insertions(+), 11 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/a17c3ed2/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
index 54afd8d..c113fff 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
@@ -19,8 +19,6 @@
package org.apache.ambari.server.upgrade;
import com.google.common.collect.Lists;
-import com.google.common.reflect.TypeToken;
-import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
@@ -48,7 +46,6 @@ import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
-import org.apache.ambari.server.orm.dao.WidgetDAO;
import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
import org.apache.ambari.server.orm.entities.ArtifactEntity;
import org.apache.ambari.server.orm.entities.ClusterEntity;
@@ -64,7 +61,6 @@ import
org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.orm.entities.ViewEntityEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
-import org.apache.ambari.server.orm.entities.WidgetEntity;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.Users;
@@ -87,8 +83,6 @@ import
org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
-import org.apache.ambari.server.state.stack.WidgetLayout;
-import org.apache.ambari.server.state.stack.WidgetLayoutInfo;
import org.apache.ambari.server.view.DefaultMasker;
import org.apache.ambari.view.ClusterType;
import org.apache.ambari.view.MaskException;
@@ -100,9 +94,6 @@ import org.springframework.jdbc.support.JdbcUtils;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.persistence.TypedQuery;
-import java.io.File;
-import java.io.FileReader;
-import java.lang.reflect.Type;
import java.sql.Clob;
import java.sql.ResultSet;
import java.sql.SQLException;
@@ -2256,10 +2247,17 @@ public class UpgradeCatalog240 extends
AbstractUpgradeCatalog {
// Update the kerberos-env properties to change kdc_host to kdc_hosts
config = cluster.getDesiredConfigByType("kerberos-env");
if (config != null) {
+Map updates = new HashMap();
+Set removes = new HashSet();
+
// Rename kdc_host to kdc_hosts
String value = config.getProperties().get("kdc_host");
-Map updates = Collections.singletonMap("kdc_hosts",
value);
-Set removes = Collections.singleton("kdc_host");
+updates.put("kdc_hosts", value);
+removes.add("kdc_host");
+
+// Ensure create_ambari_principal is set to "false" since it is
expected that Ambari's
+// principal, keytab file, and JAAS file has already been manually
configured.
+updates.put("create_ambari_principal", "false");
updateConfigurationPropertiesForCluster(cluster, "kerberos-env",
updates, removes, true, false);
}
http://gi
ambari git commit: AMBARI-18813. Optionally force username from LDAP authentication data to be lowercase in Ambari (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 99f695616 -> 3bf40d0d4
AMBARI-18813. Optionally force username from LDAP authentication data to be
lowercase in Ambari (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3bf40d0d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3bf40d0d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3bf40d0d
Branch: refs/heads/trunk
Commit: 3bf40d0d4693ece985cbe050c3027e9272998c7c
Parents: 99f6956
Author: Robert Levas
Authored: Wed Nov 9 15:00:16 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 9 15:00:16 2016 -0500
--
ambari-server/docs/configuration/index.md | 1 +
.../server/configuration/Configuration.java | 10
.../AmbariLdapBindAuthenticator.java| 15 +--
.../authorization/LdapServerProperties.java | 26
.../AmbariLdapBindAuthenticatorTest.java| 17 +++--
5 files changed, 65 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/3bf40d0d/ambari-server/docs/configuration/index.md
--
diff --git a/ambari-server/docs/configuration/index.md
b/ambari-server/docs/configuration/index.md
index ae6019c..9d793ff 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -99,6 +99,7 @@ The following are the properties which can be used to
configure Ambari.
| authentication.ldap.userBase | The filter used when searching for users in
LDAP. |`ou=people,dc=ambari,dc=apache,dc=org` |
| authentication.ldap.userObjectClass | The class to which user objects in
LDAP belong. |`person` |
| authentication.ldap.userSearchFilter | A filter used to lookup a user in
LDAP based on the Ambari user nameThe following are examples of valid
values:`(&({usernameAttribute}={0})(objectClass={userObjectClass}))`
|`(&({usernameAttribute}={0})(objectClass={userObjectClass}))` |
+| authentication.ldap.username.forceLowercase | Declares whether to force the
ldap user name to be lowercase or leave as-is. This is useful when local user
names are expected to be lowercase but the LDAP user names are not. |`false` |
| authentication.ldap.usernameAttribute | The attribute used for determining
the user name, such as `uid`. |`uid` |
| authorization.ldap.adminGroupMappingRules | A comma-separate list of groups
which would give a user administrative access to Ambari when syncing from LDAP.
This is only used when `authorization.ldap.groupSearchFilter` is
blank.The following are examples of valid
values:`administrators``Hadoop Admins,Hadoop Admins.*,DC
Admins,.*Hadoop Operators` |`Ambari Administrators` |
| authorization.ldap.groupSearchFilter | The DN to use when searching for LDAP
groups. | |
http://git-wip-us.apache.org/repos/asf/ambari/blob/3bf40d0d/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index f9557a5..83e8dac 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -965,6 +965,15 @@ public class Configuration {
"authentication.ldap.usernameAttribute", "uid");
/**
+ * Declares whether to force the ldap user name to be lowercase or leave
as-is. This is useful when
+ * local user names are expected to be lowercase but the LDAP user names are
not.
+ */
+ @Markdown(description = "Declares whether to force the ldap user name to be
lowercase or leave as-is." +
+ " This is useful when local user names are expected to be lowercase but
the LDAP user names are not.")
+ public static final ConfigurationProperty
LDAP_USERNAME_FORCE_LOWERCASE = new ConfigurationProperty<>(
+ "authentication.ldap.username.forceLowercase", "false");
+
+ /**
* The filter used when searching for users in LDAP.
*/
@Markdown(description = "The filter used when searching for users in LDAP.")
@@ -3742,6 +3751,7 @@ public class Configuration {
ldapServerProperties.setBaseDN(getProperty(LDAP_BASE_DN));
ldapServerProperties.setUsernameAttribute(getProperty(LDAP_USERNAME_ATTRIBUTE));
+
ldapServerProperties.setForceUsernameToLowercase(Boolean.parseBoolean(getProperty(LDAP_USERNAME_FORCE_LOWERCASE)));
ldapServerProperties.setUserBase(getProperty(LDAP_USER_B
ambari git commit: AMBARI-18813. Optionally force username from LDAP authentication data to be lowercase in Ambari (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 012ccc6f6 -> 25c6da026
AMBARI-18813. Optionally force username from LDAP authentication data to be
lowercase in Ambari (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/25c6da02
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/25c6da02
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/25c6da02
Branch: refs/heads/branch-2.5
Commit: 25c6da026696f62554afb9a83d4e0b4f5e14fca3
Parents: 012ccc6
Author: Robert Levas
Authored: Wed Nov 9 15:01:21 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 9 15:01:21 2016 -0500
--
ambari-server/docs/configuration/index.md | 1 +
.../server/configuration/Configuration.java | 10
.../AmbariLdapBindAuthenticator.java| 15 +--
.../authorization/LdapServerProperties.java | 26
.../AmbariLdapBindAuthenticatorTest.java| 17 +++--
5 files changed, 65 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/25c6da02/ambari-server/docs/configuration/index.md
--
diff --git a/ambari-server/docs/configuration/index.md
b/ambari-server/docs/configuration/index.md
index ae6019c..9d793ff 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -99,6 +99,7 @@ The following are the properties which can be used to
configure Ambari.
| authentication.ldap.userBase | The filter used when searching for users in
LDAP. |`ou=people,dc=ambari,dc=apache,dc=org` |
| authentication.ldap.userObjectClass | The class to which user objects in
LDAP belong. |`person` |
| authentication.ldap.userSearchFilter | A filter used to lookup a user in
LDAP based on the Ambari user nameThe following are examples of valid
values:`(&({usernameAttribute}={0})(objectClass={userObjectClass}))`
|`(&({usernameAttribute}={0})(objectClass={userObjectClass}))` |
+| authentication.ldap.username.forceLowercase | Declares whether to force the
ldap user name to be lowercase or leave as-is. This is useful when local user
names are expected to be lowercase but the LDAP user names are not. |`false` |
| authentication.ldap.usernameAttribute | The attribute used for determining
the user name, such as `uid`. |`uid` |
| authorization.ldap.adminGroupMappingRules | A comma-separate list of groups
which would give a user administrative access to Ambari when syncing from LDAP.
This is only used when `authorization.ldap.groupSearchFilter` is
blank.The following are examples of valid
values:`administrators``Hadoop Admins,Hadoop Admins.*,DC
Admins,.*Hadoop Operators` |`Ambari Administrators` |
| authorization.ldap.groupSearchFilter | The DN to use when searching for LDAP
groups. | |
http://git-wip-us.apache.org/repos/asf/ambari/blob/25c6da02/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 210c98d..6a4eabf 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -962,6 +962,15 @@ public class Configuration {
"authentication.ldap.usernameAttribute", "uid");
/**
+ * Declares whether to force the ldap user name to be lowercase or leave
as-is. This is useful when
+ * local user names are expected to be lowercase but the LDAP user names are
not.
+ */
+ @Markdown(description = "Declares whether to force the ldap user name to be
lowercase or leave as-is." +
+ " This is useful when local user names are expected to be lowercase but
the LDAP user names are not.")
+ public static final ConfigurationProperty
LDAP_USERNAME_FORCE_LOWERCASE = new ConfigurationProperty<>(
+ "authentication.ldap.username.forceLowercase", "false");
+
+ /**
* The filter used when searching for users in LDAP.
*/
@Markdown(description = "The filter used when searching for users in LDAP.")
@@ -3587,6 +3596,7 @@ public class Configuration {
ldapServerProperties.setBaseDN(getProperty(LDAP_BASE_DN));
ldapServerProperties.setUsernameAttribute(getProperty(LDAP_USERNAME_ATTRIBUTE));
+
ldapServerProperties.setForceUsernameToLowercase(Boolean.parseBoolean(getProperty(LDAP_USERNAME_FORCE_LOWERCASE)));
ldapServerProperties.setUserBase(getProperty(LDAP_USER_B
ambari git commit: AMBARI-12263. Support PAM as authentication mechanism for accessing Ambari UI/REST (Vishal Ghugare via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 7df30b172 -> b5a2bb8dd
AMBARI-12263. Support PAM as authentication mechanism for accessing Ambari
UI/REST (Vishal Ghugare via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b5a2bb8d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b5a2bb8d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b5a2bb8d
Branch: refs/heads/trunk
Commit: b5a2bb8ddbc7badcdd459b443077d429c5e8235d
Parents: 7df30b1
Author: Vishal Ghugare
Authored: Tue Nov 15 09:19:06 2016 -0500
Committer: Robert Levas
Committed: Tue Nov 15 09:20:22 2016 -0500
--
ambari-server/pom.xml | 10 +
ambari-server/sbin/ambari-server| 4 +
.../server/configuration/Configuration.java | 23 ++
.../AmbariManagementControllerImpl.java | 7 +-
.../ambari/server/controller/AmbariServer.java | 3 +
.../ambari/server/controller/GroupResponse.java | 14 ++
.../internal/GroupResourceProvider.java | 4 +
.../internal/UserPrivilegeResourceProvider.java | 3 +
.../apache/ambari/server/orm/dao/GroupDAO.java | 19 +-
.../ambari/server/orm/dao/ResourceDAO.java | 21 ++
.../ambari/server/orm/entities/GroupEntity.java | 18 ++
.../server/security/ClientSecurityType.java | 3 +-
.../AmbariPamAuthenticationProvider.java| 252 +++
.../server/security/authorization/Group.java| 6 +
.../security/authorization/GroupType.java | 25 ++
.../PamAuthenticationException.java | 36 +++
.../server/security/authorization/UserType.java | 3 +-
.../server/security/authorization/Users.java| 54 +++-
.../server/upgrade/UpgradeCatalog250.java | 11 +
ambari-server/src/main/python/ambari-server.py | 7 +-
.../main/python/ambari_server/setupActions.py | 1 +
.../main/python/ambari_server/setupSecurity.py | 53 +++-
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 1 +
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 1 +
.../resources/Ambari-DDL-Postgres-CREATE.sql| 1 +
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 1 +
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 1 +
.../src/main/resources/properties.json | 1 +
.../webapp/WEB-INF/spring-security.xml | 1 +
.../AmbariPamAuthenticationProviderTest.java| 97 +++
.../security/authorization/TestUsers.java | 10 +-
.../server/upgrade/UpgradeCatalog250Test.java | 13 +
32 files changed, 686 insertions(+), 18 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/b5a2bb8d/ambari-server/pom.xml
--
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index e02b7a5..36c57de 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1469,6 +1469,16 @@
1.0.0.0-SNAPSHOT
test
+
+ org.kohsuke
+ libpam4j
+ 1.8
+
+
+ net.java.dev.jna
+ jna
+ 4.1.0
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/b5a2bb8d/ambari-server/sbin/ambari-server
--
diff --git a/ambari-server/sbin/ambari-server b/ambari-server/sbin/ambari-server
index bdbdd0f..f08db13 100755
--- a/ambari-server/sbin/ambari-server
+++ b/ambari-server/sbin/ambari-server
@@ -132,6 +132,10 @@ case "${1:-}" in
echo -e "Updating jce policy"
$PYTHON "$AMBARI_PYTHON_EXECUTABLE" $@
;;
+ setup-pam)
+echo -e "Setting up PAM properties..."
+$PYTHON "$AMBARI_PYTHON_EXECUTABLE" $@
+;;
setup-ldap)
echo -e "Setting up LDAP properties..."
$PYTHON "$AMBARI_PYTHON_EXECUTABLE" $@
http://git-wip-us.apache.org/repos/asf/ambari/blob/b5a2bb8d/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 0b8e195..b8b8f54 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -725,6 +725,21 @@ public class Configuration {
"jce.name", null);
/**
+ * The auto group creation by Ambari.
+ */
+ @Markdown(
+ description = "The auto group creation by Ambari")
+ public static final ConfigurationProperty AUTO_GROUP_CREATION = new
ConfigurationProperty<>(
+ &q
ambari git commit: AMBARI-12263. Support PAM as authentication mechanism for accessing Ambari UI/REST (Vishal Ghugare via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 7b4505354 -> c446bf29f
AMBARI-12263. Support PAM as authentication mechanism for accessing Ambari
UI/REST (Vishal Ghugare via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c446bf29
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c446bf29
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c446bf29
Branch: refs/heads/branch-2.5
Commit: c446bf29f21125b3cbeb89b6e46badbba3bd5d77
Parents: 7b45053
Author: Vishal Ghugare
Authored: Tue Nov 15 09:54:03 2016 -0500
Committer: Robert Levas
Committed: Tue Nov 15 09:54:03 2016 -0500
--
ambari-server/pom.xml | 10 +
ambari-server/sbin/ambari-server| 4 +
.../server/configuration/Configuration.java | 23 ++
.../AmbariManagementControllerImpl.java | 7 +-
.../ambari/server/controller/AmbariServer.java | 3 +
.../ambari/server/controller/GroupResponse.java | 14 ++
.../internal/GroupResourceProvider.java | 4 +
.../internal/UserPrivilegeResourceProvider.java | 3 +
.../apache/ambari/server/orm/dao/GroupDAO.java | 19 +-
.../ambari/server/orm/dao/ResourceDAO.java | 21 ++
.../ambari/server/orm/entities/GroupEntity.java | 18 ++
.../server/security/ClientSecurityType.java | 3 +-
.../AmbariPamAuthenticationProvider.java| 252 +++
.../server/security/authorization/Group.java| 6 +
.../security/authorization/GroupType.java | 25 ++
.../PamAuthenticationException.java | 36 +++
.../server/security/authorization/UserType.java | 3 +-
.../server/security/authorization/Users.java| 54 +++-
.../server/upgrade/UpgradeCatalog250.java | 11 +
ambari-server/src/main/python/ambari-server.py | 7 +-
.../main/python/ambari_server/setupActions.py | 1 +
.../main/python/ambari_server/setupSecurity.py | 53 +++-
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 1 +
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 1 +
.../resources/Ambari-DDL-Postgres-CREATE.sql| 1 +
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 1 +
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 1 +
.../src/main/resources/properties.json | 1 +
.../webapp/WEB-INF/spring-security.xml | 1 +
.../AmbariPamAuthenticationProviderTest.java| 97 +++
.../security/authorization/TestUsers.java | 10 +-
.../server/upgrade/UpgradeCatalog250Test.java | 13 +
32 files changed, 686 insertions(+), 18 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/c446bf29/ambari-server/pom.xml
--
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index 4ec65ef..da11562 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -1453,6 +1453,16 @@
1.0.0.0-SNAPSHOT
test
+
+ org.kohsuke
+ libpam4j
+ 1.8
+
+
+ net.java.dev.jna
+ jna
+ 4.1.0
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/c446bf29/ambari-server/sbin/ambari-server
--
diff --git a/ambari-server/sbin/ambari-server b/ambari-server/sbin/ambari-server
index f1d6b8e..b153084 100755
--- a/ambari-server/sbin/ambari-server
+++ b/ambari-server/sbin/ambari-server
@@ -125,6 +125,10 @@ case "${1:-}" in
echo -e "Updating jce policy"
$PYTHON "$AMBARI_PYTHON_EXECUTABLE" $@
;;
+ setup-pam)
+echo -e "Setting up PAM properties..."
+$PYTHON "$AMBARI_PYTHON_EXECUTABLE" $@
+;;
setup-ldap)
echo -e "Setting up LDAP properties..."
$PYTHON "$AMBARI_PYTHON_EXECUTABLE" $@
http://git-wip-us.apache.org/repos/asf/ambari/blob/c446bf29/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 1e30c66..0b1ad51 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -722,6 +722,21 @@ public class Configuration {
"jce.name", null);
/**
+ * The auto group creation by Ambari.
+ */
+ @Markdown(
+ description = "The auto group creation by Ambari")
+ public static final ConfigurationProperty AUTO_GROUP_CREATION = new
ConfigurationProper
ambari git commit: AMBARI-18910. SSL/TLS protocols should be explicitly enabled and then filtered when Ambari starts up (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 745d1057b -> 430ecee61
AMBARI-18910. SSL/TLS protocols should be explicitly enabled and then filtered
when Ambari starts up (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/430ecee6
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/430ecee6
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/430ecee6
Branch: refs/heads/trunk
Commit: 430ecee6139c413faee7a8ed14a988181688cd54
Parents: 745d105
Author: Robert Levas
Authored: Wed Nov 16 14:42:23 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 16 14:42:23 2016 -0500
--
.../java/org/apache/ambari/server/controller/AmbariServer.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/430ecee6/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 537ebc5..a581c19 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -788,7 +788,7 @@ public class AmbariServer {
private void disableInsecureProtocols(SslContextFactory factory) {
// by default all protocols should be available
factory.setExcludeProtocols();
-factory.setIncludeProtocols(new String[] { "SSLv2Hello", "TLSv1" });
+factory.setIncludeProtocols(new String[]
{"SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"});
if (!configs.getSrvrDisabledCiphers().isEmpty()) {
String[] masks =
configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER);
ambari git commit: AMBARI-18910. SSL/TLS protocols should be explicitly enabled and then filtered when Ambari starts up (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 31caa528f -> 18ea7cf57
AMBARI-18910. SSL/TLS protocols should be explicitly enabled and then filtered
when Ambari starts up (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/18ea7cf5
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/18ea7cf5
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/18ea7cf5
Branch: refs/heads/branch-2.5
Commit: 18ea7cf57997b0579407822f821c96d0b11bd7dd
Parents: 31caa52
Author: Robert Levas
Authored: Wed Nov 16 14:43:41 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 16 14:43:55 2016 -0500
--
.../java/org/apache/ambari/server/controller/AmbariServer.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/18ea7cf5/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 193d677..d264dad 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -769,7 +769,7 @@ public class AmbariServer {
private void disableInsecureProtocols(SslContextFactory factory) {
// by default all protocols should be available
factory.setExcludeProtocols();
-factory.setIncludeProtocols(new String[] { "SSLv2Hello", "TLSv1" });
+factory.setIncludeProtocols(new String[]
{"SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"});
if (!configs.getSrvrDisabledCiphers().isEmpty()) {
String[] masks =
configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER);
ambari git commit: AMBARI-18910. SSL/TLS protocols should be explicitly enabled and then filtered when Ambari starts up (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.4 6db111308 -> b8d658059
AMBARI-18910. SSL/TLS protocols should be explicitly enabled and then filtered
when Ambari starts up (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b8d65805
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b8d65805
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b8d65805
Branch: refs/heads/branch-2.4
Commit: b8d6580593e13f1b5c722bca73190c07b5ed1e41
Parents: 6db1113
Author: Robert Levas
Authored: Wed Nov 16 14:44:56 2016 -0500
Committer: Robert Levas
Committed: Wed Nov 16 14:44:56 2016 -0500
--
.../java/org/apache/ambari/server/controller/AmbariServer.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/b8d65805/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index aa6c394..cb631d2 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -715,7 +715,7 @@ public class AmbariServer {
private void disableInsecureProtocols(SslContextFactory factory) {
// by default all protocols should be available
factory.setExcludeProtocols();
-factory.setIncludeProtocols(new String[] { "SSLv2Hello","TLSv1"});
+factory.setIncludeProtocols(new String[]
{"SSLv2Hello","SSLv3","TLSv1","TLSv1.1","TLSv1.2"});
if (!configs.getSrvrDisabledCiphers().isEmpty()) {
String[] masks =
configs.getSrvrDisabledCiphers().split(DISABLED_ENTRIES_SPLITTER);
ambari git commit: AMBARI-19133. hadoop.proxyuser.HTTP.hosts should not be updated when Hive is installed unless WebHcat is installed (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk d7ccc4c99 -> aef605ebc
AMBARI-19133. hadoop.proxyuser.HTTP.hosts should not be updated when Hive is
installed unless WebHcat is installed (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/aef605eb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/aef605eb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/aef605eb
Branch: refs/heads/trunk
Commit: aef605ebcc91ac048998aa7f585c0e34d2398c94
Parents: d7ccc4c
Author: Robert Levas
Authored: Mon Dec 12 14:46:44 2016 -0500
Committer: Robert Levas
Committed: Tue Dec 13 06:18:17 2016 -0500
--
.../kerberos/VariableReplacementHelper.java | 169 +--
.../HIVE/0.12.0.2.0/kerberos.json | 28 +--
.../stacks/HDP/2.5/services/HIVE/kerberos.json | 26 +--
.../kerberos/VariableReplacementHelperTest.java | 47 ++
4 files changed, 230 insertions(+), 40 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/aef605eb/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
index b171689..f463cee 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
@@ -18,12 +18,17 @@
package org.apache.ambari.server.state.kerberos;
+import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.ambari.server.AmbariException;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import com.google.inject.Singleton;
@@ -33,6 +38,8 @@ import com.google.inject.Singleton;
@Singleton
public class VariableReplacementHelper {
+ private static final Logger LOG =
LoggerFactory.getLogger(VariableReplacementHelper.class);
+
/**
* a regular expression Pattern used to find "variable" placeholders in
strings
*/
@@ -51,6 +58,7 @@ public class VariableReplacementHelper {
put("each", new EachFunction());
put("toLower", new ToLowerFunction());
put("replace", new ReplaceValue());
+ put("append", new AppendFunction());
}
};
@@ -110,7 +118,7 @@ public class VariableReplacementHelper {
if (replacement != null) {
if (function != null) {
- replacement = applyReplacementFunction(function,
replacement);
+ replacement = applyReplacementFunction(function,
replacement, replacementsMap);
}
// Escape '$' and '\' so they don't cause any issues.
@@ -140,11 +148,12 @@ public class VariableReplacementHelper {
*
* Commas in arguments should be escaped with a '/'.
*
- * @param functionthe name and arguments of the function
- * @param replacement the data to use in the function
- * @return a new string generated by appling the function
+ * @param functionthe name and arguments of the function
+ * @param replacement the data to use in the function
+ * @param replacementsMap a Map of data used to perform variable
replacements, if needed
+ * @return a new string generated by applying the function
*/
- private String applyReplacementFunction(String function, String replacement)
{
+ private String applyReplacementFunction(String function, String replacement,
Map> replacementsMap) {
if (function != null) {
Matcher matcher = PATTERN_FUNCTION.matcher(function);
@@ -163,7 +172,7 @@ public class VariableReplacementHelper {
argsList[i] = argsList[i].trim().replace("\\,", ",");
}
-return f.perform(argsList, replacement);
+return f.perform(argsList, replacement, replacementsMap);
}
}
}
@@ -180,11 +189,12 @@ public class VariableReplacementHelper {
* Perform the function to generate a new string by applying the logic of
this function to the
* supplied data.
*
- * @param args an array of arguments, specific to the function
- * @param data the data to apply the function logic to
+ * @param argsan array of arguments, specific to the function
+ * @param data
ambari git commit: AMBARI-19133. hadoop.proxyuser.HTTP.hosts should not be updated when Hive is installed unless WebHcat is installed (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 9ab01cbd3 -> b5e917930
AMBARI-19133. hadoop.proxyuser.HTTP.hosts should not be updated when Hive is
installed unless WebHcat is installed (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b5e91793
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b5e91793
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b5e91793
Branch: refs/heads/branch-2.5
Commit: b5e91793094048f218a4b74a303fc6bf6191b6b4
Parents: 9ab01cb
Author: Robert Levas
Authored: Tue Dec 13 06:21:25 2016 -0500
Committer: Robert Levas
Committed: Tue Dec 13 06:22:31 2016 -0500
--
.../kerberos/VariableReplacementHelper.java | 159 +--
.../HIVE/0.12.0.2.0/kerberos.json | 28 ++--
.../stacks/HDP/2.5/services/HIVE/kerberos.json | 26 +--
.../kerberos/VariableReplacementHelperTest.java | 50 +-
4 files changed, 226 insertions(+), 37 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/b5e91793/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
index 66be3bf..77333b8 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/VariableReplacementHelper.java
@@ -20,7 +20,12 @@ package org.apache.ambari.server.state.kerberos;
import com.google.inject.Singleton;
import org.apache.ambari.server.AmbariException;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
@@ -32,6 +37,8 @@ import java.util.regex.Pattern;
@Singleton
public class VariableReplacementHelper {
+ private static final Logger LOG =
LoggerFactory.getLogger(VariableReplacementHelper.class);
+
/**
* a regular expression Pattern used to find "variable" placeholders in
strings
*/
@@ -49,6 +56,7 @@ public class VariableReplacementHelper {
{
put("each", new EachFunction());
put("toLower", new ToLowerFunction());
+ put("append", new AppendFunction());
}
};
@@ -108,7 +116,7 @@ public class VariableReplacementHelper {
if (replacement != null) {
if (function != null) {
- replacement = applyReplacementFunction(function,
replacement);
+ replacement = applyReplacementFunction(function,
replacement, replacementsMap);
}
// Escape '$' and '\' so they don't cause any issues.
@@ -138,11 +146,12 @@ public class VariableReplacementHelper {
*
* Commas in arguments should be escaped with a '/'.
