[ambari] branch trunk updated: AMBARI-24913. New LDAP related properties to indicate if Ambari should manage LDAP configuration for certain services (#2629)

Mon, 19 Nov 2018 06:55:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

smolnar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 153d5f9  AMBARI-24913. New LDAP related properties to indicate if 
Ambari should manage LDAP configuration for certain services (#2629)
153d5f9 is described below

commit 153d5f96cf1c1c68084d308bb98314b3d5231153
Author: Sandor Molnar <smol...@apache.org>
AuthorDate: Mon Nov 19 15:54:41 2018 +0100

    AMBARI-24913. New LDAP related properties to indicate if Ambari should 
manage LDAP configuration for certain services (#2629)
---
 .../AmbariServerConfigurationKey.java              |   3 +
 .../AmbariServerLDAPConfigurationHandler.java      |   2 +-
 .../ldap/domain/AmbariLdapConfiguration.java       |   8 ++
 .../ambari/server/upgrade/UpgradeCatalog270.java   |   8 ++
 .../main/resources/stacks/ambari_configuration.py  |  59 ++++++++++++
 .../server/upgrade/UpgradeCatalog270Test.java      |   3 +
 .../src/test/python/TestAmbariConfiguration.py     | 104 +++++++++++++++++++++
 7 files changed, 186 insertions(+), 1 deletion(-)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
index 8599a0d0..05caa75 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/AmbariServerConfigurationKey.java
@@ -25,6 +25,9 @@ public enum AmbariServerConfigurationKey {
   /* ********************************************************
    * LDAP Configuration Keys
    * ******************************************************** */
+  
AMBARI_MANAGES_LDAP_CONFIGURATION(AmbariServerConfigurationCategory.LDAP_CONFIGURATION,
 "ambari.ldap.manage_services", PLAINTEXT, "false", "A Boolean value indicating 
whether Ambari is to manage the LDAP configuration for services or not."),
+  LDAP_ENABLED_SERVICES(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, 
"ambari.ldap.enabled_services", PLAINTEXT, null, "A comma-delimited list of 
services that are expected to be configured for LDAP.  A \"*\" indicates all 
services."),
+
   LDAP_ENABLED(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, 
"ambari.ldap.authentication.enabled", PLAINTEXT, "false", "An internal property 
used for unit testing and development purposes."),
   SERVER_HOST(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, 
"ambari.ldap.connectivity.server.host", PLAINTEXT, "localhost", "The LDAP URL 
host used for connecting to an LDAP server when authenticating users."),
   SERVER_PORT(AmbariServerConfigurationCategory.LDAP_CONFIGURATION, 
"ambari.ldap.connectivity.server.port", PLAINTEXT, "33389", "The LDAP URL port 
used for connecting to an LDAP server when authenticating users."),
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java
index f08c1de..2cc79b2 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariServerLDAPConfigurationHandler.java
@@ -66,7 +66,7 @@ public class AmbariServerLDAPConfigurationHandler extends 
AmbariServerStackAdvis
   public void updateComponentCategory(String categoryName, Map<String, String> 
properties, boolean removePropertiesIfNotSpecified) throws AmbariException {
     super.updateComponentCategory(categoryName, properties, 
removePropertiesIfNotSpecified);
     final AmbariLdapConfiguration ldapConfiguration = new 
AmbariLdapConfiguration(getConfigurationProperties(AmbariServerConfigurationCategory.LDAP_CONFIGURATION.getCategoryName()));
-    if (ldapConfiguration.ldapEnabled()) {
+    if (ldapConfiguration.isAmbariManagesLdapConfiguration()) {
       processClusters(LDAP_CONFIGURATIONS);
     }
   }
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
index c55f337..0647138 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/ldap/domain/AmbariLdapConfiguration.java
@@ -71,6 +71,14 @@ public class AmbariLdapConfiguration {
     this.configurationMap = configuration;
   }
 
