AMBARI-21910 Ranger Usersync config to support nested group evaluation for LDAP Sync source property (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ea892443 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ea892443 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ea892443 Branch: refs/heads/branch-3.0-ams Commit: ea892443513fa730dad2ef3af06069ef618e0225 Parents: f067ec8 Author: Mugdha Varadkar <mug...@apache.org> Authored: Fri Sep 22 18:03:25 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Fri Sep 22 18:14:00 2017 +0530 ---------------------------------------------------------------------- .../RangerUsersyncConfigCalculation.java | 96 ++++++++++++++ .../RANGER/0.7.0/configuration/ranger-env.xml | 23 ++++ .../0.7.0/configuration/ranger-ugsync-site.xml | 7 ++ .../RANGER/0.7.0/themes/theme_version_5.json | 40 ++++++ .../1.0.0.3.0/configuration/ranger-env.xml | 23 ++++ .../configuration/ranger-ugsync-site.xml | 7 ++ .../1.0.0.3.0/themes/theme_version_1.json | 40 ++++++ .../HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml | 7 ++ .../stacks/HDP/2.6/upgrades/upgrade-2.6.xml | 8 ++ .../RangerUsersyncConfigCalculationTest.java | 126 +++++++++++++++++++ 10 files changed, 377 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java new file mode 100644 index 0000000..3573748 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculation.java @@ -0,0 +1,96 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.upgrades; + +import java.text.MessageFormat; +import java.util.Map; +import java.util.concurrent.ConcurrentMap; + +import org.apache.ambari.server.AmbariException; +import org.apache.ambari.server.actionmanager.HostRoleStatus; +import org.apache.ambari.server.agent.CommandReport; +import org.apache.ambari.server.serveraction.AbstractServerAction; +import org.apache.ambari.server.state.Cluster; +import org.apache.ambari.server.state.Clusters; +import org.apache.ambari.server.state.Config; + +import com.google.inject.Inject; + +/** + * Computes Ranger Usersync ldap grouphierarchylevels property. This class is only used when upgrading from + * HDP-2.6.x to HDP-2.6.y. + */ + +public class RangerUsersyncConfigCalculation extends AbstractServerAction { + private static final String RANGER_USERSYNC_CONFIG_TYPE = "ranger-ugsync-site"; + private static final String RANGER_ENV_CONFIG_TYPE = "ranger-env"; + + @Inject + private Clusters m_clusters; + + @Override + public CommandReport execute(ConcurrentMap<String, Object> requestSharedDataContext) throws AmbariException, InterruptedException { + + String clusterName = getExecutionCommand().getClusterName(); + Cluster cluster = m_clusters.getCluster(clusterName); + String outputMsg = ""; + + Config rangerUsersyncConfig = cluster.getDesiredConfigByType(RANGER_USERSYNC_CONFIG_TYPE); + + if (null == rangerUsersyncConfig) { + return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", + MessageFormat.format("Config type {0} not found, skipping updating property in same.", RANGER_USERSYNC_CONFIG_TYPE), ""); + } + + String ldapGroupHierarchy = "0"; + + if (rangerUsersyncConfig.getProperties().containsKey("ranger.usersync.ldap.grouphierarchylevels")) { + ldapGroupHierarchy = rangerUsersyncConfig.getProperties().get("ranger.usersync.ldap.grouphierarchylevels"); + } else { + Map<String, String> targetRangerUsersyncConfig = rangerUsersyncConfig.getProperties(); + targetRangerUsersyncConfig.put("ranger.usersync.ldap.grouphierarchylevels", ldapGroupHierarchy); + rangerUsersyncConfig.setProperties(targetRangerUsersyncConfig); + rangerUsersyncConfig.save(); + + outputMsg = outputMsg + MessageFormat.format("Successfully updated {0} config type.\n", RANGER_USERSYNC_CONFIG_TYPE); + } + + Config rangerEnvConfig = cluster.getDesiredConfigByType(RANGER_ENV_CONFIG_TYPE); + + if (null == rangerEnvConfig) { + return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", + MessageFormat.format("Config type {0} not found, skipping updating property in same.", RANGER_ENV_CONFIG_TYPE), ""); + } + + String enableSyncNestedGroup = "false"; + + if (!ldapGroupHierarchy.equals("0") ) { + enableSyncNestedGroup = "true"; + } + + Map<String, String> targetRangerEnvConfig = rangerEnvConfig.getProperties(); + targetRangerEnvConfig.put("is_nested_groupsync_enabled", enableSyncNestedGroup); + rangerEnvConfig.setProperties(targetRangerEnvConfig); + rangerEnvConfig.save(); + + outputMsg = outputMsg + MessageFormat.format("Successfully updated {0} config type.