http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py index ca3b14d..da5e82b 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py @@ -83,73 +83,6 @@ class WebHCatServerDefault(WebHCatServer): conf_select.select(params.stack_name, "hadoop", params.version) stack_select.select("hive-webhcat", params.version) - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - expectations ={} - expectations.update( - build_expectations( - 'webhcat-site', - { - "templeton.kerberos.secret": "secret" - }, - [ - "templeton.kerberos.keytab", - "templeton.kerberos.principal" - ], - [ - "templeton.kerberos.keytab" - ] - ) - ) - expectations.update( - build_expectations( - 'hive-site', - { - "hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true" - }, - None, - None - ) - ) - - security_params = {} - security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir, - {'webhcat-site.xml': FILE_TYPE_XML})) - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'webhcat-site' not in security_params \ - or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \ - or 'templeton.kerberos.principal' not in security_params['webhcat-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.webhcat_user, - security_params['webhcat-site']['templeton.kerberos.keytab'], - security_params['webhcat-site']['templeton.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.hcat_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py index c50c67b..39fdcf5 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py @@ -43,27 +43,6 @@ class KerberosClient(KerberosScript): def status(self, env): raise ClientComponentHasNoStatus() - def security_status(self, env): - import status_params - if status_params.security_enabled: - if status_params.smoke_user and status_params.smoke_user_keytab: - try: - cached_kinit_executor(status_params.kinit_path_local, - status_params.smoke_user, - status_params.smoke_user_keytab, - status_params.smoke_user_principal, - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNKNOWN"}) - self.put_structured_out({"securityStateErrorInfo": "Missing smoke user credentials"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def set_keytab(self, env): self.write_keytab_file() http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py index 1917369..c91b394 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py @@ -203,67 +203,6 @@ class KnoxGatewayDefault(KnoxGateway): File(params.ldap_pid_file, action = "delete" ) - - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - expectations = {} - expectations.update(build_expectations( - 'krb5JAASLogin', - None, - ['keytab', 'principal'], - None - )) - expectations.update(build_expectations( - 'gateway-site', - { - "gateway.hadoop.kerberos.secured" : "true" - }, - None, - None - )) - - security_params = { - "krb5JAASLogin": - { - 'keytab': status_params.knox_keytab_path, - 'principal': status_params.knox_principal_name - } - } - security_params.update(get_params_from_filesystem(status_params.knox_conf_dir, - {"gateway-site.xml" : FILE_TYPE_XML})) - - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'krb5JAASLogin' not in security_params - or 'keytab' not in security_params['krb5JAASLogin'] - or 'principal' not in security_params['krb5JAASLogin']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file and principal are not set."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.knox_user, - security_params['krb5JAASLogin']['keytab'], - security_params['krb5JAASLogin']['principal'], - status_params.hostname, - status_params.temp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py index 4397fe2..2cf3313 100644 --- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py +++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py @@ -105,69 +105,6 @@ class OozieServer(Script): @OsFamilyImpl(os_family=OsFamilyImpl.DEFAULT) class OozieServerDefault(OozieServer): - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - expectations = { - "oozie-site": - build_expectations('oozie-site', - { - "oozie.authentication.type": "kerberos", - "oozie.service.AuthorizationService.security.enabled": "true", - "oozie.service.HadoopAccessorService.kerberos.enabled": "true" - }, - [ - "local.realm", - "oozie.authentication.kerberos.principal", - "oozie.authentication.kerberos.keytab", - "oozie.service.HadoopAccessorService.kerberos.principal", - "oozie.service.HadoopAccessorService.keytab.file" - ], - None) - } - - security_params = get_params_from_filesystem(status_params.conf_dir, - {'oozie-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('oozie-site' not in security_params - or 'oozie.authentication.kerberos.principal' not in security_params['oozie-site'] - or 'oozie.authentication.kerberos.keytab' not in security_params['oozie-site'] - or 'oozie.service.HadoopAccessorService.kerberos.principal' not in security_params['oozie-site'] - or 'oozie.service.HadoopAccessorService.keytab.file' not in security_params['oozie-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.oozie_user, - security_params['oozie-site']['oozie.authentication.kerberos.keytab'], - security_params['oozie-site']['oozie.