http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index 78d464b..60d7fd9 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -96,18 +96,22 @@ import org.apache.ambari.server.serveraction.kerberos.KerberosMissingAdminCreden import org.apache.ambari.server.serveraction.kerberos.KerberosOperationException; import org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler; import org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandlerFactory; +import org.apache.ambari.server.serveraction.kerberos.PreconfigureServiceType; import org.apache.ambari.server.stack.StackManagerFactory; import org.apache.ambari.server.stageplanner.RoleGraphFactory; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; +import org.apache.ambari.server.state.ComponentInfo; import org.apache.ambari.server.state.Config; import org.apache.ambari.server.state.ConfigHelper; import org.apache.ambari.server.state.Host; import org.apache.ambari.server.state.HostState; +import org.apache.ambari.server.state.PropertyInfo; import org.apache.ambari.server.state.SecurityType; import org.apache.ambari.server.state.Service; import org.apache.ambari.server.state.ServiceComponent; import org.apache.ambari.server.state.ServiceComponentHost; +import org.apache.ambari.server.state.ServiceInfo; import org.apache.ambari.server.state.StackId; import org.apache.ambari.server.state.State; import org.apache.ambari.server.state.UpgradeContextFactory; @@ -318,7 +322,7 @@ public class KerberosHelperTest extends EasyMockSupport { KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class); final Map<String, String> kerberosEnvProperties = createMock(Map.class); - expect(kerberosEnvProperties.get("realm")).andReturn("EXAMPLE.COM").once(); + expect(kerberosEnvProperties.get(KerberosHelper.DEFAULT_REALM)).andReturn("EXAMPLE.COM").once(); expect(kerberosEnvProperties.get("kdc_hosts")).andReturn("10.0.100.1").once(); final Map<String, String> krb5ConfProperties = createMock(Map.class); @@ -601,12 +605,12 @@ public class KerberosHelperTest extends EasyMockSupport { @Test public void addAmbariServerIdentity_CreateAmbariPrincipal() throws Exception { - addAmbariServerIdentity(Collections.singletonMap("create_ambari_principal", "true")); + addAmbariServerIdentity(Collections.singletonMap(KerberosHelper.CREATE_AMBARI_PRINCIPAL, "true")); } @Test public void addAmbariServerIdentity_DoNotCreateAmbariPrincipal() throws Exception { - addAmbariServerIdentity(Collections.singletonMap("create_ambari_principal", "false")); + addAmbariServerIdentity(Collections.singletonMap(KerberosHelper.CREATE_AMBARI_PRINCIPAL, "false")); } @Test @@ -1007,10 +1011,11 @@ public class KerberosHelperTest extends EasyMockSupport { .anyTimes(); final Map<String, String> kerberosEnvProperties = createMock(Map.class); - expect(kerberosEnvProperties.get("kdc_type")).andReturn(kdcType).anyTimes(); - expect(kerberosEnvProperties.get("manage_identities")).andReturn(manageIdentities).anyTimes(); - expect(kerberosEnvProperties.get("realm")).andReturn("FOOBAR.COM").anyTimes(); - expect(kerberosEnvProperties.get("create_ambari_principal")).andReturn("false").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.KDC_TYPE)).andReturn(kdcType).anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.MANAGE_IDENTITIES)).andReturn(manageIdentities).anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.DEFAULT_REALM)).andReturn("FOOBAR.COM").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.CREATE_AMBARI_PRINCIPAL)).andReturn("false").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.PRECONFIGURE_SERVICES)).andReturn(PreconfigureServiceType.DEFAULT.name()).anyTimes(); final Config kerberosEnvConfig = createMock(Config.class); expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).anyTimes(); @@ -1107,8 +1112,10 @@ public class KerberosHelperTest extends EasyMockSupport { // Update Configs Stage expect(requestStageContainer.getLastStageId()).andReturn(2L).anyTimes(); expect(requestStageContainer.getId()).andReturn(1L).once(); + requestStageContainer.setClusterHostInfo(anyString()); expectLastCall().once(); + requestStageContainer.addStages(anyObject(List.class)); expectLastCall().once(); // TODO: Add more of these when more stages are added. @@ -1125,7 +1132,7 @@ public class KerberosHelperTest extends EasyMockSupport { replayAll(); // Needed by infrastructure - metaInfo.init(); + injector.getInstance(AmbariMetaInfo.class).init(); CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class); credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS, @@ -1142,19 +1149,16 @@ public class KerberosHelperTest extends EasyMockSupport { final ServiceComponentHost schKerberosClient = createMock(ServiceComponentHost.class); expect(schKerberosClient.getServiceName()).andReturn(Service.Type.KERBEROS.name()).anyTimes(); - expect(schKerberosClient.getServiceComponentName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes(); expect(schKerberosClient.getHostName()).andReturn("host1").anyTimes(); expect(schKerberosClient.getState()).andReturn(State.INSTALLED).anyTimes(); final ServiceComponentHost sch1 = createMock(ServiceComponentHost.class); expect(sch1.getServiceName()).andReturn("SERVICE1").times(1); - expect(sch1.getServiceComponentName()).andReturn("COMPONENT1").once(); expect(sch1.getHostName()).andReturn("host1").anyTimes(); expect(sch1.getState()).andReturn(State.INSTALLED).anyTimes(); final ServiceComponentHost sch2 = createMock(ServiceComponentHost.class); expect(sch2.getServiceName()).andReturn("SERVICE2").times(1); - expect(sch2.getServiceComponentName()).andReturn("COMPONENT2").anyTimes(); expect(sch2.getHostName()).andReturn("host1").anyTimes(); expect(sch2.getState()).andReturn(State.INSTALLED).anyTimes(); @@ -1186,8 +1190,8 @@ public class KerberosHelperTest extends EasyMockSupport { .anyTimes(); final Map<String, String> kerberosEnvProperties = createMock(Map.class); - expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes(); - expect(kerberosEnvProperties.get("realm")).andReturn("FOOBAR.COM").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.KDC_TYPE)).andReturn("mit-kdc").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.DEFAULT_REALM)).andReturn("FOOBAR.COM").anyTimes(); final Config kerberosEnvConfig = createMock(Config.class); expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).anyTimes(); @@ -1310,7 +1314,7 @@ public class KerberosHelperTest extends EasyMockSupport { replayAll(); // Needed by infrastructure - metaInfo.init(); + injector.getInstance(AmbariMetaInfo.class).init(); CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class); credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS, @@ -1397,9 +1401,9 @@ public class KerberosHelperTest extends EasyMockSupport { .anyTimes(); final Map<String, String> kerberosEnvProperties = createMock(Map.class); - expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes(); - expect(kerberosEnvProperties.get("realm")).andReturn("FOOBAR.COM").anyTimes(); - expect(kerberosEnvProperties.get("create_ambari_principal")).andReturn("false").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.KDC_TYPE)).andReturn("mit-kdc").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.DEFAULT_REALM)).andReturn("FOOBAR.COM").