AMBARI-19704 Enable Group Sync when Incremental sync is enabled for Ranger Usersync (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9ebe1701 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9ebe1701 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9ebe1701 Branch: refs/heads/branch-dev-patch-upgrade Commit: 9ebe17013bab33eceec5ff2009a87da68c135ef2 Parents: a1f625f Author: Mugdha Varadkar <mug...@apache.org> Authored: Wed Jan 25 17:04:37 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Fri Jan 27 15:19:19 2017 +0530 ---------------------------------------------------------------------- .../0.7.0/configuration/ranger-ugsync-site.xml | 33 ++++++++++ .../stacks/HDP/2.6/services/stack_advisor.py | 36 ++++++++++- .../stacks/2.6/common/test_stack_advisor.py | 67 ++++++++++++++++++++ 3 files changed, 134 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/9ebe1701/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml index 775b5ca..15ee9fd 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-ugsync-site.xml @@ -39,4 +39,37 @@ </value-attributes> <on-ambari-upgrade add="true"/> </property> + + <property> + <name>ranger.usersync.group.searchenabled</name> + <display-name>Enable Group Sync</display-name> + <value>false</value> + <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes + # valid values: true, false + # any value other than true would be treated as false + # default value: false"</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + <type>value-list</type> + <overridable>false</overridable> + <entries> + <entry> + <value>true</value> + <label>Yes</label> + </entry> + <entry> + <value>false</value> + <label>No</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <depends-on> + <property> + <type>ranger-ugsync-site</type> + <name>ranger.usersync.ldap.deltasync</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/9ebe1701/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py index 465f218..957d625 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py @@ -32,7 +32,8 @@ class HDP26StackAdvisor(HDP25StackAdvisor): childRecommendConfDict = { "DRUID": self.recommendDruidConfigurations, "ATLAS": self.recommendAtlasConfigurations, - "TEZ": self.recommendTezConfigurations + "TEZ": self.recommendTezConfigurations, + "RANGER": self.recommendRangerConfigurations } parentRecommendConfDict.update(childRecommendConfDict) return parentRecommendConfDict @@ -185,7 +186,8 @@ class HDP26StackAdvisor(HDP25StackAdvisor): childValidators = { "DRUID": {"druid-env": self.validateDruidEnvConfigurations, "druid-historical": self.validateDruidHistoricalConfigurations, - "druid-broker": self.validateDruidBrokerConfigurations} + "druid-broker": self.validateDruidBrokerConfigurations}, + "RANGER": {"ranger-ugsync-site": self.validateRangerUsersyncConfigurations} } self.mergeValidators(parentValidators, childValidators) return parentValidators @@ -246,3 +248,33 @@ class HDP26StackAdvisor(HDP25StackAdvisor): tez_jvm_updated_opts = tez_jvm_opts + jvmGCParams + "{{heap_dump_opts}}" putTezProperty('tez.task.launch.cmd-opts', tez_jvm_updated_opts) Logger.info("Updated 'tez-site' config 'tez.task.launch.cmd-opts' as : {0}".format(tez_jvm_updated_opts)) + + def recommendRangerConfigurations(self, configurations, clusterData, services, hosts): + super(HDP26StackAdvisor, self).recommendRangerConfigurations(configurations, clusterData, services, hosts) + + putRangerUgsyncSite = self.putProperty(configurations, 'ranger-ugsync-site', services) + + delta_sync_enabled = False + if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.ldap.deltasync' in services['configurations']['ranger-ugsync-site']['properties']: + delta_sync_enabled = services['configurations']['ranger-ugsync-site']['properties']['ranger.usersync.ldap.deltasync'] == "true" + + if delta_sync_enabled: + putRangerUgsyncSite("ranger.usersync.group.searchenabled", "true") + else: + putRangerUgsyncSite("ranger.usersync.group.searchenabled", "false") + + def validateRangerUsersyncConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): + ranger_usersync_properties = properties + validationItems = [] + + delta_sync_enabled = 'ranger.usersync.ldap.deltasync' in ranger_usersync_properties \ + and ranger_usersync_properties['ranger.usersync.ldap.deltasync'].lower() == 'true' + group_sync_enabled = 'ranger.usersync.group.searchenabled' in ranger_usersync_properties \ + and ranger_usersync_properties['ranger.usersync.group.searchenabled'].lower() == 'true' + + if delta_sync_enabled and not group_sync_enabled: + validationItems.append({"config-name": "ranger.usersync.group.searchenabled", + "item": self.getWarnItem( + "Need to set ranger.usersync.group.searchenabled as true, as ranger.usersync.ldap.deltasync is enabled")}) + + return self.toConfigurationValidationProblems(validationItems, "ranger-ugsync-site") http://git-wip-us.apache.org/repos/asf/ambari/blob/9ebe1701/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py index de0b00f..b7f8cbb 100644 --- a/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.6/common/test_stack_advisor.py @@ -713,6 +713,73 @@ class TestHDP26StackAdvisor(TestCase): self.stackAdvisor.recommendAtlasConfigurations(configurations, clusterData, services, None) self.assertEquals(configurations, expected) + def test_recommendRangerConfigurations(self): + clusterData = {} + services = { + "Versions" : { + "stack_version" : "2.6", + }, + "services": [ + { + "StackServices": { + "service_name": "RANGER", + "service_version": "0.7.0.2.6" + }, + "components": [ + { + "StackServiceComponents": { + "component_name": "RANGER_ADMIN", + "hostnames": ["host1"] + } + } + ] + }, + ], + "configurations": { + "ranger-ugsync-site": { + "properties": { + "ranger.usersync.ldap.deltasync": "true", + "ranger.usersync.group.searchenabled": "false" + } + } + } + } + + expected = { + 'ranger-admin-site': { + 'properties': { + 'ranger.audit.solr.zookeepers': 'NONE', + 'ranger.audit.source.type': 'solr' + } + }, + 'admin-properties': { + 'properties': { + 'policymgr_external_url': 'http://host1:6080' + } + }, + 'ranger-tagsync-site': { + 'properties': {} + }, + 'tagsync-application-properties': { + 'properties': {} + }, + 'ranger-env': { + 'properties': { + 'ranger-storm-plugin-enabled': 'No' + } + }, + 'ranger-ugsync-site': { + 'properties': { + 'ranger.usersync.group.searchenabled': 'true' + } + } + } + + recommendedConfigurations = {} + + self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None) + self.assertEquals(recommendedConfigurations, expected) + def load_json(self, filename): file = os.path.join(self.testDirectory, filename) with open(file, 'rb') as f: