http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/EnableKerberosPluginSolrZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/EnableKerberosPluginSolrZkCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/EnableKerberosPluginSolrZkCommand.java deleted file mode 100644 index 793addd..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/EnableKerberosPluginSolrZkCommand.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.commons.io.FileUtils; -import org.apache.commons.lang.StringUtils; -import org.apache.solr.common.cloud.SolrZkClient; -import org.apache.solr.common.cloud.SolrZooKeeper; -import org.apache.zookeeper.CreateMode; - -import java.io.File; -import java.io.IOException; -import java.nio.charset.StandardCharsets; - -public class EnableKerberosPluginSolrZkCommand extends AbstractZookeeperRetryCommand<String> { - - private static final String SECURITY_JSON = "/security.json"; - private static final String UNSECURE_CONTENT = "{}"; - - public EnableKerberosPluginSolrZkCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - protected String executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { - String result = ""; - String filePath = client.getZnode() + SECURITY_JSON; - String fileContent = getFileContentFromZnode(zkClient, filePath); - String securityContent = getFileContent(client.getSecurityJsonLocation()); - if (client.isSecure()) { - if (!fileContent.equals(securityContent)) { - putFileContent(zkClient, filePath, securityContent); - } - result = securityContent; - } else { - if (!fileContent.equals(UNSECURE_CONTENT)) { - putFileContent(zkClient, filePath, UNSECURE_CONTENT); - } - result = UNSECURE_CONTENT; - } - return result; - } - - private void putFileContent(SolrZkClient zkClient, String fileName, String content) throws Exception { - if (zkClient.exists(fileName, true)) { - zkClient.setData(fileName, content.getBytes(StandardCharsets.UTF_8), true); - } else { - zkClient.create(fileName, content.getBytes(StandardCharsets.UTF_8), CreateMode.PERSISTENT, true); - } - } - - private String getFileContentFromZnode(SolrZkClient zkClient, String fileName) throws Exception { - String result; - if (zkClient.exists(fileName, true)) { - byte[] data = zkClient.getData(fileName, null, null, true); - result = new String(data, StandardCharsets.UTF_8); - } else { - result = UNSECURE_CONTENT; - } - return result; - } - - private String getFileContent(String fileLocation) throws IOException { - File securityJson = new File(fileLocation); - if (StringUtils.isNotEmpty(fileLocation) && securityJson.exists()) { - return FileUtils.readFileToString(securityJson); - } else { - return UNSECURE_CONTENT; - } - } -}
http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetShardsCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetShardsCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetShardsCommand.java deleted file mode 100644 index e49bfec..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetShardsCommand.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.solr.common.cloud.Slice; -import org.apache.solr.common.cloud.ZkStateReader; - -import java.util.Collection; - -public class GetShardsCommand extends AbstractRetryCommand<Collection<Slice>> { - - public GetShardsCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - public Collection<Slice> createAndProcessRequest(AmbariSolrCloudClient solrCloudClient) throws Exception { - ZkStateReader zkReader = new ZkStateReader(solrCloudClient.getSolrZkClient()); - zkReader.createClusterStateWatchersAndUpdate(); - return zkReader.getClusterState().getSlices(solrCloudClient.getCollection()); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetSolrHostsCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetSolrHostsCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetSolrHostsCommand.java deleted file mode 100644 index 5a14a44..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetSolrHostsCommand.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.zookeeper.ZooKeeper; - -import java.net.InetAddress; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -public class GetSolrHostsCommand extends AbstractRetryCommand<Collection<String>> { - - public GetSolrHostsCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - public Collection<String> createAndProcessRequest(AmbariSolrCloudClient solrCloudClient) throws Exception { - List<String> solrHosts = new ArrayList<>(); - - ZooKeeper zk = new ZooKeeper(solrCloudClient.getZkConnectString(), 10000, null); - List<String> ids = zk.getChildren("/live_nodes", false); - for (String id : ids) { - if (id.endsWith("_solr")) { - String hostAndPort = id.substring(0, id.length() - 5); - String[] tokens = hostAndPort.split(":"); - String host = InetAddress.getByName(tokens[0]).getHostName(); - - solrHosts.add(host); - } - } - - return solrHosts; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetStateFileZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetStateFileZkCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetStateFileZkCommand.java deleted file mode 100644 index 10a8daa..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/GetStateFileZkCommand.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.ambari.infra.solr.domain.AmbariSolrState; -import org.apache.solr.common.cloud.SolrZkClient; -import org.apache.solr.common.cloud.SolrZooKeeper; - -public class GetStateFileZkCommand extends AbstractStateFileZkCommand { - private String unsecureZnode; - - public GetStateFileZkCommand(int maxRetries, int interval, String unsecureZnode) { - super(maxRetries, interval); - this.unsecureZnode = unsecureZnode; - } - - @Override - protected AmbariSolrState executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { - AmbariSolrState result = AmbariSolrState.UNSECURE; - String stateFile = String.format("%s/%s", unsecureZnode, AbstractStateFileZkCommand.STATE_FILE); - if (zkClient.exists(stateFile, true)) { - result = getStateFromJson(client, stateFile); - } - return result; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/ListCollectionCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/ListCollectionCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/ListCollectionCommand.java deleted file mode 100644 index 41094c7..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/ListCollectionCommand.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.solr.client.solrj.request.CollectionAdminRequest; -import org.apache.solr.client.solrj.response.CollectionAdminResponse; - -import java.util.List; - -public class ListCollectionCommand extends AbstractSolrRetryCommand<CollectionAdminRequest.List, List<String>> { - - public ListCollectionCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - public List<String> handleResponse(CollectionAdminResponse response, AmbariSolrCloudClient client) throws Exception { - List<String> allCollectionList = (List<String>) response - .getResponse().get("collections"); - return allCollectionList; - } - - @Override - public CollectionAdminRequest.List createRequest(AmbariSolrCloudClient client) { - return new CollectionAdminRequest.List(); - } - - @Override - public String errorMessage(AmbariSolrCloudClient client) { - return "Cannot get collections."; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureSolrZNodeZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureSolrZNodeZkCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureSolrZNodeZkCommand.java deleted file mode 100644 index 6958623..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureSolrZNodeZkCommand.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.ambari.infra.solr.util.AclUtils; -import org.apache.commons.lang.StringUtils; -import org.apache.solr.common.cloud.SolrZkClient; -import org.apache.solr.common.cloud.SolrZooKeeper; -import org.apache.zookeeper.KeeperException; -import org.apache.zookeeper.ZooDefs; -import org.apache.zookeeper.data.ACL; -import org.apache.zookeeper.data.Id; -import org.apache.zookeeper.data.Stat; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -public class SecureSolrZNodeZkCommand extends AbstractZookeeperRetryCommand<Boolean> { - - private static final Logger LOG = LoggerFactory.getLogger(SecureSolrZNodeZkCommand.class); - - public SecureSolrZNodeZkCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - protected Boolean executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { - String zNode = client.getZnode(); - List<ACL> newAclList = new ArrayList<>(); - List<ACL> saslUserList = AclUtils.createAclListFromSaslUsers(client.getSaslUsers().split(",")); - newAclList.addAll(saslUserList); - newAclList.add(new ACL(ZooDefs.Perms.READ, new Id("world", "anyone"))); - - String configsPath = String.format("%s/%s", zNode, "configs"); - String collectionsPath = String.format("%s/%s", zNode, "collections"); - String aliasesPath = String.format("%s/%s", zNode, "aliases.json"); // TODO: protect this later somehow - List<String> excludePaths = Arrays.asList(configsPath, collectionsPath, aliasesPath); - - createZnodeIfNeeded(configsPath, client.getSolrZkClient()); - createZnodeIfNeeded(collectionsPath, client.getSolrZkClient()); - - AclUtils.setRecursivelyOn(client.getSolrZkClient().getSolrZooKeeper(), zNode, newAclList, excludePaths); - - List<ACL> commonConfigAcls = new ArrayList<>(); - commonConfigAcls.addAll(saslUserList); - commonConfigAcls.add(new ACL(ZooDefs.Perms.READ | ZooDefs.Perms.CREATE, new Id("world", "anyone"))); - - LOG.info("Set sasl users for znode '{}' : {}", client.getZnode(), StringUtils.join(saslUserList, ",")); - LOG.info("Skip {}/configs and {}/collections", client.getZnode(), client.getZnode()); - solrZooKeeper.setACL(configsPath, AclUtils.mergeAcls(solrZooKeeper.getACL(configsPath, new Stat()), commonConfigAcls), -1); - solrZooKeeper.setACL(collectionsPath, AclUtils.mergeAcls(solrZooKeeper.getACL(collectionsPath, new Stat()), commonConfigAcls), -1); - - LOG.info("Set world:anyone to 'cr' on {}/configs and {}/collections", client.getZnode(), client.getZnode()); - AclUtils.setRecursivelyOn(solrZooKeeper, configsPath, saslUserList); - AclUtils.setRecursivelyOn(solrZooKeeper, collectionsPath, saslUserList); - - return true; - } - - private void createZnodeIfNeeded(String configsPath, SolrZkClient zkClient) throws KeeperException, InterruptedException { - if (!zkClient.exists(configsPath, true)) { - LOG.info("'{}' does not exist. Creating it ...", configsPath); - zkClient.makePath(configsPath, true); - } - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureZNodeZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureZNodeZkCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureZNodeZkCommand.java deleted file mode 100644 index a96dc5d..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureZNodeZkCommand.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.ambari.infra.solr.util.AclUtils; -import org.apache.solr.common.cloud.SolrZkClient; -import org.apache.solr.common.cloud.SolrZooKeeper; -import org.apache.zookeeper.ZooDefs; -import org.apache.zookeeper.data.ACL; -import org.apache.zookeeper.data.Id; - -import java.util.ArrayList; -import java.util.List; - -public class SecureZNodeZkCommand extends AbstractZookeeperRetryCommand<Boolean> { - - public SecureZNodeZkCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - protected Boolean executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { - String zNode = client.getZnode(); - List<ACL> newAclList = new ArrayList<>(); - List<ACL> saslUserList = AclUtils.createAclListFromSaslUsers(client.getSaslUsers().split(",")); - newAclList.addAll(saslUserList); - newAclList.add(new ACL(ZooDefs.Perms.READ, new Id("world", "anyone"))); - AclUtils.setRecursivelyOn(client.getSolrZkClient().getSolrZooKeeper(), zNode, newAclList); - return true; - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SetClusterPropertyZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SetClusterPropertyZkCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SetClusterPropertyZkCommand.java deleted file mode 100644 index 34597c6..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SetClusterPropertyZkCommand.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.solr.common.cloud.SolrZkClient; -import org.apache.solr.common.cloud.SolrZooKeeper; -import org.apache.solr.common.cloud.ZkStateReader; - -public class SetClusterPropertyZkCommand extends AbstractZookeeperRetryCommand<String>{ - - public SetClusterPropertyZkCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - protected String executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { - String propertyName = client.getPropName(); - String propertyValue = client.getPropValue(); - ZkStateReader reader = new ZkStateReader(zkClient); - reader.setClusterProperty(propertyName, propertyValue); - return propertyValue; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UpdateStateFileZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UpdateStateFileZkCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UpdateStateFileZkCommand.java deleted file mode 100644 index 2b360fb..