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.CREATE_AMBARI_PRINCIPAL)).andReturn("false").anyTimes(); final Config kerberosEnvConfig = createMock(Config.class); expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).anyTimes(); @@ -1515,7 +1519,7 @@ public class KerberosHelperTest extends EasyMockSupport { replayAll(); // Needed by infrastructure - metaInfo.init(); + injector.getInstance(AmbariMetaInfo.class).init(); CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class); credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS, @@ -1678,8 +1682,15 @@ public class KerberosHelperTest extends EasyMockSupport { @Test public void testSetAuthToLocalRules() throws Exception { - KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class); + testSetAuthToLocalRules(false); + } + @Test + public void testSetAuthToLocalRulesWithPreconfiguredServices() throws Exception { + testSetAuthToLocalRules(true); + } + + private void testSetAuthToLocalRules(boolean includePreconfiguredServices) throws Exception { final KerberosPrincipalDescriptor principalDescriptor1 = createMock(KerberosPrincipalDescriptor.class); expect(principalDescriptor1.getValue()).andReturn("principal1/ho...@example.com").times(1); expect(principalDescriptor1.getLocalUsername()).andReturn("principal1_user").times(1); @@ -1706,19 +1717,19 @@ public class KerberosHelperTest extends EasyMockSupport { final KerberosComponentDescriptor componentDescriptor1 = createMockComponentDescriptor( "COMPONENT1", - new ArrayList<KerberosIdentityDescriptor>() { - { - add(identityDescriptor3); - } - }, + Collections.singletonList(identityDescriptor3), null); final KerberosServiceDescriptor serviceDescriptor1 = createMock(KerberosServiceDescriptor.class); + expect(serviceDescriptor1.getName()).andReturn("SERVICE1").times((includePreconfiguredServices) ? 2 : 1); + if (includePreconfiguredServices) { + expect(serviceDescriptor1.shouldPreconfigure()).andReturn(false).times(2); + } expect(serviceDescriptor1.getIdentities(eq(true), EasyMock.anyObject())).andReturn(Arrays.asList( identityDescriptor1, identityDescriptor2 )).times(1); - expect(serviceDescriptor1.getComponent("COMPONENT1")).andReturn(componentDescriptor1).times(1); + expect(serviceDescriptor1.getComponents()).andReturn(Collections.singletonMap("COMPONENT1", componentDescriptor1)).times(1); expect(serviceDescriptor1.getAuthToLocalProperties()).andReturn(new HashSet<>(Arrays.asList( "default", "explicit_multiple_lines|new_lines", @@ -1730,11 +1741,88 @@ public class KerberosHelperTest extends EasyMockSupport { "service-site/explicit_single_line|spaces" ))).times(1); + Map<String, KerberosServiceDescriptor> serviceDescriptorMap = new HashMap<>(); + serviceDescriptorMap.put("SERVICE1", serviceDescriptor1); + + Map<String, ServiceComponent> component1Map = new HashMap<>(); + + Service service1 = createMockService("SERVICE1", component1Map); + + Map<String, Service> serviceMap = new HashMap<>(); + serviceMap.put("SERVICE1", service1); + + Map<String, String> serviceSiteProperties = new HashMap<>(); + serviceSiteProperties.put("default", "RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\nDEFAULT"); + serviceSiteProperties.put("explicit_multiple_lines", "RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\nDEFAULT"); + serviceSiteProperties.put("explicit_multiple_lines_escaped", "RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\\\nDEFAULT"); + serviceSiteProperties.put("explicit_single_line", "RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/ DEFAULT"); + + Map<String, Map<String, String>> existingConfigs = new HashMap<>(); + existingConfigs.put("kerberos-env", new HashMap<String, String>()); + existingConfigs.put("service-site", serviceSiteProperties); + + if (includePreconfiguredServices) { + final KerberosPrincipalDescriptor principalDescriptor4 = createMock(KerberosPrincipalDescriptor.class); + expect(principalDescriptor4.getValue()).andReturn("${preconfig-site/service_user}/_h...@example.com").times(1); + expect(principalDescriptor4.getLocalUsername()).andReturn("principal4_user").times(1); + + final KerberosPrincipalDescriptor principalDescriptor5 = createMock(KerberosPrincipalDescriptor.class); + expect(principalDescriptor5.getValue()).andReturn("${preconfig-site/component_property1}/_h...@example.com").times(1); + expect(principalDescriptor5.getLocalUsername()).andReturn("principal5_user").times(1); + + final KerberosIdentityDescriptor identityDescriptor4 = createMock(KerberosIdentityDescriptor.class); + expect(identityDescriptor4.getPrincipalDescriptor()).andReturn(principalDescriptor4).times(1); + expect(identityDescriptor4.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); + + final KerberosIdentityDescriptor identityDescriptor5 = createMock(KerberosIdentityDescriptor.class); + expect(identityDescriptor5.getPrincipalDescriptor()).andReturn(principalDescriptor5).times(1); + expect(identityDescriptor5.shouldInclude(anyObject(Map.class))).andReturn(true).anyTimes(); + + final KerberosComponentDescriptor componentDescriptor2 = createMockComponentDescriptor( + "PRECONFIGURE_SERVICE_MASTER", + Collections.singletonList(identityDescriptor5), + null); + + final KerberosServiceDescriptor serviceDescriptor2 = createMock(KerberosServiceDescriptor.class); + expect(serviceDescriptor2.getName()).andReturn("PRECONFIGURE_SERVICE").times(2); + expect(serviceDescriptor2.shouldPreconfigure()).andReturn(true).times(2); + expect(serviceDescriptor2.getIdentities(eq(true), anyObject(Map.class))) + .andReturn(Collections.singletonList(identityDescriptor4)) + .times(1); + expect(serviceDescriptor2.getComponents()).andReturn(Collections.singletonMap("PRECONFIGURE_SERVICE_MASTER", componentDescriptor2)).times(1); + expect(serviceDescriptor2.getAuthToLocalProperties()).andReturn(Collections.<String>emptySet()).times(1); + + // Expected to have been added by a previous call to org.apache.ambari.server.controller.KerberosHelper.getKerberosDescriptor, + // where includePreconfigureData = true + serviceDescriptorMap.put("PRECONFIGURE_SERVICE", serviceDescriptor2); + + ComponentInfo preconfigureComponentInfo = createMock(ComponentInfo.class); +// expect(preconfigureComponentInfo.getName()).andReturn("PRECONFIGURE_SERVICE_MASTER").once(); + + PropertyInfo preconfigureServiceUser = createMockPropertyInfo("preconfig-site.xml", "service_user", "principal4"); + PropertyInfo preconfigureComponentProperty1 = createMockPropertyInfo("preconfig-site.xml", "component_property1", "principal5"); + + List<PropertyInfo> preconfigureServiceProperties = Arrays.asList(preconfigureComponentProperty1, preconfigureServiceUser); + + ServiceInfo preconfigureServiceInfo = createMock(ServiceInfo.class); + expect(preconfigureServiceInfo.getProperties()).andReturn(preconfigureServiceProperties).anyTimes(); + expect(preconfigureServiceInfo.getComponents()).andReturn(Collections.singletonList(preconfigureComponentInfo)).anyTimes(); + + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + expect(ambariMetaInfo.isValidService("HDP", "2.2", "PRECONFIGURE_SERVICE")).andReturn(true).anyTimes(); + expect(ambariMetaInfo.getService("HDP", "2.2", "PRECONFIGURE_SERVICE")).andReturn(preconfigureServiceInfo).anyTimes(); + } + final KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.getProperty("additional_realms")).andReturn(null).times(1); expect(kerberosDescriptor.getIdentities(eq(true), EasyMock.anyObject())).andReturn(null).times(1); expect(kerberosDescriptor.getAuthToLocalProperties()).andReturn(null).times(1); - expect(kerberosDescriptor.getService("SERVICE1")).andReturn(serviceDescriptor1).times(1); + expect(kerberosDescriptor.getServices()).andReturn(serviceDescriptorMap).times((includePreconfiguredServices) ? 2 : 1); + + final Cluster cluster = createMockCluster("c1", Collections.