*
- * @param functionthe name and arguments of the function
- * @param replacement the data to use in the function
- * @return a new string generated by appling the function
+ * @param functionthe name and arguments of the function
+ * @param replacement the data to use in the function
+ * @param replacementsMap a Map of data used to perform variable
replacements, if needed
+ * @return a new string generated by applying the function
*/
- private String applyReplacementFunction(String function, String replacement)
{
+ private String applyReplacementFunction(String function, String replacement,
Map> replacementsMap) {
if (function != null) {
Matcher matcher = PATTERN_FUNCTION.matcher(function);
@@ -161,7 +170,7 @@ public class VariableReplacementHelper {
argsList[i] = argsList[i].trim().replace("\\,", ",");
}
-return f.perform(argsList, replacement);
+return f.perform(argsList, replacement, replacementsMap);
}
}
}
@@ -178,11 +187,12 @@ public class VariableReplacementHelper {
* Perform the function to generate a new string by applying the logic of
this function to the
* supplied data.
*
- * @param args an array of arguments, specific to the function
- * @param data the data to apply the function logic to
+ * @param argsan array of arguments, specific to the function
+ * @param datathe data to apply the function logic to
+ * @param replacementsMap a Map of data used t
ambari git commit: AMBARI-19132. Use "rm" to delete Ambari Server keytab files when disabling Kerberos (Attila Doroszlai via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk f9d37dfbc -> f0544dfa9
AMBARI-19132. Use "rm" to delete Ambari Server keytab files when disabling
Kerberos (Attila Doroszlai via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f0544dfa
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f0544dfa
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f0544dfa
Branch: refs/heads/trunk
Commit: f0544dfa9a1bf462451dbbaf688ceb22e5ceb773
Parents: f9d37df
Author: Attila Doroszlai
Authored: Mon Dec 19 12:40:53 2016 -0500
Committer: Robert Levas
Committed: Mon Dec 19 12:40:53 2016 -0500
--
.../kerberos/DestroyPrincipalsServerAction.java | 11 +-
.../ambari/server/utils/ShellCommandUtil.java | 41 +++-
.../server/utils/TestShellCommandUtil.java | 35 +
3 files changed, 83 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/f0544dfa/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
index 8197e76..3f631b4 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
@@ -19,6 +19,7 @@
package org.apache.ambari.server.serveraction.kerberos;
import java.io.File;
+import java.io.IOException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -30,6 +31,7 @@ import
org.apache.ambari.server.audit.event.kerberos.DestroyPrincipalKerberosAud
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO;
import org.apache.ambari.server.orm.entities.KerberosPrincipalEntity;
+import org.apache.ambari.server.utils.ShellCommandUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -141,8 +143,13 @@ public class DestroyPrincipalsServerAction extends
KerberosServerAction {
if (hostName != null &&
hostName.equalsIgnoreCase(KerberosHelper.AMBARI_SERVER_HOST_NAME)) {
String keytabFilePath =
identityRecord.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH);
if (keytabFilePath != null) {
- if (!new File(keytabFilePath).delete()) {
-LOG.debug(String.format("Failed to remove ambari keytab for
%s", evaluatedPrincipal));
+ try {
+ShellCommandUtil.Result result =
ShellCommandUtil.delete(keytabFilePath, true, true);
+if (!result.isSuccessful()) {
+ LOG.warn("Failed to remove ambari keytab for {} due to {}",
evaluatedPrincipal, result.getStderr());
+}
+ } catch (IOException|InterruptedException e) {
+LOG.warn("Failed to remove ambari keytab for " +
evaluatedPrincipal, e);
}
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/f0544dfa/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
b/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
index 57044d7..344c8a8 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
@@ -24,6 +24,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.util.ArrayList;
+import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
@@ -342,7 +343,7 @@ public class ShellCommandUtil {
command.add(directoryPath);
- return runCommand(command.toArray(new String[command.size()]), null,
null, sudo);
+ return runCommand(command, null, null, sudo);
}
}
@@ -377,7 +378,43 @@ public class ShellCommandUtil {
command.add(srcFile);
command.add(destFile);
-return runCommand(command.toArray(new String[command.size()]), null, null,
sudo);
+return runCommand(command, null, null, sudo);
+ }
+
+ /**
+ * Deletes the file.
+ *
+ * @param file the path to the file to be deleted
+ * @param force true to force copy even i
ambari git commit: AMBARI-19132. Use "rm" to delete Ambari Server keytab files when disabling Kerberos (Attila Doroszlai via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 c358ae0c2 -> 435006d4b
AMBARI-19132. Use "rm" to delete Ambari Server keytab files when disabling
Kerberos (Attila Doroszlai via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/435006d4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/435006d4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/435006d4
Branch: refs/heads/branch-2.5
Commit: 435006d4b763b626336a92e2dd43adc72c6a7c10
Parents: c358ae0
Author: Attila Doroszlai
Authored: Mon Dec 19 13:02:25 2016 -0500
Committer: Robert Levas
Committed: Mon Dec 19 13:02:29 2016 -0500
--
.../kerberos/DestroyPrincipalsServerAction.java | 11 +-
.../ambari/server/utils/ShellCommandUtil.java | 41 +++-
.../server/utils/TestShellCommandUtil.java | 35 +
3 files changed, 83 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/435006d4/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
index c28b725..a25357c 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java
@@ -25,10 +25,12 @@ import
org.apache.ambari.server.audit.event.kerberos.DestroyPrincipalKerberosAud
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO;
import org.apache.ambari.server.orm.entities.KerberosPrincipalEntity;
+import org.apache.ambari.server.utils.ShellCommandUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
+import java.io.IOException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -140,8 +142,13 @@ public class DestroyPrincipalsServerAction extends
KerberosServerAction {
if (hostName != null &&
hostName.equalsIgnoreCase(KerberosHelper.AMBARI_SERVER_HOST_NAME)) {
String keytabFilePath =
identityRecord.get(KerberosIdentityDataFileReader.KEYTAB_FILE_PATH);
if (keytabFilePath != null) {
- if (!new File(keytabFilePath).delete()) {
-LOG.debug(String.format("Failed to remove ambari keytab for
%s", evaluatedPrincipal));
+ try {
+ShellCommandUtil.Result result =
ShellCommandUtil.delete(keytabFilePath, true, true);
+if (!result.isSuccessful()) {
+ LOG.warn("Failed to remove ambari keytab for {} due to {}",
evaluatedPrincipal, result.getStderr());
+}
+ } catch (IOException|InterruptedException e) {
+LOG.warn("Failed to remove ambari keytab for " +
evaluatedPrincipal, e);
}
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/435006d4/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
b/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
index 95a4b27..961fa22 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/utils/ShellCommandUtil.java
@@ -28,6 +28,7 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.util.ArrayList;
+import java.util.List;
import java.util.Map;
/**
@@ -342,7 +343,7 @@ public class ShellCommandUtil {
command.add(directoryPath);
- return runCommand(command.toArray(new String[command.size()]), null,
null, sudo);
+ return runCommand(command, null, null, sudo);
}
}
@@ -377,7 +378,43 @@ public class ShellCommandUtil {
command.add(srcFile);
command.add(destFile);
-return runCommand(command.toArray(new String[command.size()]), null, null,
sudo);
+return runCommand(command, null, null, sudo);
+ }
+
+ /**
+ * Deletes the file.
+ *
+ * @param file the path to the file to be deleted
+ * @param force true to force copy even if the file exists
+ * @param sudo true to execute the command using sudo (ambari-sudo);
oth
[1/2] ambari git commit: AMBARI-19195. Add permission for Service Auto Start (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk c01f4d809 -> d48b8d9b0
http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 5e89039..24b4570 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -26,6 +26,8 @@ import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Provider;
import junit.framework.Assert;
+
+import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.actionmanager.ActionManager;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.AmbariManagementController;
@@ -33,6 +35,12 @@ import
org.apache.ambari.server.controller.AmbariManagementControllerImpl;
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.controller.MaintenanceStateHelper;
import org.apache.ambari.server.orm.DBAccessor;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
@@ -53,7 +61,10 @@ import javax.persistence.EntityManager;
import java.lang.reflect.Method;
import java.sql.Connection;
import java.sql.ResultSet;
+import java.sql.SQLException;
import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -259,6 +270,7 @@ public class UpgradeCatalog250Test {
Method updateHiveLlapConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateHiveLlapConfigs");
Method updateHIVEInteractiveConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateHIVEInteractiveConfigs");
Method updateTEZInteractiveConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateTEZInteractiveConfigs");
+Method addManageServiceAutoStartPermissions =
UpgradeCatalog250.class.getDeclaredMethod("addManageServiceAutoStartPermissions");
Method addNewConfigurationsFromXml =
AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml");
Method updateTablesForZeppelinViewRemoval =
UpgradeCatalog250.class.getDeclaredMethod("updateTablesForZeppelinViewRemoval");
Method updateAtlasConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateAtlasConfigs");
@@ -268,6 +280,7 @@ public class UpgradeCatalog250Test {
.addMockedMethod(updateKafkaConfigs)
.addMockedMethod(updateHiveLlapConfigs)
.addMockedMethod(addNewConfigurationsFromXml)
+.addMockedMethod(addManageServiceAutoStartPermissions)
.addMockedMethod(updateHIVEInteractiveConfigs)
.addMockedMethod(updateTEZInteractiveConfigs)
.addMockedMethod(updateTablesForZeppelinViewRemoval)
@@ -298,6 +311,9 @@ public class UpgradeCatalog250Test {
upgradeCatalog250.updateAtlasConfigs();
expectLastCall().once();
+upgradeCatalog250.addManageServiceAutoStartPermissions();
+expectLastCall().once();
+
replay(upgradeCatalog250);
upgradeCatalog250.executeDMLUpdates();
@@ -498,4 +514,77 @@ public class UpgradeCatalog250Test {
Map updatedProperties = propertiesCapture.getValue();
assertTrue(Maps.difference(newProperties, updatedProperties).areEqual());
}
+
+ @Test
+ public void testCreateRoleAuthorizations() throws AmbariException,
SQLException {
+
+EasyMockSupport easyMockSupport = new EasyMockSupport();
+
+ResourceTypeEntity ambariResourceTypeEntity =
easyMockSupport.createMock(ResourceTypeEntity.class);
+
+ResourceTypeEntity clusterResourceTypeEntity =
easyMockSupport.createMock(ResourceTypeEntity.class);
+
+Collection ambariAdministratorAuthorizations =
new ArrayList();
+Collection clusterAdministratorAuthorizations =
new ArrayList();
+
+PermissionEntity clusterAdministratorPermissionEntity =
easyMockSupport.createMock(PermissionEntity.class);
+expect(clusterAdministratorPermissionEntity.getAuthorizations())
+.andReturn(clusterAdministratorAuthorizations).atLeastOnce();
+
+PermissionEntity ambariAdministratorPermissionEntity =
easyMockSupport.createMock(PermissionEntity.class);
+expect(amba
[2/2] ambari git commit: AMBARI-19195. Add permission for Service Auto Start (rlevas)
AMBARI-19195. Add permission for Service Auto Start (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d48b8d9b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d48b8d9b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d48b8d9b
Branch: refs/heads/trunk
Commit: d48b8d9b0852d22af4f9bb2191c51c706e292460
Parents: c01f4d8
Author: Robert Levas
Authored: Tue Dec 20 12:55:46 2016 -0500
Committer: Robert Levas
Committed: Tue Dec 20 12:55:46 2016 -0500
--
.../AmbariManagementControllerImpl.java | 279 +++
.../internal/ComponentResourceProvider.java | 6 +-
.../internal/ConfigurationResourceProvider.java | 12 +-
.../internal/HostResourceProvider.java | 26 +-
.../AmbariAuthorizationFilter.java | 2 +
.../authorization/RoleAuthorization.java| 8 +-
.../server/upgrade/UpgradeCatalog250.java | 54 +++-
.../main/resources/Ambari-DDL-Derby-CREATE.sql | 9 +
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 9 +
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 9 +
.../resources/Ambari-DDL-Postgres-CREATE.sql| 9 +
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 9 +
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 9 +
.../security/TestAuthenticationFactory.java | 5 +
.../server/upgrade/UpgradeCatalog250Test.java | 89 ++
15 files changed, 426 insertions(+), 109 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/d48b8d9b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 5f64c18..f8191fa 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -783,6 +783,29 @@ public class AmbariManagementControllerImpl implements
AmbariManagementControlle
}
}
+ /**
+ * Creates a configuration.
+ *
+ * This implementation ensures the authenticated user is authorized to
create the new configuration
+ * based on the details of what properties are being changed and the
authorizations the authenticated
+ * user has been granted.
+ *
+ * Example
+ *
+ *
+ * If the user is attempting to change a service-level configuration that
user must be granted the
+ * SERVICE_MODIFY_CONFIGS privilege (authorization)
+ *
+ *
+ * If the user is attempting to change the cluster-wide value to enable or
disable auto-start
+ * (cluster-env/recovery_enabled), that user must be granted the
+ * CLUSTER_MANAGE_AUTO_START privilege (authorization)
+ *
+ *
+ *
+ * @param request the request object which defines the configuration.
+ * @throws AmbariException when the configuration cannot be created.
+ */
@Override
public synchronized ConfigurationResponse createConfiguration(
ConfigurationRequest request) throws AmbariException,
AuthorizationException {
@@ -809,19 +832,32 @@ public class AmbariManagementControllerImpl implements
AmbariManagementControlle
// happen in unit test cases but should not happen with later versions
of stacks.
}
+// Get the changes so that the user's intention can be determined. For
example, maybe
+// the user wants to change the run-as user for a service or maybe the the
cluster-wide
+// recovery mode setting.
+Map propertyChanges = getPropertyChanges(cluster,
request);
+
if(StringUtils.isEmpty(service)) {
- if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER,
cluster.getResourceId(),
- EnumSet.of(RoleAuthorization.CLUSTER_MODIFY_CONFIGS))) {
-throw new AuthorizationException("The authenticated user does not have
authorization " +
-"to create cluster configurations");
- }
+ // If the configuration is not attached to a specific service, it is a
cluster-wide configuration
+ // type. For example, cluster-env.
+
+ // If the user is trying to set the cluster-wide recovery mode, ensure
that user
+ // has the appropriate authorization
+ validateAuthorizationToManageServiceAutoStartConfiguration(cluster,
configType, propertyChanges);
+
+ // If the user is trying to set any other cluster-wide property, ensure
that user
+ // has the appropriate authorization
+ validateAuthorizationToModifyConfigurations(cluster, configType,
propertyChanges,
+
[2/2] ambari git commit: AMBARI-19195. Add permission for Service Auto Start (rlevas)
AMBARI-19195. Add permission for Service Auto Start (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f3642a57
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f3642a57
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f3642a57
Branch: refs/heads/branch-2.5
Commit: f3642a5725446e4da7b8524e798901fd5f81401a
Parents: bd56b2a
Author: Robert Levas
Authored: Tue Dec 20 13:59:23 2016 -0500
Committer: Robert Levas
Committed: Tue Dec 20 13:59:23 2016 -0500
--
.../AmbariManagementControllerImpl.java | 279 +++
.../internal/ComponentResourceProvider.java | 6 +-
.../internal/ConfigurationResourceProvider.java | 12 +-
.../internal/HostResourceProvider.java | 29 +-
.../AmbariAuthorizationFilter.java | 2 +
.../authorization/RoleAuthorization.java| 8 +-
.../server/upgrade/UpgradeCatalog250.java | 54 +++-
.../main/resources/Ambari-DDL-Derby-CREATE.sql | 9 +
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 9 +
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 9 +
.../resources/Ambari-DDL-Postgres-CREATE.sql| 9 +
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 9 +
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 9 +
.../security/TestAuthenticationFactory.java | 5 +
.../server/upgrade/UpgradeCatalog250Test.java | 95 +++
15 files changed, 432 insertions(+), 112 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/f3642a57/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 1a6c5fa..22eabdd 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -783,6 +783,29 @@ public class AmbariManagementControllerImpl implements
AmbariManagementControlle
}
}
+ /**
+ * Creates a configuration.
+ *
+ * This implementation ensures the authenticated user is authorized to
create the new configuration
+ * based on the details of what properties are being changed and the
authorizations the authenticated
+ * user has been granted.
+ *
+ * Example
+ *
+ *
+ * If the user is attempting to change a service-level configuration that
user must be granted the
+ * SERVICE_MODIFY_CONFIGS privilege (authorization)
+ *
+ *
+ * If the user is attempting to change the cluster-wide value to enable or
disable auto-start
+ * (cluster-env/recovery_enabled), that user must be granted the
+ * CLUSTER_MANAGE_AUTO_START privilege (authorization)
+ *
+ *
+ *
+ * @param request the request object which defines the configuration.
+ * @throws AmbariException when the configuration cannot be created.
+ */
@Override
public synchronized ConfigurationResponse createConfiguration(
ConfigurationRequest request) throws AmbariException,
AuthorizationException {
@@ -809,19 +832,32 @@ public class AmbariManagementControllerImpl implements
AmbariManagementControlle
// happen in unit test cases but should not happen with later versions
of stacks.
}
+// Get the changes so that the user's intention can be determined. For
example, maybe
+// the user wants to change the run-as user for a service or maybe the the
cluster-wide
+// recovery mode setting.
+Map propertyChanges = getPropertyChanges(cluster,
request);
+
if(StringUtils.isEmpty(service)) {
- if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER,
cluster.getResourceId(),
- EnumSet.of(RoleAuthorization.CLUSTER_MODIFY_CONFIGS))) {
-throw new AuthorizationException("The authenticated user does not have
authorization " +
-"to create cluster configurations");
- }
+ // If the configuration is not attached to a specific service, it is a
cluster-wide configuration
+ // type. For example, cluster-env.
+
+ // If the user is trying to set the cluster-wide recovery mode, ensure
that user
+ // has the appropriate authorization
+ validateAuthorizationToManageServiceAutoStartConfiguration(cluster,
configType, propertyChanges);
+
+ // If the user is trying to set any other cluster-wide property, ensure
that user
+ // has the appropriate authorization
+ validateAuthorizationToModifyConfigurations(cluster, configType,
propertyChanges,
+
[1/2] ambari git commit: AMBARI-19195. Add permission for Service Auto Start (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 bd56b2add -> f3642a572
http://git-wip-us.apache.org/repos/asf/ambari/blob/f3642a57/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 627ef07..c57b018 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -26,6 +26,8 @@ import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Provider;
import junit.framework.Assert;
+
+import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.actionmanager.ActionManager;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.AmbariManagementController;
@@ -33,6 +35,12 @@ import
org.apache.ambari.server.controller.AmbariManagementControllerImpl;
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.controller.MaintenanceStateHelper;
import org.apache.ambari.server.orm.DBAccessor;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
@@ -53,7 +61,10 @@ import javax.persistence.EntityManager;
import java.lang.reflect.Method;
import java.sql.Connection;
import java.sql.ResultSet;
+import java.sql.SQLException;
import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -262,6 +273,7 @@ public class UpgradeCatalog250Test {
Method addNewConfigurationsFromXml =
AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml");
Method updateHIVEInteractiveConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateHIVEInteractiveConfigs");
Method updateTEZInteractiveConfigs =
UpgradeCatalog250.class.getDeclaredMethod("updateTEZInteractiveConfigs");
+Method addManageServiceAutoStartPermissions =
UpgradeCatalog250.class.getDeclaredMethod("addManageServiceAutoStartPermissions");
UpgradeCatalog250 upgradeCatalog250 =
createMockBuilder(UpgradeCatalog250.class)
.addMockedMethod(updateAmsConfigs)
@@ -272,6 +284,7 @@ public class UpgradeCatalog250Test {
.addMockedMethod(updateTablesForZeppelinViewRemoval)
.addMockedMethod(updateAtlasConfigs)
.addMockedMethod(addNewConfigurationsFromXml)
+ .addMockedMethod(addManageServiceAutoStartPermissions)
.createMock();
@@ -299,6 +312,9 @@ public class UpgradeCatalog250Test {
upgradeCatalog250.updateAtlasConfigs();
expectLastCall().once();
+upgradeCatalog250.addManageServiceAutoStartPermissions();
+expectLastCall().once();
+
replay(upgradeCatalog250);
upgradeCatalog250.executeDMLUpdates();
@@ -499,4 +515,83 @@ public class UpgradeCatalog250Test {
Map updatedProperties = propertiesCapture.getValue();
assertTrue(Maps.difference(newProperties, updatedProperties).areEqual());
}
+
+ @Test
+ public void testCreateRoleAuthorizations() throws AmbariException,
SQLException {
+
+EasyMockSupport easyMockSupport = new EasyMockSupport();
+
+ResourceTypeEntity ambariResourceTypeEntity =
easyMockSupport.createMock(ResourceTypeEntity.class);
+
+ResourceTypeEntity clusterResourceTypeEntity =
easyMockSupport.createMock(ResourceTypeEntity.class);
+
+Collection ambariAdministratorAuthorizations =
new ArrayList();
+Collection clusterAdministratorAuthorizations =
new ArrayList();
+
+PermissionEntity clusterAdministratorPermissionEntity =
easyMockSupport.createMock(PermissionEntity.class);
+expect(clusterAdministratorPermissionEntity.getAuthorizations())
+.andReturn(clusterAdministratorAuthorizations)
+.anyTimes();
+
+PermissionEntity ambariAdministratorPermissionEntity =
easyMockSupport.createMock(PermissionEntity.class);
+expect(ambariAdministratorPermissionEntity.getAuthorizations())
+.andReturn(ambariAdministratorAuthorizations)
+.anyTimes();
+
+PermissionDAO permissionDAO =
easyMockSupport.createMock(PermissionDAO.class);
+expect(permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR",
ambariResourceTypeEntity))
+.a
ambari git commit: AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 30b27b1c2 -> e96dee0fe
AMBARI-19331. Setup correct authentication and authorization mechanism between
Yarn and Zookeeper (Attila Magyar via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e96dee0f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e96dee0f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e96dee0f
Branch: refs/heads/trunk
Commit: e96dee0fecfafeda637c339217b2746b337f729f
Parents: 30b27b1
Author: Attila Magyar
Authored: Wed Jan 4 11:28:03 2017 -0500
Committer: Robert Levas
Committed: Wed Jan 4 11:29:11 2017 -0500
--
.../src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java| 2 ++
.../test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java| 5 +
.../python/resource_management/core/resources/zkmigrator.py | 3 +++
.../main/resources/common-services/YARN/2.1.0.2.0/kerberos.json | 4 +++-
.../YARN/2.1.0.2.0/package/scripts/params_linux.py | 2 ++
.../YARN/2.1.0.2.0/package/scripts/resourcemanager.py | 5 +++--
.../main/resources/common-services/YARN/3.0.0.3.0/kerberos.json | 4 +++-
.../YARN/3.0.0.3.0/package/scripts/params_linux.py | 2 ++
.../YARN/3.0.0.3.0/package/scripts/resourcemanager.py | 5 +++--
.../main/resources/stacks/HDP/2.2/services/YARN/kerberos.json | 4 +++-
.../resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json| 4 +++-
.../main/resources/stacks/HDP/2.3/services/YARN/kerberos.json | 4 +++-
.../main/resources/stacks/HDP/2.5/services/YARN/kerberos.json | 4 +++-
13 files changed, 38 insertions(+), 10 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/e96dee0f/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
--
diff --git
a/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
b/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
index 15edb69..b4da1ed 100644
--- a/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
+++ b/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
@@ -74,6 +74,8 @@ public class ZkMigrator {
ZooKeeper client = ZkConnection.open(connectionString,
SESSION_TIMEOUT_MILLIS, CONNECTION_TIMEOUT_MILLIS);
try {
acl.setRecursivelyOn(client, znode);
+} catch (KeeperException.NoNodeException e) {
+ System.out.println("Could not set ACL on " + znode + ". Reason: " +
e.getMessage());
} finally {
client.close();
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/e96dee0f/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
--
diff --git
a/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
b/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
index 0a2bbac..b2c9899 100644
--- a/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
+++ b/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
@@ -105,6 +105,11 @@ public class ZkMigratorTest {
setAcls("/any", "world:anyone:invalid");
}
+ @Test
+ public void testIgnoresNonExistentNode() throws Exception {
+setAcls("/nonexistent", "world:anyone:rw");
+ }
+
@Before
public void startZookeeper() throws Exception {
zkTestServer = new TestingServer(Port.free());
http://git-wip-us.apache.org/repos/asf/ambari/blob/e96dee0f/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
--
diff --git
a/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
b/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
index a946e47..5e86e05 100644
---
a/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
+++
b/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
@@ -21,6 +21,8 @@ Ambari Agent
"""
from resource_management.core.resources.system import Execute
+from resource_management.core.logger import Logger
+from resource_management.libraries.functions import format
class ZkMigrator:
def __init__(self, zk_host, java_exec, java_home, jaas_file, user):
@@ -32,6 +34,7 @@ class ZkMigrator:
self.zkmigrator_jar = "/var/lib/ambari-agent/tools/zkmigrator.jar"
def set_acls(self, znode, acl, tries=1):
+Logger.info(format("Setting ACL on znode {znode} to {acl}"))
Execute(
self._command(znode, acl), \
user=self.user, \
http://git
ambari git commit: AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 9c17534c2 -> 9d791119c
AMBARI-19331. Setup correct authentication and authorization mechanism between
Yarn and Zookeeper (Attila Magyar via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9d791119
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9d791119
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9d791119
Branch: refs/heads/branch-2.5
Commit: 9d791119c3de3027b84e75557ea1caaa328c63e2
Parents: 9c17534
Author: Attila Magyar
Authored: Wed Jan 4 11:30:49 2017 -0500
Committer: Robert Levas
Committed: Wed Jan 4 11:30:49 2017 -0500
--
.../src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java| 2 ++
.../test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java| 5 +
.../python/resource_management/core/resources/zkmigrator.py | 3 +++
.../main/resources/common-services/YARN/2.1.0.2.0/kerberos.json | 4 +++-
.../YARN/2.1.0.2.0/package/scripts/params_linux.py | 2 ++
.../YARN/2.1.0.2.0/package/scripts/resourcemanager.py | 5 +++--
.../main/resources/stacks/HDP/2.2/services/YARN/kerberos.json | 4 +++-
.../resources/stacks/HDP/2.3.ECS/services/YARN/kerberos.json| 4 +++-
.../main/resources/stacks/HDP/2.3/services/YARN/kerberos.json | 4 +++-
.../main/resources/stacks/HDP/2.5/services/YARN/kerberos.json | 4 +++-
10 files changed, 30 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/9d791119/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
--
diff --git
a/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
b/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
index 15edb69..b4da1ed 100644
--- a/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
+++ b/ambari-agent/src/main/java/org/apache/ambari/tools/zk/ZkMigrator.java
@@ -74,6 +74,8 @@ public class ZkMigrator {
ZooKeeper client = ZkConnection.open(connectionString,
SESSION_TIMEOUT_MILLIS, CONNECTION_TIMEOUT_MILLIS);
try {
acl.setRecursivelyOn(client, znode);
+} catch (KeeperException.NoNodeException e) {
+ System.out.println("Could not set ACL on " + znode + ". Reason: " +
e.getMessage());
} finally {
client.close();
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/9d791119/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
--
diff --git
a/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
b/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
index 0a2bbac..b2c9899 100644
--- a/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
+++ b/ambari-agent/src/test/java/org/apache/ambari/tools/zk/ZkMigratorTest.java
@@ -105,6 +105,11 @@ public class ZkMigratorTest {
setAcls("/any", "world:anyone:invalid");
}
+ @Test
+ public void testIgnoresNonExistentNode() throws Exception {
+setAcls("/nonexistent", "world:anyone:rw");
+ }
+
@Before
public void startZookeeper() throws Exception {
zkTestServer = new TestingServer(Port.free());
http://git-wip-us.apache.org/repos/asf/ambari/blob/9d791119/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
--
diff --git
a/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
b/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
index a946e47..5e86e05 100644
---
a/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
+++
b/ambari-common/src/main/python/resource_management/core/resources/zkmigrator.py
@@ -21,6 +21,8 @@ Ambari Agent
"""
from resource_management.core.resources.system import Execute
+from resource_management.core.logger import Logger
+from resource_management.libraries.functions import format
class ZkMigrator:
def __init__(self, zk_host, java_exec, java_home, jaas_file, user):
@@ -32,6 +34,7 @@ class ZkMigrator:
self.zkmigrator_jar = "/var/lib/ambari-agent/tools/zkmigrator.jar"
def set_acls(self, znode, acl, tries=1):
+Logger.info(format("Setting ACL on znode {znode} to {acl}"))
Execute(
self._command(znode, acl), \
user=self.user, \
http://git-wip-us.apache.org/repos/asf/ambari/blob/9d791119/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
--
diff --git
a/
ambari git commit: AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results in unit test failures (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 381b474d6 -> 5e72ee6f2
AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results in unit
test failures (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5e72ee6f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5e72ee6f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5e72ee6f
Branch: refs/heads/trunk
Commit: 5e72ee6f2c6ebcda105e521d819f95ffde1b245e
Parents: 381b474
Author: Robert Levas
Authored: Thu Jan 5 12:53:53 2017 -0500
Committer: Robert Levas
Committed: Thu Jan 5 12:53:59 2017 -0500
--
.../controller/utilities/KerberosChecker.java | 50 +
.../utilities/LoginContextHelper.java | 56 ++
.../utilities/KerberosCheckerTest.java | 43 +++-
.../system/impl/JvmMetricsSourceTest.java | 75 -
.../AmbariBasicAuthenticationFilterTest.java| 37 ++-
.../server/upgrade/UpgradeCatalog222Test.java | 4 +-
.../view/persistence/DataStoreImplTest.java | 110 +--
7 files changed, 235 insertions(+), 140 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/5e72ee6f/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
index e0a3d55..2ca9735 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -35,19 +35,25 @@ import com.sun.security.auth.callback.TextCallbackHandler;
public class KerberosChecker {
- private static final String HTTP_SPNEGO_STANDARD_ENTRY =
-"com.sun.security.jgss.krb5.initiate";
+ static final String HTTP_SPNEGO_STANDARD_ENTRY =
+ "com.sun.security.jgss.krb5.initiate";
private static final String KRB5_LOGIN_MODULE =
-"com.sun.security.auth.module.Krb5LoginModule";
+ "com.sun.security.auth.module.Krb5LoginModule";
public static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG =
-"java.security.auth.login.config";
+ "java.security.auth.login.config";
- static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
+ private static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
@Inject
static Configuration config;
/**
+ * Used to help create new LoginContext instances
+ */
+ @Inject
+ static LoginContextHelper loginContextHelper;
+
+ /**
* Checks Ambari Server with a Kerberos principal and keytab to allow views
* to authenticate via SPNEGO against cluster components.
