Repository: ambari Updated Branches: refs/heads/trunk 9260d4ee5 -> 3985154fe
AMBARI-9261. Ensure enable/disable Kerberos logic should invoke only when state of security flag is changed (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3985154f Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3985154f Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3985154f Branch: refs/heads/trunk Commit: 3985154fe7dab84276976b6761fa9442ee991fc1 Parents: 9260d4e Author: Robert Levas <rle...@hortonworks.com> Authored: Thu Jan 22 19:53:54 2015 -0500 Committer: Robert Levas <rle...@hortonworks.com> Committed: Thu Jan 22 19:54:08 2015 -0500 ---------------------------------------------------------------------- .../AmbariManagementControllerImpl.java | 50 +++++++++++++++++--- .../AmbariManagementControllerImplTest.java | 44 ++++++++++++++++- .../AmbariManagementControllerTest.java | 6 +-- 3 files changed, 89 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/3985154f/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java index dd18e8d..106c1dd 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java @@ -1196,6 +1196,40 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle cluster.setClusterName(request.getClusterName()); } + // ---------------------- + // Check to see if the security state is being changed... if so, attempt to enable or disable + // Kerberos + boolean toggleKerberos = false; + + String desiredSecurityState = null; + List<ConfigurationRequest> desiredConfig = request.getDesiredConfig(); + if (desiredConfig != null) { + for (ConfigurationRequest configurationRequest : desiredConfig) { + if ("cluster-env".equals(configurationRequest.getType())) { + Map<String, String> properties = configurationRequest.getProperties(); + + if ((properties == null) || properties.isEmpty()) { + Config configClusterEnv = cluster.getConfig(configurationRequest.getType(), configurationRequest.getVersionTag()); + if (configClusterEnv != null) { + properties = configClusterEnv.getProperties(); + } + } + + desiredSecurityState = (properties == null) ? null : properties.get("security_enabled"); + } + } + } + + if(desiredSecurityState != null) { + Config configClusterEnv = cluster.getDesiredConfigByType("cluster-env"); + Map<String, String> clusterEnvProperties = (configClusterEnv == null) ? null : configClusterEnv.getProperties(); + if (clusterEnvProperties != null) { + toggleKerberos = !desiredSecurityState.equals(clusterEnvProperties.get("security_enabled")); + } + } + // ---------------------- + + // set or create configuration mapping (and optionally create the map of properties) if (null != request.getDesiredConfig()) { Set<Config> configs = new HashSet<Config>(); @@ -1326,13 +1360,15 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle } RequestStageContainer requestStageContainer = null; - Map<String, Service> services = cluster.getServices(); - if ((services != null) && services.containsKey("KERBEROS")) { - // Handle either adding or removing Kerberos from the cluster. This may generate multiple stages - // or not depending the current state of the cluster. The main configuration used to determine - // whether Kerberos is to be added or removed is cluster-config/security_enabled. - requestStageContainer = kerberosHelper.toggleKerberos(cluster, - request.getKerberosDescriptor(), null); + if(toggleKerberos) { + Map<String, Service> services = cluster.getServices(); + if ((services != null) && services.containsKey("KERBEROS")) { + // Handle either adding or removing Kerberos from the cluster. This may generate multiple stages + // or not depending the current state of the cluster. The main configuration used to determine + // whether Kerberos is to be added or removed is cluster-config/security_enabled. + requestStageContainer = kerberosHelper.toggleKerberos(cluster, + request.getKerberosDescriptor(), null); + } } if (requestStageContainer != null) { http://git-wip-us.apache.org/repos/asf/ambari/blob/3985154f/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java index e713d7f..b5bc4d0 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java @@ -507,11 +507,12 @@ public class AmbariManagementControllerImplTest { // requests Set<ClusterRequest> setRequests = Collections.singleton(clusterRequest); + KerberosHelper kerberosHelper = createStrictMock(KerberosHelper.class); // expectations