This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 55ae952 [AMBARI-23185] Added a new CLI option in the setup-ldap tool
to indicate whether to force LDAP auth method even if another one - or none at
all - is already configured (#615)
55ae952 is described below
commit 55ae952958c9cd7bc526f2e0d5fa859a667dc8f2
Author: smolnar82 <34065904+smolna...@users.noreply.github.com>
AuthorDate: Mon Mar 12 19:42:26 2018 +0100
[AMBARI-23185] Added a new CLI option in the setup-ldap tool to indicate
whether to force LDAP auth method even if another one - or none at all - is
already configured (#615)
* AMBARI-23185. Enabled TestAmbariServer and fixed errors
* AMBARI-23185. Added a new CLI option in the setup-ldap tool to indicate
wheter to force LDAP ayth method even if another one - or none at all - is
already configured
* AMBARI-23185. Using better option name for LDAP setup enforcment and make
it boolean
* AMBARI-23185. In case there is not authentication method is configured we
default the setup question to 'y'
* AMBARI-23185. Code cleaning
---
ambari-server/src/main/python/ambari-server.py | 1 +
.../src/main/python/ambari_server/setupSecurity.py | 20 ++++---
ambari-server/src/test/python/TestAmbariServer.py | 61 +++++++++++++++++++++-
3 files changed, 72 insertions(+), 10 deletions(-)
diff --git a/ambari-server/src/main/python/ambari-server.py
b/ambari-server/src/main/python/ambari-server.py
index 57ad80e..fe11bf4 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -567,6 +567,7 @@ def init_ldap_setup_parser_options(parser):
parser.add_option('--ldap-sync-username-collisions-behavior', default=None,
help="Handling behavior for username collisions [convert/skip] for LDAP sync",
dest="ldap_sync_username_collisions_behavior")
parser.add_option('--ldap-force-lowercase-usernames', default=None,
help="Declares whether to force the ldap user name to be lowercase or leave
as-is", dest="ldap_force_lowercase_usernames")
parser.add_option('--ldap-pagination-enabled', default=None,
help="Determines whether results from LDAP are paginated when requested",
dest="ldap_pagination_enabled")
+ parser.add_option('--ldap-force-setup', action="store_true", default=False,
help="Forces the use of LDAP even if other (i.e. PAM) authentication method is
configured already or if there is no authentication method configured at all",
dest="ldap_force_setup")
parser.add_option('--ambari-admin-username', default=None, help="Ambari
Admin username for LDAP setup", dest="ambari_admin_username")
parser.add_option('--ambari-admin-password', default=None, help="Ambari
Admin password for LDAP setup", dest="ambari_admin_password")
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py
b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index bb21100..f30915b 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -84,6 +84,7 @@ LDAP_MGR_USERNAME_PROPERTY =
"ambari.ldap.connectivity.bind_dn"
LDAP_MGR_PASSWORD_FILENAME = "ldap-password.dat"
LDAP_ANONYMOUS_BIND="ambari.ldap.connectivity.anonymous_bind"
LDAP_USE_SSL="ambari.ldap.connectivity.use_ssl"
+NO_AUTH_METHOD_CONFIGURED = "no auth method"
def read_master_key(isReset=False, options = None):
passwordPattern = ".*"
@@ -716,14 +717,17 @@ def setup_ldap(options):
err = 'Ambari Server is not running.'
raise FatalException(1, err)
- current_client_security =
get_value_from_properties(properties,CLIENT_SECURITY,"no auth method")
- if current_client_security != 'ldap':
- query = "Currently '" + current_client_security + "' is configured, do you
wish to use LDAP instead [y/n] (n)? "
- if get_YN_input(query, False):
- pass
- else:
- err = "Currently '" + current_client_security + "' configured. Can not
setup LDAP."
- raise FatalException(1, err)
+ enforce_ldap = options.ldap_force_setup if options.ldap_force_setup is not
None else False
+ if not enforce_ldap:
+ current_client_security = get_value_from_properties(properties,
CLIENT_SECURITY, NO_AUTH_METHOD_CONFIGURED)
+ if current_client_security != 'ldap':
+ query = "Currently '{0}' is configured, do you wish to use LDAP instead
[y/n] ({1})? "
+ ldap_setup_default = 'y' if current_client_security ==
NO_AUTH_METHOD_CONFIGURED else 'n'
+ if get_YN_input(query.format(current_client_security,
ldap_setup_default), ldap_setup_default == 'y'):
+ pass
+ else:
+ err = "Currently '" + current_client_security + "' configured. Can not
setup LDAP."