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UpdateStateFileZkCommand.java +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.ambari.infra.solr.domain.AmbariSolrState; -import org.apache.solr.common.cloud.SolrZkClient; -import org.apache.solr.common.cloud.SolrZooKeeper; -import org.apache.zookeeper.CreateMode; -import org.codehaus.jackson.map.ObjectMapper; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.nio.charset.StandardCharsets; -import java.util.HashMap; -import java.util.Map; - -public class UpdateStateFileZkCommand extends AbstractStateFileZkCommand { - - private static final Logger LOG = LoggerFactory.getLogger(UpdateStateFileZkCommand.class); - - private String unsecureZnode; - - public UpdateStateFileZkCommand(int maxRetries, int interval, String unsecureZnode) { - super(maxRetries, interval); - this.unsecureZnode = unsecureZnode; - } - - @Override - protected AmbariSolrState executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { - boolean secure = client.isSecure(); - String stateFile = String.format("%s/%s", unsecureZnode, AbstractStateFileZkCommand.STATE_FILE); - AmbariSolrState result = null; - if (secure) { - LOG.info("Update state file in secure mode."); - updateStateFile(client, zkClient, AmbariSolrState.SECURE, stateFile); - result = AmbariSolrState.SECURE; - } else { - LOG.info("Update state file in unsecure mode."); - updateStateFile(client, zkClient, AmbariSolrState.UNSECURE, stateFile); - result = AmbariSolrState.UNSECURE; - } - return result; - } - - private void updateStateFile(AmbariSolrCloudClient client, SolrZkClient zkClient, AmbariSolrState stateToUpdate, - String stateFile) throws Exception { - if (!zkClient.exists(stateFile, true)) { - LOG.info("State file does not exits. Initializing it as '{}'", stateToUpdate); - zkClient.create(stateFile, createStateJson(stateToUpdate).getBytes(StandardCharsets.UTF_8), - CreateMode.PERSISTENT, true); - } else { - AmbariSolrState stateOnSecure = getStateFromJson(client, stateFile); - if (stateToUpdate.equals(stateOnSecure)) { - LOG.info("State file is in '{}' mode. No update.", stateOnSecure); - } else { - LOG.info("State file is in '{}' mode. Updating it to '{}'", stateOnSecure, stateToUpdate); - zkClient.setData(stateFile, createStateJson(stateToUpdate).getBytes(StandardCharsets.UTF_8), true); - } - } - } - - private String createStateJson(AmbariSolrState state) throws Exception { - Map<String, String> secStateMap = new HashMap<>(); - secStateMap.put(AbstractStateFileZkCommand.STATE_FIELD, state.toString()); - return new ObjectMapper().writeValueAsString(secStateMap); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UploadConfigZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UploadConfigZkCommand.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UploadConfigZkCommand.java deleted file mode 100644 index fc7482d..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UploadConfigZkCommand.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.commands; - -import org.apache.ambari.infra.solr.AmbariSolrCloudClient; -import org.apache.solr.common.cloud.ZkConfigManager; - -import java.io.IOException; -import java.nio.file.Path; -import java.nio.file.Paths; - -public class UploadConfigZkCommand extends AbstractZookeeperConfigCommand<String> { - - public UploadConfigZkCommand(int maxRetries, int interval) { - super(maxRetries, interval); - } - - @Override - protected String executeZkConfigCommand(ZkConfigManager zkConfigManager, AmbariSolrCloudClient client) throws Exception { - Path configDir = Paths.get(client.getConfigDir()); - String configSet = client.getConfigSet(); - zkConfigManager.uploadConfigDir(configDir, configSet); - return configSet; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/domain/AmbariSolrState.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/domain/AmbariSolrState.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/domain/AmbariSolrState.java deleted file mode 100644 index 489d3f1..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/domain/AmbariSolrState.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.domain; - -/** - * Enum state values for storing security status in unsecure znode - */ -public enum AmbariSolrState { - SECURE, UNSECURE -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/AclUtils.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/AclUtils.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/AclUtils.java deleted file mode 100644 index dd5d6c8..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/AclUtils.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.util; - -import org.apache.solr.common.cloud.SolrZooKeeper; -import org.apache.zookeeper.KeeperException; -import org.apache.zookeeper.ZooDefs; -import org.apache.zookeeper.data.ACL; -import org.apache.zookeeper.data.Id; -import org.apache.zookeeper.data.Stat; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -public class AclUtils { - - public static List<ACL> mergeAcls(List<ACL> originalAcls, List<ACL> updateAcls) { - Map<String, ACL> aclMap = new HashMap<>(); - List<ACL> acls = new ArrayList<>(); - if (originalAcls != null) { - for (ACL acl : originalAcls) { - aclMap.put(acl.getId().getId(), acl); - } - } - - if (updateAcls != null) { - for (ACL acl : updateAcls) { - aclMap.put(acl.getId().getId(), acl); - } - } - - for (Map.Entry<String, ACL> aclEntry : aclMap.entrySet()) { - acls.add(aclEntry.getValue()); - } - return acls; - } - - public static List<ACL> createAclListFromSaslUsers(String[] saslUsers) { - List<ACL> saslUserList = new ArrayList<>(); - for (String saslUser : saslUsers) { - ACL acl = new ACL(); - acl.setId(new Id("sasl", saslUser)); - acl.setPerms(ZooDefs.Perms.ALL); - saslUserList.add(acl); - } - return saslUserList; - } - - public static void setRecursivelyOn(SolrZooKeeper solrZooKeeper, String node, List<ACL> acls) throws KeeperException, InterruptedException { - setRecursivelyOn(solrZooKeeper, node, acls, new ArrayList<String>()); - } - - public static void setRecursivelyOn(SolrZooKeeper solrZooKeeper, String node, List<ACL> acls, List<String> excludePaths) - throws KeeperException, InterruptedException { - if (!excludePaths.contains(node)) { - List<ACL> newAcls = AclUtils.mergeAcls(solrZooKeeper.getACL(node, new Stat()), acls); - solrZooKeeper.setACL(node, newAcls, -1); - for (String child : solrZooKeeper.getChildren(node, null)) { - setRecursivelyOn(solrZooKeeper, path(node, child), acls, excludePaths); - } - } - } - - private static String path(String node, String child) { - return node.endsWith("/") ? node + child : node + "/" + child; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/ShardUtils.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/ShardUtils.java b/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/ShardUtils.java deleted file mode 100644 index f46565b..