*
@@ -61,14 +67,14 @@ public class KerberosChecker {
String jaasConfPath =
System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
javax.security.auth.login.Configuration jaasConf =
-javax.security.auth.login.Configuration.getConfiguration();
+ javax.security.auth.login.Configuration.getConfiguration();
AppConfigurationEntry[] jaasConfEntries =
-jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
+ jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
if (jaasConfEntries == null) {
LOG.warn("Can't find " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " +
-jaasConfPath);
+jaasConfPath);
} else {
boolean krb5LoginModulePresent = false;
for (AppConfigurationEntry ace : jaasConfEntries) {
@@ -83,41 +89,39 @@ public class KerberosChecker {
LOG.warn(keytabPath + " doesn't exist.");
} else if (!keytabFile.canRead()) {
LOG.warn("Unable to read " + keytabPath +
-" Please check the file access permissions for user " +
-System.getProperty("user.name"));
+ " Please check the file access permissions for user " +
+ System.getProperty("user.name"));
}
} else {
LOG.warn("Can't find keyTab option in " + KRB5_LOGIN_MODULE +
- " module of " + HTTP_SPNEGO_STANDARD_ENTRY +
ambari git commit: AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results in unit test failures (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 1482ffdbf -> 8e070f4bd
AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results in unit
test failures (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8e070f4b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8e070f4b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8e070f4b
Branch: refs/heads/branch-2.5
Commit: 8e070f4bd5fde2ceedf67738c74f2f5f5a6d1d51
Parents: 1482ffd
Author: Robert Levas
Authored: Thu Jan 5 13:52:04 2017 -0500
Committer: Robert Levas
Committed: Thu Jan 5 13:52:04 2017 -0500
--
.../controller/utilities/KerberosChecker.java | 53 +++---
.../utilities/LoginContextHelper.java | 56 ++
.../utilities/KerberosCheckerTest.java | 43 ++---
.../system/impl/JvmMetricsSourceTest.java | 75 +++-
.../AmbariBasicAuthenticationFilterTest.java| 39 ++--
.../server/upgrade/UpgradeCatalog222Test.java | 4 +-
.../view/persistence/DataStoreImplTest.java | 185 +--
7 files changed, 276 insertions(+), 179 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/8e070f4b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
index 0aba68a..48893ff 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -19,7 +19,7 @@
package org.apache.ambari.server.controller.utilities;
import com.google.inject.Inject;
-import com.sun.security.auth.callback.TextCallbackHandler;
+
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.Configuration;
import org.slf4j.Logger;
@@ -28,24 +28,31 @@ import org.slf4j.LoggerFactory;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+
import java.io.File;
import java.util.Map;
public class KerberosChecker {
- private static final String HTTP_SPNEGO_STANDARD_ENTRY =
-"com.sun.security.jgss.krb5.initiate";
+ static final String HTTP_SPNEGO_STANDARD_ENTRY =
+ "com.sun.security.jgss.krb5.initiate";
private static final String KRB5_LOGIN_MODULE =
-"com.sun.security.auth.module.Krb5LoginModule";
+ "com.sun.security.auth.module.Krb5LoginModule";
public static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG =
-"java.security.auth.login.config";
+ "java.security.auth.login.config";
- static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
+ private static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
@Inject
static Configuration config;
/**
+ * Used to help create new LoginContext instances
+ */
+ @Inject
+ static LoginContextHelper loginContextHelper;
+
+ /**
* Checks Ambari Server with a Kerberos principal and keytab to allow views
* to authenticate via SPNEGO against cluster components.
*
@@ -59,14 +66,14 @@ public class KerberosChecker {
String jaasConfPath =
System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
javax.security.auth.login.Configuration jaasConf =
-javax.security.auth.login.Configuration.getConfiguration();
+ javax.security.auth.login.Configuration.getConfiguration();
AppConfigurationEntry[] jaasConfEntries =
-jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
+ jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
if (jaasConfEntries == null) {
LOG.warn("Can't find " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " +
-jaasConfPath);
+jaasConfPath);
} else {
boolean krb5LoginModulePresent = false;
for (AppConfigurationEntry ace : jaasConfEntries) {
@@ -81,41 +88,39 @@ public class KerberosChecker {
LOG.warn(keytabPath + " doesn't exist.");
} else if (!keytabFile.canRead()) {
LOG.warn("Unable to read " + keytabPath +
-
[2/2] ambari git commit: AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results in unit test failures (rlevas)
AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results in unit
test failures (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bd1b7444
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bd1b7444
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bd1b7444
Branch: refs/heads/trunk
Commit: bd1b744403bfa9c6e6aaf02e7c56062e7fdb21cd
Parents: 9109d1c
Author: Robert Levas
Authored: Thu Jan 5 17:33:03 2017 -0500
Committer: Robert Levas
Committed: Thu Jan 5 17:33:03 2017 -0500
--
.../controller/utilities/KerberosChecker.java | 51 +
.../utilities/LoginContextHelper.java | 56 ++
.../utilities/KerberosCheckerTest.java | 43 +++-
.../system/impl/JvmMetricsSourceTest.java | 75 -
.../AmbariBasicAuthenticationFilterTest.java| 37 ++-
.../server/upgrade/UpgradeCatalog222Test.java | 4 +-
.../view/persistence/DataStoreImplTest.java | 110 +--
7 files changed, 235 insertions(+), 141 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/bd1b7444/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
index e0a3d55..5097c09 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -31,23 +31,28 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.inject.Inject;
-import com.sun.security.auth.callback.TextCallbackHandler;
public class KerberosChecker {
- private static final String HTTP_SPNEGO_STANDARD_ENTRY =
-"com.sun.security.jgss.krb5.initiate";
+ static final String HTTP_SPNEGO_STANDARD_ENTRY =
+ "com.sun.security.jgss.krb5.initiate";
private static final String KRB5_LOGIN_MODULE =
-"com.sun.security.auth.module.Krb5LoginModule";
+ "com.sun.security.auth.module.Krb5LoginModule";
public static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG =
-"java.security.auth.login.config";
+ "java.security.auth.login.config";
- static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
+ private static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
@Inject
static Configuration config;
/**
+ * Used to help create new LoginContext instances
+ */
+ @Inject
+ static LoginContextHelper loginContextHelper;
+
+ /**
* Checks Ambari Server with a Kerberos principal and keytab to allow views
* to authenticate via SPNEGO against cluster components.
*
@@ -61,14 +66,14 @@ public class KerberosChecker {
String jaasConfPath =
System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
javax.security.auth.login.Configuration jaasConf =
-javax.security.auth.login.Configuration.getConfiguration();
+ javax.security.auth.login.Configuration.getConfiguration();
AppConfigurationEntry[] jaasConfEntries =
-jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
+ jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
if (jaasConfEntries == null) {
LOG.warn("Can't find " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " +
-jaasConfPath);
+jaasConfPath);
} else {
boolean krb5LoginModulePresent = false;
for (AppConfigurationEntry ace : jaasConfEntries) {
@@ -83,41 +88,39 @@ public class KerberosChecker {
LOG.warn(keytabPath + " doesn't exist.");
} else if (!keytabFile.canRead()) {
LOG.warn("Unable to read " + keytabPath +
-" Please check the file access permissions for user " +
-System.getProperty("user.name"));
+ " Please check the file access permissions for user " +
+ System.getProperty("user.name"));
}
} else {
LOG.warn("Can't find keyTab option in " + KRB5_LOGIN_MODULE +
- " module of &qu
[1/2] ambari git commit: Revert "AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results in unit test failures (rlevas)"
Repository: ambari
Updated Branches:
refs/heads/trunk 4305a8603 -> bd1b74440
Revert "AMBARI-19365. Executing ambari-server unit tests with JDK 1.8 results
in unit test failures (rlevas)"
This reverts commit 5e72ee6f2c6ebcda105e521d819f95ffde1b245e.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9109d1c3
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9109d1c3
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9109d1c3
Branch: refs/heads/trunk
Commit: 9109d1c3b9c20c98310472c05b1572d744c58363
Parents: 4305a86
Author: Robert Levas
Authored: Thu Jan 5 16:49:15 2017 -0500
Committer: Robert Levas
Committed: Thu Jan 5 16:49:15 2017 -0500
--
.../controller/utilities/KerberosChecker.java | 50 -
.../utilities/LoginContextHelper.java | 56 --
.../utilities/KerberosCheckerTest.java | 43 +---
.../system/impl/JvmMetricsSourceTest.java | 75 +
.../AmbariBasicAuthenticationFilterTest.java| 37 +--
.../server/upgrade/UpgradeCatalog222Test.java | 4 +-
.../view/persistence/DataStoreImplTest.java | 110 ++-
7 files changed, 140 insertions(+), 235 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/9109d1c3/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
index 2ca9735..e0a3d55 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/utilities/KerberosChecker.java
@@ -1,4 +1,4 @@
-/*
+/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -35,25 +35,19 @@ import com.sun.security.auth.callback.TextCallbackHandler;
public class KerberosChecker {
- static final String HTTP_SPNEGO_STANDARD_ENTRY =
- "com.sun.security.jgss.krb5.initiate";
+ private static final String HTTP_SPNEGO_STANDARD_ENTRY =
+"com.sun.security.jgss.krb5.initiate";
private static final String KRB5_LOGIN_MODULE =
- "com.sun.security.auth.module.Krb5LoginModule";
+"com.sun.security.auth.module.Krb5LoginModule";
public static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG =
- "java.security.auth.login.config";
+"java.security.auth.login.config";
- private static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
+ static Logger LOG = LoggerFactory.getLogger(KerberosChecker.class);
@Inject
static Configuration config;
/**
- * Used to help create new LoginContext instances
- */
- @Inject
- static LoginContextHelper loginContextHelper;
-
- /**
* Checks Ambari Server with a Kerberos principal and keytab to allow views
* to authenticate via SPNEGO against cluster components.
*
@@ -67,14 +61,14 @@ public class KerberosChecker {
String jaasConfPath =
System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
javax.security.auth.login.Configuration jaasConf =
- javax.security.auth.login.Configuration.getConfiguration();
+javax.security.auth.login.Configuration.getConfiguration();
AppConfigurationEntry[] jaasConfEntries =
- jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
+jaasConf.getAppConfigurationEntry(HTTP_SPNEGO_STANDARD_ENTRY);
if (jaasConfEntries == null) {
LOG.warn("Can't find " + HTTP_SPNEGO_STANDARD_ENTRY + " entry in " +
-jaasConfPath);
+jaasConfPath);
} else {
boolean krb5LoginModulePresent = false;
for (AppConfigurationEntry ace : jaasConfEntries) {
@@ -89,39 +83,41 @@ public class KerberosChecker {
LOG.warn(keytabPath + " doesn't exist.");
} else if (!keytabFile.canRead()) {
LOG.warn("Unable to read " + keytabPath +
- " Please check the file access permissions for user " +
- System.getProperty("user.name"));
+" Please check the file access permissions for user " +
+System.getProperty("user.name"));
}
} else {
LOG.warn("Can't find keyTab option in " + KRB5_L
ambari git commit: AMBARI-19389. Authentication negotiation HTTP response should be sent when Kerberos authentication is enabled (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 21d4aff0b -> fc586a87a
AMBARI-19389. Authentication negotiation HTTP response should be sent when
Kerberos authentication is enabled (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fc586a87
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fc586a87
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fc586a87
Branch: refs/heads/trunk
Commit: fc586a87aa466c2fda12ef36b0ddee1e63b9e174
Parents: 21d4aff
Author: Robert Levas
Authored: Fri Jan 6 16:25:19 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 6 16:25:23 2017 -0500
--
.../server/security/AmbariEntryPoint.java | 30 +++--
.../webapp/WEB-INF/spring-security.xml | 1 +
.../server/security/AmbariEntryPointTest.java | 70
3 files changed, 95 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/fc586a87/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
index 7e0ff79..8c7dd72 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
@@ -23,21 +23,39 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.ambari.server.configuration.Configuration;
+import
org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProperties;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
public class AmbariEntryPoint implements AuthenticationEntryPoint {
+
+ /**
+ * A Boolean value declaring whether Kerberos authentication has been
enabled (true)
+ * or not (false).
+ *
+ * This value determines the behavior this entry point when authentication
fails.
+ */
+ private final boolean kerberosAuthenticationEnabled;
+
+ public AmbariEntryPoint(Configuration configuration) {
+AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties =
(configuration == null)
+? null
+: configuration.getKerberosAuthenticationProperties();
+
+kerberosAuthenticationEnabled = (kerberosAuthenticationProperties != null)
&& kerberosAuthenticationProperties.isKerberosAuthenticationEnabled();
+ }
+
@Override
public void commence(HttpServletRequest request, HttpServletResponse
response, AuthenticationException authException) throws IOException,
ServletException {
/*
*
- * To maintain backward compatibility and respond with the appropriate
response when
- * authentication is needed, by default return an HTTP 403 status.
+ * If Kerberos authentication is enabled (authentication.kerberos.enabled
= true), respond such
+ * that the client is challenged to Negotiate and reissue the request with
a Kerberos token.
+ * This response is an HTTP 401 status with the "WWW-Authenticate:
Negotiate" header.
*
- * However if requested by the user, respond such that the client is
challenged to Negotiate
- * and reissue the request with a Kerberos token. This response is an
HTTP 401 status with the
- * WWW-Authenticate: Negotiate" header.
+ * If Kerberos authentication is not enabled, return an HTTP 403 status.
*
**
*/
-if
("true".equalsIgnoreCase(request.getHeader("X-Negotiate-Authentication"))) {
+if (kerberosAuthenticationEnabled) {
response.setHeader("WWW-Authenticate", "Negotiate");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication
requested");
} else {
http://git-wip-us.apache.org/repos/asf/ambari/blob/fc586a87/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
--
diff --git
a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
index 9eca920..bdbf0de 100644
--- a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
+++ b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
@@ -39,6 +39,7 @@
ambari git commit: AMBARI-19389. Authentication negotiation HTTP response should be sent when Kerberos authentication is enabled (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 f1e00d6ee -> 21810ccbb
AMBARI-19389. Authentication negotiation HTTP response should be sent when
Kerberos authentication is enabled (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/21810ccb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/21810ccb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/21810ccb
Branch: refs/heads/branch-2.5
Commit: 21810ccbbd1e3a1263cd4758725e17f66eeae5b8
Parents: f1e00d6
Author: Robert Levas
Authored: Fri Jan 6 18:46:38 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 6 18:46:43 2017 -0500
--
.../server/security/AmbariEntryPoint.java | 31 +++--
.../webapp/WEB-INF/spring-security.xml | 1 +
.../server/security/AmbariEntryPointTest.java | 70
3 files changed, 96 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/21810ccb/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
index e37976f..1545f71 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
@@ -17,26 +17,45 @@
*/
package org.apache.ambari.server.security;
+import org.apache.ambari.server.configuration.Configuration;
+import
org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProperties;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import java.io.IOException;
public class AmbariEntryPoint implements AuthenticationEntryPoint {
+
+ /**
+ * A Boolean value declaring whether Kerberos authentication has been
enabled (true)
+ * or not (false).
+ *
+ * This value determines the behavior this entry point when authentication
fails.
+ */
+ private final boolean kerberosAuthenticationEnabled;
+
+ public AmbariEntryPoint(Configuration configuration) {
+AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties =
(configuration == null)
+? null
+: configuration.getKerberosAuthenticationProperties();
+
+kerberosAuthenticationEnabled = (kerberosAuthenticationProperties != null)
&& kerberosAuthenticationProperties.isKerberosAuthenticationEnabled();
+ }
+
@Override
public void commence(HttpServletRequest request, HttpServletResponse
response, AuthenticationException authException) throws IOException,
ServletException {
/*
*
- * To maintain backward compatibility and respond with the appropriate
response when
- * authentication is needed, by default return an HTTP 403 status.
+ * If Kerberos authentication is enabled (authentication.kerberos.enabled
= true), respond such
+ * that the client is challenged to Negotiate and reissue the request with
a Kerberos token.
+ * This response is an HTTP 401 status with the "WWW-Authenticate:
Negotiate" header.
*
- * However if requested by the user, respond such that the client is
challenged to Negotiate
- * and reissue the request with a Kerberos token. This response is an
HTTP 401 status with the
- * WWW-Authenticate: Negotiate" header.
+ * If Kerberos authentication is not enabled, return an HTTP 403 status.
*
**
*/
-if
("true".equalsIgnoreCase(request.getHeader("X-Negotiate-Authentication"))) {
+if (kerberosAuthenticationEnabled) {
response.setHeader("WWW-Authenticate", "Negotiate");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication
requested");
} else {
http://git-wip-us.apache.org/repos/asf/ambari/blob/21810ccb/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
--
diff --git
a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
index 9eca920..bdbf0de 100644
--- a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
+++ b/
ambari git commit: AMBARI-19389. Authentication negotiation HTTP response should be sent when Kerberos authentication is enabled (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 688224127 -> 03cd5cedb
AMBARI-19389. Authentication negotiation HTTP response should be sent when
Kerberos authentication is enabled (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/03cd5ced
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/03cd5ced
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/03cd5ced
Branch: refs/heads/trunk
Commit: 03cd5cedb76a49ebfe5c6e161080c48eeeb0efdc
Parents: 6882241
Author: Robert Levas
Authored: Fri Jan 6 20:43:44 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 6 20:43:44 2017 -0500
--
.../server/security/AmbariEntryPoint.java | 30 +--
.../webapp/WEB-INF/spring-security.xml | 1 +
.../server/security/AmbariEntryPointTest.java | 88
3 files changed, 113 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/03cd5ced/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
index 7e0ff79..8c7dd72 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
@@ -23,21 +23,39 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.ambari.server.configuration.Configuration;
+import
org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProperties;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
public class AmbariEntryPoint implements AuthenticationEntryPoint {
+
+ /**
+ * A Boolean value declaring whether Kerberos authentication has been
enabled (true)
+ * or not (false).
+ *
+ * This value determines the behavior this entry point when authentication
fails.
+ */
+ private final boolean kerberosAuthenticationEnabled;
+
+ public AmbariEntryPoint(Configuration configuration) {
+AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties =
(configuration == null)
+? null
+: configuration.getKerberosAuthenticationProperties();
+
+kerberosAuthenticationEnabled = (kerberosAuthenticationProperties != null)
&& kerberosAuthenticationProperties.isKerberosAuthenticationEnabled();
+ }
+
@Override
public void commence(HttpServletRequest request, HttpServletResponse
response, AuthenticationException authException) throws IOException,
ServletException {
/*
*
- * To maintain backward compatibility and respond with the appropriate
response when
- * authentication is needed, by default return an HTTP 403 status.
+ * If Kerberos authentication is enabled (authentication.kerberos.enabled
= true), respond such
+ * that the client is challenged to Negotiate and reissue the request with
a Kerberos token.
+ * This response is an HTTP 401 status with the "WWW-Authenticate:
Negotiate" header.
*
- * However if requested by the user, respond such that the client is
challenged to Negotiate
- * and reissue the request with a Kerberos token. This response is an
HTTP 401 status with the
- * WWW-Authenticate: Negotiate" header.
+ * If Kerberos authentication is not enabled, return an HTTP 403 status.
*
**
*/
-if
("true".equalsIgnoreCase(request.getHeader("X-Negotiate-Authentication"))) {
+if (kerberosAuthenticationEnabled) {
response.setHeader("WWW-Authenticate", "Negotiate");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication
requested");
} else {
http://git-wip-us.apache.org/repos/asf/ambari/blob/03cd5ced/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
--
diff --git
a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
index 9eca920..bdbf0de 100644
--- a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
+++ b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
@@ -39,6 +39,7 @@
ambari git commit: AMBARI-19389. Authentication negotiation HTTP response should be sent when Kerberos authentication is enabled (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 3f28809f2 -> d346558c1
AMBARI-19389. Authentication negotiation HTTP response should be sent when
Kerberos authentication is enabled (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d346558c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d346558c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d346558c
Branch: refs/heads/branch-2.5
Commit: d346558c129684ca06e9dc84d666321236c51840
Parents: 3f28809
Author: Robert Levas
Authored: Fri Jan 6 20:46:28 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 6 20:46:28 2017 -0500
--
.../server/security/AmbariEntryPoint.java | 31 +--
.../webapp/WEB-INF/spring-security.xml | 1 +
.../server/security/AmbariEntryPointTest.java | 88
3 files changed, 114 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/d346558c/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
index e37976f..1545f71 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariEntryPoint.java
@@ -17,26 +17,45 @@
*/
package org.apache.ambari.server.security;
+import org.apache.ambari.server.configuration.Configuration;
+import
org.apache.ambari.server.security.authentication.kerberos.AmbariKerberosAuthenticationProperties;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import java.io.IOException;
public class AmbariEntryPoint implements AuthenticationEntryPoint {
+
+ /**
+ * A Boolean value declaring whether Kerberos authentication has been
enabled (true)
+ * or not (false).
+ *
+ * This value determines the behavior this entry point when authentication
fails.
+ */
+ private final boolean kerberosAuthenticationEnabled;
+
+ public AmbariEntryPoint(Configuration configuration) {
+AmbariKerberosAuthenticationProperties kerberosAuthenticationProperties =
(configuration == null)
+? null
+: configuration.getKerberosAuthenticationProperties();
+
+kerberosAuthenticationEnabled = (kerberosAuthenticationProperties != null)
&& kerberosAuthenticationProperties.isKerberosAuthenticationEnabled();
+ }
+
@Override
public void commence(HttpServletRequest request, HttpServletResponse
response, AuthenticationException authException) throws IOException,
ServletException {
/*
*
- * To maintain backward compatibility and respond with the appropriate
response when
- * authentication is needed, by default return an HTTP 403 status.
+ * If Kerberos authentication is enabled (authentication.kerberos.enabled
= true), respond such
+ * that the client is challenged to Negotiate and reissue the request with
a Kerberos token.
+ * This response is an HTTP 401 status with the "WWW-Authenticate:
Negotiate" header.
*
- * However if requested by the user, respond such that the client is
challenged to Negotiate
- * and reissue the request with a Kerberos token. This response is an
HTTP 401 status with the
- * WWW-Authenticate: Negotiate" header.
+ * If Kerberos authentication is not enabled, return an HTTP 403 status.