<Host>emptyList(), SecurityType.KERBEROS, null, null); + if (includePreconfiguredServices) { + expect(cluster.getServices()).andReturn(serviceMap).once(); + } Map<String, Set<String>> installedServices = Collections.singletonMap("SERVICE1", Collections.singleton("COMPONENT1")); @@ -1744,10 +1832,9 @@ public class KerberosHelperTest extends EasyMockSupport { // Needed by infrastructure injector.getInstance(AmbariMetaInfo.class).init(); - Map existingConfigs = new HashMap<>(); - existingConfigs.put("kerberos-env", new HashMap<String, String>()); - kerberosHelper.setAuthToLocalRules(kerberosDescriptor, "EXAMPLE.COM", installedServices, existingConfigs, kerberosConfigurations); + KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class); + kerberosHelper.setAuthToLocalRules(cluster, kerberosDescriptor, "EXAMPLE.COM", installedServices, existingConfigs, kerberosConfigurations, includePreconfiguredServices); verifyAll(); @@ -1755,59 +1842,250 @@ public class KerberosHelperTest extends EasyMockSupport { configs = kerberosConfigurations.get(""); assertNotNull(configs); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + - "DEFAULT", - configs.get("default")); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + - "DEFAULT", - configs.get("explicit_multiple_lines")); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\\\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\\\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\\\n" + - "DEFAULT", - configs.get("explicit_multiple_lines_escaped")); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/ " + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/ " + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/ " + - "DEFAULT", - configs.get("explicit_single_line")); + if (includePreconfiguredServices) { + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/\n" + + "DEFAULT", + configs.get("default")); + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/\n" + + "DEFAULT", + configs.get("explicit_multiple_lines")); + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/\\\n" + + "DEFAULT", + configs.get("explicit_multiple_lines_escaped")); + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/ " + + "DEFAULT", + configs.get("explicit_single_line")); + } else { + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "DEFAULT", + configs.get("default")); + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "DEFAULT", + configs.get("explicit_multiple_lines")); + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\\\n" + + "DEFAULT", + configs.get("explicit_multiple_lines_escaped")); + assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/ " + + "DEFAULT", + configs.get("explicit_single_line")); + } configs = kerberosConfigurations.get("service-site"); assertNotNull(configs); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + - "DEFAULT", - configs.get("default")); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + - "DEFAULT", - configs.get("explicit_multiple_lines")); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\\\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\\\n" + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\\\n" + - "DEFAULT", - configs.get("explicit_multiple_lines_escaped")); - assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/ " + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/ " + - "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/ " + - "DEFAULT", - configs.get("explicit_single_line")); + if (includePreconfiguredServices) { + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\n" + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/\n" + + "DEFAULT", + configs.get("default")); + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\n" + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/\n" + + "DEFAULT", + configs.get("explicit_multiple_lines")); + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\\\n" + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/\\\n" + + "DEFAULT", + configs.get("explicit_multiple_lines_escaped")); + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/ " + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal4_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal5_user/ " + + "DEFAULT", + configs.get("explicit_single_line")); + } else { + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\n" + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "DEFAULT", + configs.get("default")); + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\n" + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\n" + + "DEFAULT", + configs.get("explicit_multiple_lines")); + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/\\\n" + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/\\\n" + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/\\\n" + + "DEFAULT", + configs.get("explicit_multiple_lines_escaped")); + assertEquals("RULE:[1:$1@$0](service_s...@example.com)s/.*/service_user/ " + + "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal1_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal2_user/ " + + "RULE:[2:$1@$0](princip...@example.com)s/.*/principal3_user/ " + + "DEFAULT", + configs.get("explicit_single_line")); + } } + private PropertyInfo createMockPropertyInfo(String filename, String propertyName, String value) { + PropertyInfo propertyInfo = createMock(PropertyInfo.class); + expect(propertyInfo.getFilename()).andReturn(filename).anyTimes(); + expect(propertyInfo.getName()).andReturn(propertyName).anyTimes(); + expect(propertyInfo.getValue()).andReturn(value).anyTimes(); + return propertyInfo; + } + + @Test + public void testMergeConfigurationsForPreconfiguring() throws Exception { + Service existingService = createMockService("EXISTING_SERVICE", null); + + Set<String> serviceNames = new HashSet<>(); + serviceNames.add("EXISTING_SERVICE"); + serviceNames.add("PRECONFIGURE_SERVICE"); + + Map<String, Set<String>> hostMap = new HashMap<>(); + + Map<String, Service> services = new HashMap<>(); + + Cluster cluster = createMockCluster("c1", Collections.<Host>emptyList(), SecurityType.KERBEROS, null, null); + expect(cluster.getServices()).andReturn(services).times(2); + expect(cluster.getServiceComponentHostMap(null, serviceNames)).andReturn(hostMap).once(); + + KerberosDescriptor kerberosDescriptor = createKerberosDescriptor(); + + ComponentInfo preconfigureComponentInfo = createMock(ComponentInfo.class); + expect(preconfigureComponentInfo.getName()).andReturn("PRECONFIGURE_SERVICE_MASTER").once(); + + List<PropertyInfo> preconfigureServiceProperties = Collections.singletonList(createMockPropertyInfo("preconfigure-service-env.xml", "service_user", "preconfigure_user")); + + ServiceInfo preconfigureServiceInfo = createMock(ServiceInfo.class); + expect(preconfigureServiceInfo.getProperties()).andReturn(preconfigureServiceProperties).anyTimes(); + expect(preconfigureServiceInfo.getComponents()).andReturn(Collections.singletonList(preconfigureComponentInfo)).anyTimes(); + + AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class); + expect(ambariMetaInfo.isValidService("HDP", "2.2", "PRECONFIGURE_SERVICE")).andReturn(true).anyTimes(); + expect(ambariMetaInfo.getService("HDP", "2.2", "PRECONFIGURE_SERVICE")).andReturn(preconfigureServiceInfo).anyTimes(); + + Set<Map<String, String>> host1Components = new HashSet<>(); + host1Components.add(Collections.singletonMap("name", "EXISTING_SERVICE_MASTER")); + host1Components.add(Collections.singletonMap("name", "PRECONFIGURE_SERVICE_MASTER")); + + Set<Map<String, String>> host2Components = new HashSet<>(); + host2Components.add(Collections.singletonMap("name", "EXISTING_SERVICE_MASTER")); + + RecommendationResponse.HostGroup hostGroup1 = createMock(RecommendationResponse.HostGroup.class); + expect(hostGroup1.getName()).andReturn("host1").once(); + expect(hostGroup1.getComponents()).andReturn(host1Components).once(); + + RecommendationResponse.HostGroup hostGroup2 = createMock(RecommendationResponse.HostGroup.class); + expect(hostGroup2.getName()).andReturn("host2").once(); + expect(hostGroup2.getComponents()).andReturn(host2Components).once(); + + Set<RecommendationResponse.HostGroup> hostGroups = new HashSet<>(); + hostGroups.add(hostGroup1); + hostGroups.add(hostGroup2); + + RecommendationResponse.Blueprint blueprint = createMock(RecommendationResponse.Blueprint.class); + expect(blueprint.getHostGroups()).andReturn(hostGroups).once(); + + RecommendationResponse.BindingHostGroup bindHostGroup1 = createMock(RecommendationResponse.BindingHostGroup.class); + expect(bindHostGroup1.getName()).andReturn("host1").once(); + expect(bindHostGroup1.getHosts()).andReturn(Collections.singleton(Collections.singletonMap("fqdn", "host1"))).once(); + + RecommendationResponse.BindingHostGroup bindHostGroup2 = createMock(RecommendationResponse.BindingHostGroup.class); + expect(bindHostGroup2.getName()).andReturn("host2").once(); + expect(bindHostGroup2.getHosts()).andReturn(Collections.singleton(Collections.singletonMap("fqdn", "host2"))).once(); + + Set<RecommendationResponse.BindingHostGroup> bindingHostGroups = new HashSet<>(); + bindingHostGroups.add(bindHostGroup1); + bindingHostGroups.add(bindHostGroup2); + + RecommendationResponse.BlueprintClusterBinding binding = createMock(RecommendationResponse.BlueprintClusterBinding.class); + expect(binding.getHostGroups()).andReturn(bindingHostGroups).once(); + + RecommendationResponse.Recommendation recommendation = createMock(RecommendationResponse.Recommendation.class); + expect(recommendation.getBlueprint()).andReturn(blueprint).once(); + expect(recommendation.getBlueprintClusterBinding()).andReturn(binding).once(); + + RecommendationResponse response = createMock(RecommendationResponse.class); + expect(response.getRecommendations()).andReturn(recommendation).once(); + + StackAdvisorHelper stackAdvisorHelper = injector.getInstance(StackAdvisorHelper.class); + expect(stackAdvisorHelper.recommend(anyObject(StackAdvisorRequest.class))).andReturn(response).once(); + + replayAll(); + + services.put(existingService.getName(), existingService); + + Map<String, Map<String, String>> existingConfigurations = new HashMap<>(); + existingConfigurations.put("core-site", new HashMap<>(Collections.singletonMap("core-property1", "original_value"))); + existingConfigurations.put("hadoop-env", new HashMap<>(Collections.singletonMap("proxyuser_group", "hadoop"))); + + Map<String, Map<String, String>> replacements = new HashMap<>(existingConfigurations); + + // Needed by infrastructure + injector.getInstance(AmbariMetaInfo.class).init(); + + KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class); + + Map<String, Map<String, String>> configurations = kerberosHelper.processPreconfiguredServiceConfigurations(existingConfigurations, replacements, cluster, kerberosDescriptor); + + verifyAll(); + + Assert.assertNotNull(configurations); + Assert.assertEquals(2, configurations.size()); + Assert.assertNotNull(configurations.get("core-site")); + Assert.assertNotNull(configurations.get("hadoop-env")); + Assert.assertEquals("hadoop", configurations.get("core-site").get("hadoop.proxyuser.preconfigure_user.groups")); + Assert.assertEquals("host1", configurations.get("core-site").get("hadoop.proxyuser.preconfigure_user.hosts")); + + } @Test public void testGetServiceConfigurationUpdates() throws Exception { @@ -1821,10 +2099,10 @@ public class KerberosHelperTest extends EasyMockSupport { final Map<String, String> kerberosEnvProperties = new HashMap<String, String>() { { - put("kdc_type", "mit-kdc"); - put("realm", "FOOBAR.COM"); + put(KerberosHelper.KDC_TYPE, "mit-kdc"); + put(KerberosHelper.DEFAULT_REALM, "FOOBAR.COM"); put("case_insensitive_username_rules", "false"); - put("create_ambari_principal", "false"); + put(KerberosHelper.CREATE_AMBARI_PRINCIPAL, "false"); } }; @@ -1961,10 +2239,10 @@ public class KerberosHelperTest extends EasyMockSupport { { add(identityDescriptor1); } - } - ); - expect(serviceDescriptor1.getComponent("COMPONENT1A")).andReturn(componentDescriptor1a).times(4); - expect(serviceDescriptor1.getComponent("COMPONENT1B")).andReturn(componentDescriptor1b).times(4); + }, + false); + expect(serviceDescriptor1.getComponent("COMPONENT1A")).andReturn(componentDescriptor1a).times(2); + expect(serviceDescriptor1.getComponent("COMPONENT1B")).andReturn(componentDescriptor1b).times(2); final KerberosServiceDescriptor serviceDescriptor2 = createMockServiceDescriptor( "SERVICE2", @@ -1974,9 +2252,10 @@ public class KerberosHelperTest extends EasyMockSupport { put("COMPONENT2B", componentDescriptor2b); } }, - Collections.emptyList()); - expect(serviceDescriptor2.getComponent("COMPONENT2A")).andReturn(componentDescriptor2a).times(2); - expect(serviceDescriptor2.getComponent("COMPONENT2B")).andReturn(componentDescriptor2b).times(2); + Collections.<KerberosIdentityDescriptor>emptyList(), + false); + expect(serviceDescriptor2.getComponent("COMPONENT2A")).andReturn(componentDescriptor2a).times(1); + expect(serviceDescriptor2.getComponent("COMPONENT2B")).andReturn(componentDescriptor2b).times(1); final KerberosServiceDescriptor serviceDescriptor3 = createMockServiceDescriptor( "SERVICE3", @@ -1985,17 +2264,23 @@ public class KerberosHelperTest extends EasyMockSupport { put("COMPONENT3A", componentDescriptor3a); } }, - Collections.emptyList()); - expect(serviceDescriptor3.getComponent("COMPONENT3A")).andReturn(componentDescriptor3a).times(4); + Collections.<KerberosIdentityDescriptor>emptyList(), false); + expect(serviceDescriptor3.getComponent("COMPONENT3A")).andReturn(componentDescriptor3a).times(2); + + Map<String, KerberosServiceDescriptor> serviceDescriptorMap = new HashMap<>(); + serviceDescriptorMap.put("SERVICE1", serviceDescriptor1); + serviceDescriptorMap.put("SERVICE2", serviceDescriptor2); + serviceDescriptorMap.put("SERVICE3", serviceDescriptor3); final Map<String, String> kerberosDescriptorProperties = new HashMap<>(); - kerberosDescriptorProperties.put("realm", "${kerberos-env/realm}"); + kerberosDescriptorProperties.put(KerberosHelper.DEFAULT_REALM, "${kerberos-env/realm}"); final KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.getProperties()).andReturn(kerberosDescriptorProperties).atLeastOnce(); expect(kerberosDescriptor.getService("SERVICE1")).andReturn(serviceDescriptor1).atLeastOnce(); expect(kerberosDescriptor.getService("SERVICE2")).andReturn(serviceDescriptor2).atLeastOnce(); expect(kerberosDescriptor.getService("SERVICE3")).andReturn(serviceDescriptor3).atLeastOnce(); + expect(kerberosDescriptor.getServices()).andReturn(serviceDescriptorMap).atLeastOnce(); expect(kerberosDescriptor.getProperty("additional_realms")).andReturn(null).atLeastOnce(); expect(kerberosDescriptor.getIdentities(eq(true), EasyMock.anyObject())).andReturn(null).atLeastOnce(); expect(kerberosDescriptor.getAuthToLocalProperties()).andReturn(Collections.singleton("core-site/auth.to.local")).atLeastOnce(); @@ -2096,9 +2381,6 @@ public class KerberosHelperTest extends EasyMockSupport { final Cluster cluster = createMockCluster("c1", hosts, SecurityType.KERBEROS, krb5ConfConfig, kerberosEnvConfig); expect(cluster.getServices()).andReturn(services).anyTimes(); - expect(cluster.getService("SERVICE1")).andReturn(service1).atLeastOnce(); - expect(cluster.getService("SERVICE2")).andReturn(service2).atLeastOnce(); - expect(cluster.getService("SERVICE3")).andReturn(service3).atLeastOnce(); expect(cluster.getServiceComponentHostMap(EasyMock.anyObject(), EasyMock.anyObject())).andReturn(serviceComponentHostMap).anyTimes(); final