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/util/ShardUtils.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr.util; - -import org.apache.solr.common.cloud.Replica; -import org.apache.solr.common.cloud.Slice; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; - -public class ShardUtils { - - private static final Logger LOG = LoggerFactory.getLogger(ShardUtils.class); - - public static String generateShardListStr(int maxShardsPerNode) { - String shardsListStr = ""; - for (int i = 0; i < maxShardsPerNode; i++) { - if (i != 0) { - shardsListStr += ","; - } - String shard = "shard" + i; - shardsListStr += shard; - } - return shardsListStr; - } - - public static List<String> generateShardList(int maxShardsPerNode) { - List<String> shardsList = new ArrayList<>(); - for (int i = 0; i < maxShardsPerNode; i++) { - shardsList.add("shard" + i); - } - return shardsList; - } - - public static Collection<String> getShardNamesFromSlices(Collection<Slice> slices, String collection) { - Collection<String> result = new HashSet<String>(); - Iterator<Slice> iter = slices.iterator(); - while (iter.hasNext()) { - Slice slice = iter.next(); - for (Replica replica : slice.getReplicas()) { - LOG.info("collectionName=" + collection + ", slice.name=" - + slice.getName() + ", slice.state=" + slice.getState() - + ", replica.core=" + replica.getStr("core") - + ", replica.state=" + replica.getStr("state")); - result.add(slice.getName()); - } - } - return result; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/resources/log4j.properties b/ambari-logsearch/ambari-infra-solr-client/src/main/resources/log4j.properties deleted file mode 100644 index e8dca12..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/resources/log4j.properties +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2011 The Apache Software Foundation -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -log4j.rootLogger=INFO,stdout,stderr - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.Threshold=INFO -log4j.appender.stdout.Target=System.out -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%m%n - -log4j.appender.stderr=org.apache.log4j.ConsoleAppender -log4j.appender.stderr.Threshold=ERROR -log4j.appender.stderr.Target=System.err -log4j.appender.stderr.layout=org.apache.log4j.PatternLayout -log4j.appender.stderr.layout.ConversionPattern=%m%n \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/main/resources/solrCloudCli.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/main/resources/solrCloudCli.sh b/ambari-logsearch/ambari-infra-solr-client/src/main/resources/solrCloudCli.sh deleted file mode 100644 index cd47f06..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/main/resources/solrCloudCli.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -JVM="java" -sdir="`dirname \"$0\"`" - -PATH=$JAVA_HOME/bin:$PATH $JVM -classpath "$sdir:$sdir/libs/*" org.apache.ambari.logsearch.solr.AmbariSolrCloudCLI ${1+"$@"} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-client/src/test/java/org/apache/ambari/infra/solr/AmbariSolrCloudClientTest.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-client/src/test/java/org/apache/ambari/infra/solr/AmbariSolrCloudClientTest.java b/ambari-logsearch/ambari-infra-solr-client/src/test/java/org/apache/ambari/infra/solr/AmbariSolrCloudClientTest.java deleted file mode 100644 index 44f3ec5..0000000 --- a/ambari-logsearch/ambari-infra-solr-client/src/test/java/org/apache/ambari/infra/solr/AmbariSolrCloudClientTest.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.solr; - -import static org.easymock.EasyMock.anyString; -import static org.easymock.EasyMock.anyObject; -import static org.easymock.EasyMock.createMock; -import static org.easymock.EasyMock.expect; -import static org.easymock.EasyMock.replay; -import static org.easymock.EasyMock.verify; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -import org.apache.solr.client.solrj.impl.CloudSolrClient; -import org.apache.solr.client.solrj.request.CollectionAdminRequest; -import org.apache.solr.client.solrj.response.CollectionAdminResponse; -import org.apache.solr.common.cloud.SolrZkClient; -import org.apache.solr.common.util.NamedList; -import org.junit.Before; -import org.junit.Test; - -import java.util.Arrays; -import java.util.List; - -public class AmbariSolrCloudClientTest { - - private AmbariSolrCloudClient underTest; - - private CloudSolrClient mockedSolrClient; - - private SolrZkClient mockedSolrZkClient; - - private CollectionAdminResponse mockedResponse; - - @Before - public void setUp() { - AmbariSolrCloudClientBuilder builder = new AmbariSolrCloudClientBuilder(); - - mockedSolrClient = createMock(CloudSolrClient.class); - mockedSolrZkClient = createMock(SolrZkClient.class); - mockedResponse = createMock(CollectionAdminResponse.class); - - builder.solrCloudClient = mockedSolrClient; - builder.solrZkClient = mockedSolrZkClient; - - underTest = builder - .withZkConnectString("localhost1:2181,localhost2:2182") - .withCollection("collection1") - .withConfigSet("configSet") - .withShards(1) - .withReplication(1) - .withMaxShardsPerNode(2) - .withInterval(1) - .withRetry(2) - .withRouterName("routerName") - .withRouterField("routerField") - .build(); - } - - @Test - public void testCreateCollectionWhenCollectionDoesNotExist() throws Exception { - // GIVEN - NamedList<Object> namedList = new NamedList<>(); - namedList.add("collections", Arrays.asList("collection1", "collection2")); - - expect(mockedSolrClient.request(anyObject(CollectionAdminRequest.class), anyString())).andReturn(namedList).times(1); - replay(mockedSolrClient); - - // WHEN - String result = underTest.createCollection(); - // THEN - assertEquals("collection1", result); - verify(mockedSolrClient); - } - - @Test - public void testCreateCollectionWhenCollectionExists() throws Exception { - // GIVEN - NamedList<Object> namedList = new NamedList<>(); - namedList.add("collections", Arrays.asList("collection2", "collection3")); - - expect(mockedSolrClient.request(anyObject(CollectionAdminRequest.class), anyString())).andReturn(namedList).times(2); - replay(mockedSolrClient); - - // WHEN - String result = underTest.createCollection(); - // THEN - assertEquals("collection1", result); - verify(mockedSolrClient); - } - - @Test - public void testListCollections() throws Exception { - // GIVEN - NamedList<Object> namedList = new NamedList<>(); - namedList.add("collections", Arrays.asList("collection1", "collection2")); - - expect(mockedSolrClient.request(anyObject(CollectionAdminRequest.class), anyString())).andReturn(namedList); - - replay(mockedSolrClient); - // WHEN - List<String> result = underTest.listCollections(); - - // THEN - assertTrue(result.contains("collection1")); - assertTrue(result.contains("collection2")); - assertEquals(2, result.size()); - } - - @Test(expected = AmbariSolrCloudClientException.class) - public void testRetries() throws Exception { - // GIVEN - expect(mockedSolrClient.request(anyObject(CollectionAdminRequest.class), anyString())).andThrow(new RuntimeException("ex")).times(2); - replay(mockedSolrClient); - // WHEN - underTest.listCollections(); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-plugin/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-plugin/pom.xml b/ambari-logsearch/ambari-infra-solr-plugin/pom.xml deleted file mode 100644 index dbd4bff..0000000 --- a/ambari-logsearch/ambari-infra-solr-plugin/pom.xml +++ /dev/null @@ -1,56 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<project xmlns="http://maven.apache.org/POM/4.0.0"; - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> - <parent> - <artifactId>ambari-logsearch</artifactId> - <groupId>org.apache.ambari</groupId> - <version>2.0.0.0-SNAPSHOT</version> - </parent> - <name>Ambari Infra Solr Plugin</name> - <url>http://maven.apache.org</url> - <modelVersion>4.0.0</modelVersion> - <artifactId>ambari-infra-solr-plugin</artifactId> - <dependencies> - <dependency> - <groupId>org.apache.solr</groupId> - <artifactId>solr-core</artifactId> - <version>${solr.version}</version> - </dependency> - <dependency> - <groupId>org.apache.solr</groupId> - <artifactId>solr-test-framework</artifactId> - <version>${solr.version}</version> - <scope>test</scope> - </dependency> - </dependencies> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.3</version> - <configuration> - <source>1.7</source> - <target>1.7</target> - </configuration> - </plugin> - </plugins> - </build> -</project> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraKerberosHostValidator.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraKerberosHostValidator.java b/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraKerberosHostValidator.java deleted file mode 100644 index 4a47a89..0000000 --- a/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraKerberosHostValidator.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.security; - -import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; -import org.apache.hadoop.security.authentication.server.AuthenticationToken; -import org.apache.hadoop.security.authentication.util.KerberosName; - -import java.security.Principal; -import java.util.Map; -import java.util.Set; - -/** - * Validate that the user has the right access based on the hostname in the kerberos principal - */ -public class InfraKerberosHostValidator { - - public boolean validate(Principal principal, Map<String, Set<String>> userVsHosts, Map<String, String> userVsHostRegex) { - if (principal instanceof AuthenticationToken) { - AuthenticationToken authenticationToken = (AuthenticationToken) principal; - KerberosName kerberosName = new KerberosName(authenticationToken.getName()); - String hostname = kerberosName.getHostName(); - String serviceUserName = kerberosName.getServiceName(); - if (MapUtils.isNotEmpty(userVsHostRegex)) { - String regex = userVsHostRegex.get(serviceUserName); - return hostname.matches(regex); - } - if (MapUtils.isNotEmpty(userVsHosts)) { - Set<String> hosts = userVsHosts.get(serviceUserName); - if (CollectionUtils.isNotEmpty(hosts)) { - return hosts.contains(hostname); - } - } - } - return true; - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraRuleBasedAuthorizationPlugin.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraRuleBasedAuthorizationPlugin.java b/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraRuleBasedAuthorizationPlugin.java deleted file mode 100644 index 2f1a558..0000000 --- a/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraRuleBasedAuthorizationPlugin.java +++ /dev/null @@ -1,542 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.security; - -import com.google.common.collect.ImmutableSet; -import java.io.IOException; -import java.lang.invoke.MethodHandles; -import java.security.Principal; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; -import java.util.Objects; -import java.util.Set; -import org.apache.solr.common.SolrException; -import org.apache.solr.common.params.CollectionParams; -import org.apache.solr.common.util.Utils; -import org.apache.solr.security.AuthorizationContext; -import org.apache.solr.security.AuthorizationPlugin; -import org.apache.solr.security.AuthorizationResponse; -import org.apache.solr.security.ConfigEditablePlugin; -import org.apache.solr.util.CommandOperation; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import static java.util.Collections.singleton; -import static org.apache.solr.common.params.CommonParams.NAME; -import static org.apache.solr.common.util.Utils.getDeepCopy; -import static org.apache.solr.handler.admin.SecurityConfHandler.getListValue; -import static org.apache.solr.handler.admin.SecurityConfHandler.getMapValue; - -/** - * Modified copy of solr.RuleBasedAuthorizationPlugin to handle role - permission mappings with KereberosPlugin - * Added 2 new JSON map: (precedence: user-host-regex > user-host) - * 1. "user-host": user host mappings (array) for hostname validation - * 2. "user-host-regex": user host regex mapping (string) for hostname validation - */ -public class InfraRuleBasedAuthorizationPlugin implements AuthorizationPlugin, ConfigEditablePlugin { - - private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - private final Map<String, Set<String>> usersVsRoles = new HashMap<>(); - private final Map<String, WildCardSupportMap> mapping = new HashMap<>(); - private final List<Permission> permissions = new ArrayList<>(); - private final Map<String, Set<String>> userVsHosts = new HashMap<>(); - private final Map<String, String> userVsHostRegex = new HashMap<>(); - - private final InfraUserRolesLookupStrategy infraUserRolesLookupStrategy = new InfraUserRolesLookupStrategy(); - private final InfraKerberosHostValidator infraKerberosDomainValidator = new InfraKerberosHostValidator(); - - private static class WildCardSupportMap extends HashMap<String, List<Permission>> { - final Set<String> wildcardPrefixes = new HashSet<>(); - - @Override - public List<Permission> put(String key, List<Permission> value) { - if (key != null && key.endsWith("/*")) { - key = key.substring(0, key.length() - 2); - wildcardPrefixes.add(key); - } - return super.put(key, value); - } - - @Override - public List<Permission> get(Object