*
**
*/
-if
("true".equalsIgnoreCase(request.getHeader("X-Negotiate-Authentication"))) {
+if (kerberosAuthenticationEnabled) {
response.setHeader("WWW-Authenticate", "Negotiate");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication
requested");
} else {
http://git-wip-us.apache.org/repos/asf/ambari/blob/d346558c/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
--
diff --git
a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
index 9eca920..bdbf0de 100644
--- a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
+++ b/ambari
ambari git commit: AMBARI-19430. Use common property for principal name prefix to help with customization of unique principal names (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 f5845cc3c -> 43f8f73ee
AMBARI-19430. Use common property for principal name prefix to help with
customization of unique principal names (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/43f8f73e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/43f8f73e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/43f8f73e
Branch: refs/heads/branch-2.5
Commit: 43f8f73ee97c0cc369c1d6ec8e356c290a28c6c1
Parents: f5845cc
Author: Robert Levas
Authored: Mon Jan 16 13:57:36 2017 -0500
Committer: Robert Levas
Committed: Mon Jan 16 13:58:35 2017 -0500
--
.../ACCUMULO/1.6.1.2.2.0/kerberos.json | 2 +-
.../HBASE/0.96.0.2.0/kerberos.json | 2 +-
.../HDFS/2.1.0.2.0/kerberos.json| 2 +-
.../common-services/SPARK/1.2.1/kerberos.json | 2 +-
.../common-services/SPARK/1.4.1/kerberos.json | 2 +-
.../common-services/SPARK2/2.0.0/kerberos.json | 2 +-
.../common-services/STORM/0.9.1/kerberos.json | 2 +-
.../common-services/STORM/1.0.1/kerberos.json | 2 +-
.../ZEPPELIN/0.6.0.2.5/kerberos.json| 2 +-
.../resources/stacks/HDP/2.0.6/kerberos.json| 7 ---
.../HDP/2.3.ECS/services/ECS/kerberos.json | 2 +-
.../HDP/2.3.ECS/services/HBASE/kerberos.json| 2 +-
.../services/ACCUMULO/kerberos.json | 2 +-
.../HDP/2.3/services/ACCUMULO/kerberos.json | 4 ++--
.../stacks/HDP/2.5/services/HBASE/kerberos.json | 2 +-
.../stacks/HDP/2.5/services/HDFS/kerberos.json | 2 +-
.../stacks/HDP/2.5/services/SPARK/kerberos.json | 4 ++--
.../stacks/HDP/2.6/services/SPARK/kerberos.json | 4 ++--
.../HDP/2.6/services/SPARK2/kerberos.json | 4 ++--
.../resources/stacks/PERF/1.0/kerberos.json | 7 ---
.../PERF/1.0/services/GRUMPY/kerberos.json | 2 +-
.../PERF/1.0/services/HAPPY/kerberos.json | 2 +-
.../PERF/1.0/services/HBASE/kerberos.json | 2 +-
.../stacks/PERF/1.0/services/HDFS/kerberos.json | 2 +-
.../PERF/1.0/services/SLEEPY/kerberos.json | 2 +-
.../stacks/PERF/1.0/services/SNOW/kerberos.json | 2 +-
.../server/controller/KerberosHelperTest.java | 7 ---
.../KerberosDescriptorUpdateHelperTest.java | 22 ++--
.../test_kerberos_descriptor_2_1_3.json | 14 ++---
.../test_kerberos_descriptor_no_hdfs.json | 4 ++--
.../test_kerberos_descriptor_simple.json| 4 ++--
.../HDP/2.0.8/services/HDFS/kerberos.json | 2 +-
32 files changed, 63 insertions(+), 60 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/43f8f73e/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
index caef123..7e3f449 100644
---
a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
@@ -6,7 +6,7 @@
{
"name": "accumulo",
"principal": {
-"value":
"${accumulo-env/accumulo_user}-${cluster_name|toLower()}@${realm}",
+"value":
"${accumulo-env/accumulo_user}${principal_suffix}@${realm}",
"type" : "user",
"configuration": "accumulo-env/accumulo_principal_name",
"local_username": "${accumulo-env/accumulo_user}"
http://git-wip-us.apache.org/repos/asf/ambari/blob/43f8f73e/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
index 636d36e..63e9298 100644
---
a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
@@ -9,7 +9,7 @@
{
"name": "hbase",
"principal": {
-"value":
"${hbase-env/hbase_user}-${cluster_name|toLower()}@${realm}",
+"value": "${hbase-env/hbase_user}${principal_suffix}@${realm}",
"type" : "user",
"configuration&quo
ambari git commit: AMBARI-19430. Use common property for principal name prefix to help with customization of unique principal names (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk f83881b45 -> 87eef6e97
AMBARI-19430. Use common property for principal name prefix to help with
customization of unique principal names (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/87eef6e9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/87eef6e9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/87eef6e9
Branch: refs/heads/trunk
Commit: 87eef6e97cd3e39f928bf99cdd00079e2c89c6d6
Parents: f83881b
Author: Robert Levas
Authored: Mon Jan 16 12:21:46 2017 -0500
Committer: Robert Levas
Committed: Thu Jan 19 05:04:24 2017 -0500
--
.../HDP/2.0.8/services/HDFS/kerberos.json | 2 +-
.../ACCUMULO/1.6.1.2.2.0/kerberos.json | 2 +-
.../HBASE/0.96.0.2.0/kerberos.json | 2 +-
.../HDFS/2.1.0.2.0/kerberos.json| 2 +-
.../HDFS/3.0.0.3.0/kerberos.json| 2 +-
.../common-services/SPARK/1.2.1/kerberos.json | 2 +-
.../common-services/SPARK/1.4.1/kerberos.json | 2 +-
.../common-services/SPARK2/2.0.0/kerberos.json | 2 +-
.../common-services/STORM/0.9.1/kerberos.json | 2 +-
.../common-services/STORM/1.0.1/kerberos.json | 2 +-
.../ZEPPELIN/0.6.0.2.5/kerberos.json| 2 +-
.../resources/stacks/HDP/2.0.6/kerberos.json| 7 ---
.../HDP/2.3.ECS/services/ECS/kerberos.json | 2 +-
.../HDP/2.3.ECS/services/HBASE/kerberos.json| 2 +-
.../services/ACCUMULO/kerberos.json | 2 +-
.../HDP/2.3/services/ACCUMULO/kerberos.json | 4 ++--
.../stacks/HDP/2.5/services/HBASE/kerberos.json | 2 +-
.../stacks/HDP/2.5/services/HDFS/kerberos.json | 2 +-
.../stacks/HDP/2.5/services/SPARK/kerberos.json | 4 ++--
.../stacks/HDP/2.6/services/SPARK/kerberos.json | 4 ++--
.../HDP/2.6/services/SPARK2/kerberos.json | 4 ++--
.../main/resources/stacks/HDP/3.0/kerberos.json | 7 ---
.../resources/stacks/PERF/1.0/kerberos.json | 7 ---
.../PERF/1.0/services/GRUMPY/kerberos.json | 2 +-
.../PERF/1.0/services/HAPPY/kerberos.json | 2 +-
.../PERF/1.0/services/HBASE/kerberos.json | 2 +-
.../stacks/PERF/1.0/services/HDFS/kerberos.json | 2 +-
.../PERF/1.0/services/SLEEPY/kerberos.json | 2 +-
.../stacks/PERF/1.0/services/SNOW/kerberos.json | 2 +-
.../server/controller/KerberosHelperTest.java | 7 ---
.../KerberosDescriptorUpdateHelperTest.java | 22 ++--
.../test_kerberos_descriptor_2_1_3.json | 14 ++---
.../test_kerberos_descriptor_no_hdfs.json | 4 ++--
.../test_kerberos_descriptor_simple.json| 4 ++--
.../HDP/2.0.8/services/HDFS/kerberos.json | 2 +-
ambari-web/test/utils/config_test.js| 2 +-
ambari-web/test/utils/object_utils_test.js | 2 +-
.../main/resources/stacks/HDF/2.0/kerberos.json | 7 ---
38 files changed, 75 insertions(+), 70 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/87eef6e9/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
--
diff --git
a/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
b/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
index d53205d..a555bb5 100644
---
a/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
+++
b/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
@@ -18,7 +18,7 @@
{
"name": "hdfs",
"principal": {
-"value":
"${hadoop-env/hdfs_user}-${cluster_name|toLower()}@${realm}",
+"value": "${hadoop-env/hdfs_user}${principal_suffix}@${realm}",
"type" : "user" ,
"configuration": "hadoop-env/hdfs_principal_name",
"local_username" : "${hadoop-env/hdfs_user}"
http://git-wip-us.apache.org/repos/asf/ambari/blob/87eef6e9/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
index caef123..7e3f449 100644
---
a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
@@ -6,7 +6,7 @@
{
"name": "accumulo",
"principal": {
-"value"
ambari git commit: AMBARI-19632. Ldap sync fails when there are special characters in distinguished names (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 8abda6ce1 -> 7e0097501
AMBARI-19632. Ldap sync fails when there are special characters in
distinguished names (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7e009750
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7e009750
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7e009750
Branch: refs/heads/trunk
Commit: 7e0097501daa5177ee38450b3a9f0e47d7ebf1a7
Parents: 8abda6c
Author: Robert Levas
Authored: Fri Jan 20 12:38:27 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 20 12:38:27 2017 -0500
--
ambari-project/pom.xml | 4 +-
.../AmbariLdapBindAuthenticator.java| 9 +-
.../security/authorization/AmbariLdapUtils.java | 69 +--
.../security/ldap/AmbariLdapDataPopulator.java | 105 -
.../server/security/AmbariLdapUtilsTest.java| 118 ++-
.../AmbariLdapBindAuthenticatorTest.java| 23 ++--
.../ldap/AmbariLdapDataPopulatorTest.java | 9 +-
7 files changed, 211 insertions(+), 126 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/7e009750/ambari-project/pom.xml
--
diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index 16ea2af..0eab275 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -146,12 +146,12 @@
org.springframework.security
spring-security-ldap
-3.1.2.RELEASE
+4.0.4.RELEASE
org.springframework.ldap
spring-ldap-core
-1.3.1.RELEASE
+2.0.4.RELEASE
org.apache.directory.server
http://git-wip-us.apache.org/repos/asf/ambari/blob/7e009750/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
index b4ef889..a6ffa81 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
@@ -20,6 +20,7 @@ package org.apache.ambari.server.security.authorization;
import java.util.List;
+import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
@@ -33,7 +34,6 @@ import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.support.LdapUtils;
@@ -234,9 +234,8 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
}
BaseLdapPathContextSource baseLdapPathContextSource =
(BaseLdapPathContextSource) contextSource;
-DistinguishedName userDistinguishedName = new
DistinguishedName(user.getDn());
-DistinguishedName fullDn = new DistinguishedName(userDistinguishedName);
-fullDn.prepend(baseLdapPathContextSource.getBaseLdapPath());
+Name userDistinguishedName = user.getDn();
+Name fullDn = AmbariLdapUtils.getFullDn(userDistinguishedName,
baseLdapPathContextSource.getBaseLdapName());
LOG.debug("Attempting to bind as {}", fullDn);
@@ -252,7 +251,7 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
// is expected these details will be more complete of querying for them
from the bound context.
// Some LDAP server implementations will no return all attributes to the
bound context due to
// the filter being used in the query.
- return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapPath());
+ return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapName());
} catch (org.springframework.ldap.AuthenticationException e) {
String message = String.format("Failed to bind as %s - %s",
user.getDn().toString(), e.getMessage());
if (LOG.isTraceEnabled()) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/7e009750/ambari-server/src/main/java/o
ambari git commit: AMBARI-19632. Ldap sync fails when there are special characters in distinguished names (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 c85c9c60a -> ecc1cc2ac
AMBARI-19632. Ldap sync fails when there are special characters in
distinguished names (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ecc1cc2a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ecc1cc2a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ecc1cc2a
Branch: refs/heads/branch-2.5
Commit: ecc1cc2acc6a0fa6121d7e4692f295853392edfe
Parents: c85c9c6
Author: Robert Levas
Authored: Fri Jan 20 13:22:11 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 20 13:22:11 2017 -0500
--
ambari-project/pom.xml | 4 +-
.../AmbariLdapBindAuthenticator.java| 9 +-
.../security/authorization/AmbariLdapUtils.java | 71 +--
.../security/ldap/AmbariLdapDataPopulator.java | 106 -
.../server/security/AmbariLdapUtilsTest.java| 118 ++-
.../AmbariLdapBindAuthenticatorTest.java| 23 ++--
.../ldap/AmbariLdapDataPopulatorTest.java | 9 +-
7 files changed, 214 insertions(+), 126 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/ecc1cc2a/ambari-project/pom.xml
--
diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index 7ae58f5..38075bb 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -147,12 +147,12 @@
org.springframework.security
spring-security-ldap
-3.1.2.RELEASE
+4.0.4.RELEASE
org.springframework.ldap
spring-ldap-core
-1.3.1.RELEASE
+2.0.4.RELEASE
org.apache.directory.server
http://git-wip-us.apache.org/repos/asf/ambari/blob/ecc1cc2a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
index b4ef889..a6ffa81 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
@@ -20,6 +20,7 @@ package org.apache.ambari.server.security.authorization;
import java.util.List;
+import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
@@ -33,7 +34,6 @@ import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.support.LdapUtils;
@@ -234,9 +234,8 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
}
BaseLdapPathContextSource baseLdapPathContextSource =
(BaseLdapPathContextSource) contextSource;
-DistinguishedName userDistinguishedName = new
DistinguishedName(user.getDn());
-DistinguishedName fullDn = new DistinguishedName(userDistinguishedName);
-fullDn.prepend(baseLdapPathContextSource.getBaseLdapPath());
+Name userDistinguishedName = user.getDn();
+Name fullDn = AmbariLdapUtils.getFullDn(userDistinguishedName,
baseLdapPathContextSource.getBaseLdapName());
LOG.debug("Attempting to bind as {}", fullDn);
@@ -252,7 +251,7 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
// is expected these details will be more complete of querying for them
from the bound context.
// Some LDAP server implementations will no return all attributes to the
bound context due to
// the filter being used in the query.
- return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapPath());
+ return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapName());
} catch (org.springframework.ldap.AuthenticationException e) {
String message = String.format("Failed to bind as %s - %s",
user.getDn().toString(), e.getMessage());
if (LOG.isTraceEnabled()) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/ecc1cc2a/ambari-server/src/main
[1/2] ambari git commit: Revert "AMBARI-19632. Ldap sync fails when there are special characters in distinguished names (rlevas)"
Repository: ambari
Updated Branches:
refs/heads/trunk f98c2b4ed -> 593234b76
Revert "AMBARI-19632. Ldap sync fails when there are special characters in
distinguished names (rlevas)"
This reverts commit 7e0097501daa5177ee38450b3a9f0e47d7ebf1a7.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/274969b4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/274969b4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/274969b4
Branch: refs/heads/trunk
Commit: 274969b4d927aa654b98e75d8277c76d102908a7
Parents: f98c2b4
Author: Robert Levas
Authored: Sun Jan 22 09:24:18 2017 -0500
Committer: Robert Levas
Committed: Sun Jan 22 09:24:18 2017 -0500
--
ambari-project/pom.xml | 4 +-
.../AmbariLdapBindAuthenticator.java| 9 +-
.../security/authorization/AmbariLdapUtils.java | 69 ++-
.../security/ldap/AmbariLdapDataPopulator.java | 105 +
.../server/security/AmbariLdapUtilsTest.java| 118 +--
.../AmbariLdapBindAuthenticatorTest.java| 23 ++--
.../ldap/AmbariLdapDataPopulatorTest.java | 9 +-
7 files changed, 126 insertions(+), 211 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/274969b4/ambari-project/pom.xml
--
diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index 0eab275..16ea2af 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -146,12 +146,12 @@
org.springframework.security
spring-security-ldap
-4.0.4.RELEASE
+3.1.2.RELEASE
org.springframework.ldap
spring-ldap-core
-2.0.4.RELEASE
+1.3.1.RELEASE
org.apache.directory.server
http://git-wip-us.apache.org/repos/asf/ambari/blob/274969b4/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
index a6ffa81..b4ef889 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
@@ -20,7 +20,6 @@ package org.apache.ambari.server.security.authorization;
import java.util.List;
-import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
@@ -34,6 +33,7 @@ import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.support.LdapUtils;
@@ -234,8 +234,9 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
}
BaseLdapPathContextSource baseLdapPathContextSource =
(BaseLdapPathContextSource) contextSource;
-Name userDistinguishedName = user.getDn();
-Name fullDn = AmbariLdapUtils.getFullDn(userDistinguishedName,
baseLdapPathContextSource.getBaseLdapName());
+DistinguishedName userDistinguishedName = new
DistinguishedName(user.getDn());
+DistinguishedName fullDn = new DistinguishedName(userDistinguishedName);
+fullDn.prepend(baseLdapPathContextSource.getBaseLdapPath());
LOG.debug("Attempting to bind as {}", fullDn);
@@ -251,7 +252,7 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
// is expected these details will be more complete of querying for them
from the bound context.
// Some LDAP server implementations will no return all attributes to the
bound context due to
// the filter being used in the query.
- return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapName());
+ return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapPath());
} catch (org.springframework.ldap.AuthenticationException e) {
String message = String.format("Failed to bind as %s - %s",
user.getDn().toString(), e.getMessage());
if (LOG.isTraceEnabled()) {
http://git-w
[2/2] ambari git commit: AMBARI-19632. Ldap sync fails when there are special characters in distinguished names (rlevas)
AMBARI-19632. Ldap sync fails when there are special characters in
distinguished names (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/593234b7
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/593234b7
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/593234b7
Branch: refs/heads/trunk
Commit: 593234b76ab8f9ec67f27f504b03285286120358
Parents: 274969b
Author: Robert Levas
Authored: Sun Jan 22 10:44:18 2017 -0500
Committer: Robert Levas
Committed: Sun Jan 22 10:44:18 2017 -0500
--
ambari-project/pom.xml | 4 +-
.../AmbariLdapBindAuthenticator.java| 9 +-
.../security/authorization/AmbariLdapUtils.java | 69 +--
.../security/ldap/AmbariLdapDataPopulator.java | 105 -
.../server/security/AmbariLdapUtilsTest.java| 118 ++-
.../AmbariLdapBindAuthenticatorTest.java| 23 ++--
.../ldap/AmbariLdapDataPopulatorTest.java | 9 +-
7 files changed, 211 insertions(+), 126 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/593234b7/ambari-project/pom.xml
--
diff --git a/ambari-project/pom.xml b/ambari-project/pom.xml
index 16ea2af..0eab275 100644
--- a/ambari-project/pom.xml
+++ b/ambari-project/pom.xml
@@ -146,12 +146,12 @@
org.springframework.security
spring-security-ldap
-3.1.2.RELEASE
+4.0.4.RELEASE
org.springframework.ldap
spring-ldap-core
-1.3.1.RELEASE
+2.0.4.RELEASE
org.apache.directory.server
http://git-wip-us.apache.org/repos/asf/ambari/blob/593234b7/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
index b4ef889..a6ffa81 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapBindAuthenticator.java
@@ -20,6 +20,7 @@ package org.apache.ambari.server.security.authorization;
import java.util.List;
+import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
@@ -33,7 +34,6 @@ import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.ldap.support.LdapUtils;
@@ -234,9 +234,8 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
}
BaseLdapPathContextSource baseLdapPathContextSource =
(BaseLdapPathContextSource) contextSource;
-DistinguishedName userDistinguishedName = new
DistinguishedName(user.getDn());
-DistinguishedName fullDn = new DistinguishedName(userDistinguishedName);
-fullDn.prepend(baseLdapPathContextSource.getBaseLdapPath());
+Name userDistinguishedName = user.getDn();
+Name fullDn = AmbariLdapUtils.getFullDn(userDistinguishedName,
baseLdapPathContextSource.getBaseLdapName());
LOG.debug("Attempting to bind as {}", fullDn);
@@ -252,7 +251,7 @@ public class AmbariLdapBindAuthenticator extends
AbstractLdapAuthenticator {
// is expected these details will be more complete of querying for them
from the bound context.
// Some LDAP server implementations will no return all attributes to the
bound context due to
// the filter being used in the query.
- return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapPath());
+ return new DirContextAdapter(user.getAttributes(),
userDistinguishedName, baseLdapPathContextSource.getBaseLdapName());
} catch (org.springframework.ldap.AuthenticationException e) {
String message = String.format("Failed to bind as %s - %s",
user.getDn().toString(), e.getMessage());
if (LOG.isTraceEnabled()) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/593234b7/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/
ambari git commit: AMBARI-19670. Trailing slash (/) on cluster resource causes incorrect authorization logic flow (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 9bb27b42b -> 8a64be420
AMBARI-19670. Trailing slash (/) on cluster resource causes incorrect
authorization logic flow (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8a64be42
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8a64be42
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8a64be42
Branch: refs/heads/trunk
Commit: 8a64be42043380ad5c35b0517a92e9c0239d2d4b
Parents: 9bb27b4
Author: Robert Levas
Authored: Mon Jan 23 11:36:53 2017 -0500
Committer: Robert Levas
Committed: Mon Jan 23 11:36:53 2017 -0500
--
.../security/authorization/AmbariAuthorizationFilter.java | 2 +-
.../authorization/AmbariAuthorizationFilterTest.java | 10 ++
2 files changed, 11 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a64be42/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 1faadb6..ce9a790 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -68,7 +68,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_USERS_ALL_PATTERN = API_VERSION_PREFIX +
"/users.*";
private static final String API_PRIVILEGES_ALL_PATTERN = API_VERSION_PREFIX
+ "/privileges.*";
private static final String API_GROUPS_ALL_PATTERN = API_VERSION_PREFIX +
"/groups.*";
- private static final String API_CLUSTERS_PATTERN = API_VERSION_PREFIX +
"/clusters/(\\w+)?";
+ private static final String API_CLUSTERS_PATTERN = API_VERSION_PREFIX +
"/clusters/(\\w+/?)?";
private static final String API_WIDGET_LAYOUTS_PATTERN = API_VERSION_PREFIX
+ "/clusters/.*?/widget_layouts.*?";
private static final String API_CLUSTERS_ALL_PATTERN = API_VERSION_PREFIX +
"/clusters.*";
private static final String API_VIEWS_ALL_PATTERN = API_VERSION_PREFIX +
"/views.*";
http://git-wip-us.apache.org/repos/asf/ambari/blob/8a64be42/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index 0ab75c5..15e243e 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -72,6 +72,8 @@ public class AmbariAuthorizationFilterTest {
final Table urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
+urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
@@ -113,6 +115,8 @@ public class AmbariAuthorizationFilterTest {
final Table urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
+urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/
ambari git commit: AMBARI-19670. Trailing slash (/) on cluster resource causes incorrect authorization logic flow (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 fc0043388 -> fd4d90194
AMBARI-19670. Trailing slash (/) on cluster resource causes incorrect
authorization logic flow (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fd4d9019
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fd4d9019
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fd4d9019
Branch: refs/heads/branch-2.5
Commit: fd4d90194b55b292d3ea2be58207ae78ab51a134
Parents: fc00433
Author: Robert Levas
Authored: Mon Jan 23 11:38:02 2017 -0500
Committer: Robert Levas
Committed: Mon Jan 23 11:38:02 2017 -0500
--
.../security/authorization/AmbariAuthorizationFilter.java | 2 +-
.../authorization/AmbariAuthorizationFilterTest.java | 10 ++
2 files changed, 11 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/fd4d9019/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 598e0da..f0dea59 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -67,7 +67,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_USERS_ALL_PATTERN = API_VERSION_PREFIX +
"/users.*";
private static final String API_PRIVILEGES_ALL_PATTERN = API_VERSION_PREFIX
+ "/privileges.*";
private static final String API_GROUPS_ALL_PATTERN = API_VERSION_PREFIX +
"/groups.*";
- private static final String API_CLUSTERS_PATTERN = API_VERSION_PREFIX +
"/clusters/(\\w+)?";
+ private static final String API_CLUSTERS_PATTERN = API_VERSION_PREFIX +
"/clusters/(\\w+/?)?";
private static final String API_WIDGET_LAYOUTS_PATTERN = API_VERSION_PREFIX
+ "/clusters/.*?/widget_layouts.*?";
private static final String API_CLUSTERS_ALL_PATTERN = API_VERSION_PREFIX +
"/clusters.*";
private static final String API_VIEWS_ALL_PATTERN = API_VERSION_PREFIX +
"/views.*";
http://git-wip-us.apache.org/repos/asf/ambari/blob/fd4d9019/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index 5031473..00ee5c6 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -70,6 +70,8 @@ public class AmbariAuthorizationFilterTest {
final Table urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
+urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
@@ -111,6 +113,8 @@ public class AmbariAuthorizationFilterTest {
final Table urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
urlTests.put("/api/v1/clusters/cluster", "POST", true);
+urlTests.put("/api/v1/clusters/cluster/", "GET", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
+urlTests.put("/api/v1/clusters/cluster/", "POST", true); // This should
probably be an invalid URL, but Ambari seems to allow it.
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put(
ambari git commit: AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 67a762ea8 -> 311349281
AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via
rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/31134928
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/31134928
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/31134928
Branch: refs/heads/branch-2.5
Commit: 311349281dd8ed73e06d3deec445740ad08a240f
Parents: 67a762e
Author: Shi Wang
Authored: Wed Jan 25 12:41:26 2017 -0500
Committer: Robert Levas
Committed: Wed Jan 25 12:41:26 2017 -0500
--
.../common-services/HDFS/2.1.0.2.0/kerberos.json | 2 +-
.../HIVE/0.12.0.2.0/package/scripts/webhcat.py| 10 --
.../resources/stacks/HDP/2.5/services/HDFS/kerberos.json | 2 +-
.../test/python/stacks/2.0.6/HIVE/test_webhcat_server.py | 4
4 files changed, 2 insertions(+), 16 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/31134928/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index 3cb83ae..1cf1603 100644
---
a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -56,7 +56,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": "r"
+ "access": ""
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/31134928/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
--
diff --git
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
index b519b4e..7f5eff6 100644
---
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
+++
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
@@ -66,16 +66,6 @@ def webhcat():
group=params.user_group,
cd_access="a")
- if params.security_enabled:
-kinit_if_needed = format("{kinit_path_local} -kt {hdfs_user_keytab}
{hdfs_principal_name};")
- else:
-kinit_if_needed = ""
-
- if kinit_if_needed:
-Execute(kinit_if_needed,
-user=params.webhcat_user,
-path='/bin'
-)
# Replace _HOST with hostname in relevant principal-related properties
webhcat_site = params.config['configurations']['webhcat-site'].copy()
http://git-wip-us.apache.org/repos/asf/ambari/blob/31134928/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
index 826d019..766a014 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
+++
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
@@ -66,7 +66,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": "r"
+ "access": ""
},
"configuration": "hadoop-env/hdfs_user_keytab"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/31134928/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
--
diff --git
a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
index f93ea09..718ad4d 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
@@ -253,10 +253,6 @@ class TestWebHCatServer(RMFTestCase):
create_parents = True,
cd_
ambari git commit: Revert "AMBARI-19741. Ambari Server Unit Test failure on branch-2.5/trunk for testUpdateConfigForceSecurityEnabled (echekanskiy via dlysnichenko)"
Repository: ambari
Updated Branches:
refs/heads/trunk 23522a281 -> 65eb88672
Revert "AMBARI-19741. Ambari Server Unit Test failure on branch-2.5/trunk for
testUpdateConfigForceSecurityEnabled (echekanskiy via dlysnichenko)"
This reverts commit cc30798a6f1428fbe2a2dd6c64cac2c128cf9a23.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/65eb8867
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/65eb8867
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/65eb8867
Branch: refs/heads/trunk
Commit: 65eb886720c2ccff344fe99928fabc23bcc48738
Parents: 23522a2
Author: Robert Levas
Authored: Fri Jan 27 15:09:57 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 27 15:09:57 2017 -0500
--
.../UpdateKerberosConfigsServerActionTest.java| 14 --
1 file changed, 4 insertions(+), 10 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/65eb8867/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
index c8ebb63..e756491 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
@@ -22,7 +22,7 @@ import static org.easymock.EasyMock.anyObject;
import static org.easymock.EasyMock.capture;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
import java.io.File;
import java.util.Collection;
@@ -43,6 +43,7 @@ import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
+
import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
@@ -164,15 +165,8 @@ public class UpdateKerberosConfigsServerActionTest extends
EasyMockSupport{
action.setExecutionCommand(executionCommand);
action.execute(null);
-assertTrue(configTypes.getValues().contains("cluster-env"));
-boolean containsSecurityEnabled = false;
-for(Map properties: configUpdates.getValues()) {
- if(properties.containsKey("security_enabled")) {
-containsSecurityEnabled = true;
-break;
- }
-}
-assertTrue(containsSecurityEnabled);
+assertEquals(configTypes.getValue(), "cluster-env");
+assertEquals(configUpdates.getValue().get("security_enabled"), "false");
verifyAll();
}
ambari git commit: Revert "AMBARI-19741. Ambari Server Unit Test failure on branch-2.5/trunk for testUpdateConfigForceSecurityEnabled (echekanskiy via dlysnichenko)"
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 3f19ca0c9 -> 687d701af
Revert "AMBARI-19741. Ambari Server Unit Test failure on branch-2.5/trunk for
testUpdateConfigForceSecurityEnabled (echekanskiy via dlysnichenko)"
This reverts commit 31527a01564d337986568e58d0d49122a5f952a4.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/687d701a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/687d701a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/687d701a
Branch: refs/heads/branch-2.5
Commit: 687d701af60998743dd1d97ab62459e8630b18e7
Parents: 3f19ca0
Author: Robert Levas
Authored: Fri Jan 27 15:13:01 2017 -0500
Committer: Robert Levas
Committed: Fri Jan 27 15:13:01 2017 -0500
--
.../UpdateKerberosConfigsServerActionTest.java | 13 +++--
1 file changed, 3 insertions(+), 10 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/687d701a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
index 710f474..98b3f00 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/UpdateKerberosConfigsServerActionTest.java
@@ -22,7 +22,7 @@ import static org.easymock.EasyMock.anyObject;
import static org.easymock.EasyMock.capture;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
import java.io.File;
import java.util.Collection;
@@ -163,15 +163,8 @@ public class UpdateKerberosConfigsServerActionTest extends
EasyMockSupport{
action.setExecutionCommand(executionCommand);
action.execute(null);
-assertTrue(configTypes.getValues().contains("cluster-env"));
-boolean containsSecurityEnabled = false;
-for(Map properties: configUpdates.getValues()) {
- if(properties.containsKey("security_enabled")) {
-containsSecurityEnabled = true;
-break;
- }
-}
-assertTrue(containsSecurityEnabled);
+assertEquals(configTypes.getValue(), "cluster-env");
+assertEquals(configUpdates.getValue().get("security_enabled"), "false");
verifyAll();
}
ambari git commit: AMBARI-19767. Inconsistent auth-to-local rules processing during Kerberos authentication (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk e0765d922 -> 716b2fca3
AMBARI-19767. Inconsistent auth-to-local rules processing during Kerberos
authentication (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/716b2fca
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/716b2fca
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/716b2fca
Branch: refs/heads/trunk
Commit: 716b2fca38a9db43b3211b9380f18149a3342256
Parents: e0765d9
Author: Robert Levas
Authored: Sun Jan 29 11:14:59 2017 -0500
Committer: Robert Levas
Committed: Sun Jan 29 11:15:24 2017 -0500
--
.../AmbariAuthToLocalUserDetailsService.java | 17 -
1 file changed, 12 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/716b2fca/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
index c85503c..1e4f6ea 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
@@ -49,6 +49,8 @@ public class AmbariAuthToLocalUserDetailsService implements
UserDetailsService {
private final List userTypeOrder;
+ private final String authToLocalRules;
+
/**
* Constructor.