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.oozie_user, - security_params['oozie-site']['oozie.service.HadoopAccessorService.keytab.file'], - security_params['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def pre_upgrade_restart(self, env, upgrade_type=None): """ Performs the tasks that should be done before an upgrade of oozie. This includes: http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py index b156578..d0af415 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py @@ -74,58 +74,6 @@ class DrpcServer(Script): import status_params env.set_params(status_params) check_process_status(status_params.pid_drpc) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - - try: - props_value_check = None - props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] - props_read_check = ['StormServer/keyTab'] - storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, - props_read_check) - - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - - security_params = get_params_from_filesystem(status_params.conf_dir, - {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) - - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_jaas' not in security_params - or 'StormServer' not in security_params['storm_jaas'] - or 'keyTab' not in security_params['storm_jaas']['StormServer'] - or 'principal' not in security_params['storm_jaas']['StormServer']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_jaas']['StormServer']['keyTab'], - security_params['storm_jaas']['StormServer']['principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py index b2148a5..a6bc437 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py @@ -82,51 +82,6 @@ class NimbusDefault(Nimbus): env.set_params(status_params) check_process_status(status_params.pid_nimbus) - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - try: - props_value_check = None - props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] - props_read_check = ['StormServer/keyTab'] - storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, props_read_check) - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - security_params = get_params_from_filesystem(status_params.conf_dir, {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_jaas' not in security_params - or 'StormServer' not in security_params['storm_jaas'] - or 'keyTab' not in security_params['storm_jaas']['StormServer'] - or 'principal' not in security_params['storm_jaas']['StormServer']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_jaas']['StormServer']['keyTab'], - security_params['storm_jaas']['StormServer']['principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py index 2ea02e8..6da204e 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py @@ -74,58 +74,6 @@ class PaceMaker(Script): env.set_params(status_params) check_process_status(status_params.pid_pacemaker) - def security_status(self, env): - import status_params - - env.set_params(status_params) - - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - - try: - props_value_check = None - props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] - props_read_check = ['StormServer/keyTab'] - storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, - props_read_check) - - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - - security_params = get_params_from_filesystem(status_params.conf_dir, - {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) - - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_jaas' not in security_params - or 'StormServer' not in security_params['storm_jaas'] - or 'keyTab' not in security_params['storm_jaas']['StormServer'] - or 'principal' not in security_params['storm_jaas']['StormServer']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_jaas']['StormServer']['keyTab'], - security_params['storm_jaas']['StormServer']['principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py index 63d5731..5d0c303 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py @@ -120,59 +120,6 @@ class UiServerDefault(UiServer): import status_params env.set_params(status_params) check_process_status(status_params.pid_ui) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - - try: - props_value_check = None - props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab'] - props_read_check = ['storm_ui_keytab'] - storm_env_expectations = build_expectations('storm_ui', props_value_check, props_empty_check, - props_read_check) - - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - - security_params = {} - security_params['storm_ui'] = {} - security_params['storm_ui']['storm_ui_principal_name'] = status_params.storm_ui_principal - security_params['storm_ui']['storm_ui_keytab'] = status_params.storm_ui_keytab - - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_ui' not in security_params - or 'storm_ui_principal_name' not in security_params['storm_ui'] - or 'storm_ui_keytab' not in security_params['storm_ui']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_ui']['storm_ui_keytab'], - security_params['storm_ui']['storm_ui_principal_name'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py index 4ec6aa7..a299e25 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py @@ -82,67 +82,6 @@ class ApplicationTimelineServerDefault(ApplicationTimelineServer): only_if = format("test -e {yarn_historyserver_pid_file_old}", user=status_params.yarn_user)) functions.check_process_status(status_params.yarn_historyserver_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"yarn.timeline-service.enabled": "true", - "yarn.timeline-service.http-authentication.type": "kerberos", - "yarn.acl.enable": "true"} - props_empty_check = ["yarn.timeline-service.principal", - "yarn.timeline-service.keytab", - "yarn.timeline-service.http-authentication.kerberos.principal", - "yarn.timeline-service.http-authentication.kerberos.keytab"] - - props_read_check = ["yarn.timeline-service.keytab", - "yarn.timeline-service.http-authentication.kerberos.keytab"] - yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check, - props_read_check) - - yarn_expectations ={} - yarn_expectations.update(yarn_site_props) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'yarn-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, yarn_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'yarn-site' not in security_params - or 'yarn.timeline-service.keytab' not in security_params['yarn-site'] - or 'yarn.timeline-service.principal' not in security_params['yarn-site']) \ - or 'yarn.timeline-service.http-authentication.kerberos.keytab' not in security_params['yarn-site'] \ - or 'yarn.timeline-service.http-authentication.kerberos.principal' not in security_params['yarn-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.timeline-service.keytab'], - security_params['yarn-site']['yarn.timeline-service.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.keytab'], - security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.yarn_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py index 0edb0b0..7405a4e 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py @@ -122,62 +122,6 @@ class HistoryServerDefault(HistoryServer): env.set_params(status_params) check_process_status(status_params.mapred_historyserver_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - expectations = {} - expectations.update(build_expectations('mapred-site', - None, - [ - 'mapreduce.jobhistory.keytab', - 'mapreduce.jobhistory.principal', - 'mapreduce.jobhistory.webapp.spnego-keytab-file', - 'mapreduce.jobhistory.webapp.spnego-principal' - ], - None)) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'mapred-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'mapred-site' not in security_params or - 'mapreduce.jobhistory.keytab' not in security_params['mapred-site'] or - 'mapreduce.jobhistory.principal' not in security_params['mapred-site'] or - 'mapreduce.jobhistory.webapp.spnego-keytab-file' not in security_params['mapred-site'] or - 'mapreduce.jobhistory.webapp.spnego-principal' not in security_params['mapred-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal not set."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.mapred_user, - security_params['mapred-site']['mapreduce.jobhistory.keytab'], - security_params['mapred-site']['mapreduce.jobhistory.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.mapred_user, - security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-keytab-file'], - security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.mapred_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py index b235cad..7be7c36 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py @@ -89,66 +89,6 @@ class NodemanagerDefault(Nodemanager): env.set_params(status_params) check_process_status(status_params.nodemanager_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos", - "yarn.acl.enable": "true"} - props_empty_check = ["yarn.nodemanager.principal", - "yarn.nodemanager.keytab", - "yarn.nodemanager.webapp.spnego-principal", - "yarn.nodemanager.webapp.spnego-keytab-file"] - - props_read_check = ["yarn.nodemanager.keytab", - "yarn.nodemanager.webapp.spnego-keytab-file"] - yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check, - props_read_check) - - yarn_expectations ={} - yarn_expectations.update(yarn_site_props) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'yarn-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, yarn_site_props) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'yarn-site' not in security_params - or 'yarn.nodemanager.keytab' not in security_params['yarn-site'] - or 'yarn.nodemanager.principal' not in security_params['yarn-site']) \ - or 'yarn.nodemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \ - or 'yarn.nodemanager.webapp.spnego-principal' not in security_params['yarn-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.nodemanager.keytab'], - security_params['yarn-site']['yarn.nodemanager.