+ raise FatalException(1, err)
isSecure = get_is_secure(properties)
diff --git a/ambari-server/src/test/python/TestAmbariServer.py
b/ambari-server/src/test/python/TestAmbariServer.py
index e7e8475..61bfeed 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -136,7 +136,7 @@ CURR_AMBARI_VERSION = "2.0.0"
@patch.object(platform, "linux_distribution", new =
MagicMock(return_value=('Redhat', '6.4', 'Final')))
@patch("ambari_server.dbConfiguration_linux.get_postgre_hba_dir", new =
MagicMock(return_value = "/var/lib/pgsql/data"))
@patch("ambari_server.dbConfiguration_linux.get_postgre_running_status", new =
MagicMock(return_value = "running"))
-class TestAmbariServer:#(TestCase):
+class TestAmbariServer(TestCase):
def setUp(self):
out = StringIO.StringIO()
sys.stdout = out
@@ -3171,7 +3171,7 @@ class TestAmbariServer:#(TestCase):
pass
@not_for_platform(PLATFORM_WINDOWS)
- @patch("subprocess.Popen")
+ @patch.object(subprocess32, "Popen")
def test_check_ambari_java_version_is_valid(self, popenMock):
# case 1: jdk7 is picked for stacks
properties = Properties()
@@ -7590,6 +7590,62 @@ class TestAmbariServer:#(TestCase):
sys.stdout = sys.__stdout__
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value =
os_distro_value))
+ @patch("urllib2.urlopen")
+ @patch("ambari_server.setupSecurity.get_YN_input")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_server_runing")
+ def test_setup_ldap_enforcement_cli_option(self, is_server_runing_method,
get_ambari_properties_method,
+ get_validated_string_input_method,
get_YN_input_method, urlopen_method):
+ out = StringIO.StringIO()
+ sys.stdout = out
+
+ is_server_runing_method.return_value = (True, 0)
+
+ def yn_input_side_effect(*args, **kwargs):
+ if 'do you wish to use LDAP instead' in args[0]:
+ raise Exception("ShouldNotBeInvoked") # should not be asked
+ else:
+ return False if 'TrustStore' in args[0] else True
+
+ get_YN_input_method.side_effect = yn_input_side_effect
+ get_ambari_properties_method.return_value = Properties()
+
+ def valid_input_side_effect(*args, **kwargs):
+ if 'lower-case' in args[0] or 'paginated' in args[0]:
+ return 'false'
+ if 'Bind anonymously' in args[0]:
+ return 'true'
+ if 'username collisions' in args[0]:
+ return 'skip'
+ if 'URL Port' in args[0]:
+ return '1'
+ if 'Ambari Admin' in args[0]:
+ return 'admin'
+ if 'Primary URL' in args[0]:
+ return kwargs['answer']
+ if args[1] == "true" or args[1] == "false":
+ return args[1]
+ else:
+ return "test"
+
+ get_validated_string_input_method.side_effect = valid_input_side_effect
+
+ response = MagicMock()
+ response.getcode.return_value = 200
+ urlopen_method.return_value = response
+
+ options = self._create_empty_options_mock()
+ options.ldap_force_setup = True
+
+ setup_ldap(options)
+
+ self.assertTrue(urlopen_method.called)
+
+ sys.stdout = sys.__stdout__
+ pass
+
@patch("urllib2.urlopen")
@patch("ambari_server.setupSecurity.get_validated_string_input")
@patch("ambari_server.setupSecurity.get_ambari_properties")
@@ -8674,6 +8730,7 @@ class TestAmbariServer:#(TestCase):
options.ldap_save_settings = None
options.ldap_referral = None
options.ldap_bind_anonym = None
+ options.ldap_force_setup = None
options.ambari_admin_username = None
options.ambari_admin_password = None
options.ldap_sync_admin_name = None
--
To stop receiving notification emails like this one, please contact
rle...@apache.org.
