def test_disabling_tproxy_support(self, get_json_via_rest_api_mock,
is_server_runing_mock, get_silent_mock,
get_ambari_properties_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
get_json_via_rest_api_mock.return_value = (200, {})
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
properties = Properties()
get_ambari_properties_mock.return_value = properties
options = self._create_empty_options_mock()
options.tproxy_enabled = 'false'
setup_trusted_proxy(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestMethod = args[4]
self.assertTrue(isinstance(requestMethod, str))
self.assertEqual(requestMethod, "DELETE")
sys.stdout = sys.__stdout__
pass
def test_decrypt_missed_masterkey_not_persisted(
self, get_original_master_key_mock, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
read_passwd_for_alias_method, save_passwd_for_alias_method,
read_ambari_user_method, exists_mock, get_is_secure_method,
get_is_persisted_method):
is_root_method.return_value = True
search_file_message.return_value = False
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY,
get_alias_string(JDBC_RCA_PASSWORD_ALIAS))
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
get_YN_input_method.side_effect = [True, False]
get_original_master_key_mock.return_value = None
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (False, "filePath")
options = self._create_empty_options_mock()
self.assertTrue(setup_sensitive_data_encryption(options) == 1)
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
pass
def test_server_class_path_default(self, get_conf_dir_mock):
properties = Properties()
get_conf_dir_mock.return_value = "/etc/ambari-server/conf"
expected_classpath = "'/etc/ambari-server/conf:/usr/lib/ambari-server/*'"
serverClassPath = ServerClassPath(properties, None)
self.assertEquals(expected_classpath, serverClassPath.get_full_ambari_classpath_escaped_for_shell())
def write_property(key, value):
conf_file = find_properties_file()
properties = Properties()
try:
properties.load(open(conf_file))
except Exception, e:
print_error_msg('Could not read ambari config file "%s": %s' % (conf_file, e))
return -1
def change_objects_owner(args): print 'Fixing database objects owner' properties = Properties() #Dummy, args contains the dbms name and parameters already factory = DBMSConfigFactory() dbms = factory.create(args, properties) dbms.change_db_files_owner()
def get_ambari_properties():
conf_file = find_properties_file()
properties = None
try:
properties = Properties()
properties.load(open(conf_file))
except (Exception), e:
print 'Could not read "%s": %s' % (conf_file, e)
return -1
def test_setup_sso_should_not_fail_when_sso_config_cannot_be_loaded_due_to_404_error(
self, open_mock, is_server_runing_mock, get_silent_mock,
get_ambari_properties_mock, get_YN_input_mock,
get_cluster_name_mock, urlopen_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
certificate_data = '-----BEGIN CERTIFICATE-----\n' \
'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \
'................................................................\n' \
'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \
'-----END CERTIFICATE-----'
mock_file = MagicFile(certificate_data)
open_mock.side_effect = [mock_file]
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
get_ambari_properties_mock.return_value = Properties()
get_cluster_name_mock.return_value = 'cluster1'
get_YN_input_mock.__return_value = True
urlopen_mock.side_effect = HTTPError(MagicMock(status=404), 404,
'not found', None, None)
sso_enabled = 'true'
sso_provider_url = 'http://testHost:8080'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
options.sso_enabled_ambari = sso_enabled
options.sso_manage_services = 'true'
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
options.sso_jwt_audience_list = sso_jwt_audience_list
setup_sso(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
self.assertEqual(ssoProperties[AMBARI_SSO_AUTH_ENABLED], sso_enabled)
self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url)
self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data)
self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name)
self.assertEqual(ssoProperties[JWT_AUDIENCES], sso_jwt_audience_list)
self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "true")
self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES], "*")
def test_all_cli_options_are_collected_when_enabling_sso(
self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock,
get_silent_mock, get_ambari_properties_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
certificate_data = '-----BEGIN CERTIFICATE-----\n' \
'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \
'................................................................\n' \
'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \
'-----END CERTIFICATE-----'
mock_file = MagicFile(certificate_data)
open_mock.side_effect = [mock_file]
get_json_via_rest_api_mock.return_value = (200, {})
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
properties = Properties()
get_ambari_properties_mock.return_value = properties
sso_enabled = 'true'
sso_enabled_services = 'Ambari, SERVICE1, SERVICE2'
sso_provider_url = 'https://c7402.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
options.sso_enabled_ambari = 'true'
options.sso_manage_services = 'true'
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
options.sso_jwt_audience_list = sso_jwt_audience_list
options.sso_enabled_services = sso_enabled_services
setup_sso(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
self.assertEqual(ssoProperties[AMBARI_SSO_AUTH_ENABLED], sso_enabled)
self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url)
self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data)
self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name)
self.assertEqual(ssoProperties[JWT_AUDIENCES], sso_jwt_audience_list)