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.nodemanager.webapp.spnego-keytab-file'], - security_params['yarn-site']['yarn.nodemanager.webapp.spnego-principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.yarn_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py index 5522fbc..8cc2d1d 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py @@ -132,66 +132,6 @@ class ResourcemanagerDefault(Resourcemanager): check_process_status(status_params.resourcemanager_pid_file) pass - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos", - "yarn.acl.enable": "true"} - props_empty_check = ["yarn.resourcemanager.principal", - "yarn.resourcemanager.keytab", - "yarn.resourcemanager.webapp.spnego-principal", - "yarn.resourcemanager.webapp.spnego-keytab-file"] - - props_read_check = ["yarn.resourcemanager.keytab", - "yarn.resourcemanager.webapp.spnego-keytab-file"] - yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check, - props_read_check) - - yarn_expectations ={} - yarn_expectations.update(yarn_site_props) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'yarn-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, yarn_site_props) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'yarn-site' not in security_params - or 'yarn.resourcemanager.keytab' not in security_params['yarn-site'] - or 'yarn.resourcemanager.principal' not in security_params['yarn-site']) \ - or 'yarn.resourcemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \ - or 'yarn.resourcemanager.webapp.spnego-principal' not in security_params['yarn-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.resourcemanager.keytab'], - security_params['yarn-site']['yarn.resourcemanager.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-keytab-file'], - security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def refreshqueues(self, env): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py b/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py index 07dbabe..0af0345 100644 --- a/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py +++ b/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py @@ -111,57 +111,6 @@ class ZookeeperServerLinux(ZookeeperServer): import status_params env.set_params(status_params) check_process_status(status_params.zk_pid_file) - - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - # Expect the following files to be available in params.config_dir: - # zookeeper_jaas.conf - # zookeeper_client_jaas.conf - try: - props_value_check = None - props_empty_check = ['Server/keyTab', 'Server/principal'] - props_read_check = ['Server/keyTab'] - zk_env_expectations = build_expectations('zookeeper_jaas', props_value_check, props_empty_check, - props_read_check) - - zk_expectations = {} - zk_expectations.update(zk_env_expectations) - - security_params = get_params_from_filesystem(status_params.config_dir, - {'zookeeper_jaas.conf': FILE_TYPE_JAAS_CONF}) - - result_issues = validate_security_config_properties(security_params, zk_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'zookeeper_jaas' not in security_params - or 'Server' not in security_params['zookeeper_jaas'] - or 'keyTab' not in security_params['zookeeper_jaas']['Server'] - or 'principal' not in security_params['zookeeper_jaas']['Server']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.zk_user, - security_params['zookeeper_jaas']['Server']['keyTab'], - security_params['zookeeper_jaas']['Server']['principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py index 1298f1e..b2cdaa6 100644 --- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py +++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py @@ -43,27 +43,6 @@ class KerberosClient(KerberosScript): def status(self, env): raise ClientComponentHasNoStatus() - def security_status(self, env): - import status_params - if status_params.security_enabled: - if status_params.smoke_user and status_params.smoke_user_keytab: - try: - cached_kinit_executor(status_params.kinit_path_local, - status_params.smoke_user, - status_params.smoke_user_keytab, - status_params.smoke_user_principal, - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNKNOWN"}) - self.put_structured_out({"securityStateErrorInfo": "Missing smoke user credentials"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def set_keytab(self, env): self.write_keytab_file() http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java index 986b472..fd94606 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java @@ -496,7 +496,6 @@ public class HeartbeatProcessorTest { componentStatus1.setServiceName(HDFS); componentStatus1.setMessage(DummyHostStatus); componentStatus1.setStatus(State.STARTED.name()); - componentStatus1.setSecurityState(SecurityState.SECURED_KERBEROS.name()); componentStatus1.setComponentName(DATANODE); componentStatuses.add(componentStatus1); ComponentStatus componentStatus2 = new ComponentStatus(); @@ -504,7 +503,6 @@ public class HeartbeatProcessorTest { componentStatus2.setServiceName(HDFS); componentStatus2.setMessage(DummyHostStatus); componentStatus2.setStatus(State.STARTED.name()); - componentStatus2.setSecurityState(SecurityState.UNSECURED.name()); componentStatus2.setComponentName(SECONDARY_NAMENODE); componentStatuses.add(componentStatus2); hb.setComponentStatus(componentStatuses); @@ -526,9 +524,7 @@ public class HeartbeatProcessorTest { State componentState1 = serviceComponentHost1.getState(); State componentState2 = serviceComponentHost2.getState(); State componentState3 = serviceComponentHost3.getState(); - assertEquals(State.STARTED, componentState1); - assertEquals(SecurityState.SECURED_KERBEROS, serviceComponentHost1.getSecurityState()); - assertEquals(State.INSTALLED, componentState2); + assertEquals(State.STARTED, componentState1);assertEquals(State.INSTALLED, componentState2); assertEquals(SecurityState.SECURING, serviceComponentHost2.getSecurityState()); //starting state will not be overridden by status command assertEquals(State.STARTING, componentState3); @@ -838,7 +834,6 @@ public class HeartbeatProcessorTest { componentStatus1.setServiceName(HDFS); componentStatus1.setMessage(DummyHostStatus); componentStatus1.setStatus(State.STARTED.name()); - componentStatus1.setSecurityState(SecurityState.UNSECURED.name()); componentStatus1.setComponentName(DATANODE); componentStatus1.setExtra(extra); @@ -874,7 +869,6 @@ public class HeartbeatProcessorTest { componentStatus1.setServiceName(HDFS); componentStatus1.setMessage(DummyHostStatus); componentStatus1.setStatus(State.STARTED.name()); - componentStatus1.setSecurityState(SecurityState.UNSECURED.name()); componentStatus1.setComponentName(DATANODE); hb.setComponentStatus(Collections.singletonList(componentStatus1)); @@ -1329,7 +1323,6 @@ public class HeartbeatProcessorTest { componentStatus1.setServiceName(HDFS); componentStatus1.setMessage(DummyHostStatus); componentStatus1.setStatus(State.INSTALLED.name()); - componentStatus1.setSecurityState(SecurityState.UNSECURED.name()); componentStatus1.setComponentName(DATANODE); componentStatuses.add(componentStatus1); @@ -1338,7 +1331,6 @@ public class HeartbeatProcessorTest { componentStatus2.setServiceName(HDFS); componentStatus2.setMessage(DummyHostStatus); componentStatus2.setStatus(State.INSTALLED.name()); - componentStatus2.setSecurityState(SecurityState.UNSECURED.name()); componentStatus2.setComponentName(NAMENODE); componentStatuses.add(componentStatus2); http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java index 99aa994..ce83a5a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java @@ -317,7 +317,6 @@ public class TestHeartbeatHandler { componentStatus1.setServiceName(HDFS); componentStatus1.setMessage(DummyHostStatus); componentStatus1.setStatus(State.STARTED.name()); - componentStatus1.setSecurityState(SecurityState.UNSECURED.name()); componentStatus1.setComponentName(DATANODE); componentStatuses.add(componentStatus1); @@ -326,7 +325,6 @@ public class TestHeartbeatHandler { componentStatus2.setServiceName(HDFS); componentStatus2.setMessage(DummyHostStatus); componentStatus2.setStatus(State.INSTALLED.name()); - componentStatus2.setSecurityState(SecurityState.UNSECURED.name()); componentStatus2.setComponentName(NAMENODE); componentStatuses.add(componentStatus2); @@ -1131,14 +1129,12 @@ public class TestHeartbeatHandler { dataNodeStatus.setServiceName(HDFS); dataNodeStatus.setComponentName(DATANODE); dataNodeStatus.setStatus("STARTED"); - dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(dataNodeStatus); ComponentStatus nameNodeStatus = new ComponentStatus(); nameNodeStatus.setClusterName(cluster.getClusterName()); nameNodeStatus.setServiceName(HDFS); nameNodeStatus.setComponentName(NAMENODE); nameNodeStatus.setStatus("STARTED"); - nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(nameNodeStatus); hb1.setComponentStatus(componentStatus); handler.handleHeartBeat(hb1); @@ -1156,14 +1152,12 @@ public class TestHeartbeatHandler { dataNodeStatus.setServiceName(HDFS); dataNodeStatus.setComponentName(DATANODE); dataNodeStatus.setStatus("INSTALLED"); - dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(dataNodeStatus); nameNodeStatus = new ComponentStatus(); nameNodeStatus.setClusterName(cluster.getClusterName()); nameNodeStatus.setServiceName(HDFS); nameNodeStatus.setComponentName(NAMENODE); nameNodeStatus.setStatus("STARTED"); - nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(nameNodeStatus); hb2.setComponentStatus(componentStatus); handler.handleHeartBeat(hb2); @@ -1183,14 +1177,12 @@ public class TestHeartbeatHandler { dataNodeStatus.setServiceName(HDFS); dataNodeStatus.setComponentName(DATANODE); dataNodeStatus.setStatus("INSTALLED"); - dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(dataNodeStatus); nameNodeStatus = new ComponentStatus(); nameNodeStatus.setClusterName(cluster.getClusterName()); nameNodeStatus.setServiceName(HDFS); nameNodeStatus.setComponentName(NAMENODE); nameNodeStatus.setStatus("STARTED"); - nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(nameNodeStatus); hb2a.setComponentStatus(componentStatus); handler.handleHeartBeat(hb2a); @@ -1211,14 +1203,12 @@ public class TestHeartbeatHandler { dataNodeStatus.setServiceName(HDFS); dataNodeStatus.setComponentName(DATANODE); dataNodeStatus.setStatus("INSTALLED"); - dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(dataNodeStatus); nameNodeStatus = new ComponentStatus(); nameNodeStatus.setClusterName(cluster.getClusterName()); nameNodeStatus.setServiceName(HDFS); nameNodeStatus.setComponentName(NAMENODE); nameNodeStatus.setStatus("INSTALLED"); - nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(nameNodeStatus); hb3.setComponentStatus(componentStatus); handler.handleHeartBeat(hb3); @@ -1250,7 +1240,6 @@ public