Repository: ambari Updated Branches: refs/heads/branch-1.7.0 1bb602df6 -> 43d506ff4
AMBARI-7683. Upgrade: 1.6.1 fails to upgrade with LDAP configured w/o encrypt pwds. Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/43d506ff Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/43d506ff Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/43d506ff Branch: refs/heads/branch-1.7.0 Commit: 43d506ff4bec6bdde38a2b1e7feb6040bd0fce44 Parents: 1bb602d Author: Siddharth Wagle <swa...@hortonworks.com> Authored: Tue Oct 7 17:24:39 2014 -0700 Committer: Siddharth Wagle <swa...@hortonworks.com> Committed: Tue Oct 7 17:24:39 2014 -0700 ---------------------------------------------------------------------- .../server/configuration/Configuration.java | 4 +- ambari-server/src/main/python/ambari-server.py | 7 +- .../server/configuration/ConfigurationTest.java | 80 +++++++++++++++++--- 3 files changed, 79 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/43d506ff/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java index 53d61e7..315e1a6 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java @@ -802,7 +802,9 @@ public class Configuration { if (ldapPassword != null) { ldapServerProperties.setManagerPassword(ldapPassword); } else { - ldapServerProperties.setManagerPassword(readPasswordFromFile(ldapPasswordProperty, "")); + if (ldapPasswordProperty != null && new File(ldapPasswordProperty).exists()) { + ldapServerProperties.setManagerPassword(readPasswordFromFile(ldapPasswordProperty, "")); + } } ldapServerProperties.setBaseDN(properties.getProperty (LDAP_BASE_DN_KEY, LDAP_BASE_DN_DEFAULT)); http://git-wip-us.apache.org/repos/asf/ambari/blob/43d506ff/ambari-server/src/main/python/ambari-server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index bb2cf75..a4bca0e 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -242,6 +242,7 @@ LDAP_MGR_PASSWORD_ALIAS = "ambari.ldap.manager.password" LDAP_MGR_PASSWORD_PROPERTY = "authentication.ldap.managerPassword" LDAP_MGR_PASSWORD_FILENAME = "ldap-password.dat" LDAP_MGR_USERNAME_PROPERTY = "authentication.ldap.managerDn" +LDAP_PRIMARY_URL_PROPERTY = "authentication.ldap.primaryUrl" SSL_TRUSTSTORE_PASSWORD_ALIAS = "ambari.ssl.trustStore.password" SSL_TRUSTSTORE_PATH_PROPERTY = "ssl.trustStore.path" @@ -2924,6 +2925,10 @@ def upgrade(args): if os.path.lexists(jdbc_symlink): os.remove(jdbc_symlink) os.symlink(os.path.join(resources_dir,JDBC_DB_DEFAULT_DRIVER[db_name]), jdbc_symlink) + + # check if ambari has obsolete LDAP configuration + if properties.get_property(LDAP_PRIMARY_URL_PROPERTY) and not properties.get_property(IS_LDAP_CONFIGURED): + args.warnings.append("Existing LDAP configuration is detected. You must run the \"ambari-server setup-ldap\" command to adjust existing LDAP configuration.") # @@ -3190,7 +3195,7 @@ def setup_ldap(): properties = get_ambari_properties() isSecure = get_is_secure(properties) # python2.x dict is not ordered - ldap_property_list_reqd = ["authentication.ldap.primaryUrl", + ldap_property_list_reqd = [LDAP_PRIMARY_URL_PROPERTY, "authentication.ldap.secondaryUrl", "authentication.ldap.useSSL", "authentication.ldap.userObjectClass", http://git-wip-us.apache.org/repos/asf/ambari/blob/43d506ff/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java index 54154b1..207f1eb 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java @@ -36,6 +36,7 @@ import junit.framework.Assert; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.orm.InMemoryDefaultTestModule; +import org.apache.ambari.server.security.authorization.LdapServerProperties; import org.apache.commons.io.FileUtils; import org.apache.commons.lang.RandomStringUtils; import org.junit.After; @@ -124,11 +125,11 @@ public class ConfigurationTest { File passFile = File.createTempFile("https.pass.", "txt"); passFile.deleteOnExit(); - + String password = "pass12345"; - + FileUtils.writeStringToFile(passFile, password); - + Properties ambariProperties = new Properties(); ambariProperties.setProperty(Configuration.API_USE_SSL, "true"); ambariProperties.setProperty( @@ -137,14 +138,14 @@ public class ConfigurationTest { ambariProperties.setProperty( Configuration.CLIENT_API_SSL_CRT_PASS_FILE_NAME_KEY, passFile.getName()); - - + + String oneWayPort = RandomStringUtils.randomNumeric(4); String twoWayPort = RandomStringUtils.randomNumeric(4); - + ambariProperties.setProperty(Configuration.SRVR_TWO_WAY_SSL_PORT_KEY, twoWayPort.toString()); ambariProperties.setProperty(Configuration.SRVR_ONE_WAY_SSL_PORT_KEY, oneWayPort.toString()); - + Configuration