*
@@ -80,18 +82,23 @@ public class AmbariAuthToLocalUserDetailsService implements
UserDetailsService {
orderedUserTypes = Collections.singletonList(UserType.LDAP);
}
-KerberosName.setRules(authToLocalRules);
-
this.users = users;
this.userTypeOrder = orderedUserTypes;
+this.authToLocalRules = authToLocalRules;
}
@Override
public UserDetails loadUserByUsername(String principal) throws
UsernameNotFoundException {
-KerberosName kerberosName = new KerberosName(principal);
-
try {
- String username = kerberosName.getShortName();
+ String username;
+
+ // Since KerberosName relies on a static variable to hold on to the
auth-to-local rules, attempt
+ // to protect access to the rule set by blocking other threads from
chaning the rules out from
+ // under us during this operation. Similar logic is used in
org.apache.ambari.server.view.ViewContextImpl.getUsername().
+ synchronized (KerberosName.class) {
+KerberosName.setRules(authToLocalRules);
+username = new KerberosName(principal).getShortName();
+ }
if (username == null) {
String message = String.format("Failed to translate %s to a local
username during Kerberos authentication.", principal);
ambari git commit: AMBARI-19767. Inconsistent auth-to-local rules processing during Kerberos authentication (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 49ba891ce -> 30c2c3bf1
AMBARI-19767. Inconsistent auth-to-local rules processing during Kerberos
authentication (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/30c2c3bf
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/30c2c3bf
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/30c2c3bf
Branch: refs/heads/branch-2.5
Commit: 30c2c3bf16c3a33ac054a6166b039455867de39c
Parents: 49ba891
Author: Robert Levas
Authored: Sun Jan 29 11:16:39 2017 -0500
Committer: Robert Levas
Committed: Sun Jan 29 11:16:39 2017 -0500
--
.../AmbariAuthToLocalUserDetailsService.java | 17 -
1 file changed, 12 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/30c2c3bf/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
index 3c62646..6e84233 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/kerberos/AmbariAuthToLocalUserDetailsService.java
@@ -49,6 +49,8 @@ public class AmbariAuthToLocalUserDetailsService implements
UserDetailsService {
private final List userTypeOrder;
+ private final String authToLocalRules;
+
/**
* Constructor.
*
@@ -80,18 +82,23 @@ public class AmbariAuthToLocalUserDetailsService implements
UserDetailsService {
orderedUserTypes = Collections.singletonList(UserType.LDAP);
}
-KerberosName.setRules(authToLocalRules);
-
this.users = users;
this.userTypeOrder = orderedUserTypes;
+this.authToLocalRules = authToLocalRules;
}
@Override
public UserDetails loadUserByUsername(String principal) throws
UsernameNotFoundException {
-KerberosName kerberosName = new KerberosName(principal);
-
try {
- String username = kerberosName.getShortName();
+ String username;
+
+ // Since KerberosName relies on a static variable to hold on to the
auth-to-local rules, attempt
+ // to protect access to the rule set by blocking other threads from
chaning the rules out from
+ // under us during this operation. Similar logic is used in
org.apache.ambari.server.view.ViewContextImpl.getUsername().
+ synchronized (KerberosName.class) {
+KerberosName.setRules(authToLocalRules);
+username = new KerberosName(principal).getShortName();
+ }
if (username == null) {
String message = String.format("Failed to translate %s to a local
username during Kerberos authentication.", principal);
ambari git commit: AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 262738084 -> 4026efacc
AMBARI-19331. Setup correct authentication and authorization mechanism between
Yarn and Zookeeper (Attila Magyar via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4026efac
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4026efac
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4026efac
Branch: refs/heads/trunk
Commit: 4026efacc398197ddb3b67230641efd7c850e2b8
Parents: 2627380
Author: Attila Magyar
Authored: Wed Feb 1 13:14:07 2017 -0500
Committer: Robert Levas
Committed: Wed Feb 1 13:14:07 2017 -0500
--
.../YARN/2.1.0.2.0/package/scripts/params_linux.py| 2 ++
.../YARN/2.1.0.2.0/package/scripts/resourcemanager.py | 2 ++
.../resources/common-services/YARN/3.0.0.3.0/kerberos.json| 7 ++-
.../YARN/3.0.0.3.0/package/scripts/params_linux.py| 4 +++-
.../YARN/3.0.0.3.0/package/scripts/resourcemanager.py | 2 ++
.../main/resources/stacks/HDP/2.6/services/YARN/kerberos.json | 6 +-
6 files changed, 20 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
--
diff --git
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index aed8abc..335f1ac 100644
---
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -257,6 +257,8 @@ rm_zk_address =
config['configurations']['yarn-site']['yarn.resourcemanager.zk-a
rm_zk_znode =
config['configurations']['yarn-site']['yarn.resourcemanager.zk-state-store.parent-path']
rm_zk_store_class =
config['configurations']['yarn-site']['yarn.resourcemanager.store.class']
stack_supports_zk_security =
check_stack_feature(StackFeature.SECURE_ZOOKEEPER,
version_for_stack_feature_checks)
+rm_zk_failover_znode =
default('/configurations/yarn-site/yarn.resourcemanager.ha.automatic-failover.zk-base-path',
'/yarn-leader-election')
+hadoop_registry_zk_root =
default('/configurations/yarn-site/hadoop.registry.zk.root', '/registry')
if security_enabled:
rm_principal_name =
config['configurations']['yarn-site']['yarn.resourcemanager.principal']
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
--
diff --git
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
index a659dd1..b871b68 100644
---
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
+++
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
@@ -241,6 +241,8 @@ class ResourcemanagerDefault(Resourcemanager):
params.yarn_jaas_file, \
params.yarn_user)
zkmigrator.set_acls(params.rm_zk_znode, 'world:anyone:crdwa')
+zkmigrator.set_acls(params.rm_zk_failover_znode, 'world:anyone:crdwa')
+zkmigrator.set_acls(params.hadoop_registry_zk_root, 'world:anyone:crdwa')
def wait_for_dfs_directories_created(self, *dirs):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
index 29cc00a..ae4db4f 100644
---
a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
+++
b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
@@ -31,7 +31,12 @@
"yarn.resourcemanager.proxyuser.*.groups": "",
"yarn.resourcemanager.proxyuser.*.hosts": "",
"yarn.resourcemanager.proxyuser.*.users": "",
-"yarn.resourcemanager.proxy-user-privileges.enabled&q
ambari git commit: AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 8092b362d -> 7131b3dd6
AMBARI-19331. Setup correct authentication and authorization mechanism between
Yarn and Zookeeper (Attila Magyar via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7131b3dd
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7131b3dd
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7131b3dd
Branch: refs/heads/branch-2.5
Commit: 7131b3dd6c7e939da09b7696285f58499ab17f19
Parents: 8092b36
Author: Attila Magyar
Authored: Wed Feb 1 13:46:15 2017 -0500
Committer: Robert Levas
Committed: Wed Feb 1 13:46:32 2017 -0500
--
.../YARN/2.1.0.2.0/package/scripts/params_linux.py | 2 ++
.../YARN/2.1.0.2.0/package/scripts/resourcemanager.py | 2 ++
.../main/resources/stacks/HDP/2.6/services/YARN/kerberos.json | 6 +-
3 files changed, 9 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/7131b3dd/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
--
diff --git
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index c56e72f..5a47e03 100644
---
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -250,6 +250,8 @@ rm_zk_address =
config['configurations']['yarn-site']['yarn.resourcemanager.zk-a
rm_zk_znode =
config['configurations']['yarn-site']['yarn.resourcemanager.zk-state-store.parent-path']
rm_zk_store_class =
config['configurations']['yarn-site']['yarn.resourcemanager.store.class']
stack_supports_zk_security =
check_stack_feature(StackFeature.SECURE_ZOOKEEPER,
version_for_stack_feature_checks)
+rm_zk_failover_znode =
default('/configurations/yarn-site/yarn.resourcemanager.ha.automatic-failover.zk-base-path',
'/yarn-leader-election')
+hadoop_registry_zk_root =
default('/configurations/yarn-site/hadoop.registry.zk.root', '/registry')
if security_enabled:
rm_principal_name =
config['configurations']['yarn-site']['yarn.resourcemanager.principal']
http://git-wip-us.apache.org/repos/asf/ambari/blob/7131b3dd/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
--
diff --git
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
index 79b5810..5522fbc 100644
---
a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
+++
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
@@ -241,6 +241,8 @@ class ResourcemanagerDefault(Resourcemanager):
params.yarn_jaas_file, \
params.yarn_user)
zkmigrator.set_acls(params.rm_zk_znode, 'world:anyone:crdwa')
+zkmigrator.set_acls(params.rm_zk_failover_znode, 'world:anyone:crdwa')
+zkmigrator.set_acls(params.hadoop_registry_zk_root, 'world:anyone:crdwa')
def wait_for_dfs_directories_created(self, *dirs):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/7131b3dd/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
--
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
index eaffec6..ae4db4f 100644
---
a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
+++
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
@@ -32,7 +32,11 @@
"yarn.resourcemanager.proxyuser.*.hosts": "",
"yarn.resourcemanager.proxyuser.*.users": "",
"yarn.resourcemanager.proxy-user-privileges.enabled": "true",
-"yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda"
+"yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda",
+"hadoop.registry.secure" : "true",
+"hadoop.registry.system.accounts" :
"sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm,sasl:hive",
+"hadoop.registry.client.auth" : "kerberos",
+"hadoop.registry.jaas.context" : "Client"
}
},
{
ambari git commit: AMBARI-20408. Atlas MetaData server start fails while granting permissions to HBase tables after unkerberizing the cluster (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 0c76e2f83 -> 9dc4a3dfd
AMBARI-20408. Atlas MetaData server start fails while granting permissions to
HBase tables after unkerberizing the cluster (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9dc4a3df
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9dc4a3df
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9dc4a3df
Branch: refs/heads/trunk
Commit: 9dc4a3dfd25f160ab7014bf78e98efa9237a0ebf
Parents: 0c76e2f
Author: Robert Levas
Authored: Tue Mar 14 10:42:43 2017 -0400
Committer: Robert Levas
Committed: Tue Mar 14 10:42:43 2017 -0400
--
.../server/controller/KerberosHelper.java | 3 -
.../server/controller/KerberosHelperImpl.java | 104 +++-
.../AbstractPrepareKerberosServerAction.java| 237 ---
.../PrepareDisableKerberosServerAction.java | 108 ++---
.../PrepareEnableKerberosServerAction.java | 19 +-
.../PrepareKerberosIdentitiesServerAction.java | 127 ++
...AbstractPrepareKerberosServerActionTest.java | 30 +--
7 files changed, 257 insertions(+), 371 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/9dc4a3df/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index 0e27d03..d000571 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -293,8 +293,6 @@ public interface KerberosHelper {
* @param existingConfigurations the cluster's existing configurations
* @param kerberosConfigurations the configuration updates to make
* @param propertiesToIgnore the configuration properties that should be
ignored when applying recommendations
- * @param propertiesToInsert the configuration properties that must be
inserted to cluster config are inserted
- * into this map in case if provided (not
null) and kerberosEnabled = false
* @param propertiesToRemove the configuration properties that must be
removed from cluster config are inserted
* into this map in case if provided (not
null) and kerberosEnabled
* @param kerberosEnabledtrue if kerberos is (to be) enabled;
otherwise false
@@ -305,7 +303,6 @@ public interface KerberosHelper {
Map> existingConfigurations,
Map> kerberosConfigurations,
Map> propertiesToIgnore,
-Map> propertiesToInsert,
Map> propertiesToRemove,
boolean
kerberosEnabled)
throws AmbariException;
http://git-wip-us.apache.org/repos/asf/ambari/blob/9dc4a3df/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index baa90e7..5204322 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -363,7 +363,7 @@ public class KerberosHelperImpl implements KerberosHelper {
// If Ambari is managing it own identities then add AMBARI to the set of
installed servcie so
// that its Kerberos descriptor entries will be included.
-if(createAmbariIdentities(existingConfigurations.get("kerberos-env"))) {
+if (createAmbariIdentities(existingConfigurations.get("kerberos-env"))) {
installedServices = new HashMap>(installedServices);
installedServices.put("AMBARI", Collections.singleton("AMBARI_SERVER"));
}
@@ -414,7 +414,7 @@ public class KerberosHelperImpl implements KerberosHelper {
return (applyStackAdvisorUpdates)
? applyStackAdvisorUpdates(cluster, installedServices.keySet(),
configurations, kerberosConfigurations, propertiesToIgnore,
-null, new HashMap>(), kerberosEnabled)
+
ambari git commit: AMBARI-20408. Atlas MetaData server start fails while granting permissions to HBase tables after unkerberizing the cluster (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 a6eb31308 -> 5cd4d0ee9
AMBARI-20408. Atlas MetaData server start fails while granting permissions to
HBase tables after unkerberizing the cluster (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5cd4d0ee
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5cd4d0ee
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5cd4d0ee
Branch: refs/heads/branch-2.5
Commit: 5cd4d0ee987e6e37529d70037ff69e0ca6d71163
Parents: a6eb313
Author: Robert Levas
Authored: Tue Mar 14 11:09:55 2017 -0400
Committer: Robert Levas
Committed: Tue Mar 14 11:09:55 2017 -0400
--
.../server/controller/KerberosHelper.java | 15 +-
.../server/controller/KerberosHelperImpl.java | 109 +++-
.../AbstractPrepareKerberosServerAction.java| 262 ---
.../PrepareDisableKerberosServerAction.java | 127 ++---
.../PrepareEnableKerberosServerAction.java | 33 ++-
.../PrepareKerberosIdentitiesServerAction.java | 142 +++---
...AbstractPrepareKerberosServerActionTest.java | 30 +--
7 files changed, 304 insertions(+), 414 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index 35235db..d000571 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -18,6 +18,12 @@
package org.apache.ambari.server.controller;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.controller.internal.RequestStageContainer;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
@@ -33,12 +39,6 @@ import
org.apache.ambari.server.state.kerberos.KerberosConfigurationDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
public interface KerberosHelper {
/**
* directive used to override the behavior of the
kerberos-env/manage_identities property
@@ -293,8 +293,6 @@ public interface KerberosHelper {
* @param existingConfigurations the cluster's existing configurations
* @param kerberosConfigurations the configuration updates to make
* @param propertiesToIgnore the configuration properties that should be
ignored when applying recommendations
- * @param propertiesToInsert the configuration properties that must be
inserted to cluster config are inserted
- * into this map in case if provided (not
null) and kerberosEnabled = false
* @param propertiesToRemove the configuration properties that must be
removed from cluster config are inserted
* into this map in case if provided (not
null) and kerberosEnabled
* @param kerberosEnabledtrue if kerberos is (to be) enabled;
otherwise false
@@ -305,7 +303,6 @@ public interface KerberosHelper {
Map> existingConfigurations,
Map> kerberosConfigurations,
Map> propertiesToIgnore,
-Map> propertiesToInsert,
Map> propertiesToRemove,
boolean
kerberosEnabled)
throws AmbariException;
http://git-wip-us.apache.org/repos/asf/ambari/blob/5cd4d0ee/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index c2fde46..4975e72 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHe
ambari git commit: AMBARI-17311. Modify HTTP headers to follow best security practices (Sangeeta Ravindran via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 61f2e9016 -> 5148141a5
AMBARI-17311. Modify HTTP headers to follow best security practices (Sangeeta
Ravindran via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5148141a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5148141a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5148141a
Branch: refs/heads/branch-2.5
Commit: 5148141a5232d89bb7b661bb9647a5166b562c66
Parents: 61f2e90
Author: Sangeeta Ravindran
Authored: Mon Oct 10 11:05:40 2016 -0400
Committer: Robert Levas
Committed: Thu Mar 16 11:26:55 2017 -0400
--
ambari-server/conf/unix/ambari.properties | 6 +
ambari-server/conf/windows/ambari.properties| 6 +
.../server/configuration/Configuration.java | 135 +++
.../security/AbstractSecurityHeaderFilter.java | 43 ++
.../AmbariServerSecurityHeaderFilter.java | 3 +
.../AmbariViewsSecurityHeaderFilter.java| 3 +
.../AbstractSecurityHeaderFilterTest.java | 38 +-
.../AmbariServerSecurityHeaderFilterTest.java | 7 +
.../AmbariViewsSecurityHeaderFilterTest.java| 6 +
9 files changed, 246 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/5148141a/ambari-server/conf/unix/ambari.properties
--
diff --git a/ambari-server/conf/unix/ambari.properties
b/ambari-server/conf/unix/ambari.properties
index 74a3a09..8979f20 100644
--- a/ambari-server/conf/unix/ambari.properties
+++ b/ambari-server/conf/unix/ambari.properties
@@ -115,11 +115,17 @@ rolling.upgrade.skip.packages.prefixes=
http.strict-transport-security=max-age=31536000
http.x-xss-protection=1; mode=block
http.x-frame-options=DENY
+http.x-content-type-options=nosniff
+http.cache-control=no-store
+http.pragma=no-cache
# HTTP Header settings for Ambari Views
views.http.strict-transport-security=max-age=31536000
views.http.x-xss-protection=1; mode=block
views.http.x-frame-options=SAMEORIGIN
+views.http.x-content-type-options=nosniff
+views.http.cache-control=no-store
+views.http.pragma=no-cache
mpacks.staging.path=$ROOT/var/lib/ambari-server/resources/mpacks
http://git-wip-us.apache.org/repos/asf/ambari/blob/5148141a/ambari-server/conf/windows/ambari.properties
--
diff --git a/ambari-server/conf/windows/ambari.properties
b/ambari-server/conf/windows/ambari.properties
index 64cce3b..c1c0a99 100644
--- a/ambari-server/conf/windows/ambari.properties
+++ b/ambari-server/conf/windows/ambari.properties
@@ -93,10 +93,16 @@ ulimit.open.files=1
http.strict-transport-security=max-age=31536000
http.x-xss-protection=1; mode=block
http.x-frame-options=DENY
+http.x-content-type-options=nosniff
+http.cache-control=no-store
+http.pragma=no-cache
# HTTP Header settings for Ambari Views
views.http.strict-transport-security=max-age=31536000
views.http.x-xss-protection=1; mode=block
views.http.x-frame-options=SAMEORIGIN
+views.http.x-content-type-options=nosniff
+views.http.cache-control=no-store
+views.http.pragma=no-cache
mpacks.staging.path=resources\\mpacks
http://git-wip-us.apache.org/repos/asf/ambari/blob/5148141a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 405251e..3166121 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -2326,6 +2326,27 @@ public class Configuration {
"http.x-xss-protection", "1; mode=block");
/**
+ * The value that will be used to set the {@code X-Content-Type} HTTP
response header.
+ */
+ @Markdown(description = "The value that will be used to set the
`X-CONTENT-TYPE` HTTP response header.")
+ public static final ConfigurationProperty
HTTP_X_CONTENT_TYPE_HEADER_VALUE = new ConfigurationProperty<>(
+ "http.x-content-type-options", "nosniff");
+
+ /**
+ * The value that will be used to set the {@code Cache-Control} HTTP
response header.
+ */
+ @Markdown(description = "The value that will be used to set the
`Cache-Control` HTTP response header.")