class TestHeartbeatHandler { dataNodeStatus.setServiceName(HDFS); dataNodeStatus.setComponentName(DATANODE); dataNodeStatus.setStatus("STARTED"); - dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name()); componentStatus.add(dataNodeStatus); hb4.setComponentStatus(componentStatus); handler.handleHeartBeat(hb4); @@ -1408,7 +1397,6 @@ public class TestHeartbeatHandler { componentStatus1.setServiceName(serviceName); componentStatus1.setMessage(message); componentStatus1.setStatus(state.name()); - componentStatus1.setSecurityState(securityState.name()); componentStatus1.setComponentName(componentName); componentStatus1.setStackVersion(stackVersion); return componentStatus1; @@ -1437,7 +1425,6 @@ public class TestHeartbeatHandler { componentStatus1.setServiceName(HDFS); componentStatus1.setMessage(DummyHostStatus); componentStatus1.setStatus(State.STARTED.name()); - componentStatus1.setSecurityState(SecurityState.UNSECURED.name()); componentStatus1.setComponentName(DATANODE); componentStatuses.add(componentStatus1); http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py index 42bc989..fda63e0 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py +++ b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py @@ -712,108 +712,6 @@ class TestHBaseMaster(RMFTestCase): self.assertNoMoreResources() - @patch("resource_management.libraries.functions.security_commons.build_expectations") - @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem") - @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties") - @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor") - @patch("resource_management.libraries.script.Script.put_structured_out") - def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock): - # Test that function works when is called with correct parameters - - security_params = { - 'hbase-site': { - 'hbase.master.kerberos.principal': '/path/to/hbase_keytab', - 'hbase.master.keytab.file': 'hbase_principal' - } - } - - result_issues = [] - props_value_check = {"hbase.security.authentication": "kerberos", - "hbase.security.authorization": "true"} - props_empty_check = ["hbase.master.keytab.file", - "hbase.master.kerberos.principal"] - - props_read_check = ["hbase.master.keytab.file"] - - get_params_mock.return_value = security_params - validate_security_config_mock.return_value = result_issues - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py", - classname = "HbaseMaster", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - - build_exp_mock.assert_called_with('hbase-site', props_value_check, props_empty_check, props_read_check) - put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"}) - cached_kinit_executor_mock.called_with('/usr/bin/kinit', - self.config_dict['configurations']['hbase-env']['hbase_user'], - security_params['hbase-site']['hbase.master.keytab.file'], - security_params['hbase-site']['hbase.master.kerberos.principal'], - self.config_dict['hostname'], - '/tmp') - - # Testing that the exception throw by cached_executor is caught - cached_kinit_executor_mock.reset_mock() - cached_kinit_executor_mock.side_effect = Exception("Invalid command") - - try: - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py", - classname = "HbaseMaster", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - except: - self.assertTrue(True) - - # Testing with a security_params which doesn't contains hbase-site - empty_security_params = {} - cached_kinit_executor_mock.reset_mock() - get_params_mock.reset_mock() - put_structured_out_mock.reset_mock() - get_params_mock.return_value = empty_security_params - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py", - classname = "HbaseMaster", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."}) - - # Testing with not empty result_issues - result_issues_with_params = {} - result_issues_with_params['hbase-site']="Something bad happened" - - validate_security_config_mock.reset_mock() - get_params_mock.reset_mock() - validate_security_config_mock.return_value = result_issues_with_params - get_params_mock.return_value = security_params - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py", - classname = "HbaseMaster", - command = "security_status", - config_file="default.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - - # Testing with security_enable = false - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py", - classname = "HbaseMaster", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - def test_upgrade_backup(self): self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_upgrade.py", classname = "HbaseMasterUpgrade", http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py index 9bb0dd7..93f5d19 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py +++ b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py @@ -530,110 +530,6 @@ class TestHbaseRegionServer(RMFTestCase): self.assertNoMoreResources() - - @patch("resource_management.libraries.functions.security_commons.build_expectations") - @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem") - @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties") - @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor") - @patch("resource_management.libraries.script.Script.put_structured_out") - def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock): - # Test