key) { - List<Permission> result = super.get(key); - if (key == null || result != null) return result; - if (!wildcardPrefixes.isEmpty()) { - for (String s : wildcardPrefixes) { - if (key.toString().startsWith(s)) { - List<Permission> l = super.get(s); - if (l != null) { - result = result == null ? new ArrayList<Permission>() : new ArrayList<Permission>(result); - result.addAll(l); - } - } - } - } - return result; - } - } - - @Override - public AuthorizationResponse authorize(AuthorizationContext context) { - List<AuthorizationContext.CollectionRequest> collectionRequests = context.getCollectionRequests(); - if (context.getRequestType() == AuthorizationContext.RequestType.ADMIN) { - MatchStatus flag = checkCollPerm(mapping.get(null), context); - return flag.rsp; - } - - for (AuthorizationContext.CollectionRequest collreq : collectionRequests) { - //check permissions for each collection - MatchStatus flag = checkCollPerm(mapping.get(collreq.collectionName), context); - if (flag != MatchStatus.NO_PERMISSIONS_FOUND) return flag.rsp; - } - //check wildcard (all=*) permissions. - MatchStatus flag = checkCollPerm(mapping.get("*"), context); - return flag.rsp; - } - - private MatchStatus checkCollPerm(Map<String, List<Permission>> pathVsPerms, - AuthorizationContext context) { - if (pathVsPerms == null) return MatchStatus.NO_PERMISSIONS_FOUND; - - String path = context.getResource(); - MatchStatus flag = checkPathPerm(pathVsPerms.get(path), context); - if (flag != MatchStatus.NO_PERMISSIONS_FOUND) return flag; - return checkPathPerm(pathVsPerms.get(null), context); - } - - private MatchStatus checkPathPerm(List<Permission> permissions, AuthorizationContext context) { - if (permissions == null || permissions.isEmpty()) return MatchStatus.NO_PERMISSIONS_FOUND; - Principal principal = context.getUserPrincipal(); - loopPermissions: - for (int i = 0; i < permissions.size(); i++) { - Permission permission = permissions.get(i); - if (permission.method != null && !permission.method.contains(context.getHttpMethod())) { - //this permissions HTTP method does not match this rule. try other rules - continue; - } - if(permission.predicate != null){ - if(!permission.predicate.test(context)) continue ; - } - - if (permission.params != null) { - for (Map.Entry<String, Object> e : permission.params.entrySet()) { - String paramVal = context.getParams().get(e.getKey()); - Object val = e.getValue(); - if (val instanceof List) { - if (!((List) val).contains(paramVal)) continue loopPermissions; - } else if (!Objects.equals(val, paramVal)) continue loopPermissions; - } - } - - if (permission.role == null) { - //no role is assigned permission.That means everybody is allowed to access - return MatchStatus.PERMITTED; - } - if (principal == null) { - log.info("request has come without principal. failed permission {} ",permission); - //this resource needs a principal but the request has come without - //any credential. - return MatchStatus.USER_REQUIRED; - } else if (permission.role.contains("*")) { - return MatchStatus.PERMITTED; - } - - for (String role : permission.role) { - Set<String> userRoles = infraUserRolesLookupStrategy.getUserRolesFromPrincipal(usersVsRoles, principal); - boolean validHostname = infraKerberosDomainValidator.validate(principal, userVsHosts, userVsHostRegex); - if (!validHostname) { - log.warn("Hostname is not valid for principal {}", principal); - return MatchStatus.FORBIDDEN; - } - if (userRoles != null && userRoles.contains(role)) return MatchStatus.PERMITTED; - } - log.info("This resource is configured to have a permission {}, The principal {} does not have the right role ", permission, principal); - return MatchStatus.FORBIDDEN; - } - log.debug("No permissions configured for the resource {} . So allowed to access", context.getResource()); - return MatchStatus.NO_PERMISSIONS_FOUND; - } - - @Override - public void init(Map<String, Object> initInfo) { - mapping.put(null, new WildCardSupportMap()); - Map<String, Object> map = getMapValue(initInfo, "user-role"); - for (Object o : map.entrySet()) { - Map.Entry e = (Map.Entry) o; - String roleName = (String) e.getKey(); - usersVsRoles.put(roleName, readValueAsSet(map, roleName)); - } - List<Map> perms = getListValue(initInfo, "permissions"); - for (Map o : perms) { - Permission p; - try { - p = Permission.load(o); - } catch (Exception exp) { - log.error("Invalid permission ", exp); - continue; - } - permissions.add(p); - add2Mapping(p); - } - // adding user-host - Map<String, Object> userHostsMap = getMapValue(initInfo, "user-host"); - for (Object userHost : userHostsMap.entrySet()) { - Map.Entry e = (Map.Entry) userHost; - String roleName = (String) e.getKey(); - userVsHosts.put(roleName, readValueAsSet(userHostsMap, roleName)); - } - // adding user-host-regex - Map<String, Object> userHostRegexMap = getMapValue(initInfo, "user-host-regex"); - for (Map.Entry<String, Object> entry : userHostRegexMap.entrySet()) { - userVsHostRegex.put(entry.getKey(), entry.getValue().toString()); - } - - } - - //this is to do optimized lookup of permissions for a given collection/path - private void add2Mapping(Permission permission) { - for (String c : permission.collections) { - WildCardSupportMap m = mapping.get(c); - if (m == null) mapping.put(c, m = new WildCardSupportMap()); - for (String path : permission.path) { - List<Permission> perms = m.get(path); - if (perms == null) m.put(path, perms = new ArrayList<>()); - perms.add(permission); - } - } - } - - /** - * read a key value as a set. if the value is a single string , - * return a singleton set - * - * @param m the map from which to lookup - * @param key the key with which to do lookup - */ - static Set<String> readValueAsSet(Map m, String key) { - Set<String> result = new HashSet<>(); - Object val = m.get(key); - if (val == null) { - if("collection".equals(key)){ - //for collection collection: null means a core admin/ collection admin request - // otherwise it means a request where collection name is ignored - return m.containsKey(key) ? singleton((String) null) : singleton("*"); - } - return null; - } - if (val instanceof Collection) { - Collection list = (Collection) val; - for (Object o : list) result.add(String.valueOf(o)); - } else if (val instanceof String) { - result.add((String) val); - } else { - throw new RuntimeException("Bad value for : " + key); - } - return result.isEmpty() ? null : Collections.unmodifiableSet(result); - } - - @Override - public void close() throws IOException { } - - static class Permission { - String name; - Set<String> path, role, collections, method; - Map<String, Object> params; - Predicate<AuthorizationContext> predicate; - Map