AMBARI-19726. Post user creation hook is passed the hdfs user from the hadoop-env config type. (Laszlo Puskas via stoader)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/86fbb381 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/86fbb381 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/86fbb381 Branch: refs/heads/branch-dev-patch-upgrade Commit: 86fbb38108e2d9b87f22b1920cada3a655677285 Parents: c290786 Author: Laszlo Puskas <lpus...@hortonworks.com> Authored: Sat Jan 28 18:27:31 2017 +0100 Committer: Toader, Sebastian <stoa...@hortonworks.com> Committed: Sat Jan 28 18:27:31 2017 +0100 ---------------------------------------------------------------------- .../server/hooks/users/UserHookParams.java | 3 ++- .../server/hooks/users/UserHookService.java | 23 ++++++++++++++------ .../users/CsvFilePersisterService.java | 6 ++--- .../users/PostUserCreationHookServerAction.java | 8 ++++++- .../scripts/post-user-creation-hook.sh | 9 ++++++-- .../server/hooks/users/UserHookServiceTest.java | 9 ++++++++ .../PostUserCreationHookServerActionTest.java | 3 ++- 7 files changed, 45 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/86fbb381/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookParams.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookParams.java b/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookParams.java index 6970dcc..4b1b5aa 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookParams.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookParams.java @@ -34,7 +34,8 @@ public enum UserHookParams { // identify security related values CLUSTER_SECURITY_TYPE("cluster-security-type"), CMD_HDFS_PRINCIPAL("cmd-hdfs-principal"), - CMD_HDFS_KEYTAB("cmd-hdfs-keytab"); + CMD_HDFS_KEYTAB("cmd-hdfs-keytab"), + CMD_HDFS_USER("cmd-hdfs-user"); private String param; http://git-wip-us.apache.org/repos/asf/ambari/blob/86fbb381/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookService.java b/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookService.java index c4ff1e4..69463ab 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/hooks/users/UserHookService.java @@ -170,8 +170,10 @@ public class UserHookService implements HookService { commandParams.put(UserHookParams.CMD_HDFS_KEYTAB.param(), clusterData.getKeytab()); commandParams.put(UserHookParams.CMD_HDFS_PRINCIPAL.param(), clusterData.getPrincipal()); + commandParams.put(UserHookParams.CMD_HDFS_USER.param(), clusterData.getHdfsUser()); commandParams.put(UserHookParams.CMD_INPUT_FILE.param(), generateInputFileName()); + commandParams.put(UserHookParams.PAYLOAD.param(), objectMapper.writeValueAsString(context.getUserGroups())); return commandParams; @@ -228,15 +230,16 @@ public class UserHookService implements HookService { break; } - return new ClusterData(cluster.getClusterName(), cluster.getClusterId(), cluster.getSecurityType().name(), principal, keyTab); - } - private void getSecurityData(Configuration configuraiton) { - //principal + return new ClusterData(cluster.getClusterName(), cluster.getClusterId(), cluster.getSecurityType().name(), principal, keyTab, getHdfsUser(cluster)); + } - //keytab + private String getHdfsUser(Cluster cluster) { + String hdfsUser = cluster.getDesiredConfigByType("hadoop-env").getProperties().get("hdfs_user"); + return hdfsUser; } + /** * Local representation of cluster data. */ @@ -247,12 +250,15 @@ public class UserHookService implements HookService { private String principal; private String keytab; - public ClusterData(String clusterName, Long clusterId, String securityType, String principal, String keytab) { + private String hdfsUser; + + public ClusterData(String clusterName, Long clusterId, String securityType, String principal, String keytab, String hdfsUser) { this.clusterName = clusterName; this.clusterId = clusterId; this.securityType = securityType; this.principal = principal; this.keytab = keytab; + this.hdfsUser = hdfsUser; } public String getClusterName() { @@ -274,6 +280,9 @@ public class UserHookService implements HookService { public String getKeytab() { return keytab; } - } + public String getHdfsUser() { + return hdfsUser; + } + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/86fbb381/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/CsvFilePersisterService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/CsvFilePersisterService.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/CsvFilePersisterService.java index fe6bf35..b78a127 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/CsvFilePersisterService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/CsvFilePersisterService.java @@ -18,15 +18,12 @@ package org.apache.ambari.server.serveraction.users; -import java.io.File; import java.io.FileWriter; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.nio.file.attribute.FileAttribute; import java.nio.file.attribute.PosixFilePermission; -import java.nio.file.attribute.PosixFilePermissions; import java.util.ArrayList; import java.util.Collection; import java.util.HashSet; @@ -72,7 +69,8 @@ public class CsvFilePersisterService implements CollectionPersisterService<Strin @Inject public void init() throws IOException { - Path csv = Files.createFile(Paths.get(csvFile), PosixFilePermissions.asFileAttribute(getCsvPermissions())); + Path csv = Files.createFile(Paths.get(csvFile)); + Files.setPosixFilePermissions(Paths.get(csvFile), getCsvPermissions()); fileWriter = new FileWriter(csv.toFile()); csvPrinter = new CSVPrinter(fileWriter, CSVFormat.DEFAULT.withRecordSeparator(NEW_LINE_SEPARATOR)); http://git-wip-us.apache.org/repos/asf/ambari/blob/86fbb381/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerAction.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerAction.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerAction.java index 45bc0eb..2d6d38d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerAction.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerAction.java @@ -116,7 +116,8 @@ public class PostUserCreationHookServerAction extends AbstractServerAction { params.get(UserHookParams.CMD_INPUT_FILE.param()), params.get(UserHookParams.CLUSTER_SECURITY_TYPE.param()), params.get(UserHookParams.CMD_HDFS_PRINCIPAL.param()), - params.get(UserHookParams.CMD_HDFS_KEYTAB.param()) + params.get(UserHookParams.CMD_HDFS_KEYTAB.param()), + params.get(UserHookParams.CMD_HDFS_USER.param()) }; LOGGER.debug("Server action command to be executed: {}", cmdArray); return cmdArray; @@ -149,6 +150,11 @@ public class PostUserCreationHookServerAction extends AbstractServerAction { throw new IllegalArgumentException("Missing command parameter: [" + UserHookParams.CLUSTER_SECURITY_TYPE.param() + "]"); } + if (!commandParams.containsKey(UserHookParams.CMD_HDFS_USER.param())) { + LOGGER.error("Missing command parameter: {}; Failing the server action.", UserHookParams.CMD_HDFS_USER.param()); + throw new IllegalArgumentException("Missing command parameter: [" + UserHookParams.CMD_HDFS_USER.param() + "]"); + } + LOGGER.info("Command parameter validation passed."); } http://git-wip-us.apache.org/repos/asf/ambari/blob/86fbb381/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh index ee8d2d1..91511a0 100755 --- a/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh +++ b/ambari-server/src/main/resources/scripts/post-user-creation-hook.sh @@ -30,6 +30,8 @@ CSV_FILE="$1" SECURITY_TYPE=$2 : "${SECURITY_TYPE:?"Missing security type input for the post-user creation hook"}" +# the last argument is the user with dfs administrator privileges +HDFS_USR=${@: -1} } @@ -37,8 +39,8 @@ SECURITY_TYPE=$2 ambari_sudo(){ ARG_STR="$1" -CMD_STR="/var/lib/ambari-server/ambari-sudo.sh su hdfs -l -s /bin/bash -c '$ARG_STR'" - +CMD_STR="/var/lib/ambari-server/ambari-sudo.sh su '$HDFS_USR' -l -s /bin/bash -c '$ARG_STR'" +echo "Executing command: [ $CMD_STR ]" eval "$CMD_STR" } @@ -101,6 +103,9 @@ do EOF done <"$CSV_FILE" +# Setting read permissions on the generated file +chmod 644 $JSON_INPUT + # deleting the last line sed -i '$ d' "$JSON_INPUT" http://git-wip-us.apache.org/repos/asf/ambari/blob/86fbb381/ambari-server/src/test/java/org/apache/ambari/server/hooks/users/UserHookServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/hooks/users/UserHookServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/hooks/users/UserHookServiceTest.java index 834f930..b642d35 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/hooks/users/UserHookServiceTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/hooks/users/UserHookServiceTest.java @@ -37,6 +37,7 @@ import org.apache.ambari.server.hooks.AmbariEventFactory; import org.apache.ambari.server.hooks.HookContext; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; +import org.apache.ambari.server.state.Config; import org.apache.ambari.server.state.SecurityType; import org.apache.ambari.server.state.svccomphost.ServiceComponentHostServerActionEvent; import org.codehaus.jackson.map.ObjectMapper; @@ -90,6 +91,9 @@ public class UserHookServiceTest extends EasyMockSupport { @Mock private Stage stageMock; + @Mock + private Config configMock; + @TestSubject private UserHookService hookService = new UserHookService(); @@ -193,9 +197,14 @@ public class UserHookServiceTest extends EasyMockSupport { Map<String, Cluster> clsMap = new HashMap<>(); clsMap.put("test-cluster", clusterMock); + Map<String, String> configMap = new HashMap<>(); + configMap.put("hdfs_user", "hdfs-test-user"); + EasyMock.expect(clusterMock.getClusterId()).andReturn(1l); EasyMock.expect(clusterMock.getClusterName()).andReturn("test-cluster"); EasyMock.expect(clusterMock.getSecurityType()).andReturn(SecurityType.NONE).times(3); + EasyMock.expect(clusterMock.getDesiredConfigByType("hadoop-env")).andReturn(configMock); + EasyMock.expect(configMock.getProperties()).andReturn(configMap); EasyMock.expect(actionManagerMock.getNextRequestId()).andReturn(1l); http://git-wip-us.apache.org/repos/asf/ambari/blob/86fbb381/ambari-server/src/test/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerActionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerActionTest.java index a4d50ef..6d6e42c 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerActionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/users/PostUserCreationHookServerActionTest.java @@ -115,6 +115,7 @@ public class PostUserCreationHookServerActionTest extends EasyMockSupport { commandParams.put(UserHookParams.CMD_TIME_FRAME.param(), "1000"); commandParams.put(UserHookParams.CMD_INPUT_FILE.param(), "/test/user_data.csv"); commandParams.put(UserHookParams.CLUSTER_SECURITY_TYPE.param(), SecurityType.KERBEROS.name()); + commandParams.put(UserHookParams.CMD_HDFS_USER.param(), "test-hdfs-user"); EasyMock.expect(executionCommand.getCommandParams()).andReturn(commandParams); EasyMock.expect(objectMapperMock.readValue(payloadJson, Map.class)).andReturn(payload); @@ -139,7 +140,7 @@ public class PostUserCreationHookServerActionTest extends EasyMockSupport { String[] commandArray = commandCapture.getValue(); Assert.assertNotNull("The command to be executed must not be null!", commandArray); - Assert.assertEquals("The command argument array length is not as expected!", 5, commandArray.length); + Assert.assertEquals("The command argument array length is not as expected!", 6, commandArray.length); Assert.assertEquals("The command script is not as expected", "/hookfolder/hook.name", commandArray[0]); }