that function works when is called with correct parameters - - security_params = { - 'hbase-site': { - 'hbase.regionserver.keytab.file': '/path/to/hbase_keytab', - 'hbase.regionserver.kerberos.principal': 'hbase_principal' - } - } - - result_issues = [] - props_value_check = {"hbase.security.authentication": "kerberos", - "hbase.security.authorization": "true"} - props_empty_check = ["hbase.regionserver.keytab.file", - "hbase.regionserver.kerberos.principal"] - - props_read_check = ["hbase.regionserver.keytab.file"] - - get_params_mock.return_value = security_params - validate_security_config_mock.return_value = result_issues - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py", - classname = "HbaseRegionServer", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - - build_exp_mock.assert_called_with('hbase-site', props_value_check, props_empty_check, props_read_check) - put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"}) - cached_kinit_executor_mock.called_with('/usr/bin/kinit', - self.config_dict['configurations']['hbase-env']['hbase_user'], - security_params['hbase-site']['hbase.regionserver.keytab.file'], - security_params['hbase-site']['hbase.regionserver.kerberos.principal'], - self.config_dict['hostname'], - '/tmp') - - # Testing that the exception throw by cached_executor is caught - cached_kinit_executor_mock.reset_mock() - cached_kinit_executor_mock.side_effect = Exception("Invalid command") - - try: - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py", - classname = "HbaseRegionServer", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - except: - self.assertTrue(True) - - # Testing with a security_params which doesn't contains hbase-site - empty_security_params = {} - cached_kinit_executor_mock.reset_mock() - get_params_mock.reset_mock() - put_structured_out_mock.reset_mock() - get_params_mock.return_value = empty_security_params - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py", - classname = "HbaseRegionServer", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."}) - - # Testing with not empty result_issues - result_issues_with_params = { - 'hbase-site' : "Something bad happened" - } - - validate_security_config_mock.reset_mock() - get_params_mock.reset_mock() - validate_security_config_mock.return_value = result_issues_with_params - get_params_mock.return_value = security_params - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py", - classname = "HbaseRegionServer", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - - # Testing with security_enable = false - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py", - classname = "HbaseRegionServer", - command = "security_status", - config_file="default.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - def test_pre_upgrade_restart(self): config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json" with open(config_file, "r") as f: http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py index 2cd35ab..5702b57 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py +++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py @@ -661,114 +661,3 @@ class TestDatanode(RMFTestCase): self.assertEquals( ('hdfs dfsadmin -fs hdfs://ns1 -D ipc.client.connect.max.retries=5 -D ipc.client.connect.retry.interval=1000 -getDatanodeInfo 0.0.0.0:8010'), mocks_dict['checked_call'].call_args_list[0][0][0]) - - @patch("resource_management.libraries.functions.security_commons.build_expectations") - @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem") - @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties") - @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor") - @patch("resource_management.libraries.script.Script.put_structured_out") - def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock): - # Test that function works when is called with correct parameters - - security_params = { - 'core-site': { - 'hadoop.security.authentication': 'kerberos' - }, - 'hdfs-site': { - 'dfs.datanode.keytab.file': 'path/to/datanode/keytab/file', - 'dfs.datanode.kerberos.principal': 'datanode_principal' - } - } - - props_value_check = None - props_empty_check = ['dfs.datanode.keytab.file', - 'dfs.datanode.kerberos.principal'] - props_read_check = ['dfs.datanode.keytab.file'] - - result_issues = [] - - get_params_mock.return_value = security_params - validate_security_config_mock.return_value = result_issues - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py", - classname = "DataNode", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - - build_exp_mock.assert_called_with('hdfs-site', props_value_check, props_empty_check, props_read_check) - put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"}) - cached_kinit_executor_mock.called_with('/usr/bin/kinit', - self.config_dict['configurations']['hadoop-env']['hdfs_user'], - security_params['hdfs-site']['dfs.datanode.keytab.file'], - security_params['hdfs-site']['dfs.datanode.kerberos.principal'], - self.config_dict['hostname'], - '/tmp') - - # Testing