+ public static final ConfigurationProperty
HTTP_CACHE_CONTROL_HEADER_VALUE = new ConfigurationProperty<>(
+ "http.cache-control", "no-store&quo
ambari git commit: AMBARI-20462. Duplicate entries in DB for auto__instance privileges upon Ambari server restart (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 85a2728a2 -> 64b493c49
AMBARI-20462. Duplicate entries in DB for auto__instance privileges upon
Ambari server restart (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/64b493c4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/64b493c4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/64b493c4
Branch: refs/heads/trunk
Commit: 64b493c49bc7c6eac766e4194683441683f75d75
Parents: 85a2728
Author: Robert Levas
Authored: Fri Mar 17 13:59:34 2017 -0400
Committer: Robert Levas
Committed: Fri Mar 17 13:59:34 2017 -0400
--
.../server/orm/entities/PrivilegeEntity.java| 21 ++---
.../apache/ambari/server/view/ViewRegistry.java | 2 +-
.../AmbariPrivilegeResourceProviderTest.java| 1 +
.../ViewPrivilegeResourceProviderTest.java | 2 +-
.../security/TestAuthenticationFactory.java | 83 ++---
.../ambari/server/view/ViewRegistryTest.java| 98 +---
.../dummy_stack/HIVE/package/.hash | 0
7 files changed, 145 insertions(+), 62 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
index 1832acc..ba39efb 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -19,6 +19,8 @@
package org.apache.ambari.server.orm.entities;
+import java.util.Objects;
+
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@@ -161,21 +163,14 @@ public class PrivilegeEntity {
if (o == null || getClass() != o.getClass()) return false;
PrivilegeEntity that = (PrivilegeEntity) o;
-
-if (!id.equals(that.id)) return false;
-if (permission != null ? !permission.equals(that.permission) :
that.permission != null) return false;
-if (principal != null ? !principal.equals(that.principal) : that.principal
!= null) return false;
-if (resource != null ? !resource.equals(that.resource) : that.resource !=
null) return false;
-
-return true;
+return Objects.equals(id, that.id) &&
+Objects.equals(permission, that.permission) &&
+Objects.equals(principal, that.principal) &&
+Objects.equals(resource, that.resource);
}
@Override
public int hashCode() {
-int result = id != null ? id.hashCode() : 0;
-result = 31 * result + (permission != null ? permission.hashCode() : 0);
-result = 31 * result + (resource != null ? resource.hashCode() : 0);
-result = 31 * result + (principal != null ? principal.hashCode() : 0);
-return result;
+return Objects.hash(id, permission, resource, principal);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
index 81c4734..bc3e721 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
@@ -1966,7 +1966,7 @@ public class ViewRegistry {
if (principalRole == null) {
LOG.warn("Missing principal ID for role {} encountered while
setting access to view {}. Ignoring.",
role, viewInstanceEntity.getName());
-} else {
+} else if (!privilegeDAO.exists(principalRole, resourceEntity,
permissionViewUser)) {
PrivilegeEntity privilegeEntity = new PrivilegeEntity();
privilegeEntity.setPermission(permissionViewUser);
privilegeEntity.setPrincipal(principalRole);
http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
--
diff --git
a/ambari-server/src/test/jav
ambari git commit: AMBARI-20462. Duplicate entries in DB for auto__instance privileges upon Ambari server restart (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 50da75949 -> c562de6ec
AMBARI-20462. Duplicate entries in DB for auto__instance privileges upon
Ambari server restart (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c562de6e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c562de6e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c562de6e
Branch: refs/heads/branch-2.5
Commit: c562de6ec6e3f800767f66ea88da1bab13ce698a
Parents: 50da759
Author: Robert Levas
Authored: Fri Mar 17 14:27:14 2017 -0400
Committer: Robert Levas
Committed: Fri Mar 17 14:27:14 2017 -0400
--
.../server/orm/entities/PrivilegeEntity.java| 21 ++--
.../apache/ambari/server/view/ViewRegistry.java | 16 +--
.../AmbariPrivilegeResourceProviderTest.java| 1 +
.../ViewPrivilegeResourceProviderTest.java | 2 +-
.../security/TestAuthenticationFactory.java | 83 ---
.../ambari/server/view/ViewRegistryTest.java| 102 ---
.../dummy_stack/HIVE/package/.hash | 0
7 files changed, 153 insertions(+), 72 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/c562de6e/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
index 1832acc..ba39efb 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -19,6 +19,8 @@
package org.apache.ambari.server.orm.entities;
+import java.util.Objects;
+
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
@@ -161,21 +163,14 @@ public class PrivilegeEntity {
if (o == null || getClass() != o.getClass()) return false;
PrivilegeEntity that = (PrivilegeEntity) o;
-
-if (!id.equals(that.id)) return false;
-if (permission != null ? !permission.equals(that.permission) :
that.permission != null) return false;
-if (principal != null ? !principal.equals(that.principal) : that.principal
!= null) return false;
-if (resource != null ? !resource.equals(that.resource) : that.resource !=
null) return false;
-
-return true;
+return Objects.equals(id, that.id) &&
+Objects.equals(permission, that.permission) &&
+Objects.equals(principal, that.principal) &&
+Objects.equals(resource, that.resource);
}
@Override
public int hashCode() {
-int result = id != null ? id.hashCode() : 0;
-result = 31 * result + (permission != null ? permission.hashCode() : 0);
-result = 31 * result + (resource != null ? resource.hashCode() : 0);
-result = 31 * result + (principal != null ? principal.hashCode() : 0);
-return result;
+return Objects.hash(id, permission, resource, principal);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c562de6e/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
index 3bb06d7..058a2c2 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
@@ -18,11 +18,6 @@
package org.apache.ambari.server.view;
-import javax.inject.Inject;
-import javax.inject.Provider;
-import javax.inject.Singleton;
-import javax.xml.bind.JAXBException;
-
import java.beans.IntrospectionException;
import java.io.File;
import java.io.IOException;
@@ -43,8 +38,11 @@ import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
-import com.google.common.base.Optional;
-import com.google.common.base.Preconditions;
+import javax.inject.Inject;
+import javax.inject.Provider;
+import javax.inject.Singleton;
+import javax.xml.bind.JAXBException;
+
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.ClusterNotFoundException;
import org.apache.ambari.server.api.resources.ResourceInstanceFactoryImpl;
@@ -127,6 +125,8
ambari git commit: AMBARI-20494. Disabling security fails with AttributeError (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 6b4f40695 -> 3a7a2d1b0
AMBARI-20494. Disabling security fails with AttributeError (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3a7a2d1b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3a7a2d1b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3a7a2d1b
Branch: refs/heads/trunk
Commit: 3a7a2d1b025b4ba234e2f066481dbe4991496f25
Parents: 6b4f406
Author: Robert Levas
Authored: Mon Mar 20 10:07:27 2017 -0400
Committer: Robert Levas
Committed: Mon Mar 20 10:07:27 2017 -0400
--
.../stacks/HDP/2.5/services/stack_advisor.py| 24 +---
.../stacks/2.5/common/test_stack_advisor.py | 5
2 files changed, 21 insertions(+), 8 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/3a7a2d1b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
--
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index 13151eb..555cf4d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -468,17 +468,25 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
def recommendStormConfigurations(self, configurations, clusterData,
services, hosts):
super(HDP25StackAdvisor,
self).recommendStormConfigurations(configurations, clusterData, services, hosts)
storm_site = self.getServicesSiteProperties(services, "storm-site")
+storm_env = self.getServicesSiteProperties(services, "storm-env")
putStormSiteProperty = self.putProperty(configurations, "storm-site",
services)
putStormSiteAttributes = self.putPropertyAttribute(configurations,
"storm-site")
-security_enabled = (storm_site is not None and "storm.zookeeper.superACL"
in storm_site)
+security_enabled = self.isSecurityEnabled(services)
+
+if storm_env and storm_site:
+ if security_enabled:
+_storm_principal_name = storm_env['storm_principal_name'] if
'storm_principal_name' in storm_env else None
+storm_bare_jaas_principal = get_bare_principal(_storm_principal_name)
+if 'nimbus.impersonation.acl' in storm_site:
+ storm_nimbus_impersonation_acl =
storm_site["nimbus.impersonation.acl"]
+
storm_nimbus_impersonation_acl.replace('{{storm_bare_jaas_principal}}',
storm_bare_jaas_principal)
+ putStormSiteProperty('nimbus.impersonation.acl',
storm_nimbus_impersonation_acl)
+ else:
+if 'nimbus.impersonation.acl' in storm_site:
+ putStormSiteAttributes('nimbus.impersonation.acl', 'delete', 'true')
+if 'nimbus.impersonation.authorizer' in storm_site:
+ putStormSiteAttributes('nimbus.impersonation.authorizer', 'delete',
'true')
-if security_enabled:
- _storm_principal_name =
services['configurations']['storm-env']['properties']['storm_principal_name']
- storm_bare_jaas_principal = get_bare_principal(_storm_principal_name)
- if 'nimbus.impersonation.acl' in storm_site:
-storm_nimbus_impersonation_acl = storm_site["nimbus.impersonation.acl"]
-
storm_nimbus_impersonation_acl.replace('{{storm_bare_jaas_principal}}',
storm_bare_jaas_principal)
-putStormSiteProperty('nimbus.impersonation.acl',
storm_nimbus_impersonation_acl)
rangerPluginEnabled = ''
if 'ranger-storm-plugin-properties' in configurations and
'ranger-storm-plugin-enabled' in
configurations['ranger-storm-plugin-properties']['properties']:
rangerPluginEnabled =
configurations['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
http://git-wip-us.apache.org/repos/asf/ambari/blob/3a7a2d1b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
--
diff --git
a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
index 693b067..255d5c5 100644
--- a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
@@ -5369,6 +5369,11 @@ class TestHDP25StackAdvisor(TestCase):
"stack_version": "2.5"
},
"configurations": {
+"cluster-env": {
+ "properties": {
+"security_enabled": "true"
+ }
+},
"storm-site": {
"properties": {
"nimbus.authorizer" :
"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer",
ambari git commit: AMBARI-20494. Disabling security fails with AttributeError (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 b842de131 -> ea8dff324
AMBARI-20494. Disabling security fails with AttributeError (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ea8dff32
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ea8dff32
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ea8dff32
Branch: refs/heads/branch-2.5
Commit: ea8dff32491d2a91bf1ad10a9d34dbca6acc78cb
Parents: b842de1
Author: Robert Levas
Authored: Mon Mar 20 10:19:01 2017 -0400
Committer: Robert Levas
Committed: Mon Mar 20 10:19:01 2017 -0400
--
.../stacks/HDP/2.5/services/stack_advisor.py| 24 +---
.../stacks/2.5/common/test_stack_advisor.py | 5
2 files changed, 21 insertions(+), 8 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/ea8dff32/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
--
diff --git
a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index d510e60..9bfae8d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -468,17 +468,25 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
def recommendStormConfigurations(self, configurations, clusterData,
services, hosts):
super(HDP25StackAdvisor,
self).recommendStormConfigurations(configurations, clusterData, services, hosts)
storm_site = self.getServicesSiteProperties(services, "storm-site")
+storm_env = self.getServicesSiteProperties(services, "storm-env")
putStormSiteProperty = self.putProperty(configurations, "storm-site",
services)
putStormSiteAttributes = self.putPropertyAttribute(configurations,
"storm-site")
-security_enabled = (storm_site is not None and "storm.zookeeper.superACL"
in storm_site)
+security_enabled = self.isSecurityEnabled(services)
+
+if storm_env and storm_site:
+ if security_enabled:
+_storm_principal_name = storm_env['storm_principal_name'] if
'storm_principal_name' in storm_env else None
+storm_bare_jaas_principal = get_bare_principal(_storm_principal_name)
+if 'nimbus.impersonation.acl' in storm_site:
+ storm_nimbus_impersonation_acl =
storm_site["nimbus.impersonation.acl"]
+
storm_nimbus_impersonation_acl.replace('{{storm_bare_jaas_principal}}',
storm_bare_jaas_principal)
+ putStormSiteProperty('nimbus.impersonation.acl',
storm_nimbus_impersonation_acl)
+ else:
+if 'nimbus.impersonation.acl' in storm_site:
+ putStormSiteAttributes('nimbus.impersonation.acl', 'delete', 'true')
+if 'nimbus.impersonation.authorizer' in storm_site:
+ putStormSiteAttributes('nimbus.impersonation.authorizer', 'delete',
'true')
-if security_enabled:
- _storm_principal_name =
services['configurations']['storm-env']['properties']['storm_principal_name']
- storm_bare_jaas_principal = get_bare_principal(_storm_principal_name)
- if 'nimbus.impersonation.acl' in storm_site:
-storm_nimbus_impersonation_acl = storm_site["nimbus.impersonation.acl"]
-
storm_nimbus_impersonation_acl.replace('{{storm_bare_jaas_principal}}',
storm_bare_jaas_principal)
-putStormSiteProperty('nimbus.impersonation.acl',
storm_nimbus_impersonation_acl)
rangerPluginEnabled = ''
if 'ranger-storm-plugin-properties' in configurations and
'ranger-storm-plugin-enabled' in
configurations['ranger-storm-plugin-properties']['properties']:
rangerPluginEnabled =
configurations['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']
http://git-wip-us.apache.org/repos/asf/ambari/blob/ea8dff32/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
--
diff --git
a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
index 2f81395..00edf21 100644
--- a/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.5/common/test_stack_advisor.py
@@ -5369,6 +5369,11 @@ class TestHDP25StackAdvisor(TestCase):
"stack_version": "2.5"
},
"configurations": {
+"cluster-env": {
+ "properties": {
+"security_enabled" : "true"
+ }
+},
"storm-site": {
"properties": {
"nimbus.authorizer" :
"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer",
ambari git commit: AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas)
Repository: ambari Updated Branches: refs/heads/trunk bda839e1f -> 871d95c04 AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/871d95c0 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/871d95c0 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/871d95c0 Branch: refs/heads/trunk Commit: 871d95c04fe64cfd5075dae60990fe6c23bc641d Parents: bda839e Author: Laszlo Puskas Authored: Tue Feb 14 11:25:46 2017 -0500 Committer: Robert Levas Committed: Tue Feb 14 11:25:46 2017 -0500 -- .../src/main/resources/scripts/post-user-creation-hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/871d95c0/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh -- diff --git a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh index 91511a0..d85741b 100755 --- a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh +++ b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh @@ -97,7 +97,7 @@ do "type":"directory", "action":"create", "owner":"$USR_NAME", -"group":"hadoop", +"group":"hdfs", "manageIfExists": "true" }, EOF
ambari git commit: AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas)
Repository: ambari Updated Branches: refs/heads/branch-2.5 ddbab6fe9 -> 9459c5103 AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9459c510 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9459c510 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9459c510 Branch: refs/heads/branch-2.5 Commit: 9459c51038e69b5a4f539ad404233e4b28e6518d Parents: ddbab6f Author: Laszlo Puskas Authored: Tue Feb 14 11:26:34 2017 -0500 Committer: Robert Levas Committed: Tue Feb 14 11:26:34 2017 -0500 -- .../src/main/resources/scripts/post-user-creation-hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/9459c510/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh -- diff --git a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh index 91511a0..d85741b 100755 --- a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh +++ b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh @@ -97,7 +97,7 @@ do "type":"directory", "action":"create", "owner":"$USR_NAME", -"group":"hadoop", +"group":"hdfs", "manageIfExists": "true" }, EOF
[1/2] ambari git commit: Revert "AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via r
Repository: ambari Updated Branches: refs/heads/branch-2.5 9459c5103 -> fcb93f1a7 Revert "AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas)" This reverts commit 9459c51038e69b5a4f539ad404233e4b28e6518d. To fix the Ambari JIRA #: AMBARI-1986 --> AMBARI-19986 Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/715c38c5 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/715c38c5 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/715c38c5 Branch: refs/heads/branch-2.5 Commit: 715c38c52efd07d3a8bb4380eae375b5b4d5ea78 Parents: 9459c51 Author: Robert Levas Authored: Tue Feb 14 11:28:09 2017 -0500 Committer: Robert Levas Committed: Tue Feb 14 11:28:09 2017 -0500 -- .../src/main/resources/scripts/post-user-creation-hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/715c38c5/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh -- diff --git a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh index d85741b..91511a0 100755 --- a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh +++ b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh @@ -97,7 +97,7 @@ do "type":"directory", "action":"create", "owner":"$USR_NAME", -"group":"hdfs", +"group":"hadoop", "manageIfExists": "true" }, EOF
[2/2] ambari git commit: AMBARI-19986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas)
AMBARI-19986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fcb93f1a Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fcb93f1a Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fcb93f1a Branch: refs/heads/branch-2.5 Commit: fcb93f1a72d10b2d3770226854ca8ed003e2f85c Parents: 715c38c Author: Laszlo Puskas Authored: Tue Feb 14 11:29:23 2017 -0500 Committer: Robert Levas Committed: Tue Feb 14 11:29:23 2017 -0500 -- .../src/main/resources/scripts/post-user-creation-hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/fcb93f1a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh -- diff --git a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh index 91511a0..d85741b 100755 --- a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh +++ b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh @@ -97,7 +97,7 @@ do "type":"directory", "action":"create", "owner":"$USR_NAME", -"group":"hadoop", +"group":"hdfs", "manageIfExists": "true" }, EOF
[2/2] ambari git commit: AMBARI-19986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas)
AMBARI-19986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8efff748 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8efff748 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8efff748 Branch: refs/heads/trunk Commit: 8efff7480283aa1a5e6aa917c0fa81f5da60c7c4 Parents: 635f7f0 Author: Laszlo Puskas Authored: Tue Feb 14 11:31:14 2017 -0500 Committer: Robert Levas Committed: Tue Feb 14 11:31:14 2017 -0500 -- .../src/main/resources/scripts/post-user-creation-hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/8efff748/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh -- diff --git a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh index 91511a0..d85741b 100755 --- a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh +++ b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh @@ -97,7 +97,7 @@ do "type":"directory", "action":"create", "owner":"$USR_NAME", -"group":"hadoop", +"group":"hdfs", "manageIfExists": "true" }, EOF
[1/2] ambari git commit: Revert "AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via r
Repository: ambari Updated Branches: refs/heads/trunk 871d95c04 -> 8efff7480 Revert "AMBARI-1986. Default group permissions for the user home directories created by the post user creation script should be 'hdfs' instead of 'hadoop' (Laszlo Puskas via rlevas)" This reverts commit 871d95c04fe64cfd5075dae60990fe6c23bc641d. To fix the Ambari JIRA #: AMBARI-1986 --> AMBARI-19986 Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/635f7f0f Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/635f7f0f Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/635f7f0f Branch: refs/heads/trunk Commit: 635f7f0f5eb799f3c57951ce9361bc66230084c0 Parents: 871d95c Author: Robert Levas Authored: Tue Feb 14 11:30:40 2017 -0500 Committer: Robert Levas Committed: Tue Feb 14 11:30:40 2017 -0500 -- .../src/main/resources/scripts/post-user-creation-hook.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/ambari/blob/635f7f0f/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh -- diff --git a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh index d85741b..91511a0 100755 --- a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh +++ b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh @@ -97,7 +97,7 @@ do "type":"directory", "action":"create", "owner":"$USR_NAME", -"group":"hdfs", +"group":"hadoop", "manageIfExists": "true" }, EOF
ambari git commit: AMBARI-20018. Document security issue related to setting security.agent.hostname.validate to false (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk a1f23ad42 -> 45842645c
AMBARI-20018. Document security issue related to setting
security.agent.hostname.validate to false (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/45842645
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/45842645
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/45842645
Branch: refs/heads/trunk
Commit: 45842645c546a176f1692d0d7be008e2d51c5086
Parents: a1f23ad
Author: Robert Levas
Authored: Wed Feb 15 11:20:03 2017 -0500
Committer: Robert Levas
Committed: Wed Feb 15 11:20:03 2017 -0500
--
ambari-server/docs/configuration/index.md | 2 +-
.../java/org/apache/ambari/server/configuration/Configuration.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/45842645/ambari-server/docs/configuration/index.md
--
diff --git a/ambari-server/docs/configuration/index.md
b/ambari-server/docs/configuration/index.md
index 50864f2..ae2d549 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -172,7 +172,7 @@ The following are the properties which can be used to
configure Ambari.
| repo.validation.suffixes.ubuntu | The suffixes to use when validating Ubuntu
repositories. |`/dists/%s/Release` |
| resources.dir | The location on the Ambari Server where all resources exist,
including common services, stacks, and scripts.
|`/var/lib/ambari-server/resources/` |
| rolling.upgrade.skip.packages.prefixes | A comma-separated list of packages
which will be skipped during a stack upgrade. | |
-| security.agent.hostname.validate | Determines whether the Ambari Agent host
names should be validated against a regular expression to ensure that they are
well-formed. |`true` |
+| security.agent.hostname.validate | Determines whether the Ambari Agent host
names should be validated against a regular expression to ensure that they are
well-formed.WARNING: By setting this value to false, host names will
not be validated, allowing a possible security vulnerability as described in
CVE-2014-3582. See
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities for
more information.|`true` |
| security.master.key.location | The location on the Ambari Server of the
master key file. This is the key to the master keystore. | |
| security.master.keystore.location | The location on the Ambari Server of the
master keystore file. | |
| security.server.cert_name | The name of the file located in the
`security.server.keys_dir` directory where certificates will be generated when
Ambari uses the `openssl ca` command. |`ca.crt` |
http://git-wip-us.apache.org/repos/asf/ambari/blob/45842645/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 5020790..e1df5bd 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -510,7 +510,7 @@ public class Configuration {
* Determines whether the Ambari Agent host names should be validated against
* a regular expression to ensure that they are well-formed.
*/
- @Markdown(description = "Determines whether the Ambari Agent host names
should be validated against a regular expression to ensure that they are
well-formed.")
+ @Markdown(description = "Determines whether the Ambari Agent host names
should be validated against a regular expression to ensure that they are
well-formed.WARNING: By setting this value to false, host names will
not be validated, allowing a possible security vulnerability as described in
CVE-2014-3582. See
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities for
more information.")
public static final ConfigurationProperty
SRVR_AGENT_HOSTNAME_VALIDATE = new ConfigurationProperty<>(
"security.agent.hostname.validate", "true");
ambari git commit: AMBARI-20018. Document security issue related to setting security.agent.hostname.validate to false (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 cb59ebdf7 -> 8b5883316
AMBARI-20018. Document security issue related to setting
security.agent.hostname.validate to false (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8b588331
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8b588331
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8b588331
Branch: refs/heads/branch-2.5
Commit: 8b5883316f0e1348548e3a2cfcafa0c2a6d21048
Parents: cb59ebd
Author: Robert Levas
Authored: Wed Feb 15 11:21:05 2017 -0500
Committer: Robert Levas
Committed: Wed Feb 15 11:21:05 2017 -0500
--
ambari-server/docs/configuration/index.md | 2 +-
.../java/org/apache/ambari/server/configuration/Configuration.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/8b588331/ambari-server/docs/configuration/index.md
--
diff --git a/ambari-server/docs/configuration/index.md
b/ambari-server/docs/configuration/index.md
index 34dafc2..e0a01dc 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -166,7 +166,7 @@ The following are the properties which can be used to
configure Ambari.
| repo.validation.suffixes.ubuntu | The suffixes to use when validating Ubuntu
repositories. |`/dists/%s/Release` |
| resources.dir | The location on the Ambari Server where all resources exist,
including common services, stacks, and scripts.
|`/var/lib/ambari-server/resources/` |
| rolling.upgrade.skip.packages.prefixes | A comma-separated list of packages
which will be skipped during a stack upgrade. | |
-| security.agent.hostname.validate | Determines whether the Ambari Agent host
names should be validated against a regular expression to ensure that they are
well-formed. |`true` |
+| security.agent.hostname.validate | Determines whether the Ambari Agent host
names should be validated against a regular expression to ensure that they are
well-formed.WARNING: By setting this value to false, host names will
not be validated, allowing a possible security vulnerability as described in
CVE-2014-3582. See
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities for
more information.|`true` |
| security.master.key.location | The location on the Ambari Server of the
master key file. This is the key to the master keystore. | |
| security.master.keystore.location | The location on the Ambari Server of the
master keystore file. | |
| security.server.cert_name | The name of the file located in the
`security.server.keys_dir` directory where certificates will be generated when
Ambari uses the `openssl ca` command. |`ca.crt` |
http://git-wip-us.apache.org/repos/asf/ambari/blob/8b588331/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 267aa14..e414aa1 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -506,7 +506,7 @@ public class Configuration {
* Determines whether the Ambari Agent host names should be validated against
* a regular expression to ensure that they are well-formed.
*/
- @Markdown(description = "Determines whether the Ambari Agent host names
should be validated against a regular expression to ensure that they are
well-formed.")
+ @Markdown(description = "Determines whether the Ambari Agent host names
should be validated against a regular expression to ensure that they are
well-formed.WARNING: By setting this value to false, host names will
not be validated, allowing a possible security vulnerability as described in
CVE-2014-3582. See
https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities for
more information.")
public static final ConfigurationProperty
SRVR_AGENT_HOSTNAME_VALIDATE = new ConfigurationProperty<>(
"security.agent.hostname.validate", "true");
ambari git commit: AMBARI-20008. Add "Manage alert notifications" authorization (Eugene Chekanskiy via rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 1f1bfb8e7 -> bfaaba2fa
AMBARI-20008. Add "Manage alert notifications" authorization (Eugene Chekanskiy
via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bfaaba2f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bfaaba2f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bfaaba2f
Branch: refs/heads/trunk
Commit: bfaaba2fa2ce0c271c5fa3de3c4b1134715407df
Parents: 1f1bfb8
Author: Eugene Chekanskiy
Authored: Thu Feb 16 13:44:43 2017 -0500
Committer: Robert Levas
Committed: Thu Feb 16 13:44:43 2017 -0500
--
.../internal/AlertTargetResourceProvider.java | 11 +--
.../security/authorization/RoleAuthorization.java | 1 +
.../ambari/server/upgrade/UpgradeCatalog250.java| 16
.../src/main/resources/Ambari-DDL-Derby-CREATE.sql | 3 +++
.../src/main/resources/Ambari-DDL-MySQL-CREATE.sql | 3 +++
.../src/main/resources/Ambari-DDL-Oracle-CREATE.sql | 3 +++
.../main/resources/Ambari-DDL-Postgres-CREATE.sql | 3 +++
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 3 +++
.../main/resources/Ambari-DDL-SQLServer-CREATE.sql | 3 +++
.../server/upgrade/UpgradeCatalog250Test.java | 5 +
10 files changed, 41 insertions(+), 10 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/bfaaba2f/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
index 4010528..0b7f1db 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
@@ -48,7 +48,6 @@ import
org.apache.ambari.server.notifications.TargetConfigurationResult;
import org.apache.ambari.server.orm.dao.AlertDispatchDAO;
import org.apache.ambari.server.orm.entities.AlertGroupEntity;
import org.apache.ambari.server.orm.entities.AlertTargetEntity;
-import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.RoleAuthorization;
import org.apache.ambari.server.state.AlertState;
import org.apache.ambari.server.state.alert.AlertGroup;
@@ -128,10 +127,7 @@ public class AlertTargetResourceProvider extends
AlertTargetResourceProvider() {
super(PROPERTY_IDS, KEY_PROPERTY_IDS);
-// For now only allow an Ambari administrator to create, update, and
manage Alert Targets.
-// If an alert target can associated with a particular cluster, than a
cluster administrator
-// should be able to do this as well.
-EnumSet requiredAuthorizations =
EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_ALERTS);
+EnumSet requiredAuthorizations =
EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_ALERT_NOTIFICATIONS);
setRequiredCreateAuthorizations(requiredAuthorizations);
setRequiredUpdateAuthorizations(requiredAuthorizations);
setRequiredDeleteAuthorizations(requiredAuthorizations);
@@ -252,11 +248,6 @@ public class AlertTargetResourceProvider extends
return PK_PROPERTY_IDS;
}
- @Override
- protected ResourceType getResourceType(Request request, Predicate predicate)
{
-return ResourceType.AMBARI;
- }
-
/**
* Create and persist {@link AlertTargetEntity} from the map of properties.
*
http://git-wip-us.apache.org/repos/asf/ambari/blob/bfaaba2f/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
index 969772f..cd35c2c 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
@@ -54,6 +54,7 @@ public enum RoleAuthorization {
CLUSTER_VIEW_STATUS_INFO("CLUSTER.VIEW_STATUS_INFO"),
CLUSTER_RUN_CUSTOM_COMMAND("CLUSTER.RUN_CUSTOM_COMMAND"),
CLUSTER_MANAGE_AUTO_START("CLUSTER.MANAGE_AUTO_START"),
+ CLUSTER_MANAGE_ALERT_NOTIFICATIONS("CLUSTER.MANAGE_ALERT_NOTIFICATIONS"),
HOST_ADD_DELETE_COMPONENTS("HOST.ADD_DELETE_COMPONENTS"),
HOST_ADD_DE
ambari git commit: AMBARI-20008. Add "Manage alert notifications" authorization (Eugene Chekanskiy via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 bb870a912 -> 85602eb62
AMBARI-20008. Add "Manage alert notifications" authorization (Eugene Chekanskiy
via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/85602eb6
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/85602eb6
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/85602eb6
Branch: refs/heads/branch-2.5
Commit: 85602eb6286f01c419504ae41629a3bfaa51962f
Parents: bb870a9
Author: Eugene Chekanskiy
Authored: Thu Feb 16 13:45:44 2017 -0500
Committer: Robert Levas
Committed: Thu Feb 16 13:45:44 2017 -0500
--
.../internal/AlertTargetResourceProvider.java | 11 +--
.../security/authorization/RoleAuthorization.java | 1 +
.../ambari/server/upgrade/UpgradeCatalog250.java| 16
.../src/main/resources/Ambari-DDL-Derby-CREATE.sql | 3 +++
.../src/main/resources/Ambari-DDL-MySQL-CREATE.sql | 3 +++
.../src/main/resources/Ambari-DDL-Oracle-CREATE.sql | 3 +++
.../main/resources/Ambari-DDL-Postgres-CREATE.sql | 3 +++
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 3 +++
.../main/resources/Ambari-DDL-SQLServer-CREATE.sql | 3 +++
.../server/upgrade/UpgradeCatalog250Test.java | 5 +
10 files changed, 41 insertions(+), 10 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/85602eb6/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
index 4010528..0b7f1db 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AlertTargetResourceProvider.java
@@ -48,7 +48,6 @@ import
org.apache.ambari.server.notifications.TargetConfigurationResult;
import org.apache.ambari.server.orm.dao.AlertDispatchDAO;
import org.apache.ambari.server.orm.entities.AlertGroupEntity;
import org.apache.ambari.server.orm.entities.AlertTargetEntity;
-import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.RoleAuthorization;
import org.apache.ambari.server.state.AlertState;
import org.apache.ambari.server.state.alert.AlertGroup;
@@ -128,10 +127,7 @@ public class AlertTargetResourceProvider extends
AlertTargetResourceProvider() {
super(PROPERTY_IDS, KEY_PROPERTY_IDS);
-// For now only allow an Ambari administrator to create, update, and
manage Alert Targets.
-// If an alert target can associated with a particular cluster, than a
cluster administrator
-// should be able to do this as well.
-EnumSet requiredAuthorizations =
EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_ALERTS);
+EnumSet requiredAuthorizations =
EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_ALERT_NOTIFICATIONS);
setRequiredCreateAuthorizations(requiredAuthorizations);
setRequiredUpdateAuthorizations(requiredAuthorizations);
setRequiredDeleteAuthorizations(requiredAuthorizations);
@@ -252,11 +248,6 @@ public class AlertTargetResourceProvider extends
return PK_PROPERTY_IDS;
}
- @Override
- protected ResourceType getResourceType(Request request, Predicate predicate)
{
-return ResourceType.AMBARI;
- }
-
/**
* Create and persist {@link AlertTargetEntity} from the map of properties.