+  public boolean isAmbariManagesLdapConfiguration() {
+    return 
Boolean.valueOf(configValue(AmbariServerConfigurationKey.AMBARI_MANAGES_LDAP_CONFIGURATION));
+  }
+
+  public String getLdapEnabledServices() {
+    return configValue(AmbariServerConfigurationKey.LDAP_ENABLED_SERVICES);
+  }
+
   public boolean ldapEnabled() {
     return 
Boolean.valueOf(configValue(AmbariServerConfigurationKey.LDAP_ENABLED));
   }
diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
index 43a3d5f..6ba4ce2 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
@@ -1683,6 +1683,14 @@ public class UpgradeCatalog270 extends 
AbstractUpgradeCatalog {
             populateConfigurationToBeMoved(propertiesToBeMoved, null, 
AmbariServerConfigurationKey.SSO_MANAGE_SERVICES, "true");
             populateConfigurationToBeMoved(propertiesToBeMoved, null, 
AmbariServerConfigurationKey.SSO_ENABLED_SERVICES, "AMBARI");
           }
+        } else if (AmbariServerConfigurationKey.LDAP_ENABLED == key) {
+          populateConfigurationToBeMoved(propertiesToBeMoved, oldPropertyName, 
key, propertyValue);
+
+          if ("true".equalsIgnoreCase(propertyValue)) {
+            // Add the new properties to tell Ambari that LDAP is enabled:
+            populateConfigurationToBeMoved(propertiesToBeMoved, null, 
AmbariServerConfigurationKey.AMBARI_MANAGES_LDAP_CONFIGURATION, "true");
+            populateConfigurationToBeMoved(propertiesToBeMoved, null, 
AmbariServerConfigurationKey.LDAP_ENABLED_SERVICES, "AMBARI");
+          }
         } else {
           populateConfigurationToBeMoved(propertiesToBeMoved, oldPropertyName, 
key, propertyValue);
         }
diff --git a/ambari-server/src/main/resources/stacks/ambari_configuration.py 
b/ambari-server/src/main/resources/stacks/ambari_configuration.py
index 9104c32..ece7387 100644
--- a/ambari-server/src/main/resources/stacks/ambari_configuration.py
+++ b/ambari-server/src/main/resources/stacks/ambari_configuration.py
@@ -487,3 +487,62 @@ class AmbariLDAPConfiguration:
     :return: How to handle username collision while updating from LDAP or None 
if ldap-configuration/ambari.ldap.advanced.collision_behavior is not specified
     '''
     return _get_from_dictionary(self.ldap_properties, 
'ambari.ldap.advanced.collision_behavior')
+
+  def is_managing_services(self):
+    """
+    Tests the configuration data to determine if Ambari should be configuring 
services to enable LDAP integration.
+
+    The relevant property is "ldap-configuration/ambari.ldap.manage_services", 
which is expected
+    to be a "true" or "false".
+
+    :return: True, if Ambari should manage services' LDAP configurations
+    """
+    return "true" == _get_from_dictionary(self.ldap_properties, 
"ambari.ldap.manage_services")
+
+  def get_services_to_enable(self):
+    """
+    Safely gets the list of services that Ambari should enabled for LDAP.
+
+    The returned value is a list of the relevant service names converted to 
lowercase.
+
+    :return: a list of service names converted to lowercase
+    """
+    ldap_enabled_services = _get_from_dictionary(self.ldap_properties, 
"ambari.ldap.enabled_services")
+
+    return [x.strip().lower() for x in 
ldap_enabled_services.strip().split(",")] \
+      if ldap_enabled_services \
+      else []
+
+  def should_enable_ldap(self, service_name):
+    """
+    Tests the configuration data to determine if the specified service should 
be configured by
+    Ambari to enable LDAP integration.
+
+    The relevant property is 
"ldap-configuration/ambari.ldap.enabled_services", which is expected
+    to be a comma-delimited list of services to be enabled or '*' indicating 
ALL installed services.
+
+    :param service_name: the name of the service to test
+    :return: True, if LDAP should be enabled; False, otherwise
+    """
+    if self.is_managing_services():
+      services_to_enable = self.get_services_to_enable()
+      return "*" in services_to_enable or service_name.lower() in 
services_to_enable
+    else:
+      return False
+
+  def should_disable_ldap(self, service_name):
+    """
+    Tests the configuration data to determine if the specified service should 
be configured by
+    Ambari to disable LDAP integration.
+
+    The relevant property is 
"ldap-configuration/ambari.ldap.enabled_services", which is expected
+    to be a comma-delimited list of services to be enabled or '*' indicating 
ALL installed services.
+
+    :param service_name: the name of the service to test
+    :return: True, if LDAP should be disabled; False, otherwise
+    """
+    if self.is_managing_services():
+      services_to_enable = self.get_services_to_enable()
+      return "*" not in services_to_enable and service_name.lower() not in 
services_to_enable
+    else:
+      return False
diff --git 
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
 
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
index 6fa317b..d83b99b 100644
--- 
a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
+++ 
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
@@ -1267,6 +1267,9 @@ public class UpgradeCatalog270Test {
     expect(entityManager.find(anyObject(), 
anyObject())).andReturn(null).anyTimes();
     final Map<String, String> properties = new HashMap<>();
     properties.put(AmbariServerConfigurationKey.LDAP_ENABLED.key(), "true");
+    
properties.put(AmbariServerConfigurationKey.AMBARI_MANAGES_LDAP_CONFIGURATION.key(),
 "true");
+    properties.put(AmbariServerConfigurationKey.LDAP_ENABLED_SERVICES.key(), 
"AMBARI");
+
     
expect(ambariConfigurationDao.reconcileCategory(AmbariServerConfigurationCategory.LDAP_CONFIGURATION.getCategoryName(),
 properties, false)).andReturn(true).once();
     replay(entityManager, ambariConfigurationDao);
 