originalConfig; - - private Permission() { - } - - static Permission load(Map m) { - Permission p = new Permission(); - p.originalConfig = new LinkedHashMap<>(m); - String name = (String) m.get(NAME); - if (!m.containsKey("role")) throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "role not specified"); - p.role = readValueAsSet(m, "role"); - if (well_known_permissions.containsKey(name)) { - HashSet<String> disAllowed = new HashSet<>(knownKeys); - disAllowed.remove("role");//these are the only - disAllowed.remove(NAME);//allowed keys for well-known permissions - for (String s : disAllowed) { - if (m.containsKey(s)) - throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, s + " is not a valid key for the permission : " + name); - } - p.predicate = (Predicate<AuthorizationContext>) ((Map) well_known_permissions.get(name)).get(Predicate.class.getName()); - m = well_known_permissions.get(name); - } - p.name = name; - p.path = readSetSmart(name, m, "path"); - p.collections = readSetSmart(name, m, "collection"); - p.method = readSetSmart(name, m, "method"); - p.params = (Map<String, Object>) m.get("params"); - return p; - } - - @Override - public String toString() { - return Utils.toJSONString(originalConfig); - } - - static final Set<String> knownKeys = ImmutableSet.of("collection", "role", "params", "path", "method", NAME); - } - - enum MatchStatus { - USER_REQUIRED(AuthorizationResponse.PROMPT), - NO_PERMISSIONS_FOUND(AuthorizationResponse.OK), - PERMITTED(AuthorizationResponse.OK), - FORBIDDEN(AuthorizationResponse.FORBIDDEN); - - final AuthorizationResponse rsp; - - MatchStatus(AuthorizationResponse rsp) { - this.rsp = rsp; - } - } - - /** - * This checks for the defaults available other rules for the keys - */ - private static Set<String> readSetSmart(String permissionName, Map m, String key) { - Set<String> set = readValueAsSet(m, key); - if (set == null && well_known_permissions.containsKey(permissionName)) { - set = readValueAsSet((Map) well_known_permissions.get(permissionName), key); - } - if ("method".equals(key)) { - if (set != null) { - for (String s : set) if (!HTTP_METHODS.contains(s)) return null; - } - return set; - } - return set == null ? singleton((String)null) : set; - } - - @Override - public Map<String, Object> edit(Map<String, Object> latestConf, List<CommandOperation> commands) { - for (CommandOperation op : commands) { - OPERATION operation = null; - for (OPERATION o : OPERATION.values()) { - if (o.name.equals(op.name)) { - operation = o; - break; - } - } - if (operation == null) { - op.unknownOperation(); - return null; - } - latestConf = operation.edit(latestConf, op); - if (latestConf == null) return null; - - } - return latestConf; - } - - enum OPERATION { - SET_USER_ROLE("set-user-role") { - @Override - public Map<String, Object> edit(Map<String, Object> latestConf, CommandOperation op) { - Map<String, Object> roleMap = getMapValue(latestConf, "user-role"); - Map<String, Object> map = op.getDataMap(); - if (op.hasError()) return null; - for (Map.Entry<String, Object> e : map.entrySet()) { - if (e.getValue() == null) { - roleMap.remove(e.getKey()); - continue; - } - if (e.getValue() instanceof String || e.getValue() instanceof List) { - roleMap.put(e.getKey(), e.getValue()); - } else { - op.addError("Unexpected value "); - return null; - } - } - return latestConf; - } - }, - SET_PERMISSION("set-permission") { - @Override - public Map<String, Object> edit(Map<String, Object> latestConf, CommandOperation op) { - String name = op.getStr(NAME); - Map<String, Object> dataMap = op.getDataMap(); - if (op.hasError()) return null; - dataMap = getDeepCopy(dataMap, 3); - String before = (String) dataMap.remove("before"); - for (String key : dataMap.keySet()) { - if (!Permission.knownKeys.contains(key)) op.addError("Unknown key, " + key); - } - try { - Permission.load(dataMap); - } catch (Exception e) { - op.addError(e.getMessage()); - return null; - } - List<Map> permissions = getListValue(latestConf, "permissions"); - List<Map> permissionsCopy = new ArrayList<>(); - boolean added = false; - for (Map e : permissions) { - Object n = e.get(NAME); - if (n.equals(before) || n.equals(name)) { - added = true; - permissionsCopy.add(dataMap); - } - if (!n.equals(name)) permissionsCopy.add(e); - } - if (!added && before != null) { - op.addError("Invalid 'before' :" + before); - return null; - } - if (!added) permissionsCopy.add(dataMap); - latestConf.put("permissions", permissionsCopy); - return latestConf; - } - }, - UPDATE_PERMISSION("update-permission") { - @Override - public Map<String, Object> edit(Map<String, Object> latestConf, CommandOperation op) { - String name = op.getStr(NAME); - if (op.hasError()) return null; - for (Map permission : (List<Map>) getListValue(latestConf, "permissions")) { - if (name.equals(permission.get(NAME))) { - LinkedHashMap copy = new LinkedHashMap<>(permission); - copy.putAll(op.getDataMap()); - op.setCommandData(copy); - return SET_PERMISSION.edit(latestConf, op); - } - } - op.addError("No such permission " + name); - return null; - } - }, - DELETE_PERMISSION("delete-permission") { - @Override - public Map<String, Object> edit(Map<String, Object> latestConf, CommandOperation op) { - List<String> names = op.getStrs(""); - if (names == null || names.isEmpty()) { - op.addError("Invalid command"); - return null; - } - names = new ArrayList<>(names); - List<Map> copy = new ArrayList<>(); - List<Map> p = getListValue(latestConf, "permissions"); - for (Map map : p) { - Object n = map.get(NAME); - if (names.contains(n)) { - names.remove(n); - continue; - } else { - copy.add(map); - } - } - if (!names.isEmpty()) { - op.addError("Unknown permission name(s) " + names); - return null; - } - latestConf.put("permissions", copy); - return latestConf; - } - }; - - public abstract Map<String, Object> edit(Map<String, Object> latestConf, CommandOperation op); - - public final String name; - - OPERATION(String s) { - this.name = s; - } - - public static OPERATION get(String name) { - for (OPERATION o : values()) if (o.name.equals(name)) return o; - return null; - } - } - - public static final Set<String> HTTP_METHODS = ImmutableSet.of("GET", "POST", "DELETE", "PUT", "HEAD"); - - private static final Map<String, Map<String,Object>> well_known_permissions = (Map) Utils.fromJSONString( - " { " + - " security-edit :{" + - " path:['/admin/authentication','/admin/authorization']," + - " collection:null," + - " method:POST }," + - " security-read :{" + - " path:['/admin/authentication','/admin/authorization']," + - " collection:null," + - " method:GET}," + - " schema-edit :{" + - " method:POST," + - " path:'/schema/*'}," + - " collection-admin-edit :{" + - " collection:null," + - " path:'/admin/collections'}," + - " collection-admin-read :{" + - " collection:null," + - " path:'/admin/collections'}," + - " schema-read :{" + - " method:GET," + - " path:'/schema/*'}," + - " config-read :{" + - " method:GET," + - " path:'/config/*'}," + - " update :{" + - " path:'/update/*'}," + - " read :{" + - " path:['/select', '/get','/browse','/tvrh','/terms','/clustering','/elevate', '/export','/spell','/clustering']}," + - " config-edit:{" + - " method:POST," + - " path:'/config/*'}," + - " all:{collection:['*', null]}" + - "}"); - - static { - ((Map) well_known_permissions.get("collection-admin-edit")).put(Predicate.class.getName(), getCollectionActionPredicate(true)); - ((Map) well_known_permissions.get("collection-admin-read")).put(Predicate.class.getName(), getCollectionActionPredicate(false)); - } - - private static Predicate<AuthorizationContext> getCollectionActionPredicate(final boolean isEdit) { - return new Predicate<AuthorizationContext>() { - @Override - public boolean test(AuthorizationContext context) { - String action = context.getParams().get("action"); - if (action == null) return false; - CollectionParams.CollectionAction collectionAction = CollectionParams.CollectionAction.get(action); - if (collectionAction == null) return false; - return isEdit ? collectionAction.isWrite : !collectionAction.isWrite; - } - }; - } - - - public static void main(String[] args) { - System.out.println(Utils.toJSONString(well_known_permissions)); - - } - - public interface Predicate<T> { - - boolean test(T t); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraUserRolesLookupStrategy.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraUserRolesLookupStrategy.java b/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraUserRolesLookupStrategy.java deleted file mode 100644 index a54e4ad..0000000 --- a/ambari-logsearch/ambari-infra-solr-plugin/src/main/java/org.apache.ambari.infra.security/InfraUserRolesLookupStrategy.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.security; - -import org.apache.commons.collections.CollectionUtils; -import org.apache.hadoop.security.authentication.server.AuthenticationToken; -import org.apache.hadoop.security.authentication.util.KerberosName; - -import java.security.Principal; -import java.util.Map; -import java.util.Set; - - -/** - * Strategy class to get roles with the principal name (in a specific format e.g.: 'name@DOMAIN') - * in case of KerberosPlugin is used for authentication - */ -public class InfraUserRolesLookupStrategy { - - public Set<String> getUserRolesFromPrincipal(Map<String, Set<String>> usersVsRoles, Principal principal) { - if (principal instanceof AuthenticationToken) { - AuthenticationToken authenticationToken = (AuthenticationToken) principal; - KerberosName kerberosName = new KerberosName(authenticationToken.getName()); - Set<String> rolesResult = usersVsRoles.get(String.format("%s@%s", kerberosName.getServiceName(), kerberosName.getRealm())); - if (CollectionUtils.isEmpty(rolesResult)) { - rolesResult = usersVsRoles.get(principal.getName()); - } - return rolesResult; - } else { - return usersVsRoles.get(principal.getName()); - } - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/8842be0c/ambari-logsearch/ambari-infra-solr-plugin/src/test/java/org/apache/ambari/infra/security/InfraKerberosHostValidatorTest.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-infra-solr-plugin/src/test/java/org/apache/ambari/infra/security/InfraKerberosHostValidatorTest.java b/ambari-logsearch/ambari-infra-solr-plugin/src/test/java/org/apache/ambari/infra/security/InfraKerberosHostValidatorTest.java deleted file mode 100644 index 828f09a..0000000 --- a/ambari-logsearch/ambari-infra-solr-plugin/src/test/java/org/apache/ambari/infra/security/InfraKerberosHostValidatorTest.java +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.ambari.infra.security; - -import org.apache.hadoop.security.authentication.server.AuthenticationToken; -import org.junit.Before; -import org.junit.Test; - -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -public class InfraKerberosHostValidatorTest { - - private static final String DEFAULT_SERVICE_USER = "logsearch"; - - private InfraKerberosHostValidator underTest = new InfraKerberosHostValidator(); - private AuthenticationToken principal; - - - @Before - public void setUp() { - principal = new AuthenticationToken(DEFAULT_SERVICE_USER, DEFAULT_SERVICE_USER + "/c6401.ambari.apache....@example.com", "kerberos"); - } - - @Test - public void testValidateHosts() { - // GIVEN - Map<String, Set<String>> userHostsMap = generateUserHostMap("c6401.ambari.apache.org"); - // WHEN - boolean result = underTest.validate(principal, userHostsMap, new HashMap<String, String>()); - // THEN - assertTrue(result); - } - - @Test - public void testValidateHostsValid() { - // GIVEN - Map<String, Set<String>> userHostsMap = generateUserHostMap("c6402.ambari.apache.org"); - // WHEN - boolean result = underTest.validate(principal, userHostsMap, new HashMap<String, String>()); - // THEN - assertFalse(result); - - } - - @Test - public void testValidateHostRegex() { - // GIVEN - Map<String, String> userHostRegex = generateRegexMap("c\\d+.*.apache.org"); - // WHEN - boolean result = underTest.validate(principal, new HashMap<String, Set<String>>(), userHostRegex); - // THEN - assertTrue(result); - - } - - @Test - public void testValidateHostRegexInvalid() { - // GIVEN - Map<String, String> userHostRegex = generateRegexMap("c\\d+.*.org.apache"); - // WHEN - boolean result = underTest.validate(principal, new HashMap<String, Set<String>>(), userHostRegex); - // THEN - assertFalse(result); - } - - @Test - public void testPrecedence() { - // GIVEN - Map<String, Set<String>> userHostsMap = generateUserHostMap("c6402.ambari.apache.org"); - Map<String, String> userHostRegex = generateRegexMap("c\\d+.*.apache.org"); - // WHEN - boolean result = underTest.validate(principal, userHostsMap, userHostRegex); - // THEN - assertTrue(result); - } - - private Map<String, Set<String>> generateUserHostMap(String... hosts) { - Map<String, Set<String>> map = new HashMap<>(); - Set<String> hostSet = new HashSet<>(); - for (String host : hosts) { - hostSet.add(host); - } - map.put(DEFAULT_SERVICE_USER, hostSet); - return map; - } - - private Map<String, String> generateRegexMap(String regex) { - Map<String, String> map = new HashMap<>(); - map.put(DEFAULT_SERVICE_USER, regex); - return map; - } -}