*
http://git-wip-us.apache.org/repos/asf/ambari/blob/85602eb6/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
index 969772f..cd35c2c 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
@@ -54,6 +54,7 @@ public enum RoleAuthorization {
CLUSTER_VIEW_STATUS_INFO("CLUSTER.VIEW_STATUS_INFO"),
CLUSTER_RUN_CUSTOM_COMMAND("CLUSTER.RUN_CUSTOM_COMMAND"),
CLUSTER_MANAGE_AUTO_START("CLUSTER.MANAGE_AUTO_START"),
+ CLUSTER_MANAGE_ALERT_NOTIFICATIONS("CLUSTER.MANAGE_ALERT_NOTIFICATIONS"),
HOST_ADD_DELETE_COMPONENTS("HOST.ADD_DELETE_COM
ambari git commit: AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the manual option (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 600d0a1a0 -> bfaf6139c
AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the
manual option (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bfaf6139
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bfaf6139
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bfaf6139
Branch: refs/heads/trunk
Commit: bfaf6139c24c63fbec01c64078c8392c5fec6b27
Parents: 600d0a1
Author: Robert Levas
Authored: Tue Feb 21 12:08:41 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 21 12:09:38 2017 -0500
--
.../kerberos/FinalizeKerberosServerAction.java | 14 +-
.../kerberos/KerberosServerAction.java | 2 +-
.../FinalizeKerberosServerActionTest.java | 207 +++
3 files changed, 216 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/bfaf6139/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
index 9f443b9..2742390 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
@@ -200,12 +200,14 @@ public class FinalizeKerberosServerAction extends
KerberosServerAction {
}
}
-// Ensure the keytab files for the Ambari identities have the correct
permissions
-// This is important in the event a secure cluster was created via
Blueprints since some
-// user accounts and group may not have been created when the keytab files
were created.
-requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
-processIdentities(requestSharedDataContext);
-requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+if(getKDCType(getCommandParameters()) != KDCType.NONE) {
+ // Ensure the keytab files for the Ambari identities have the correct
permissions
+ // This is important in the event a secure cluster was created via
Blueprints since some
+ // user accounts and group may not have been created when the keytab
files were created.
+ requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
+ processIdentities(requestSharedDataContext);
+ requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+}
// Make sure this is a relevant directory. We don't want to accidentally
allow _ANY_ directory
// to be deleted.
http://git-wip-us.apache.org/repos/asf/ambari/blob/bfaf6139/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index cab3d8d..d404133 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -195,7 +195,7 @@ public abstract class KerberosServerAction extends
AbstractServerAction {
String kdcType = getCommandParameterValue(commandParameters, KDC_TYPE);
return ((kdcType == null) || kdcType.isEmpty())
-? KDCType.MIT_KDC
+? KDCType.NONE
: KDCType.translate(kdcType);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/bfaf6139/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
new file mode 100644
index 000..cec482e
--- /dev/null
+++
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
@@ -0,0 +1,207 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE fi
ambari git commit: AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the manual option (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 eab52eda6 -> 381d43cad
AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the
manual option (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/381d43ca
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/381d43ca
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/381d43ca
Branch: refs/heads/branch-2.5
Commit: 381d43cad0151db59fac6c6ca176369c78fd93af
Parents: eab52ed
Author: Robert Levas
Authored: Tue Feb 21 12:11:34 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 21 12:11:34 2017 -0500
--
.../kerberos/FinalizeKerberosServerAction.java | 14 +-
.../kerberos/KerberosServerAction.java | 2 +-
.../FinalizeKerberosServerActionTest.java | 207 +++
3 files changed, 216 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/381d43ca/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
index d485eb3..0b845d9 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
@@ -200,12 +200,14 @@ public class FinalizeKerberosServerAction extends
KerberosServerAction {
}
}
-// Ensure the keytab files for the Ambari identities have the correct
permissions
-// This is important in the event a secure cluster was created via
Blueprints since some
-// user accounts and group may not have been created when the keytab files
were created.
-requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
-processIdentities(requestSharedDataContext);
-requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+if(getKDCType(getCommandParameters()) != KDCType.NONE) {
+ // Ensure the keytab files for the Ambari identities have the correct
permissions
+ // This is important in the event a secure cluster was created via
Blueprints since some
+ // user accounts and group may not have been created when the keytab
files were created.
+ requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
+ processIdentities(requestSharedDataContext);
+ requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+}
// Make sure this is a relevant directory. We don't want to accidentally
allow _ANY_ directory
// to be deleted.
http://git-wip-us.apache.org/repos/asf/ambari/blob/381d43ca/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index 1d8c1ca..9755bd6 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -194,7 +194,7 @@ public abstract class KerberosServerAction extends
AbstractServerAction {
String kdcType = getCommandParameterValue(commandParameters, KDC_TYPE);
return ((kdcType == null) || kdcType.isEmpty())
-? KDCType.MIT_KDC
+? KDCType.NONE
: KDCType.translate(kdcType);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/381d43ca/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
new file mode 100644
index 000..cec482e
--- /dev/null
+++
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
@@ -0,0 +1,207 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See th
ambari git commit: Revert "AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the manual option (rlevas)"
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 b32094fa6 -> e3b21903f
Revert "AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos
using the manual option (rlevas)"
This reverts commit 381d43cad0151db59fac6c6ca176369c78fd93af.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e3b21903
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e3b21903
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e3b21903
Branch: refs/heads/branch-2.5
Commit: e3b21903f0e50b42035b8e509ed225d95239dac6
Parents: b32094f
Author: Robert Levas
Authored: Tue Feb 21 17:43:40 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 21 17:43:40 2017 -0500
--
.../kerberos/FinalizeKerberosServerAction.java | 14 +-
.../kerberos/KerberosServerAction.java | 2 +-
.../FinalizeKerberosServerActionTest.java | 207 ---
3 files changed, 7 insertions(+), 216 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/e3b21903/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
index 0b845d9..d485eb3 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
@@ -200,14 +200,12 @@ public class FinalizeKerberosServerAction extends
KerberosServerAction {
}
}
-if(getKDCType(getCommandParameters()) != KDCType.NONE) {
- // Ensure the keytab files for the Ambari identities have the correct
permissions
- // This is important in the event a secure cluster was created via
Blueprints since some
- // user accounts and group may not have been created when the keytab
files were created.
- requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
- processIdentities(requestSharedDataContext);
- requestSharedDataContext.remove(this.getClass().getName() + "_visited");
-}
+// Ensure the keytab files for the Ambari identities have the correct
permissions
+// This is important in the event a secure cluster was created via
Blueprints since some
+// user accounts and group may not have been created when the keytab files
were created.
+requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
+processIdentities(requestSharedDataContext);
+requestSharedDataContext.remove(this.getClass().getName() + "_visited");
// Make sure this is a relevant directory. We don't want to accidentally
allow _ANY_ directory
// to be deleted.
http://git-wip-us.apache.org/repos/asf/ambari/blob/e3b21903/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index 9755bd6..1d8c1ca 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -194,7 +194,7 @@ public abstract class KerberosServerAction extends
AbstractServerAction {
String kdcType = getCommandParameterValue(commandParameters, KDC_TYPE);
return ((kdcType == null) || kdcType.isEmpty())
-? KDCType.NONE
+? KDCType.MIT_KDC
: KDCType.translate(kdcType);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/e3b21903/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
deleted file mode 100644
index cec482e..000
---
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Licensed to the Apache S
ambari git commit: Revert "AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the manual option (rlevas)"
Repository: ambari
Updated Branches:
refs/heads/trunk 6553ffaee -> 235f5264a
Revert "AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos
using the manual option (rlevas)"
This reverts commit bfaf6139c24c63fbec01c64078c8392c5fec6b27.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/235f5264
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/235f5264
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/235f5264
Branch: refs/heads/trunk
Commit: 235f5264a723c4c289389f46e28ae9955e1a7491
Parents: 6553ffa
Author: Robert Levas
Authored: Tue Feb 21 17:44:57 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 21 17:44:57 2017 -0500
--
.../kerberos/FinalizeKerberosServerAction.java | 14 +-
.../kerberos/KerberosServerAction.java | 2 +-
.../FinalizeKerberosServerActionTest.java | 207 ---
3 files changed, 7 insertions(+), 216 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/235f5264/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
index 2742390..9f443b9 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
@@ -200,14 +200,12 @@ public class FinalizeKerberosServerAction extends
KerberosServerAction {
}
}
-if(getKDCType(getCommandParameters()) != KDCType.NONE) {
- // Ensure the keytab files for the Ambari identities have the correct
permissions
- // This is important in the event a secure cluster was created via
Blueprints since some
- // user accounts and group may not have been created when the keytab
files were created.
- requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
- processIdentities(requestSharedDataContext);
- requestSharedDataContext.remove(this.getClass().getName() + "_visited");
-}
+// Ensure the keytab files for the Ambari identities have the correct
permissions
+// This is important in the event a secure cluster was created via
Blueprints since some
+// user accounts and group may not have been created when the keytab files
were created.
+requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
+processIdentities(requestSharedDataContext);
+requestSharedDataContext.remove(this.getClass().getName() + "_visited");
// Make sure this is a relevant directory. We don't want to accidentally
allow _ANY_ directory
// to be deleted.
http://git-wip-us.apache.org/repos/asf/ambari/blob/235f5264/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index d404133..cab3d8d 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -195,7 +195,7 @@ public abstract class KerberosServerAction extends
AbstractServerAction {
String kdcType = getCommandParameterValue(commandParameters, KDC_TYPE);
return ((kdcType == null) || kdcType.isEmpty())
-? KDCType.NONE
+? KDCType.MIT_KDC
: KDCType.translate(kdcType);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/235f5264/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
deleted file mode 100644
index cec482e..000
---
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Licensed to the Apache Software
ambari git commit: AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the manual option (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 4ff93b0a2 -> d5cbe1940
AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the
manual option (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d5cbe194
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d5cbe194
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d5cbe194
Branch: refs/heads/trunk
Commit: d5cbe1940552c1ac6ed142b0d36bc84f45ba3c7f
Parents: 4ff93b0
Author: Robert Levas
Authored: Tue Feb 21 21:15:39 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 21 21:16:44 2017 -0500
--
.../kerberos/FinalizeKerberosServerAction.java | 14 +-
.../kerberos/KerberosServerAction.java | 2 +-
.../FinalizeKerberosServerActionTest.java | 206 +++
3 files changed, 215 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/d5cbe194/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
index 9f443b9..2742390 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
@@ -200,12 +200,14 @@ public class FinalizeKerberosServerAction extends
KerberosServerAction {
}
}
-// Ensure the keytab files for the Ambari identities have the correct
permissions
-// This is important in the event a secure cluster was created via
Blueprints since some
-// user accounts and group may not have been created when the keytab files
were created.
-requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
-processIdentities(requestSharedDataContext);
-requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+if(getKDCType(getCommandParameters()) != KDCType.NONE) {
+ // Ensure the keytab files for the Ambari identities have the correct
permissions
+ // This is important in the event a secure cluster was created via
Blueprints since some
+ // user accounts and group may not have been created when the keytab
files were created.
+ requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
+ processIdentities(requestSharedDataContext);
+ requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+}
// Make sure this is a relevant directory. We don't want to accidentally
allow _ANY_ directory
// to be deleted.
http://git-wip-us.apache.org/repos/asf/ambari/blob/d5cbe194/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index cab3d8d..d404133 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -195,7 +195,7 @@ public abstract class KerberosServerAction extends
AbstractServerAction {
String kdcType = getCommandParameterValue(commandParameters, KDC_TYPE);
return ((kdcType == null) || kdcType.isEmpty())
-? KDCType.MIT_KDC
+? KDCType.NONE
: KDCType.translate(kdcType);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d5cbe194/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
new file mode 100644
index 000..9404480
--- /dev/null
+++
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
@@ -0,0 +1,206 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE fi
ambari git commit: AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the manual option (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 4d46c2b7f -> fe86fc3ed
AMBARI-20067. Finalize Operations stage fails when Enabling Kerberos using the
manual option (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fe86fc3e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fe86fc3e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fe86fc3e
Branch: refs/heads/branch-2.5
Commit: fe86fc3edef557cf277af3caed4232edea4fa44d
Parents: 4d46c2b
Author: Robert Levas
Authored: Tue Feb 21 21:18:05 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 21 21:18:05 2017 -0500
--
.../kerberos/FinalizeKerberosServerAction.java | 14 +-
.../kerberos/KerberosServerAction.java | 2 +-
.../FinalizeKerberosServerActionTest.java | 206 +++
3 files changed, 215 insertions(+), 7 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/fe86fc3e/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
index d485eb3..0b845d9 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java
@@ -200,12 +200,14 @@ public class FinalizeKerberosServerAction extends
KerberosServerAction {
}
}
-// Ensure the keytab files for the Ambari identities have the correct
permissions
-// This is important in the event a secure cluster was created via
Blueprints since some
-// user accounts and group may not have been created when the keytab files
were created.
-requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
-processIdentities(requestSharedDataContext);
-requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+if(getKDCType(getCommandParameters()) != KDCType.NONE) {
+ // Ensure the keytab files for the Ambari identities have the correct
permissions
+ // This is important in the event a secure cluster was created via
Blueprints since some
+ // user accounts and group may not have been created when the keytab
files were created.
+ requestSharedDataContext.put(this.getClass().getName() + "_visited", new
HashSet());
+ processIdentities(requestSharedDataContext);
+ requestSharedDataContext.remove(this.getClass().getName() + "_visited");
+}
// Make sure this is a relevant directory. We don't want to accidentally
allow _ANY_ directory
// to be deleted.
http://git-wip-us.apache.org/repos/asf/ambari/blob/fe86fc3e/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
index 1d8c1ca..9755bd6 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java
@@ -194,7 +194,7 @@ public abstract class KerberosServerAction extends
AbstractServerAction {
String kdcType = getCommandParameterValue(commandParameters, KDC_TYPE);
return ((kdcType == null) || kdcType.isEmpty())
-? KDCType.MIT_KDC
+? KDCType.NONE
: KDCType.translate(kdcType);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/fe86fc3e/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
new file mode 100644
index 000..9404480
--- /dev/null
+++
b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerActionTest.java
@@ -0,0 +1,206 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See th
ambari git commit: AMBARI-20196. Ambari should install the unlimited key JCE policy based on service requirements even if cluster is not Kerberized (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 236ae87a1 -> 9112148e5
AMBARI-20196. Ambari should install the unlimited key JCE policy based on
service requirements even if cluster is not Kerberized (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9112148e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9112148e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9112148e
Branch: refs/heads/trunk
Commit: 9112148e597baedaab1dea15c8da299dee6f63c7
Parents: 236ae87
Author: Robert Levas
Authored: Mon Feb 27 14:51:46 2017 -0500
Committer: Robert Levas
Committed: Mon Feb 27 14:51:54 2017 -0500
--
ambari-agent/pom.xml| 16 ++
.../apache/ambari/tools/jce/JcePolicyInfo.java | 145 +++
.../core/resources/jcepolicyinfo.py | 47 ++
.../ambari/server/agent/ExecutionCommand.java | 1 +
.../AmbariManagementControllerImpl.java | 22 +++
.../ambari/server/stack/ComponentModule.java| 4 +
.../ambari/server/state/ComponentInfo.java | 16 +-
.../state/UnlimitedKeyJCERequirement.java | 42 ++
.../package/scripts/kerberos_client.py | 6 -
.../package/scripts/kerberos_common.py | 35 +
.../HDP/2.0.6/configuration/cluster-env.xml | 11 ++
.../2.0.6/hooks/before-START/scripts/hook.py| 3 +-
.../2.0.6/hooks/before-START/scripts/params.py | 27 +++-
.../scripts/shared_initialization.py| 64
.../HDP/3.0/configuration/cluster-env.xml | 11 ++
.../HDP/3.0/hooks/before-START/scripts/hook.py | 3 +-
.../3.0/hooks/before-START/scripts/params.py| 27 +++-
.../scripts/shared_initialization.py| 64
.../KERBEROS/package/scripts/kerberos_client.py | 3 -
.../server/stack/ComponentModuleTest.java | 35 +
.../2.0.6/configs/secured_no_jce_name.json | 16 +-
.../hooks/before-START/test_before_start.py | 26 ++--
.../stacks/2.2/KERBEROS/test_kerberos_client.py | 21 ---
23 files changed, 554 insertions(+), 91 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/9112148e/ambari-agent/pom.xml
--
diff --git a/ambari-agent/pom.xml b/ambari-agent/pom.xml
index 074e051..7633b95 100644
--- a/ambari-agent/pom.xml
+++ b/ambari-agent/pom.xml
@@ -157,6 +157,7 @@
2.3
+shade-zkmigrator
package
shade
@@ -170,6 +171,21 @@
${project.build.directory}${dirsep}${project.artifactId}-${project.version}/var/lib/ambari-agent/tools/zkmigrator.jar
+
+shade-jce
+package
+
+ shade
+
+
+
+
+
org.apache.ambari.tools.jce.JcePolicyInfo
+
+
+
${project.build.directory}${dirsep}${project.artifactId}-${project.version}/var/lib/ambari-agent/tools/jcepolicyinfo.jar
+
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/9112148e/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
--
diff --git
a/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
b/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
new file mode 100644
index 000..15936e8
--- /dev/null
+++ b/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.tools.jce;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+
+import javax.crypto.Cipher;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli
ambari git commit: AMBARI-20196. Ambari should install the unlimited key JCE policy based on service requirements even if cluster is not Kerberized (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 e30539564 -> 23861e4b6
AMBARI-20196. Ambari should install the unlimited key JCE policy based on
service requirements even if cluster is not Kerberized (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/23861e4b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/23861e4b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/23861e4b
Branch: refs/heads/branch-2.5
Commit: 23861e4b66ea2b918d84f45865f8383ac0fc3efd
Parents: e305395
Author: Robert Levas
Authored: Mon Feb 27 14:53:06 2017 -0500
Committer: Robert Levas
Committed: Mon Feb 27 14:53:06 2017 -0500
--
ambari-agent/pom.xml| 16 ++
.../apache/ambari/tools/jce/JcePolicyInfo.java | 145 +++
.../core/resources/jcepolicyinfo.py | 47 ++
.../ambari/server/agent/ExecutionCommand.java | 1 +
.../AmbariManagementControllerImpl.java | 25 +++-
.../ambari/server/stack/ComponentModule.java| 4 +
.../ambari/server/state/ComponentInfo.java | 22 ++-
.../state/UnlimitedKeyJCERequirement.java | 42 ++
.../package/scripts/kerberos_client.py | 6 -
.../package/scripts/kerberos_common.py | 35 +
.../HDP/2.0.6/configuration/cluster-env.xml | 11 ++
.../2.0.6/hooks/before-START/scripts/hook.py| 3 +-
.../2.0.6/hooks/before-START/scripts/params.py | 27 +++-
.../scripts/shared_initialization.py| 64
.../KERBEROS/package/scripts/kerberos_client.py | 3 -
.../server/stack/ComponentModuleTest.java | 35 +
.../2.0.6/configs/secured_no_jce_name.json | 16 +-
.../hooks/before-START/test_before_start.py | 26 ++--
.../stacks/2.2/KERBEROS/test_kerberos_client.py | 21 ---
19 files changed, 460 insertions(+), 89 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/23861e4b/ambari-agent/pom.xml
--
diff --git a/ambari-agent/pom.xml b/ambari-agent/pom.xml
index 825987b..2274f75 100644
--- a/ambari-agent/pom.xml
+++ b/ambari-agent/pom.xml
@@ -156,6 +156,7 @@
2.3
+shade-zkmigrator
package
shade
@@ -169,6 +170,21 @@
${project.build.directory}${dirsep}${project.artifactId}-${project.version}/var/lib/ambari-agent/tools/zkmigrator.jar
+
+shade-jce
+package
+
+ shade
+
+
+
+
+
org.apache.ambari.tools.jce.JcePolicyInfo
+
+
+
${project.build.directory}${dirsep}${project.artifactId}-${project.version}/var/lib/ambari-agent/tools/jcepolicyinfo.jar
+
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/23861e4b/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
--
diff --git
a/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
b/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
new file mode 100644
index 000..15936e8
--- /dev/null
+++ b/ambari-agent/src/main/java/org/apache/ambari/tools/jce/JcePolicyInfo.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.tools.jce;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+
+import javax.crypto.Cipher;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.DefaultParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.UnrecognizedOptionException;
+
+/**
+ * JcePolicyInfo provides information about
ambari git commit: AMBARI-20217. Services fail to start due to incorrect permissions on spnego.service.keytab (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk c5df14f5e -> be644c57a
AMBARI-20217. Services fail to start due to incorrect permissions on
spnego.service.keytab (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/be644c57
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/be644c57
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/be644c57
Branch: refs/heads/trunk
Commit: be644c57a13a2a8e701d1b1009be2d0decfa08cd
Parents: c5df14f
Author: Robert Levas
Authored: Tue Feb 28 09:46:08 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 28 09:46:12 2017 -0500
--
.../org/apache/ambari/server/controller/KerberosHelperImpl.java | 1 +
1 file changed, 1 insertion(+)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/be644c57/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 51c0b2c..baa90e7 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -3163,6 +3163,7 @@ public class KerberosHelperImpl implements KerberosHelper
{
// Add the finalize stage...
Map commandParameters = new HashMap();
commandParameters.put(KerberosServerAction.DEFAULT_REALM,
kerberosDetails.getDefaultRealm());
+ commandParameters.put(KerberosServerAction.KDC_TYPE,
kerberosDetails.getKdcType().name());
commandParameters.put(KerberosServerAction.AUTHENTICATED_USER_NAME,
ambariManagementController.getAuthName());
if (dataDirectory != null) {
commandParameters.put(KerberosServerAction.DATA_DIRECTORY,
dataDirectory.getAbsolutePath());
ambari git commit: AMBARI-20217. Services fail to start due to incorrect permissions on spnego.service.keytab (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 26146d357 -> d9b303019
AMBARI-20217. Services fail to start due to incorrect permissions on
spnego.service.keytab (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d9b30301
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d9b30301
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d9b30301
Branch: refs/heads/branch-2.5
Commit: d9b3030196f5086bd2e1827d8b2594ed7581c33b
Parents: 26146d3
Author: Robert Levas
Authored: Tue Feb 28 09:46:57 2017 -0500
Committer: Robert Levas
Committed: Tue Feb 28 09:46:57 2017 -0500
--
.../org/apache/ambari/server/controller/KerberosHelperImpl.java | 1 +
1 file changed, 1 insertion(+)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/d9b30301/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 8ccfc4c..c2fde46 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -3163,6 +3163,7 @@ public class KerberosHelperImpl implements KerberosHelper
{
// Add the finalize stage...
Map commandParameters = new HashMap();
commandParameters.put(KerberosServerAction.DEFAULT_REALM,
kerberosDetails.getDefaultRealm());
+ commandParameters.put(KerberosServerAction.KDC_TYPE,
kerberosDetails.getKdcType().name());
commandParameters.put(KerberosServerAction.AUTHENTICATED_USER_NAME,
ambariManagementController.getAuthName());
if (dataDirectory != null) {
commandParameters.put(KerberosServerAction.DATA_DIRECTORY,
dataDirectory.getAbsolutePath());
[2/2] ambari git commit: AMBARI-20309. HBase Master CPU Utilization Alert is in unknown state due to kinit error (rlevas)
AMBARI-20309. HBase Master CPU Utilization Alert is in unknown state due to
kinit error (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6cfcc90a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6cfcc90a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6cfcc90a
Branch: refs/heads/trunk
Commit: 6cfcc90acfaced9cbcefe8abaa1a5d98a2db20ad
Parents: 801cd61
Author: Robert Levas
Authored: Mon Mar 6 12:27:23 2017 -0500
Committer: Robert Levas
Committed: Mon Mar 6 12:27:29 2017 -0500
--
.../server/upgrade/UpgradeCatalog250.java | 57 +
.../HBASE/0.96.0.2.0/alerts.json|4 +-
.../server/upgrade/UpgradeCatalog250Test.java | 1077 +-
3 files changed, 627 insertions(+), 511 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/6cfcc90a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index 2a684dc..141e9cd 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -29,6 +29,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.ambari.server.AmbariException;
@@ -65,6 +66,7 @@ import org.springframework.jdbc.support.JdbcUtils;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
+import com.google.gson.JsonPrimitive;
import com.google.inject.Inject;
import com.google.inject.Injector;
@@ -192,6 +194,61 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
addManageServiceAutoStartPermissions();
addManageAlertNotificationsPermissions();
updateKerberosDescriptorArtifacts();
+fixHBaseMasterCPUUtilizationAlertDefinition();
+ }
+
+ /**
+ * Fix the HBase Master CPU Utilization alert definition by swapping the
values for kerberos_keytab
+ * and kerberos_principal.