diff --git a/ambari-server/src/test/python/TestAmbariConfiguration.py 
b/ambari-server/src/test/python/TestAmbariConfiguration.py
index 58062e1..fd2bc7b 100644
--- a/ambari-server/src/test/python/TestAmbariConfiguration.py
+++ b/ambari-server/src/test/python/TestAmbariConfiguration.py
@@ -404,3 +404,107 @@ class TestAmbariConfiguration(TestCase):
     
self.assertTrue(ambari_ldap_details.is_ldap_alternate_user_search_enabled())
     self.assertEquals(ambari_ldap_details.get_alternate_user_search_filter(), 
"alternate_user_search_filter")
     
self.assertEquals(ambari_ldap_details.get_sync_collision_handling_behavior(), 
"collision_behavior")
+
+  def testAmbariNotMangingLdapConfiguration(self):
+    ## Case 1: missing the boolean flag indicating that Ambari manages LDAP 
configuration
+    services_json = {
+      "ambari-server-configuration": {
+        "ldap-configuration": {
+          "ambari.ldap.enabled_services": "AMBARI"
+        }
+      }
+    }
+
+    ambari_configuration = self.ambari_configuration_class(services_json)
+    self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+    ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+    self.assertIsNotNone(ambari_ldap_details)
+    self.assertFalse(ambari_ldap_details.is_managing_services())
+    self.assertFalse(ambari_ldap_details.should_enable_ldap("AMBARI"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+
+    ## Case 2: setting the boolean flag to false indicating that Ambari shall 
NOT manage LDAP configuration
+    services_json = {
+      "ambari-server-configuration": {
+        "ldap-configuration": {
+          "ambari.ldap.manage_services": "false",
+          "ambari.ldap.enabled_services": "AMBARI, RANGER"
+        }
+      }
+    }
+
+    ambari_configuration = self.ambari_configuration_class(services_json)
+    self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+    ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+    self.assertIsNotNone(ambari_ldap_details)
+    self.assertFalse(ambari_ldap_details.is_managing_services())
+    self.assertFalse(ambari_ldap_details.should_enable_ldap("AMBARI"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+    self.assertFalse(ambari_ldap_details.should_enable_ldap("RANGER"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("RANGER"))
+
+    ## Case 3: setting the boolean flag to false indicating that Ambari shall 
NOT manage LDAP configuration and indicating it should be done for ALL services
+    services_json = {
+      "ambari-server-configuration": {
+        "ldap-configuration": {
+          "ambari.ldap.manage_services": "false",
+          "ambari.ldap.enabled_services": "*"
+        }
+      }
+    }
+
+    ambari_configuration = self.ambari_configuration_class(services_json)
+    self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+    ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+    self.assertIsNotNone(ambari_ldap_details)
+    self.assertFalse(ambari_ldap_details.is_managing_services())
+    self.assertFalse(ambari_ldap_details.should_enable_ldap("AMBARI"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+    self.assertFalse(ambari_ldap_details.should_enable_ldap("RANGER"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("RANGER"))
+
+  def testAmbariMangingLdapConfiguration(self):
+    ## Case 1: setting the boolean flag to false indicating that Ambari shall 
manage LDAP configuration for AMBARI and RANGER
+    services_json = {
+      "ambari-server-configuration": {
+        "ldap-configuration": {
+          "ambari.ldap.manage_services": "true",
+          "ambari.ldap.enabled_services": "AMBARI, RANGER"
+        }
+      }
+    }
+
+    ambari_configuration = self.ambari_configuration_class(services_json)
+    self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+    ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+    self.assertIsNotNone(ambari_ldap_details)
+    self.assertTrue(ambari_ldap_details.is_managing_services())
+    self.assertTrue(ambari_ldap_details.should_enable_ldap("AMBARI"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+    self.assertTrue(ambari_ldap_details.should_enable_ldap("RANGER"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("RANGER"))
+
+    ## Case 2: setting the boolean flag to false indicating that Ambari shall 
manage LDAP configuration for ALL services
+    services_json = {
+      "ambari-server-configuration": {
+        "ldap-configuration": {
+          "ambari.ldap.manage_services": "true",
+          "ambari.ldap.enabled_services": "*"
+        }
+      }
+    }
+
+    ambari_configuration = self.ambari_configuration_class(services_json)
+    self.assertIsNotNone(ambari_configuration.get_ambari_ldap_configuration())
+
+    ambari_ldap_details = ambari_configuration.get_ambari_ldap_details()
+    self.assertIsNotNone(ambari_ldap_details)
+    self.assertTrue(ambari_ldap_details.is_managing_services())
+    self.assertTrue(ambari_ldap_details.should_enable_ldap("AMBARI"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("AMBARI"))
+    self.assertTrue(ambari_ldap_details.should_enable_ldap("HDFS"))
+    self.assertFalse(ambari_ldap_details.should_disable_ldap("HDFS"))

Reply via email to