\n", RANGER_ENV_CONFIG_TYPE); + + return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", outputMsg, ""); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml index 627216e..dfc9ca9 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml @@ -47,4 +47,27 @@ </value-attributes> <on-ambari-upgrade add="true"/> </property> + <property> + <name>is_nested_groupsync_enabled</name> + <display-name>Sync Nested Groups</display-name> + <description/> + <value>false</value> + <value-attributes> + <type>value-list</type> + <overridable>false</overridable> + <entries> + <entry> + <value>true</value> + <label>Yes</label> + </entry> + <entry> + <value>false</value> + <label>No</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml index a994856..6c244f2 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml @@ -72,4 +72,11 @@ </depends-on> <on-ambari-upgrade add="true"/> </property> + <property> + <name>ranger.usersync.ldap.grouphierarchylevels</name> + <display-name>Group Hierarchy Levels</display-name> + <value>0</value> + <description/> + <on-ambari-upgrade add="false"/> + </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json index 8068a38..ed073b4 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/themes/theme_version_5.json @@ -9,6 +9,34 @@ "subsection-tab-name": "ldap-common-configs" }, { + "config": "ranger-env/is_nested_groupsync_enabled", + "subsection-name": "subsection-ranger-user-row2-col1", + "subsection-tab-name": "ldap-group-configs" + }, + { + "config": "ranger-ugsync-site/ranger.usersync.ldap.grouphierarchylevels", + "subsection-name": "subsection-ranger-user-row2-col1", + "subsection-tab-name": "ldap-group-configs", + "depends-on": [ + { + "configs":[ + "ranger-env/is_nested_groupsync_enabled" + ], + "if": "${ranger-env/is_nested_groupsync_enabled}", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { "config": "ranger-env/ranger-nifi-plugin-enabled", "subsection-name": "section-ranger-plugin-row1-col1", "depends-on": [ @@ -38,6 +66,18 @@ } }, { + "config": "ranger-env/is_nested_groupsync_enabled", + "widget": { + "type": "toggle" + } + }, + { + "config": "ranger-ugsync-site/ranger.usersync.ldap.grouphierarchylevels", + "widget": { + "type": "text-field" + } + }, + { "config": "ranger-env/ranger-nifi-plugin-enabled", "widget": { "type": "toggle" http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml index ff44901..764e73e 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml @@ -500,4 +500,27 @@ </value-attributes> <on-ambari-upgrade add="false"/> </property> + <property> + <name>is_nested_groupsync_enabled</name> + <display-name>Sync Nested Groups</display-name> + <description/> + <value>false</value> + <value-attributes> + <type>value-list</type> + <overridable>false</overridable> + <entries> + <entry> + <value>true</value> + <label>Yes</label> + </entry> + <entry> + <value>false</value> + <label>No</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml index 80babd6..0d3ad26 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml @@ -568,4 +568,11 @@ <description/> <on-ambari-upgrade add="false"/> </property> + <property> + <name>ranger.usersync.ldap.grouphierarchylevels</name> + <display-name>Group Hierarchy Levels</display-name> + <value>0</value> + <description/> + <on-ambari-upgrade add="false"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json index a307f56..679ee3d 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json +++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json @@ -842,6 +842,34 @@ ] }, { + "config": "ranger-env/is_nested_groupsync_enabled", + "subsection-name": "subsection-ranger-user-row2-col1", + "subsection-tab-name": "ldap-group-configs" + }, + { + "config": "ranger-ugsync-site/ranger.usersync.ldap.grouphierarchylevels", + "subsection-name": "subsection-ranger-user-row2-col1", + "subsection-tab-name": "ldap-group-configs", + "depends-on": [ + { + "configs":[ + "ranger-env/is_nested_groupsync_enabled" + ], + "if": "${ranger-env/is_nested_groupsync_enabled}", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { "config": "ranger-env/ranger-hdfs-plugin-enabled", "subsection-name": "section-ranger-plugin-row1-col1", "depends-on": [ @@ -1643,6 +1671,18 @@ } }, { + "config": "ranger-env/is_nested_groupsync_enabled", + "widget": { + "type": "toggle" + } + }, + { + "config": "ranger-ugsync-site/ranger.usersync.ldap.grouphierarchylevels", + "widget": { + "type": "text-field" + } + }, + { "config": "ranger-env/ranger-hdfs-plugin-enabled", "widget": { "type": "toggle" http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml index bce1e86..ebb81d9 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml @@ -391,6 +391,13 @@ <task xsi:type="configure" id="hdp_2_6_0_0_spark2_thriftserver"/> </execute-stage> + <!