Map<String, Map<String, String>> existingConfigurations = new HashMap<String, Map<String, String>>() { @@ -2225,10 +2507,10 @@ public class KerberosHelperTest extends EasyMockSupport { { put("kerberos-env", new HashMap<String, String>() { { - put("kdc_type", "mit-kdc"); - put("realm", "FOOBAR.COM"); + put(KerberosHelper.KDC_TYPE, "mit-kdc"); + put(KerberosHelper.DEFAULT_REALM, "FOOBAR.COM"); put("case_insensitive_username_rules", "false"); - put("create_ambari_principal", "false"); + put(KerberosHelper.CREATE_AMBARI_PRINCIPAL, "false"); } }); put("", new HashMap<String, String>() { @@ -2284,12 +2566,11 @@ public class KerberosHelperTest extends EasyMockSupport { KerberosPrincipalType ambariServerPrincipalType; String ambariServerPrincipalNameExpected; - if(ambariServerPrincipalAsService) { + if (ambariServerPrincipalAsService) { ambariServerPrincipalName = "ambari-server${principal_suffix}/_HOST@${realm}"; ambariServerPrincipalType = KerberosPrincipalType.SERVICE; ambariServerPrincipalNameExpected = String.format("ambari-server-%s/%s@%s", clusterName, ambariServerHostname, realm); - } - else { + } else { ambariServerPrincipalName = "ambari-server${principal_suffix}@${realm}"; ambariServerPrincipalType = KerberosPrincipalType.USER; ambariServerPrincipalNameExpected = String.format("ambari-server-%s@%s", clusterName, realm); @@ -2298,15 +2579,15 @@ public class KerberosHelperTest extends EasyMockSupport { Map<String, String> propertiesKrb5Conf = new HashMap<>(); Map<String, String> propertiesKerberosEnv = new HashMap<>(); - propertiesKerberosEnv.put("realm", realm); - propertiesKerberosEnv.put("kdc_type", "mit-kdc"); + propertiesKerberosEnv.put(KerberosHelper.DEFAULT_REALM, realm); + propertiesKerberosEnv.put(KerberosHelper.KDC_TYPE, "mit-kdc"); propertiesKerberosEnv.put("password_length", "20"); propertiesKerberosEnv.put("password_min_lowercase_letters", "1"); propertiesKerberosEnv.put("password_min_uppercase_letters", "1"); propertiesKerberosEnv.put("password_min_digits", "1"); propertiesKerberosEnv.put("password_min_punctuation", "0"); propertiesKerberosEnv.put("password_min_whitespace", "0"); - propertiesKerberosEnv.put("create_ambari_principal", (createAmbariIdentities) ? "true" : "false"); + propertiesKerberosEnv.put(KerberosHelper.CREATE_AMBARI_PRINCIPAL, (createAmbariIdentities) ? "true" : "false"); Config configKrb5Conf = createMock(Config.class); expect(configKrb5Conf.getProperties()).andReturn(propertiesKrb5Conf).times(1); @@ -2343,7 +2624,7 @@ public class KerberosHelperTest extends EasyMockSupport { Map<String, String> kerberosDescriptorProperties = new HashMap<>(); kerberosDescriptorProperties.put("additional_realms", ""); kerberosDescriptorProperties.put("keytab_dir", "/etc/security/keytabs"); - kerberosDescriptorProperties.put("realm", "${kerberos-env/realm}"); + kerberosDescriptorProperties.put(KerberosHelper.DEFAULT_REALM, "${kerberos-env/realm}"); kerberosDescriptorProperties.put("principal_suffix", "-${cluster_name|toLower()}"); ArrayList<KerberosIdentityDescriptor> service1Component1Identities = new ArrayList<>(); @@ -2373,7 +2654,7 @@ public class KerberosHelperTest extends EasyMockSupport { createMockKeytabDescriptor("s1.service.keytab", null) )); - KerberosServiceDescriptor service1KerberosDescriptor = createMockServiceDescriptor("SERVICE1", service1ComponentDescriptorMap, service1Identities); + KerberosServiceDescriptor service1KerberosDescriptor = createMockServiceDescriptor("SERVICE1", service1ComponentDescriptorMap, service1Identities, false); ArrayList<KerberosIdentityDescriptor> service2Component1Identities = new ArrayList<>(); service2Component1Identities.add(createMockIdentityDescriptor( @@ -2390,7 +2671,7 @@ public class KerberosHelperTest extends EasyMockSupport { HashMap<String, KerberosComponentDescriptor> service2ComponentDescriptorMap = new HashMap<>(); service2ComponentDescriptorMap.put("COMPONENT21", createMockComponentDescriptor("COMPONENT21", service2Component1Identities, null)); - KerberosServiceDescriptor service2KerberosDescriptor = createMockServiceDescriptor("SERVICE2", service2ComponentDescriptorMap, null); + KerberosServiceDescriptor service2KerberosDescriptor = createMockServiceDescriptor("SERVICE2", service2ComponentDescriptorMap, null, false); KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.getProperties()).andReturn(kerberosDescriptorProperties); @@ -2416,7 +2697,7 @@ public class KerberosHelperTest extends EasyMockSupport { HashMap<String, KerberosComponentDescriptor> ambariServerComponentDescriptorMap = new HashMap<>(); ambariServerComponentDescriptorMap.put("AMBARI_SERVER", ambariServerComponentKerberosDescriptor); - KerberosServiceDescriptor ambariServiceKerberosDescriptor = createMockServiceDescriptor("AMBARI", ambariServerComponentDescriptorMap, null); + KerberosServiceDescriptor ambariServiceKerberosDescriptor = createMockServiceDescriptor("AMBARI", ambariServerComponentDescriptorMap, null, false); expect(ambariServiceKerberosDescriptor.getComponent("AMBARI_SERVER")).andReturn(ambariServerComponentKerberosDescriptor).once(); expect(kerberosDescriptor.getService("AMBARI")).andReturn(ambariServiceKerberosDescriptor).once(); @@ -2455,7 +2736,7 @@ public class KerberosHelperTest extends EasyMockSupport { .andReturn(new CreatePrincipalsServerAction.CreatePrincipalResult("anything", "password", 1)) .times(3); - if(createAmbariIdentities) { + if (createAmbariIdentities) { if (ambariServerPrincipalAsService) { expect(createPrincipalsServerAction.createPrincipal(capture(capturePrincipal), eq(true), EasyMock.anyObject(), anyObject(KerberosOperationHandler.class), eq(false), isNull(ActionLog.class))) .andReturn(new CreatePrincipalsServerAction.CreatePrincipalResult("anything", "password", 1)) @@ -2501,7 +2782,7 @@ public class KerberosHelperTest extends EasyMockSupport { assertTrue(capturedPrincipalsForKeytab.contains("s1c...@example.com")); assertTrue(capturedPrincipalsForKeytab.contains("s...@example.com")); - if(createAmbariIdentities) { + if (createAmbariIdentities) { String spnegoPrincipalName = String.format("HTTP/%s...@example.com", ambariServerHostname); assertTrue(capturedPrincipals.contains(ambariServerPrincipalNameExpected)); @@ -2520,9 +2801,9 @@ public class KerberosHelperTest extends EasyMockSupport { Map<String, String> propertiesKrb5Conf = new HashMap<>(); Map<String, String> propertiesKerberosEnv = new HashMap<>(); - propertiesKerberosEnv.put("realm", "EXAMPLE.COM"); - propertiesKerberosEnv.put("kdc_type", "mit-kdc"); - propertiesKerberosEnv.put("create_ambari_principal", "false"); + propertiesKerberosEnv.put(KerberosHelper.DEFAULT_REALM, "EXAMPLE.COM"); + propertiesKerberosEnv.put(KerberosHelper.KDC_TYPE, "mit-kdc"); + propertiesKerberosEnv.put(KerberosHelper.CREATE_AMBARI_PRINCIPAL, "false"); Config configKrb5Conf = createMock(Config.class); expect(configKrb5Conf.getProperties()).andReturn(propertiesKrb5Conf).times(1); @@ -2544,19 +2825,19 @@ public class KerberosHelperTest extends EasyMockSupport { Map<String, Service> servicesMap = new HashMap<>(); servicesMap.put("SERVICE1", service1); - Cluster cluster = createMockCluster("c1", Arrays.asList(host1), SecurityType.KERBEROS, configKrb5Conf, configKerberosEnv); + Cluster cluster = createMockCluster("c1", Collections.singletonList(host1), SecurityType.KERBEROS, configKrb5Conf, configKerberosEnv); expect(cluster.getServices()).andReturn(servicesMap).anyTimes(); Map<String, String> kerberosDescriptorProperties = new HashMap<>(); kerberosDescriptorProperties.put("additional_realms", ""); kerberosDescriptorProperties.put("keytab_dir", "/etc/security/keytabs"); - kerberosDescriptorProperties.put("realm", "${kerberos-env/realm}"); + kerberosDescriptorProperties.put(KerberosHelper.DEFAULT_REALM, "${kerberos-env/realm}"); // Notice that this map is empty, hence it has 0 Components in the kerberosDescriptor. HashMap<String, KerberosComponentDescriptor> service1ComponentDescriptorMap = new HashMap<>(); List<KerberosIdentityDescriptor> service1Identities = new ArrayList<>(); - KerberosServiceDescriptor service1KerberosDescriptor = createMockServiceDescriptor("SERVICE1", service1ComponentDescriptorMap, service1Identities); + KerberosServiceDescriptor service1KerberosDescriptor = createMockServiceDescriptor("SERVICE1", service1ComponentDescriptorMap, service1Identities, false); KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.getProperties()).andReturn(kerberosDescriptorProperties); @@ -2628,8 +2909,10 @@ public class KerberosHelperTest extends EasyMockSupport { private void setupKerberosDescriptor(KerberosDescriptor kerberosDescriptor) throws Exception { // cluster.getCurrentStackVersion expectation is already specified in main test method - expect(metaInfo.getKerberosDescriptor("HDP", "2.2")).andReturn(kerberosDescriptor).anyTimes(); - expect(kerberosDescriptor.principals()).andReturn(Collections.emptyMap()).anyTimes(); + AmbariMetaInfo metaInfo = injector.getInstance(AmbariMetaInfo.class); + expect(metaInfo. + getKerberosDescriptor("HDP", "2.2", false)).andReturn(kerberosDescriptor).anyTimes(); + expect(kerberosDescriptor.principals()).andReturn(Collections.<String, String>emptyMap()).anyTimes(); } private void setupStageFactory() { @@ -2736,8 +3019,8 @@ public class KerberosHelperTest extends EasyMockSupport { .anyTimes(); final Map<String, String> kerberosEnvProperties = createMock(Map.class); - expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes(); - expect(kerberosEnvProperties.get("realm")).andReturn("FOOBAR.COM").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.KDC_TYPE)).andReturn("mit-kdc").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.DEFAULT_REALM)).andReturn("FOOBAR.COM").anyTimes(); final Config kerberosEnvConfig = createMock(Config.class); expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).anyTimes(); @@ -2759,40 +3042,34 @@ public class KerberosHelperTest extends EasyMockSupport { }) .anyTimes(); - if ((filteredHosts == null) || filteredHosts.contains("hostA")) { - expect(cluster.getServiceComponentHosts("hostA")) - .andReturn(new ArrayList<ServiceComponentHost>() { - { - add(sch1A); - add(sch2); - add(sch3); - add(schKerberosClientA); - } - }) - .once(); - } + expect(cluster.getServiceComponentHosts("hostA")) + .andReturn(new ArrayList<ServiceComponentHost>() { + { + add(sch1A); + add(sch2); + add(sch3); + add(schKerberosClientA); + } + }) + .once(); - if ((filteredHosts == null) || filteredHosts.contains("hostB")) { - expect(cluster.getServiceComponentHosts("hostB")) - .andReturn(new ArrayList<ServiceComponentHost>() { - { - add(sch1B); - add(schKerberosClientB); - } - }) - .once(); - } + expect(cluster.getServiceComponentHosts("hostB")) + .andReturn(new ArrayList<ServiceComponentHost>() { + { + add(sch1B); + add(schKerberosClientB); + } + }) + .once(); - if ((filteredHosts == null) || filteredHosts.contains("hostC")) { - expect(cluster.getServiceComponentHosts("hostC")) - .andReturn(new ArrayList<ServiceComponentHost>() { - { - add(sch1C); - add(schKerberosClientC); - } - }) - .once(); - } + expect(cluster.getServiceComponentHosts("hostC")) + .andReturn(new ArrayList<ServiceComponentHost>() { + { + add(sch1C); + add(schKerberosClientC); + } + }) + .once(); expect(cluster.getServiceComponentHosts("KERBEROS", "KERBEROS_CLIENT")) .andReturn(new ArrayList<ServiceComponentHost>() { @@ -3002,8 +3279,8 @@ public class KerberosHelperTest extends EasyMockSupport { .anyTimes(); final Map<String, String> kerberosEnvProperties = createMock(Map.class); - expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes(); - expect(kerberosEnvProperties.get("realm")).andReturn("FOOBAR.COM").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.KDC_TYPE)).andReturn("mit-kdc").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.DEFAULT_REALM)).andReturn("FOOBAR.COM").anyTimes(); final Config kerberosEnvConfig = createMock(Config.class); expect(kerberosEnvConfig.getProperties()).andReturn(kerberosEnvProperties).anyTimes(); @@ -3155,8 +3432,8 @@ public class KerberosHelperTest extends EasyMockSupport { boolean managingIdentities = !Boolean.FALSE.equals(manageIdentities); final Map<String, String> kerberosEnvProperties = new HashMap<>(); - kerberosEnvProperties.put("kdc_type", "mit-kdc"); - kerberosEnvProperties.put("realm", "FOOBAR.COM"); + kerberosEnvProperties.put(KerberosHelper.KDC_TYPE, "mit-kdc"); + kerberosEnvProperties.put(KerberosHelper.DEFAULT_REALM, "FOOBAR.COM"); kerberosEnvProperties.put("manage_identities", "FOOBAR.COM"); kerberosEnvProperties.put("manage_identities", (manageIdentities == null) @@ -3399,8 +3676,8 @@ public class KerberosHelperTest extends EasyMockSupport { .anyTimes(); final Map<String, String> kerberosEnvProperties = createMock(Map.class); - expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes(); - expect(kerberosEnvProperties.get("realm")).andReturn("FOOBAR.COM").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.KDC_TYPE)).andReturn("mit-kdc").anyTimes(); + expect(kerberosEnvProperties.get(KerberosHelper.DEFAULT_REALM)).andReturn("FOOBAR.COM").anyTimes(); expect(kerberosEnvProperties.get("manage_identities")).andReturn(null).anyTimes(); final Config kerberosEnvConfig = createMock(Config.class); @@ -3608,10 +3885,10 @@ public class KerberosHelperTest extends EasyMockSupport { final Map<String, String> kerberosEnvProperties = new HashMap<String, String>() { { - put("kdc_type", "mit-kdc"); - put("realm", "FOOBAR.COM"); + put(KerberosHelper.KDC_TYPE, "mit-kdc"); + put(KerberosHelper.DEFAULT_REALM, "FOOBAR.COM"); put("case_insensitive_username_rules", "false"); - put("create_ambari_principal", "false"); + put(KerberosHelper.CREATE_AMBARI_PRINCIPAL, "false"); } }; @@ -3765,7 +4042,7 @@ public class KerberosHelperTest extends EasyMockSupport { final KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class); expect(kerberosDescriptor.getProperties()).andReturn(new HashMap<String, String>() { { - put("realm", "EXAMPLE.COM"); + put(KerberosHelper.DEFAULT_REALM, "EXAMPLE.COM"); } }).anyTimes(); expect(kerberosDescriptor.getService("KERBEROS")).andReturn(null).anyTimes(); @@ -3777,7 +4054,7 @@ public class KerberosHelperTest extends EasyMockSupport { replayAll(); // Needed by infrastructure - metaInfo.init(); + injector.getInstance(AmbariMetaInfo.class).init(); Map<String, Collection<KerberosIdentityDescriptor>> identities; identities = kerberosHelper.getActiveIdentities(clusterName, hostName, serviceName, componentName, replaceHostNames); @@ -3818,7 +4095,7 @@ public class KerberosHelperTest extends EasyMockSupport { KerberosComponentDescriptor componentDescrptor = createMockComponentDescriptor("AMBARI_SERVER", ambarServerComponent1Identities, null); ambariServerComponentDescriptorMap.put("AMBARI_SERVER", componentDescrptor); - KerberosServiceDescriptor ambariServiceKerberosDescriptor = createMockServiceDescriptor("AMBARI", ambariServerComponentDescriptorMap, null); + KerberosServiceDescriptor