injector.injectMembers(capture(controllerCapture)); expect(injector.getInstance(Gson.class)).andReturn(null); expect(injector.getInstance(MaintenanceStateHelper.class)).andReturn(null); - expect(injector.getInstance(KerberosHelper.class)).andReturn(createNiceMock(KerberosHelper.class)); + expect(injector.getInstance(KerberosHelper.class)).andReturn(kerberosHelper); expect(clusterRequest.getClusterName()).andReturn("clusterNew").times(4); expect(clusterRequest.getClusterId()).andReturn(1L).times(6); expect(clusters.getClusterById(1L)).andReturn(cluster).times(2); @@ -536,6 +537,47 @@ public class AmbariManagementControllerImplTest { } /** + * Ensure that when the cluster is updated KerberosHandler.toggleKerberos is not invoked unless + * the security state is altered + */ + @Test + public void testUpdateClustersToggleKerberosNotInvoked() throws Exception { + // member state mocks + Capture<AmbariManagementController> controllerCapture = new Capture<AmbariManagementController>(); + Injector injector = createStrictMock(Injector.class); + Cluster cluster = createNiceMock(Cluster.class); + ActionManager actionManager = createNiceMock(ActionManager.class); + ClusterRequest clusterRequest = createNiceMock(ClusterRequest.class); + + // requests + Set<ClusterRequest> setRequests = Collections.singleton(clusterRequest); + + KerberosHelper kerberosHelper = createStrictMock(KerberosHelper.class); + // expectations + injector.injectMembers(capture(controllerCapture)); + expect(injector.getInstance(Gson.class)).andReturn(null); + expect(injector.getInstance(MaintenanceStateHelper.class)).andReturn(null); + expect(injector.getInstance(KerberosHelper.class)).andReturn(kerberosHelper); + expect(clusterRequest.getClusterId()).andReturn(1L).times(6); + expect(clusters.getClusterById(1L)).andReturn(cluster).times(2); + expect(cluster.getClusterName()).andReturn("cluster").times(2); + + cluster.addSessionAttributes(anyObject(Map.class)); + expectLastCall().once(); + + // replay mocks + replay(actionManager, cluster, clusters, injector, clusterRequest, sessionManager); + + // test + AmbariManagementController controller = new AmbariManagementControllerImpl(actionManager, clusters, injector); + controller.updateClusters(setRequests, null); + + // assert and verify + assertSame(controller, controllerCapture.getValue()); + verify(actionManager, cluster, clusters, injector, clusterRequest, sessionManager); + } + + /** * Ensure that RollbackException is thrown outside the updateClusters method * when a unique constraint violation occurs. */ http://git-wip-us.apache.org/repos/asf/ambari/blob/3985154f/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java index 805b498..f6c34f2 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java @@ -9369,7 +9369,7 @@ public class AmbariManagementControllerTest { injector.injectMembers(capture(controllerCapture)); expect(injector.getInstance(Gson.class)).andReturn(null); expect(injector.getInstance(MaintenanceStateHelper.class)).andReturn(maintHelper); - expect(injector.getInstance(KerberosHelper.class)).andReturn(createNiceMock(KerberosHelper.class)); + expect(injector.getInstance(KerberosHelper.class)).andReturn(createStrictMock(KerberosHelper.class)); // getServices expect(clusters.getCluster("cluster1")).andReturn(cluster); @@ -9413,7 +9413,7 @@ public class AmbariManagementControllerTest { injector.injectMembers(capture(controllerCapture)); expect(injector.getInstance(Gson.class)).andReturn(null); expect(injector.getInstance(MaintenanceStateHelper.class)).andReturn(maintHelper); - expect(injector.getInstance(KerberosHelper.class)).andReturn(createNiceMock(KerberosHelper.class)); + expect(injector.getInstance(KerberosHelper.class)).andReturn(createStrictMock(KerberosHelper.class)); // getServices expect(clusters.getCluster("cluster1")).andReturn(cluster); @@ -9472,7 +9472,7 @@ public class AmbariManagementControllerTest { injector.injectMembers(capture(controllerCapture)); expect(injector.getInstance(Gson.class)).andReturn(null); expect(injector.getInstance(MaintenanceStateHelper.class)).andReturn(maintHelper); - expect(injector.getInstance(KerberosHelper.class)).andReturn(createNiceMock(KerberosHelper.class)); + expect(injector.getInstance(KerberosHelper.class)).andReturn(createStrictMock(KerberosHelper.class)); // getServices expect(clusters.getCluster("cluster1")).andReturn(cluster).times(4);