when hadoop.security.authentication is simple - security_params['core-site']['hadoop.security.authentication'] = 'simple' - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py", - classname = "DataNode", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - security_params['core-site']['hadoop.security.authentication'] = 'kerberos' - - # Testing that the exception throw by cached_executor is caught - cached_kinit_executor_mock.reset_mock() - cached_kinit_executor_mock.side_effect = Exception("Invalid command") - - try: - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py", - classname = "DataNode", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - except: - self.assertTrue(True) - - # Testing with a security_params which doesn't contains hdfs-site - empty_security_params = {} - empty_security_params['core-site'] = {} - empty_security_params['core-site']['hadoop.security.authentication'] = 'kerberos' - cached_kinit_executor_mock.reset_mock() - get_params_mock.reset_mock() - put_structured_out_mock.reset_mock() - get_params_mock.return_value = empty_security_params - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py", - classname = "DataNode", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - - put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."}) - - # Testing with not empty result_issues - result_issues_with_params = {} - result_issues_with_params['hdfs-site']="Something bad happened" - - validate_security_config_mock.reset_mock() - get_params_mock.reset_mock() - validate_security_config_mock.return_value = result_issues_with_params - get_params_mock.return_value = security_params - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py", - classname = "DataNode", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py index 85098fa..fc80849 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py +++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py @@ -88,106 +88,6 @@ class Test(RMFTestCase): # for now, it's enough that <stack-selector-tool> is confirmed - @patch("resource_management.libraries.functions.security_commons.build_expectations") - @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem") - @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties") - @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor") - @patch("resource_management.libraries.script.Script.put_structured_out") - def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock): - # Test that function works when is called with correct parameters - - security_params = { - 'core-site': { - 'hadoop.security.authentication': 'kerberos' - } - } - - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - - result_issues = [] - - get_params_mock.return_value = security_params - validate_security_config_mock.return_value = result_issues - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py", - classname = "HdfsClient", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - - build_exp_mock.assert_called_with('core-site', props_value_check, props_empty_check, props_read_check) - put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"}) - cached_kinit_executor_mock.called_with('/usr/bin/kinit', - self.config_dict['configurations']['hadoop-env']['hdfs_user'], - self.config_dict['configurations']['hadoop-env']['hdfs_user_keytab'], - self.config_dict['configurations']['hadoop-env']['hdfs_user_principal_name'], - self.config_dict['hostname'], - '/tmp') - - # Testing that the exception throw by cached_executor is caught - cached_kinit_executor_mock.reset_mock() - cached_kinit_executor_mock.side_effect = Exception("Invalid command") - - try: - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py", - classname = "HdfsClient", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - except: - self.assertTrue(True) - - # Testing when hadoop.security.authentication is simple - security_params['core-site']['hadoop.security.authentication'] = 'simple' - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py", - classname = "HdfsClient", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - security_params['core-site']['hadoop.security.authentication'] = 'kerberos' - - # Testing with not empty result_issues - result_issues_with_params = { - 'hdfs-site': "Something bad happened" - } - - validate_security_config_mock.reset_mock() - get_params_mock.reset_mock() - validate_security_config_mock.return_value = result_issues_with_params - get_params_mock.return_value = security_params - - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py", - classname = "HdfsClient", - command = "security_status", - config_file="secured.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - - # Testing with empty hdfs_user_principal and hdfs_user_keytab - self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py", - classname = "HdfsClient", - command = "security_status", - config_file="default.json", - stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES - ) - put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"}) - - @patch("resource_management.core.shell.call") def test_pre_upgrade_restart_23(self, call_mock): config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"