ambariServiceKerberosDescriptor = createMockServiceDescriptor("AMBARI", ambariServerComponentDescriptorMap, null, false); expect(ambariServiceKerberosDescriptor.getComponent("AMBARI_SERVER")).andReturn(componentDescrptor).once(); expect(kerberosDescriptor.getService("AMBARI")).andReturn(ambariServiceKerberosDescriptor).once(); @@ -3861,7 +4138,8 @@ public class KerberosHelperTest extends EasyMockSupport { } private KerberosPrincipalDescriptor createMockPrincipalDescriptor(String value, - KerberosPrincipalType type, String localUsername, + KerberosPrincipalType type, + String localUsername, String configuration) { KerberosPrincipalDescriptor descriptor = createMock(KerberosPrincipalDescriptor.class); expect(descriptor.getValue()).andReturn(value).anyTimes(); @@ -3873,13 +4151,15 @@ public class KerberosHelperTest extends EasyMockSupport { private KerberosServiceDescriptor createMockServiceDescriptor(String serviceName, HashMap<String, KerberosComponentDescriptor> componentMap, - List<KerberosIdentityDescriptor> identities) + List<KerberosIdentityDescriptor> identities, + boolean shouldPreconfigure) throws AmbariException { KerberosServiceDescriptor descriptor = createMock(KerberosServiceDescriptor.class); expect(descriptor.getName()).andReturn(serviceName).anyTimes(); expect(descriptor.getComponents()).andReturn(componentMap).anyTimes(); expect(descriptor.getIdentities(eq(true), EasyMock.anyObject())).andReturn(identities).anyTimes(); expect(descriptor.getAuthToLocalProperties()).andReturn(null).anyTimes(); + expect(descriptor.shouldPreconfigure()).andReturn(shouldPreconfigure).anyTimes(); return descriptor; } @@ -3894,7 +4174,7 @@ public class KerberosHelperTest extends EasyMockSupport { } private KerberosComponentDescriptor createMockComponentDescriptor(String componentName, - ArrayList<KerberosIdentityDescriptor> identities, + List<KerberosIdentityDescriptor> identities, Map<String, KerberosConfigurationDescriptor> configurations) throws AmbariException { KerberosComponentDescriptor descriptor = createMock(KerberosComponentDescriptor.class); @@ -3953,4 +4233,101 @@ public class KerberosHelperTest extends EasyMockSupport { return cluster; } + private KerberosDescriptor createKerberosDescriptor() throws AmbariException { + String json = "{" + + " \"services\": [" + + " {" + + " \"name\": \"EXISTING_SERVICE\"," + + " \"components\": [" + + " {" + + " \"name\": \"EXISTING_SERVICE_MASTER\"," + + " \"identities\": [" + + " {" + + " \"name\": \"existing_service_principal\"," + + " \"principal\": {" + + " \"value\": \"${existing-service-env/service_user}/_HOST@${realm}\"," + + " \"type\": \"service\"," + + " \"configuration\": \"existing-service-env/service_principal_name\"," + + " \"local_username\": \"${existing-service-env/service_user}\"" + + " }," + + " \"keytab\": {" + + " \"file\": \"${keytab_dir}/existing_service.service.keytab\"," + + " \"owner\": {" + + " \"name\": \"${existing-service-env/service_user}\"," + + " \"access\": \"r\"" + + " }," + + " \"group\": {" + + " \"name\": \"${cluster-env/user_group}\"," + + " \"access\": \"\"" + + " }," + + " \"configuration\": \"existing-service-env/service_keytab_path\"" + + " }" + + " }" + + " ]," + + " \"configurations\": [" + + " {" + + " \"existing-service-site\": {" + + " \"kerberos.secured\": \"true\"" + + " }" + + " }," + + " {" + + " \"core-site\": {" + + " \"hadoop.proxyuser.${existing-service-env/service_user}.groups\": \"${hadoop-env/proxyuser_group}\"," + + " \"hadoop.proxyuser.${existing-service-env/service_user}.hosts\": \"${clusterHostInfo/existing_service_master_hosts}\"" + + " }" + + " }" + + " ]" + + " }" + + " ]" + + " }," + + " {" + + " \"name\": \"PRECONFIGURE_SERVICE\"," + + " \"preconfigure\": true," + + " \"components\": [" + + " {" + + " \"name\": \"PRECONFIGURE_SERVICE_MASTER\"," + + " \"identities\": [" + + " {" + + " \"name\": \"preconfigure_service_principal\"," + + " \"principal\": {" + + " \"value\": \"${preconfigure-service-env/service_user}/_HOST@${realm}\"," + + " \"type\": \"service\"," + + " \"configuration\": \"preconfigure-service-env/service_principal_name\"," + + " \"local_username\": \"${preconfigure-service-env/service_user}\"" + + " }," + + " \"keytab\": {" + + " \"file\": \"${keytab_dir}/preconfigure_service.service.keytab\"," + + " \"owner\": {" + + " \"name\": \"${preconfigure-service-env/service_user}\"," + + " \"access\": \"r\"" + + " }," + + " \"group\": {" + + " \"name\": \"${cluster-env/user_group}\"," + + " \"access\": \"\"" + + " }," + + " \"configuration\": \"preconfigure-service-env/service_keytab_path\"" + + " }" + + " }" + + " ]," + + " \"configurations\": [" + + " {" + + " \"preconfigure-service-site\": {" + + " \"kerberos.secured\": \"true\"" + + " }" + + " }," + + " {" + + " \"core-site\": {" + + " \"hadoop.proxyuser.${preconfigure-service-env/service_user}.groups\": \"${hadoop-env/proxyuser_group}\"," + + " \"hadoop.proxyuser.${preconfigure-service-env/service_user}.hosts\": \"${clusterHostInfo/preconfigure_service_master_hosts}\"" + + " }" + + " }" + + " ]" + + " }" + + " ]" + + " }" + + " ]" + + "}"; + + return new KerberosDescriptorFactory().createInstance(json); + } }
http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java index e512b66..734dd7e 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java @@ -252,7 +252,7 @@ public class BlueprintConfigurationProcessorTest extends EasyMockSupport { expect(clusters.getCluster("clusterName")).andReturn(cluster).anyTimes(); expect(controller.getKerberosHelper()).andReturn(kerberosHelper).anyTimes(); expect(controller.getClusters()).andReturn(clusters).anyTimes(); - expect(kerberosHelper.getKerberosDescriptor(cluster)).andReturn(kerberosDescriptor).anyTimes(); + expect(kerberosHelper.getKerberosDescriptor(cluster, false)).andReturn(kerberosDescriptor).anyTimes(); Set<String> properties = new HashSet<>(); properties.add("core-site/hadoop.security.auth_to_local"); expect(kerberosDescriptor.getAllAuthToLocalProperties()).andReturn(properties).anyTimes(); http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java index f6fc59d..ac28475 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java @@ -358,11 +358,11 @@ public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSuppo compositeKerberosDescriptor.update(userKerberosDescriptor); KerberosHelper kerberosHelper = createMock(KerberosHelper.class); - expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.STACK), eq(cluster), eq(false), anyObject(Collection.class))) + expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.STACK), eq(cluster), eq(false), anyObject(Collection.class), eq(false))) .andReturn(stackKerberosDescriptor).atLeastOnce(); - expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.USER), eq(cluster), eq(false), anyObject(Collection.class))) + expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.USER), eq(cluster), eq(false), anyObject(Collection.class), eq(false))) .andReturn(userKerberosDescriptor).atLeastOnce(); - expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.COMPOSITE), eq(cluster), eq(false), anyObject(Collection.class))) + expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.COMPOSITE), eq(cluster), eq(false), anyObject(Collection.class), eq(false))) .andReturn(compositeKerberosDescriptor).atLeastOnce(); AmbariManagementController managementController = createMock(AmbariManagementController.class); @@ -472,11 +472,11 @@ public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSuppo Capture<? extends Collection<String>> captureAdditionalServices = newCapture(CaptureType.ALL); KerberosHelper