conf = new Configuration(ambariProperties); Assert.assertTrue(conf.getApiSSLAuthentication()); @@ -234,7 +235,7 @@ public class ConfigurationTest { Assert.assertEquals("ambaritest", conf.getDatabasePassword()); } - + @Test public void testGetAmbariProperties() throws Exception { Properties ambariProperties = new Properties(); @@ -265,7 +266,7 @@ public class ConfigurationTest { public void testServerPoolSizes() { Properties ambariProperties = new Properties(); Configuration conf = new Configuration(ambariProperties); - + Assert.assertEquals(25, conf.getClientThreadPoolSize()); Assert.assertEquals(25, conf.getAgentThreadPoolSize()); @@ -282,7 +283,7 @@ public class ConfigurationTest { ambariProperties.setProperty("view.extraction.threadpool.timeout", "6000"); conf = new Configuration(ambariProperties); - + Assert.assertEquals(4, conf.getClientThreadPoolSize()); Assert.assertEquals(82, conf.getAgentThreadPoolSize()); @@ -290,4 +291,63 @@ public class ConfigurationTest { Assert.assertEquals(56, conf.getViewExtractionThreadPoolMaxSize()); Assert.assertEquals(6000L, conf.getViewExtractionThreadPoolTimeout()); } + + @Test + public void testGetLdapServerProperties_WrongManagerPassword() throws Exception { + final Properties ambariProperties = new Properties(); + ambariProperties.setProperty(Configuration.LDAP_MANAGER_PASSWORD_KEY, "somePassword"); + final Configuration configuration = new Configuration(ambariProperties); + + final LdapServerProperties ldapProperties = configuration.getLdapServerProperties(); + // if it's not a store alias and is not a file, it should be ignored + Assert.assertNull(ldapProperties.getManagerPassword()); + } + + @Test + public void testGetLdapServerProperties() throws Exception { + final Properties ambariProperties = new Properties(); + final Configuration configuration = new Configuration(ambariProperties); + + final File passwordFile = temp.newFile("ldap-password.dat"); + final FileOutputStream fos = new FileOutputStream(passwordFile); + fos.write("ambaritest\r\n".getBytes()); + fos.close(); + final String passwordFilePath = temp.getRoot().getAbsolutePath() + File.separator + "ldap-password.dat"; + + ambariProperties.setProperty(Configuration.LDAP_PRIMARY_URL_KEY, "1"); + ambariProperties.setProperty(Configuration.LDAP_SECONDARY_URL_KEY, "2"); + ambariProperties.setProperty(Configuration.LDAP_USE_SSL_KEY, "true"); + ambariProperties.setProperty(Configuration.LDAP_BIND_ANONYMOUSLY_KEY, "true"); + ambariProperties.setProperty(Configuration.LDAP_MANAGER_DN_KEY, "5"); + ambariProperties.setProperty(Configuration.LDAP_MANAGER_PASSWORD_KEY, passwordFilePath); + ambariProperties.setProperty(Configuration.LDAP_BASE_DN_KEY, "7"); + ambariProperties.setProperty(Configuration.LDAP_USERNAME_ATTRIBUTE_KEY, "8"); + ambariProperties.setProperty(Configuration.LDAP_USER_BASE_KEY, "9"); + ambariProperties.setProperty(Configuration.LDAP_USER_OBJECT_CLASS_KEY, "10"); + ambariProperties.setProperty(Configuration.LDAP_GROUP_BASE_KEY, "11"); + ambariProperties.setProperty(Configuration.LDAP_GROUP_OBJECT_CLASS_KEY, "12"); + ambariProperties.setProperty(Configuration.LDAP_GROUP_MEMEBERSHIP_ATTR_KEY, "13"); + ambariProperties.setProperty(Configuration.LDAP_GROUP_NAMING_ATTR_KEY, "14"); + ambariProperties.setProperty(Configuration.LDAP_ADMIN_GROUP_MAPPING_RULES_KEY, "15"); + ambariProperties.setProperty(Configuration.LDAP_GROUP_SEARCH_FILTER_KEY, "16"); + + final LdapServerProperties ldapProperties = configuration.getLdapServerProperties(); + + Assert.assertEquals("1", ldapProperties.getPrimaryUrl()); + Assert.assertEquals("2", ldapProperties.getSecondaryUrl()); + Assert.assertEquals(true, ldapProperties.isUseSsl()); + Assert.assertEquals(true, ldapProperties.isAnonymousBind()); + Assert.assertEquals("5", ldapProperties.getManagerDn()); + Assert.assertEquals("ambaritest", ldapProperties.getManagerPassword()); + Assert.assertEquals("7", ldapProperties.getBaseDN()); + Assert.assertEquals("8", ldapProperties.getUsernameAttribute()); + Assert.assertEquals("9", ldapProperties.getUserBase()); + Assert.assertEquals("10", ldapProperties.getUserObjectClass()); + Assert.assertEquals("11", ldapProperties.getGroupBase()); + Assert.assertEquals("12", ldapProperties.getGroupObjectClass()); + Assert.assertEquals("13", ldapProperties.getGroupMembershipAttr()); + Assert.assertEquals("14", ldapProperties.getGroupNamingAttr()); + Assert.assertEquals("15", ldapProperties.getAdminGroupMappingRules()); + Assert.assertEquals("16", ldapProperties.getGroupSearchFilter()); + } }