AMBARI-21307 Groups for the test user returned to the caller
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/94073f0b Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/94073f0b Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/94073f0b Branch: refs/heads/feature-branch-AMBARI-21307 Commit: 94073f0b08a7f861d1d615b212e095778a0ce32b Parents: 026b144 Author: lpuskas <lpus...@apache.org> Authored: Tue Aug 8 15:50:29 2017 +0200 Committer: lpuskas <lpus...@apache.org> Committed: Tue Aug 29 15:05:29 2017 +0200 ---------------------------------------------------------------------- .../api/services/ldap/LdapRestService.java | 16 +++++- .../server/ldap/AmbariLdapConfiguration.java | 2 +- .../apache/ambari/server/ldap/LdapModule.java | 3 + .../server/ldap/service/AmbariLdapFacade.java | 3 +- .../ambari/server/ldap/service/LdapFacade.java | 3 +- ...efaultLdapConfigurationValidatorService.java | 25 ++++++--- .../ad/DefaultLdapConnectionService.java | 2 +- ...ltLdapConfigurationValidatorServiceTest.java | 59 +++----------------- 8 files changed, 49 insertions(+), 64 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java index 33b10fa..8578204 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ldap/LdapRestService.java @@ -28,6 +28,8 @@ package org.apache.ambari.server.api.services.ldap; +import java.util.Set; + import javax.inject.Inject; import javax.ws.rs.Consumes; import javax.ws.rs.POST; @@ -41,12 +43,16 @@ import org.apache.ambari.server.api.services.BaseService; import org.apache.ambari.server.api.services.Result; import org.apache.ambari.server.api.services.ResultImpl; import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.controller.internal.ResourceImpl; +import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.ldap.AmbariLdapConfiguration; import org.apache.ambari.server.ldap.LdapConfigurationFactory; import org.apache.ambari.server.ldap.service.LdapFacade; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.google.common.collect.Sets; + /** * Endpoint designated to LDAP specific operations. */ @@ -68,6 +74,8 @@ public class LdapRestService extends BaseService { @Consumes(MediaType.APPLICATION_JSON) public Response validateConfiguration(LdapCheckConfigurationRequest ldapCheckConfigurationRequest) { + Set<String> groups = Sets.newHashSet(); + Result result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.OK)); try { @@ -86,7 +94,11 @@ public class LdapRestService extends BaseService { case "test-attributes": LOGGER.info("Testing LDAP attributes ...."); - ldapFacade.checkLdapAttibutes(ldapCheckConfigurationRequest.getRequestInfo().getParameters(), ambariLdapConfiguration); + groups = ldapFacade.checkLdapAttibutes(ldapCheckConfigurationRequest.getRequestInfo().getParameters(), ambariLdapConfiguration); + // todo factor out the resource creation, design better the structure in the response + Resource resource = new ResourceImpl(Resource.Type.AmbariConfiguration); + resource.setProperty("groups", groups); + result.getResultTree().addChild(resource, "payload"); break; case "detect-attributes": @@ -101,7 +113,7 @@ public class LdapRestService extends BaseService { } } catch (Exception e) { - result = new ResultImpl(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e)); + result.setResultStatus(new ResultStatus(ResultStatus.STATUS.BAD_REQUEST, e)); } return Response.status(result.getStatus().getStatusCode()).entity(getResultSerializer().serialize(result)).build(); http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java index a6ff80b..8ab587b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/AmbariLdapConfiguration.java @@ -48,7 +48,7 @@ public class AmbariLdapConfiguration { MANAGER_PASSWORD("ambari.ldap.managerpassword"), USER_OBJECT_CLASS("ambari.ldap.user.object.class"), USER_NAME_ATTRIBUTE("ambari.ldap.user.name.attribute"), - USER_SEARCH_BASE("ambari.ldap.user.search.Base"), + USER_SEARCH_BASE("ambari.ldap.user.search.base"), GROUP_OBJECT_CLASS("ambari.ldap.group.object.class"), GROUP_NAME_ATTRIBUTE("ambari.ldap.group.name.attribute"), http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java index 545f220..1b49159 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/LdapModule.java @@ -16,8 +16,10 @@ package org.apache.ambari.server.ldap; import org.apache.ambari.server.ldap.service.AmbariLdapFacade; +import org.apache.ambari.server.ldap.service.LdapConnectionService; import org.apache.ambari.server.ldap.service.LdapFacade; import org.apache.ambari.server.ldap.service.ad.DefaultLdapConfigurationValidatorService; +import org.apache.ambari.server.ldap.service.ad.DefaultLdapConnectionService; import com.google.inject.AbstractModule; import com.google.inject.assistedinject.FactoryModuleBuilder; @@ -31,6 +33,7 @@ public class LdapModule extends AbstractModule { protected void configure() { bind(LdapFacade.class).to(AmbariLdapFacade.class); bind(LdapConfigurationValidatorService.class).to(DefaultLdapConfigurationValidatorService.class); + bind(LdapConnectionService.class).to(DefaultLdapConnectionService.class); install(new FactoryModuleBuilder().build(LdapConfigurationFactory.class)); } http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java index abb464b..eec47ce 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/AmbariLdapFacade.java @@ -79,7 +79,7 @@ public class AmbariLdapFacade implements LdapFacade { } @Override - public void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariLdapException { + public Set<String> checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ldapConfiguration) throws AmbariLdapException { String userName = getTestUserNameFromParameters(parameters); String testUserPass = getTestUserPasswordFromParameters(parameters); @@ -95,6 +95,7 @@ public class AmbariLdapFacade implements LdapFacade { LOGGER.info("Testing LDAP group attributes with test user dn: {}", userDn); Set<String> groups = ldapConfigurationValidatorService.checkGroupAttributes(ldapConnection, userDn, ldapConfiguration); + return groups; } http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java index 7bb1198..eadff7d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/LdapFacade.java @@ -15,6 +15,7 @@ package org.apache.ambari.server.ldap.service; import java.util.Map; +import java.util.Set; import org.apache.ambari.server.ldap.AmbariLdapConfiguration; @@ -47,5 +48,5 @@ public interface LdapFacade { * @param ambariLdapConfiguration configutration instance with available attributes * @throws AmbariLdapException if the attribute checking fails */ - void checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException; + Set<String> checkLdapAttibutes(Map<String, Object> parameters, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException; } http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java index 838ef4c..a8503ca 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorService.java @@ -37,7 +37,6 @@ import org.apache.directory.api.ldap.model.message.SearchRequestImpl; import org.apache.directory.api.ldap.model.message.SearchScope; import org.apache.directory.api.ldap.model.name.Dn; import org.apache.directory.ldap.client.api.LdapConnection; -import org.apache.directory.ldap.client.api.LdapNetworkConnection; import org.apache.directory.ldap.client.api.search.FilterBuilder; import org.apache.directory.shared.ldap.constants.SchemaConstants; import org.slf4j.Logger; @@ -84,18 +83,18 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati * @param testUserName the test username * @param testPassword the test password * @param ambariLdapConfiguration configuration instance holding ldap configuration details + * @return the DN of the test user * @throws AmbariException if the attributes are not valid or any errors occurs */ @Override public String checkUserAttributes(LdapConnection ldapConnection, String testUserName, String testPassword, AmbariLdapConfiguration ambariLdapConfiguration) throws AmbariLdapException { - LdapNetworkConnection connection = null; SearchCursor searchCursor = null; String userDn = null; try { LOGGER.info("Checking user attributes for user {} r ...", testUserName); // bind anonimously or with manager data - bind(ambariLdapConfiguration, connection); + bind(ambariLdapConfiguration, ldapConnection); // set up a filter based on the provided attributes String filter = FilterBuilder.and( @@ -104,7 +103,7 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati .toString(); LOGGER.info("Searching for the user: {} using the search filter: {}", testUserName, filter); - EntryCursor entryCursor = connection.search(new Dn(ambariLdapConfiguration.userSearchBase()), filter, SearchScope.SUBTREE); + EntryCursor entryCursor = ldapConnection.search(new Dn(ambariLdapConfiguration.userSearchBase()), filter, SearchScope.SUBTREE); // collecting search result entries List<Entry> users = Lists.newArrayList(); @@ -128,7 +127,7 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati throw new AmbariLdapException(e.getMessage(), e); } finally { - closeResources(connection, searchCursor); + closeResources(ldapConnection, searchCursor); } return userDn; } @@ -172,14 +171,19 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati throw new AmbariLdapException(e.getMessage(), e); } finally { - closeResources(ldapConnection, searchCursor); - } return processGroupResults(groupResponses, ambariLdapConfiguration); } + /** + * Binds to the LDAP server (anonimously or wit manager credentials) + * + * @param ambariLdapConfiguration configuration instance + * @param connection connection instance + * @throws LdapException if the bind operation fails + */ private void bind(AmbariLdapConfiguration ambariLdapConfiguration, LdapConnection connection) throws LdapException { LOGGER.info("Connecting to LDAP ...."); if (!ambariLdapConfiguration.bindAnonimously()) { @@ -198,6 +202,13 @@ public class DefaultLdapConfigurationValidatorService implements LdapConfigurati } + /** + * Extracts meaningful values from the search result. + * + * @param groupResponses the result entries returned by the search + * @param ambariLdapConfiguration holds the keys of the meaningful attributes + * @return a set with the group names the test user belongs to + */ private Set<String> processGroupResults(Set<Response> groupResponses, AmbariLdapConfiguration ambariLdapConfiguration) { Set<String> groupStrSet = Sets.newHashSet(); for (Response response : groupResponses) { http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java index b5559d9..25dc1f2 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConnectionService.java @@ -56,7 +56,7 @@ public class DefaultLdapConnectionService implements LdapConnectionService { ldapConnectionConfig.setLdapPort(ambariAmbariLdapConfiguration.ldapServerPort()); ldapConnectionConfig.setUseSsl(ambariAmbariLdapConfiguration.useSSL()); - //todo set the other values as required + // todo set the other values as required return ldapConnectionConfig; } http://git-wip-us.apache.org/repos/asf/ambari/blob/94073f0b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java index 5c9d304..663ea12 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/ldap/service/ad/DefaultLdapConfigurationValidatorServiceTest.java @@ -18,23 +18,15 @@ import static org.junit.Assert.assertNotNull; import java.util.Map; -import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.ldap.AmbariLdapConfiguration; import org.apache.ambari.server.ldap.LdapConfigurationValidatorService; import org.apache.ambari.server.ldap.service.LdapConnectionService; import org.apache.directory.api.ldap.model.cursor.EntryCursor; -import org.apache.directory.api.ldap.model.cursor.SearchCursor; import org.apache.directory.api.ldap.model.entry.Entry; -import org.apache.directory.api.ldap.model.message.Response; -import org.apache.directory.api.ldap.model.message.SearchRequest; -import org.apache.directory.api.ldap.model.message.SearchRequestImpl; -import org.apache.directory.api.ldap.model.message.SearchResultEntry; import org.apache.directory.api.ldap.model.message.SearchScope; -import org.apache.directory.api.ldap.model.name.Dn; import org.apache.directory.ldap.client.api.LdapConnection; import org.apache.directory.ldap.client.api.LdapConnectionConfig; import org.apache.directory.ldap.client.api.LdapNetworkConnection; -import org.apache.directory.ldap.client.api.search.FilterBuilder; import org.apache.directory.shared.ldap.constants.SchemaConstants; import org.junit.Test; import org.slf4j.Logger; @@ -75,57 +67,24 @@ public class DefaultLdapConfigurationValidatorServiceTest { @Test public void testCheckUserAttributes() throws Exception { + // GIVEN Map<String, Object> ldapPropsMap = Maps.newHashMap(); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), false); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BIND_ANONIMOUSLY.propertyName(), "true"); ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_HOST.propertyName(), "ldap.forumsys.com"); ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389"); ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com"); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_MEMBER_ATTRIBUTE.propertyName(), SchemaConstants.UNIQUE_MEMBER_AT); ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT); + ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_SEARCH_BASE.propertyName(), "dc=example,dc=com"); - AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap); - - - try { - LOGGER.info("Authenticating user {} against the LDAP server ...", TEST_USER); - LdapConnectionService connectionService = new DefaultLdapConnectionService(); - LdapNetworkConnection connection = connectionService.createLdapConnection(ambariLdapConfiguration); - - String filter = FilterBuilder.and( - FilterBuilder.equal(SchemaConstants.OBJECT_CLASS_AT, ambariLdapConfiguration.userObjectClass()), - FilterBuilder.equal(ambariLdapConfiguration.userNameAttribute(), TEST_USER)) - .toString(); - - SearchRequest searchRequest = new SearchRequestImpl(); - searchRequest.setBase(new Dn(ambariLdapConfiguration.baseDn())); - searchRequest.setFilter(filter); - searchRequest.setScope(SearchScope.SUBTREE); - LOGGER.info("loking up user: {} based on the filtr: {}", TEST_USER, filter); - - connection.bind(); - SearchCursor searchCursor = connection.search(searchRequest); - - while (searchCursor.next()) { - Response response = searchCursor.get(); - - // process the SearchResultEntry - if (response instanceof SearchResultEntry) { - Entry resultEntry = ((SearchResultEntry) response).getEntry(); - System.out.println(resultEntry); - } - } - - searchCursor.close(); - - } catch (Exception e) { - throw new AmbariException("Error during user authentication check", e); - } + AmbariLdapConfiguration ambariLdapConfiguration = new AmbariLdapConfiguration(ldapPropsMap); + LdapConnectionService connectionService = new DefaultLdapConnectionService(); + LdapNetworkConnection ldapConnection = connectionService.createLdapConnection(ambariLdapConfiguration); + ldapConfigurationValidatorService.checkUserAttributes(ldapConnection, "einstein", "", ambariLdapConfiguration); } @Test @@ -138,8 +97,6 @@ public class DefaultLdapConfigurationValidatorServiceTest { ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.LDAP_SERVER_PORT.propertyName(), "389"); ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.BASE_DN.propertyName(), "dc=example,dc=com"); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_OBJECT_CLASS.propertyName(), SchemaConstants.PERSON_OC); - ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.USER_NAME_ATTRIBUTE.propertyName(), SchemaConstants.UID_AT); ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_OBJECT_CLASS.propertyName(), SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC); ldapPropsMap.put(AmbariLdapConfiguration.LdapConfigProperty.GROUP_NAME_ATTRIBUTE.propertyName(), SchemaConstants.CN_AT);