kerberosHelper = createMock(KerberosHelper.class); - expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.STACK), eq(cluster), eq(true), capture(captureAdditionalServices))) + expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.STACK), eq(cluster), eq(true), capture(captureAdditionalServices), eq(false))) .andReturn(stackKerberosDescriptor).atLeastOnce(); - expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.USER), eq(cluster), eq(true), capture(captureAdditionalServices))) + expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.USER), eq(cluster), eq(true), capture(captureAdditionalServices), eq(false))) .andReturn(userKerberosDescriptor).atLeastOnce(); - expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.COMPOSITE), eq(cluster), eq(true), capture(captureAdditionalServices))) + expect(kerberosHelper.getKerberosDescriptor(eq(KerberosHelper.KerberosDescriptorType.COMPOSITE), eq(cluster), eq(true), capture(captureAdditionalServices), eq(false))) .andReturn(compositeKerberosDescriptor).atLeastOnce(); AmbariManagementController managementController = createMock(AmbariManagementController.class); @@ -605,7 +605,7 @@ public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSuppo expect(kerberosDescriptor.toMap()).andReturn(STACK_MAP).atLeastOnce(); AmbariMetaInfo metaInfo = createMock(AmbariMetaInfo.class); - expect(metaInfo.getKerberosDescriptor("stackName", "stackVersion")).andReturn(kerberosDescriptor).atLeastOnce(); + expect(metaInfo.getKerberosDescriptor("stackName", "stackVersion", false)).andReturn(kerberosDescriptor).atLeastOnce(); AmbariManagementController managementController = createMock(AmbariManagementController.class); expect(managementController.getClusters()).andReturn(clusters).atLeastOnce(); http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java index 027f339..663934f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/utilities/KerberosIdentityCleanerTest.java @@ -278,7 +278,7 @@ public class KerberosIdentityCleanerTest extends EasyMockSupport { "}"); expect(clusters.getCluster(CLUSTER_ID)).andReturn(cluster).anyTimes(); expect(cluster.getSecurityType()).andReturn(SecurityType.KERBEROS).anyTimes(); - expect(kerberosHelper.getKerberosDescriptor(cluster)).andReturn(kerberosDescriptor).anyTimes(); + expect(kerberosHelper.getKerberosDescriptor(cluster, false)).andReturn(kerberosDescriptor).anyTimes(); expect(cluster.getServices()).andReturn(installedServices).anyTimes(); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeUserKerberosDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeUserKerberosDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeUserKerberosDescriptorTest.java index 86f6d3b..59a8a4c 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeUserKerberosDescriptorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeUserKerberosDescriptorTest.java @@ -139,8 +139,8 @@ public class UpgradeUserKerberosDescriptorTest { PowerMockito.mockStatic(KerberosDescriptorUpdateHelper.class); PowerMockito.when(KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(previousDescriptor, newDescriptor, userDescriptor)).thenReturn(updatedKerberosDescriptor); expect(kerberosDescriptorFactory.createInstance((Map)null)).andReturn(userDescriptor).atLeastOnce(); - expect(ambariMetaInfo.getKerberosDescriptor("HDP","2.5")).andReturn(newDescriptor).atLeastOnce(); - expect(ambariMetaInfo.getKerberosDescriptor("HDP","2.4")).andReturn(previousDescriptor).atLeastOnce(); + expect(ambariMetaInfo.getKerberosDescriptor("HDP","2.5", false)).andReturn(newDescriptor).atLeastOnce(); + expect(ambariMetaInfo.getKerberosDescriptor("HDP","2.4",false)).andReturn(previousDescriptor).atLeastOnce(); expect(updatedKerberosDescriptor.toMap()).andReturn(null).once(); @@ -224,7 +224,7 @@ public class UpgradeUserKerberosDescriptorTest { } catch( NoSuchFieldException noSuchFieldException ){ Field clustersField = UpgradeUserKerberosDescriptor.class.getSuperclass().getDeclaredField(fieldName); clustersField.setAccessible(true); - fields.put(fieldName, clustersField); + fields.put(fieldName, clustersField); } } } http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java b/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java index 311d400..dbdd043 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/stack/ServiceModuleTest.java @@ -40,7 +40,6 @@ import java.util.Map; import java.util.Set; import org.apache.ambari.server.AmbariException; -import org.apache.ambari.server.api.services.AmbariMetaInfo; import org.apache.ambari.server.state.CommandScriptDefinition; import org.apache.ambari.server.state.ComponentInfo; import org.apache.ambari.server.state.CredentialStoreInfo; @@ -1268,7 +1267,7 @@ public class ServiceModuleTest { ServiceDirectory serviceDirectory = createNiceMock(ServiceDirectory.class); - expect(serviceDirectory.getConfigurationDirectory(dir, AmbariMetaInfo.SERVICE_PROPERTIES_FOLDER_NAME)).andReturn(configDir).anyTimes(); + expect(serviceDirectory.getConfigurationDirectory(dir, StackDirectory.SERVICE_PROPERTIES_FOLDER_NAME)).andReturn(configDir).anyTimes(); expect(serviceDirectory.getMetricsFile(anyObject(String.class))).andReturn(new File("testMetricsFile")).anyTimes(); expect(serviceDirectory.getWidgetsDescriptorFile(anyObject(String.class))).andReturn(new File("testWidgetsFile")).anyTimes(); expect(serviceDirectory.getAlertsFile()).andReturn(new File("testAlertsFile")).anyTimes(); http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java index 37cfad9..44812de 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorUpdateHelperTest.java @@ -100,8 +100,8 @@ public class KerberosDescriptorUpdateHelperTest extends EasyMockSupport { injector.injectMembers(metaInfo); metaInfo.init(); - KerberosDescriptor hdp24 = metaInfo.getKerberosDescriptor("HDP", "2.4"); - KerberosDescriptor hdp25 = metaInfo.getKerberosDescriptor("HDP", "2.5"); + KerberosDescriptor hdp24 = metaInfo.getKerberosDescriptor("HDP", "2.4", false); + KerberosDescriptor hdp25 = metaInfo.getKerberosDescriptor("HDP", "2.5", false); KerberosDescriptor user = new KerberosDescriptor(hdp24.toMap()); KerberosDescriptor updated = KerberosDescriptorUpdateHelper.updateUserKerberosDescriptor(hdp24, hdp25, user); http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java index 064e1cc..e4d3c90 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java @@ -42,6 +42,7 @@ public class KerberosServiceDescriptorTest { public static final String JSON_VALUE = "{" + " \"name\": \"SERVICE_NAME\"," + + " \"preconfigure\": \"true\"," + " \"identities\": [" + KerberosIdentityDescriptorTest.JSON_VALUE + "]," + @@ -66,6 +67,7 @@ public class KerberosServiceDescriptorTest { "\"services\" : [" + "{" + " \"name\": \"SERVICE_NAME\"," + + " \"preconfigure\": \"true\"," + " \"identities\": [" + KerberosIdentityDescriptorTest.JSON_VALUE + "]," + http://git-wip-us.apache.org/repos/asf/ambari/blob/4bce5782/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos_preconfigure.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos_preconfigure.json b/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos_preconfigure.json new file mode 100644 index 0000000..27379df --- /dev/null +++ b/ambari-server/src/test/resources/stacks/HDP/2.0.8/kerberos_preconfigure.json @@ -0,0 +1,23 @@ +{ + "services": [ + { + "name": "HDFS" + }, + { + "name": "NEW_SERVICE", + "preconfigure" : true, + "configurations": { + }, + "identities": [ + { + "name": "new_service", + "principal": { + "value": "ns/_HOST@${realm}", + "type": "service", + "local_username": "new_service" + } + } + ] + } + ] +}