-- RANGER --> + <execute-stage service="RANGER" component="RANGER_USERSYNC" title="Enabling Nested Group Sync for Ranger"> + <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerUsersyncConfigCalculation"> + <summary>Enabling Nested Group Sync for Ranger</summary> + </task> + </execute-stage> + </group> http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml index d5f2324..ae5972e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml @@ -555,6 +555,14 @@ </component> <component name="RANGER_USERSYNC"> + <pre-upgrade> + <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerUsersyncConfigCalculation"> + <summary>Enabling Nested Group Sync for Ranger</summary> + </task> + </pre-upgrade> + + <pre-downgrade /> <!-- no-op to prevent config changes on downgrade --> + <upgrade> <task xsi:type="restart-task" /> </upgrade> http://git-wip-us.apache.org/repos/asf/ambari/blob/ea892443/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java new file mode 100644 index 0000000..427fb33 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerUsersyncConfigCalculationTest.java @@ -0,0 +1,126 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ambari.server.serveraction.upgrades; + +import static org.easymock.EasyMock.anyObject; +import static org.easymock.EasyMock.createMock; +import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.expectLastCall; +import static org.easymock.EasyMock.replay; + +import java.lang.reflect.Field; +import java.util.HashMap; +import java.util.Map; + +import org.apache.ambari.server.actionmanager.ExecutionCommandWrapper; +import org.apache.ambari.server.actionmanager.HostRoleCommand; +import org.apache.ambari.server.agent.CommandReport; +import org.apache.ambari.server.agent.ExecutionCommand; +import org.apache.ambari.server.state.Cluster; +import org.apache.ambari.server.state.Clusters; +import org.apache.ambari.server.state.Config; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +import com.google.inject.Injector; + +public class RangerUsersyncConfigCalculationTest { + + private Injector m_injector; + private Clusters m_clusters; + private Field m_clusterField; + + @Before + public void setup() throws Exception { + m_injector = createMock(Injector.class); + m_clusters = createMock(Clusters.class); + Cluster cluster = createMock(Cluster.class); + + Map<String, String> mockRangerUsersyncProperties = new HashMap<String, String>() { + { + put("ranger.usersync.ldap.grouphierarchylevels", "2"); + } + }; + + Map<String, String> mockRangerEnvProperties = new HashMap<String, String>(); + + Config rangerUsersyncConfig = createMock(Config.class); + expect(rangerUsersyncConfig.getType()).andReturn("ranger-ugsync-site").anyTimes(); + expect(rangerUsersyncConfig.getProperties()).andReturn(mockRangerUsersyncProperties).anyTimes(); + + Config rangerEnvConfig = createMock(Config.class); + expect(rangerEnvConfig.getType()).andReturn("ranger-env").anyTimes(); + expect(rangerEnvConfig.getProperties()).andReturn(mockRangerEnvProperties).anyTimes(); + + rangerEnvConfig.setProperties(anyObject(Map.class)); + expectLastCall().atLeastOnce(); + + rangerEnvConfig.save(); + expectLastCall().atLeastOnce(); + + expect(cluster.getDesiredConfigByType("ranger-ugsync-site")).andReturn(rangerUsersyncConfig).atLeastOnce(); + expect(cluster.getDesiredConfigByType("ranger-env")).andReturn(rangerEnvConfig).atLeastOnce(); + expect(m_clusters.getCluster((String) anyObject())).andReturn(cluster).anyTimes(); + expect(m_injector.getInstance(Clusters.class)).andReturn(m_clusters).atLeastOnce(); + + replay(m_injector, m_clusters, cluster, rangerUsersyncConfig, rangerEnvConfig); + + m_clusterField = RangerUsersyncConfigCalculation.class.getDeclaredField("m_clusters"); + m_clusterField.setAccessible(true); + + } + + @Test + public void testAction() throws Exception { + + Map<String, String> commandParams = new HashMap<String, String>(); + commandParams.put("clusterName", "cl1"); + + ExecutionCommand executionCommand = new ExecutionCommand(); + executionCommand.setCommandParams(commandParams); + executionCommand.setClusterName("cl1"); + + HostRoleCommand hrc = createMock(HostRoleCommand.class); + expect(hrc.getRequestId()).andReturn(1L).anyTimes(); + expect(hrc.getStageId()).andReturn(2L).anyTimes(); + expect(hrc.getExecutionCommandWrapper()).andReturn(new ExecutionCommandWrapper(executionCommand)).anyTimes(); + replay(hrc); + + RangerUsersyncConfigCalculation action = new RangerUsersyncConfigCalculation(); + m_clusterField.set(action, m_clusters); + + action.setExecutionCommand(executionCommand); + action.setHostRoleCommand(hrc); + + CommandReport report = action.execute(null); + Assert.assertNotNull(report); + + Cluster cl = m_clusters.getCluster("cl1"); + Config config = cl.getDesiredConfigByType("ranger-env"); + + Map<String, String> map = config.getProperties(); + + Assert.assertTrue(map.containsKey("is_nested_groupsync_enabled")); + Assert.assertEquals("true", map.get("is_nested_groupsync_enabled")); + + report = action.execute(null); + Assert.assertNotNull(report); + + } +} \ No newline at end of file