+ */
+ protected void fixHBaseMasterCPUUtilizationAlertDefinition() {
+AlertDefinitionDAO alertDefinitionDAO =
injector.getInstance(AlertDefinitionDAO.class);
+AmbariManagementController ambariManagementController =
injector.getInstance(AmbariManagementController.class);
+Clusters clusters = ambariManagementController.getClusters();
+
+Map clusterMap = getCheckedClusterMap(clusters);
+for (final Cluster cluster : clusterMap.values()) {
+ long clusterID = cluster.getClusterId();
+ AlertDefinitionEntity alertDefinition =
alertDefinitionDAO.findByName(clusterID, "hbase_master_cpu");
+ if(alertDefinition != null) {
+LOG.info("Updating alert definition {} in cluster {}",
alertDefinition.getDefinitionName(), clusterID);
+String source = alertDefinition.getSource();
+
+if(source != null) {
+ JsonObject sourceJson = new
JsonParser().parse(source).getAsJsonObject();
+ LOG.debug("Source before update : {}", sourceJson);
+
+ JsonObject uriJson = sourceJson.get("uri").getAsJsonObject();
+ JsonPrimitive primitive;
+
+ // Replace
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
+ // With
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ primitive = uriJson.getAsJsonPrimitive("kerberos_keytab");
+ if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}".equals(primitive.getAsString()))
{
+uriJson.remove("kerberos_keytab");
+uriJson.addProperty("kerberos_keytab",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}");
+ }
+
+ // Replace
+ // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ // With
+ // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
+ primitive = uriJson.getAsJsonPrimitive("kerberos_principal");
+ if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}".equals(primitive.getAsString()))
{
+uriJson.remove(&quo
[1/2] ambari git commit: AMBARI-20309. HBase Master CPU Utilization Alert is in unknown state due to kinit error (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 801cd6147 -> 6cfcc90ac
http://git-wip-us.apache.org/repos/asf/ambari/blob/6cfcc90a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 7ee66ef..2a59ccc 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -39,6 +39,7 @@ import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -90,6 +91,9 @@ import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonPrimitive;
import com.google.inject.AbstractModule;
import com.google.inject.Binder;
import com.google.inject.Guice;
@@ -146,7 +150,7 @@ public class UpgradeCatalog250Test {
private Clusters clusters;
@Mock(type = MockType.NICE)
- private Cluster cluster;
+ private Cluster cluster;
@Mock(type = MockType.NICE)
private Injector injector;
@@ -183,16 +187,16 @@ public class UpgradeCatalog250Test {
Capture> capturedComponentVersionColumns =
newCapture();
dbAccessor.createTable(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
capture(capturedComponentVersionColumns),
- eq((String[]) null));
+eq((String[]) null));
dbAccessor.addPKConstraint(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
- eq(UpgradeCatalog250.COMPONENT_VERSION_PK), eq("id"));
+eq(UpgradeCatalog250.COMPONENT_VERSION_PK), eq("id"));
dbAccessor.addFKConstraint(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
- eq(UpgradeCatalog250.COMPONENT_VERSION_FK_COMPONENT), eq("component_id"),
- eq(UpgradeCatalog250.COMPONENT_TABLE), eq("id"), eq(false));
+eq(UpgradeCatalog250.COMPONENT_VERSION_FK_COMPONENT),
eq("component_id"),
+eq(UpgradeCatalog250.COMPONENT_TABLE), eq("id"), eq(false));
dbAccessor.addFKConstraint(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
- eq(UpgradeCatalog250.COMPONENT_VERSION_FK_REPO_VERSION),
eq("repo_version_id"),
- eq("repo_version"), eq("repo_version_id"), eq(false));
+eq(UpgradeCatalog250.COMPONENT_VERSION_FK_REPO_VERSION),
eq("repo_version_id"),
+eq("repo_version"), eq("repo_version_id"), eq(false));
// servicedesiredstate table
Capture capturedCredentialStoreEnabledCol =
newCapture();
@@ -270,90 +274,69 @@ public class UpgradeCatalog250Test {
Assert.assertEquals(false,
capturedCredentialStoreEnabledColValues.isNullable());
}
-@Test
-public void testUpdateAlerts_StormUIWebAlert() {
-EasyMockSupport easyMockSupport = new EasyMockSupport();
-final AmbariManagementController mockAmbariManagementController =
easyMockSupport.createNiceMock(AmbariManagementController.class);
-final Clusters mockClusters =
easyMockSupport.createStrictMock(Clusters.class);
-final Cluster mockClusterExpected =
easyMockSupport.createNiceMock(Cluster.class);
-final AlertDefinitionDAO mockAlertDefinitionDAO =
easyMockSupport.createNiceMock(AlertDefinitionDAO.class);
-final AlertDefinitionEntity stormWebUIAlertMock =
easyMockSupport.createNiceMock(AlertDefinitionEntity.class);
-
-final Injector mockInjector = Guice.createInjector(new
AbstractModule() {
-@Override
-protected void configure() {
-
bind(AmbariManagementController.class).toInstance(mockAmbariManagementController);
-bind(Clusters.class).toInstance(mockClusters);
-bind(EntityManager.class).toInstance(entityManager);
-
bind(AlertDefinitionDAO.class).toInstance(mockAlertDefinitionDAO);
-
bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
-
bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
-}
-});
-
-long clusterId = 1;
-
-
expect(mockAmbariManagementController.getClusters()).andReturn(mockClusters).once();
-expect(mockClusters.getClusters()).andReturn(new HashMap() {{
-put("normal", mockClusterExpected);
-}}).atLeastOnce();
-
expect(mockClusterExpected.getClusterId()).andReturn(clusterId).anyTimes();
-expect(mockAlertDefinitionDAO.findByName(eq(clusterId),
eq("storm_webui")))
-.andReturn(stormWebUIAlertMock).atLeastOnce();
-expect(stormWebUIAlertMock.getSou
[2/2] ambari git commit: AMBARI-20309. HBase Master CPU Utilization Alert is in unknown state due to kinit error (rlevas)
AMBARI-20309. HBase Master CPU Utilization Alert is in unknown state due to
kinit error (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e8956590
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e8956590
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e8956590
Branch: refs/heads/branch-2.5
Commit: e8956590389cf1c8e6a3942747710223ff3a5d34
Parents: 84e767b
Author: Robert Levas
Authored: Mon Mar 6 12:30:26 2017 -0500
Committer: Robert Levas
Committed: Mon Mar 6 12:30:26 2017 -0500
--
.../server/upgrade/UpgradeCatalog250.java | 57 +
.../HBASE/0.96.0.2.0/alerts.json|4 +-
.../server/upgrade/UpgradeCatalog250Test.java | 1014 ++
3 files changed, 596 insertions(+), 479 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/e8956590/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index c67e80d..0246229 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -19,6 +19,7 @@ package org.apache.ambari.server.upgrade;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
+import com.google.gson.JsonPrimitive;
import com.google.inject.Inject;
import com.google.inject.Injector;
@@ -66,6 +67,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
/**
@@ -192,6 +194,61 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
addManageServiceAutoStartPermissions();
addManageAlertNotificationsPermissions();
updateKerberosDescriptorArtifacts();
+fixHBaseMasterCPUUtilizationAlertDefinition();
+ }
+
+ /**
+ * Fix the HBase Master CPU Utilization alert definition by swapping the
values for kerberos_keytab
+ * and kerberos_principal.
+ */
+ protected void fixHBaseMasterCPUUtilizationAlertDefinition() {
+AlertDefinitionDAO alertDefinitionDAO =
injector.getInstance(AlertDefinitionDAO.class);
+AmbariManagementController ambariManagementController =
injector.getInstance(AmbariManagementController.class);
+Clusters clusters = ambariManagementController.getClusters();
+
+Map clusterMap = getCheckedClusterMap(clusters);
+for (final Cluster cluster : clusterMap.values()) {
+ long clusterID = cluster.getClusterId();
+ AlertDefinitionEntity alertDefinition =
alertDefinitionDAO.findByName(clusterID, "hbase_master_cpu");
+ if(alertDefinition != null) {
+LOG.info("Updating alert definition {} in cluster {}",
alertDefinition.getDefinitionName(), clusterID);
+String source = alertDefinition.getSource();
+
+if(source != null) {
+ JsonObject sourceJson = new
JsonParser().parse(source).getAsJsonObject();
+ LOG.debug("Source before update : {}", sourceJson);
+
+ JsonObject uriJson = sourceJson.get("uri").getAsJsonObject();
+ JsonPrimitive primitive;
+
+ // Replace
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
+ // With
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ primitive = uriJson.getAsJsonPrimitive("kerberos_keytab");
+ if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}".equals(primitive.getAsString()))
{
+uriJson.remove("kerberos_keytab");
+uriJson.addProperty("kerberos_keytab",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}");
+ }
+
+ // Replace
+ // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ // With
+ // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
+ primitive = uriJson.getAsJsonPrimitive("kerberos_principal");
+ if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}".equals(primitive.getAsString()))
{
+uriJson.remove("kerberos_princip
[1/2] ambari git commit: AMBARI-20309. HBase Master CPU Utilization Alert is in unknown state due to kinit error (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 84e767ba0 -> e89565903
http://git-wip-us.apache.org/repos/asf/ambari/blob/e8956590/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
--
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 529ac5c..ad01e07 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -21,12 +21,16 @@ package org.apache.ambari.server.upgrade;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonPrimitive;
import com.google.inject.AbstractModule;
import com.google.inject.Binder;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Provider;
+
import junit.framework.Assert;
import junit.framework.AssertionFailedError;
@@ -69,6 +73,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import javax.persistence.EntityManager;
+
import java.io.File;
import java.lang.reflect.Method;
import java.net.URL;
@@ -76,6 +81,7 @@ import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -144,7 +150,7 @@ public class UpgradeCatalog250Test {
private Clusters clusters;
@Mock(type = MockType.NICE)
- private Cluster cluster;
+ private Cluster cluster;
@Mock(type = MockType.NICE)
private Injector injector;
@@ -181,16 +187,16 @@ public class UpgradeCatalog250Test {
Capture> capturedComponentVersionColumns =
newCapture();
dbAccessor.createTable(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
capture(capturedComponentVersionColumns),
- eq((String[]) null));
+eq((String[]) null));
dbAccessor.addPKConstraint(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
- eq(UpgradeCatalog250.COMPONENT_VERSION_PK), eq("id"));
+eq(UpgradeCatalog250.COMPONENT_VERSION_PK), eq("id"));
dbAccessor.addFKConstraint(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
- eq(UpgradeCatalog250.COMPONENT_VERSION_FK_COMPONENT), eq("component_id"),
- eq(UpgradeCatalog250.COMPONENT_TABLE), eq("id"), eq(false));
+eq(UpgradeCatalog250.COMPONENT_VERSION_FK_COMPONENT),
eq("component_id"),
+eq(UpgradeCatalog250.COMPONENT_TABLE), eq("id"), eq(false));
dbAccessor.addFKConstraint(eq(UpgradeCatalog250.COMPONENT_VERSION_TABLE),
- eq(UpgradeCatalog250.COMPONENT_VERSION_FK_REPO_VERSION),
eq("repo_version_id"),
- eq("repo_version"), eq("repo_version_id"), eq(false));
+eq(UpgradeCatalog250.COMPONENT_VERSION_FK_REPO_VERSION),
eq("repo_version_id"),
+eq("repo_version"), eq("repo_version_id"), eq(false));
// servicedesiredstate table
Capture capturedCredentialStoreEnabledCol =
newCapture();
@@ -288,27 +294,29 @@ public class UpgradeCatalog250Test {
Method updateAlerts =
UpgradeCatalog250.class.getDeclaredMethod("updateStormAlerts");
Method removeAlertDuplicates =
UpgradeCatalog250.class.getDeclaredMethod("removeAlertDuplicates");
Method updateKerberosDescriptorArtifacts =
AbstractUpgradeCatalog.class.getDeclaredMethod("updateKerberosDescriptorArtifacts");
+Method fixHBaseMasterCPUUtilizationAlertDefinition =
UpgradeCatalog250.class.getDeclaredMethod("fixHBaseMasterCPUUtilizationAlertDefinition");
UpgradeCatalog250 upgradeCatalog250 =
createMockBuilder(UpgradeCatalog250.class)
- .addMockedMethod(updateAmsConfigs)
- .addMockedMethod(updateHadoopEnvConfigs)
- .addMockedMethod(updateKafkaConfigs)
- .addMockedMethod(updateHIVEInteractiveConfigs)
- .addMockedMethod(updateHiveLlapConfigs)
- .addMockedMethod(updateTablesForZeppelinViewRemoval)
- .addMockedMethod(updateZeppelinConfigs)
- .addMockedMethod(updateAtlasConfigs)
- .addMockedMethod(updateLogSearchConfigs)
- .addMockedMethod(updateAmbariInfraConfigs)
- .addMockedMethod(addNewConfigurationsFromXml)
- .addMockedMethod(updateRangerUrlConfigs)
- .addMockedMethod(addManageServiceAutoStartPermissions)
- .addMockedMethod(addManageAlertNotificationsPermissions)
- .addMockedMethod(updateYarnSite)
- .addMockedMethod(updateAlerts)
- .addMockedMethod(removeAlertDuplicates)
- .addMockedMethod(updateKerberosDescriptorArtifacts)
- .createMock();
+.addMockedMethod(updateAmsConfigs)
+.addMockedMethod(updateHadoopEnvConfigs)
ambari git commit: AMBARI-20335. Kerberos identity reference not working for ranger-audit property in hbase (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk c21f77dfb -> fddf8fd00
AMBARI-20335. Kerberos identity reference not working for ranger-audit property
in hbase (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/fddf8fd0
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/fddf8fd0
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/fddf8fd0
Branch: refs/heads/trunk
Commit: fddf8fd006296642d7444f3318bef564f95b0ffe
Parents: c21f77d
Author: Robert Levas
Authored: Tue Mar 7 09:37:14 2017 -0500
Committer: Robert Levas
Committed: Tue Mar 7 09:37:14 2017 -0500
--
.../server/upgrade/UpgradeCatalog250.java | 57 ---
.../stacks/HDP/2.5/services/HBASE/kerberos.json | 3 +-
.../PERF/1.0/services/FAKEHBASE/kerberos.json | 3 +-
.../server/upgrade/UpgradeCatalog250Test.java | 71 ++---
...test_kerberos_descriptor_2_5_infra_solr.json | 148 ++-
5 files changed, 238 insertions(+), 44 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/fddf8fd0/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index 141e9cd..b32e374 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -525,6 +525,7 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
addInfrSolrDescriptor(artifactDAO, artifactEntity,
kerberosDescriptor, logSearchKerberosDescriptor, "LOGSEARCH_SERVER");
addInfrSolrDescriptor(artifactDAO, artifactEntity,
kerberosDescriptor, rangerKerberosDescriptor, "RANGER_ADMIN");
KerberosServiceDescriptor stormKerberosDescriptor =
kerberosDescriptor.getService("STORM");
+
if (stormKerberosDescriptor != null) {
KerberosComponentDescriptor componentDescriptor =
stormKerberosDescriptor.getComponent("NIMBUS");
if (componentDescriptor != null) {
@@ -532,27 +533,24 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
if (origIdentityDescriptor != null) {
KerberosPrincipalDescriptor origPrincipalDescriptor =
origIdentityDescriptor.getPrincipalDescriptor();
KerberosPrincipalDescriptor newPrincipalDescriptor = new
KerberosPrincipalDescriptor(
- null,
- null,
- (origPrincipalDescriptor == null) ?
-
"ranger-storm-audit/xasecure.audit.jaas.Client.option.principal" :
origPrincipalDescriptor.getConfiguration(),
- null
+null,
+null,
+(origPrincipalDescriptor == null) ?
+
"ranger-storm-audit/xasecure.audit.jaas.Client.option.principal" :
origPrincipalDescriptor.getConfiguration(),
+null
);
KerberosKeytabDescriptor origKeytabDescriptor =
origIdentityDescriptor.getKeytabDescriptor();
KerberosKeytabDescriptor newKeytabDescriptor = new
KerberosKeytabDescriptor(
- null,
- null,
- null,
- null,
- null,
- (origKeytabDescriptor == null) ?
-
"ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab" :
origKeytabDescriptor.getConfiguration(),
- false);
+null,
+null,
+null,
+null,
+null,
+(origKeytabDescriptor == null) ?
+
"ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab" :
origKeytabDescriptor.getConfiguration(),
+false);
componentDescriptor.removeIdentity("/STORM/NIMBUS/nimbus_server");
componentDescriptor.putIdentity(new
KerberosIdentityDescriptor("/STORM/storm_components", null,
newPrincipalDescriptor, newKeytabDescriptor, null));
-
-artifactEntity.setArtifactData(kerberosDescriptor.toMap());
-artifactDAO.merge(artifactEntity);
}
}
}
@@ -564,11 +562,32 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
Map properties =
yarnSiteConfigDescriptor.getProperties();
if (propertie
ambari git commit: AMBARI-20335. Kerberos identity reference not working for ranger-audit property in hbase (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 4df38c35f -> 225edb97f
AMBARI-20335. Kerberos identity reference not working for ranger-audit property
in hbase (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/225edb97
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/225edb97
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/225edb97
Branch: refs/heads/branch-2.5
Commit: 225edb97f91428be6426f50b794ba051df2bb65e
Parents: 4df38c3
Author: Robert Levas
Authored: Tue Mar 7 10:03:12 2017 -0500
Committer: Robert Levas
Committed: Tue Mar 7 10:03:12 2017 -0500
--
.../server/upgrade/UpgradeCatalog250.java | 57 ---
.../stacks/HDP/2.5/services/HBASE/kerberos.json | 3 +-
.../PERF/1.0/services/FAKEHBASE/kerberos.json | 3 +-
.../server/upgrade/UpgradeCatalog250Test.java | 71 ++---
...test_kerberos_descriptor_2_5_infra_solr.json | 148 ++-
5 files changed, 238 insertions(+), 44 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/225edb97/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index 0246229..e244925 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -469,6 +469,7 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
addInfrSolrDescriptor(artifactDAO, artifactEntity,
kerberosDescriptor, logSearchKerberosDescriptor, "LOGSEARCH_SERVER");
addInfrSolrDescriptor(artifactDAO, artifactEntity,
kerberosDescriptor, rangerKerberosDescriptor, "RANGER_ADMIN");
KerberosServiceDescriptor stormKerberosDescriptor =
kerberosDescriptor.getService("STORM");
+
if (stormKerberosDescriptor != null) {
KerberosComponentDescriptor componentDescriptor =
stormKerberosDescriptor.getComponent("NIMBUS");
if (componentDescriptor != null) {
@@ -476,27 +477,24 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
if (origIdentityDescriptor != null) {
KerberosPrincipalDescriptor origPrincipalDescriptor =
origIdentityDescriptor.getPrincipalDescriptor();
KerberosPrincipalDescriptor newPrincipalDescriptor = new
KerberosPrincipalDescriptor(
- null,
- null,
- (origPrincipalDescriptor == null) ?
-
"ranger-storm-audit/xasecure.audit.jaas.Client.option.principal" :
origPrincipalDescriptor.getConfiguration(),
- null
+null,
+null,
+(origPrincipalDescriptor == null) ?
+
"ranger-storm-audit/xasecure.audit.jaas.Client.option.principal" :
origPrincipalDescriptor.getConfiguration(),
+null
);
KerberosKeytabDescriptor origKeytabDescriptor =
origIdentityDescriptor.getKeytabDescriptor();
KerberosKeytabDescriptor newKeytabDescriptor = new
KerberosKeytabDescriptor(
- null,
- null,
- null,
- null,
- null,
- (origKeytabDescriptor == null) ?
-
"ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab" :
origKeytabDescriptor.getConfiguration(),
- false);
+null,
+null,
+null,
+null,
+null,
+(origKeytabDescriptor == null) ?
+
"ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab" :
origKeytabDescriptor.getConfiguration(),
+false);
componentDescriptor.removeIdentity("/STORM/NIMBUS/nimbus_server");
componentDescriptor.putIdentity(new
KerberosIdentityDescriptor("/STORM/storm_components", null,
newPrincipalDescriptor, newKeytabDescriptor, null));
-
-artifactEntity.setArtifactData(kerberosDescriptor.toMap());
-artifactDAO.merge(artifactEntity);
}
}
}
@@ -508,11 +506,32 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
Map properties =
yarnSiteConfigDescriptor.getProperties();
if (propertie
ambari git commit: AMBARI-20358. NPE during Ambari server schema upgrade while updating hbase_master_cpu alert definition (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 17323e0d7 -> f39207a53
AMBARI-20358. NPE during Ambari server schema upgrade while updating
hbase_master_cpu alert definition (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f39207a5
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f39207a5
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f39207a5
Branch: refs/heads/trunk
Commit: f39207a53df94433ca0ac39ffde6f5fb9f7994c6
Parents: 17323e0
Author: Robert Levas
Authored: Wed Mar 8 07:49:32 2017 -0500
Committer: Robert Levas
Committed: Wed Mar 8 07:49:32 2017 -0500
--
.../server/upgrade/UpgradeCatalog250.java | 64 +++-
.../server/upgrade/UpgradeCatalog250Test.java | 33 ++
2 files changed, 70 insertions(+), 27 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/f39207a5/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index b32e374..ae38d8e 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -216,36 +216,46 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
if(source != null) {
JsonObject sourceJson = new
JsonParser().parse(source).getAsJsonObject();
- LOG.debug("Source before update : {}", sourceJson);
-
- JsonObject uriJson = sourceJson.get("uri").getAsJsonObject();
- JsonPrimitive primitive;
-
- // Replace
- // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
- // With
- // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
- primitive = uriJson.getAsJsonPrimitive("kerberos_keytab");
- if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}".equals(primitive.getAsString()))
{
-uriJson.remove("kerberos_keytab");
-uriJson.addProperty("kerberos_keytab",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}");
- }
- // Replace
- // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
- // With
- // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
- primitive = uriJson.getAsJsonPrimitive("kerberos_principal");
- if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}".equals(primitive.getAsString()))
{
-uriJson.remove("kerberos_principal");
-uriJson.addProperty("kerberos_principal",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}");
- }
+ if(sourceJson != null) {
+boolean changesExist = false;
+LOG.debug("Source before update : {}", sourceJson);
+
+JsonObject uriJson = sourceJson.get("uri").getAsJsonObject();
+JsonPrimitive primitive;
+
+if (uriJson != null) {
+ // Replace
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
+ // With
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ primitive = uriJson.getAsJsonPrimitive("kerberos_keytab");
+ if ((primitive != null) && primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}".equals(primitive.getAsString()))
{
+uriJson.remove("kerberos_keytab");
+uriJson.addProperty("kerberos_keytab",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}");
+changesExist = true;
+ }
+
+ // Replace
+ // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ // With
+ // "kerberos_principal":
ambari git commit: AMBARI-20358. NPE during Ambari server schema upgrade while updating hbase_master_cpu alert definition (rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 934f3f182 -> 8eaaf8086
AMBARI-20358. NPE during Ambari server schema upgrade while updating
hbase_master_cpu alert definition (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8eaaf808
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8eaaf808
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8eaaf808
Branch: refs/heads/branch-2.5
Commit: 8eaaf8086502890ef5d1c3ad88ca5fee8311f599
Parents: 934f3f1
Author: Robert Levas
Authored: Wed Mar 8 07:50:13 2017 -0500
Committer: Robert Levas
Committed: Wed Mar 8 07:50:13 2017 -0500
--
.../server/upgrade/UpgradeCatalog250.java | 64 +++-
.../server/upgrade/UpgradeCatalog250Test.java | 33 ++
2 files changed, 70 insertions(+), 27 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/8eaaf808/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
--
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index e244925..36160ca 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -216,36 +216,46 @@ public class UpgradeCatalog250 extends
AbstractUpgradeCatalog {
if(source != null) {
JsonObject sourceJson = new
JsonParser().parse(source).getAsJsonObject();
- LOG.debug("Source before update : {}", sourceJson);
-
- JsonObject uriJson = sourceJson.get("uri").getAsJsonObject();
- JsonPrimitive primitive;
-
- // Replace
- // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
- // With
- // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
- primitive = uriJson.getAsJsonPrimitive("kerberos_keytab");
- if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}".equals(primitive.getAsString()))
{
-uriJson.remove("kerberos_keytab");
-uriJson.addProperty("kerberos_keytab",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}");
- }
- // Replace
- // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
- // With
- // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
- primitive = uriJson.getAsJsonPrimitive("kerberos_principal");
- if(primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}".equals(primitive.getAsString()))
{
-uriJson.remove("kerberos_principal");
-uriJson.addProperty("kerberos_principal",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}");
- }
+ if(sourceJson != null) {
+boolean changesExist = false;
+LOG.debug("Source before update : {}", sourceJson);
+
+JsonObject uriJson = sourceJson.get("uri").getAsJsonObject();
+JsonPrimitive primitive;
+
+if (uriJson != null) {
+ // Replace
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}"
+ // With
+ // "kerberos_keytab":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ primitive = uriJson.getAsJsonPrimitive("kerberos_keytab");
+ if ((primitive != null) && primitive.isString() &&
"{{hbase-site/hbase.security.authentication.spnego.kerberos.principal}}".equals(primitive.getAsString()))
{
+uriJson.remove("kerberos_keytab");
+uriJson.addProperty("kerberos_keytab",
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}");
+changesExist = true;
+ }
+
+ // Replace
+ // "kerberos_principal":
"{{hbase-site/hbase.security.authentication.spnego.kerberos.keytab}}"
+ // With
+ // "kerberos_principal":
ambari git commit: AMBARI-20349. When SPNEGO authentication is enabled for Hadoop in a cluster with NN HA, PXF Process alert fails (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 3db5addb9 -> a10120574
AMBARI-20349. When SPNEGO authentication is enabled for Hadoop in a cluster
with NN HA, PXF Process alert fails (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a1012057
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a1012057
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a1012057
Branch: refs/heads/trunk
Commit: a1012057452fde3f4b488dd1e0ebb83069fb29da
Parents: 3db5add
Author: Robert Levas
Authored: Thu Mar 9 10:25:14 2017 -0500
Committer: Robert Levas
Committed: Thu Mar 9 10:25:14 2017 -0500
--
.../PXF/3.0.0/package/alerts/api_status.py | 36 ++--
1 file changed, 25 insertions(+), 11 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1012057/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/alerts/api_status.py
--
diff --git
a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/alerts/api_status.py
b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/alerts/api_status.py
index d0ed0a4..dcdb372 100644
---
a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/alerts/api_status.py
+++
b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/alerts/api_status.py
@@ -24,15 +24,17 @@ import socket
import urllib2
import urllib
+from resource_management.core import shell
from resource_management.libraries.functions.curl_krb_request import
curl_krb_request
+from resource_management.libraries.functions.get_kinit_path import
get_kinit_path
from resource_management.libraries.functions.namenode_ha_utils import
get_active_namenode
from resource_management.libraries.script.config_dictionary import
ConfigDictionary
from resource_management.core.environment import Environment
CLUSTER_ENV_SECURITY = '{{cluster-env/security_enabled}}'
-HADOOP_ENV_HDFS_USER = '{{hadoop-env/hdfs_user}}'
-HADOOP_ENV_HDFS_USER_KEYTAB = '{{hadoop-env/hdfs_user_keytab}}'
-HADOOP_ENV_HDFS_PRINCIPAL_NAME = '{{hadoop-env/hdfs_principal_name}}'
+ACTING_USER = 'pxf'
+KEYTAB_FILE = '{{pxf-site/pxf.service.kerberos.keytab}}'
+PRINCIPAL_NAME = '{{pxf-site/pxf.service.kerberos.principal}}'
HDFS_SITE = '{{hdfs-site}}'
@@ -58,9 +60,9 @@ commonPXFHeaders = {
def get_tokens():
return (CLUSTER_ENV_SECURITY,
- HADOOP_ENV_HDFS_USER,
- HADOOP_ENV_HDFS_USER_KEYTAB,
- HADOOP_ENV_HDFS_PRINCIPAL_NAME,
+ ACTING_USER,
+ KEYTAB_FILE,
+ PRINCIPAL_NAME,
HDFS_SITE)
def _get_delegation_token(namenode_address, user, keytab, principal,
kinit_path):
@@ -130,21 +132,33 @@ def _get_pxf_protocol_version(base_url):
raise Exception("version could not be found in response " + response)
+
+def _ensure_kerberos_authentication(user, principal, keytab_file, kinit_path):
+ kinit_path_local = get_kinit_path(kinit_path)
+ shell.checked_call("{0} -kt {1} {2} > /dev/null".format(kinit_path_local,
keytab_file, principal),
+ user=user)
+
def execute(configurations={}, parameters={}, host_name=None):
BASE_URL = "http://{0}:{1}/pxf/".format(host_name, PXF_PORT)
try:
# Get delegation token if security is enabled
if CLUSTER_ENV_SECURITY in configurations and
configurations[CLUSTER_ENV_SECURITY].lower() == "true":
+ resolved_principal = configurations[PRINCIPAL_NAME]
+ if resolved_principal is not None:
+resolved_principal = resolved_principal.replace('_HOST', host_name)
+
if 'dfs.nameservices' in configurations[HDFS_SITE]:
-namenode_address =
get_active_namenode(ConfigDictionary(configurations[HDFS_SITE]),
configurations[CLUSTER_ENV_SECURITY], configurations[HADOOP_ENV_HDFS_USER])[1]
+if configurations[CLUSTER_ENV_SECURITY]:
+ _ensure_kerberos_authentication(configurations[ACTING_USER],
resolved_principal, configurations[KEYTAB_FILE], None)
+namenode_address =
get_active_namenode(ConfigDictionary(configurations[HDFS_SITE]),
configurations[CLUSTER_ENV_SECURITY], configurations[ACTING_USER])[1]
else:
namenode_address =
configurations[HDFS_SITE]['dfs.namenode.http-address']
token = _get_delegation_token(namenode_address,
- configurations[HADOOP_ENV_HDFS_USER],
-
configurations[HADOOP_ENV_HDFS_USER_KEYTAB],
-
configurations[HADOOP_ENV_HDFS_PRINCIPAL_NAME],
-