sys.stdout = sys.__stdout__
pass
def test_decrypt_sensitive_data_persister(
self, get_is_persisted_method, get_is_secure_method,
sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, update_properties_method,
read_passwd_for_alias_method, save_passwd_for_alias_method,
read_ambari_user_method, exists_mock):
# Testing call under root
is_root_method.return_value = True
search_file_message.return_value = "filepath"
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
get_is_persisted_method.return_value = (True, "filepath")
get_is_secure_method.return_value = True
get_YN_input_method.side_effect = [True, False]
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
calls = [call(options, "decryption")]
sensitive_data_encryption_metod.assert_has_calls(calls)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(read_passwd_for_alias_method.called)
self.assertTrue(2, read_passwd_for_alias_method.call_count)
self.assertTrue(2, save_passwd_for_alias_method.call_count)
result_expected = {
JDBC_PASSWORD_PROPERTY: "fakepassword",
JDBC_RCA_PASSWORD_FILE_PROPERTY: "fakepassword",
SSL_TRUSTSTORE_PASSWORD_PROPERTY: "fakepassword",
SECURITY_IS_ENCRYPTION_ENABLED: 'false',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'false'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
def test_server_class_path_custom_jdbc_path(self, get_native_libs_path_mock, get_jdbc_driver_path_mock,
get_conf_dir_mock):
properties = Properties()
properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, "/ambari/properties/path/to/custom/jdbc.jar")
get_jdbc_driver_path_mock.return_value = "/path/to/jdbc.jar"
get_native_libs_path_mock.return_value = None
get_conf_dir_mock.return_value = "/etc/ambari-server/conf"
expected_classpath = "'/etc/ambari-server/conf:/usr/lib/ambari-server/*:/ambari/properties/path/to/custom/jdbc.jar:/path/to/jdbc.jar'"
serverClassPath = ServerClassPath(properties, MagicMock())
actual_classpath = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
self.assertEquals(expected_classpath, actual_classpath)
def test_server_class_path_custom_env_classpath(self, get_native_libs_path_mock, get_jdbc_driver_path_mock,
get_conf_dir_mock):
properties = Properties()
get_jdbc_driver_path_mock.return_value = "/path/to/jdbc.jar"
get_native_libs_path_mock.return_value = None
get_conf_dir_mock.return_value = "/etc/ambari-server/conf"
os.environ[SERVER_CLASSPATH_KEY] = "/custom/server/env/classpath"
expected_classpath = "'/etc/ambari-server/conf:/custom/server/env/classpath:/usr/lib/ambari-server/*:/path/to/jdbc.jar'"
serverClassPath = ServerClassPath(properties, MagicMock())
actual_classpath = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
del os.environ[SERVER_CLASSPATH_KEY]
self.assertEquals(expected_classpath, actual_classpath)
def test_server_class_path_custom_jar(self, get_native_libs_path_mock, get_jdbc_driver_path_mock,
get_conf_dir_mock):
properties = Properties()
get_jdbc_driver_path_mock.return_value = "/path/to/jdbc.jar"
get_native_libs_path_mock.return_value = None
get_conf_dir_mock.return_value = "/etc/ambari-server/conf"
os.environ[AMBARI_SERVER_LIB] = "/custom/ambari/jar/location"
expected_classpath ="'/etc/ambari-server/conf:/custom/ambari/jar/location/*:/path/to/jdbc.jar'"
serverClassPath = ServerClassPath(properties, MagicMock())
actual_classpath = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
del os.environ[AMBARI_SERVER_LIB]
self.assertEquals(expected_classpath, actual_classpath)
def test_sso_is_enabled_for_all_services_via_user_input(
self, is_root_mock, is_server_runing_mock, get_silent_mock,
get_ambari_properties_mock, update_properties_mock,
get_YN_input_mock, perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
is_root_mock.return_value = True
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
get_ambari_properties_mock.return_value = Properties()
def yn_input_side_effect(*args, **kwargs):
if 'all services' in args[0]:
return True
else:
raise Exception(
"ShouldNotBeInvoked"
) # only the 'Use SSO for all services' question should be asked for now
get_YN_input_mock.side_effect = yn_input_side_effect
options = self._create_empty_options_mock()
options.sso_enabled = 'true'
options.sso_provider_url = 'http://testHost:8080'
options.sso_public_cert_file = '/test/file/path'
options.sso_jwt_cookie_name = 'test_cookie'
options.sso_jwt_audience_list = 'test, audience, list'
setup_sso(options)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
properties_updated_in_ambari_db = sorted(ssoProperties.iteritems(),
key=operator.itemgetter(0))
properties_should_be_updated_in_ambari_db = sorted(
{
"ambari.sso.enabled_services": "*",
"ambari.sso.manage_services": "true"
}.iteritems(),
key=operator.itemgetter(0))
self.assertEqual(properties_should_be_updated_in_ambari_db,
properties_updated_in_ambari_db)
sys.stdout = sys.__stdout__
pass
def update_ambari_properties():
prev_conf_file = search_file(configDefaults.AMBARI_PROPERTIES_BACKUP_FILE, get_conf_dir())
conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir())
# Previous config file does not exist
if (not prev_conf_file) or (prev_conf_file is None):
print_warning_msg("Can not find ambari.properties.backup file from previous version, skipping import of settings")
return 0
try:
old_properties = Properties()
old_properties.load(open(prev_conf_file))
except Exception, e:
print 'Could not read "%s": %s' % (prev_conf_file, e)
return -1
def test_sensitive_data_encryption(self, run_os_command_mock,
get_ambari_properties_method,
find_jdk_mock):
find_jdk_mock.return_value = "/"
environ = os.environ.copy()
run_os_command_mock.return_value = 0, "", ""
properties = Properties()
get_ambari_properties_method.return_value = properties
options = self._create_empty_options_mock()
sensitive_data_encryption(options, "encription")
run_os_command_mock.assert_called_with(
'None -cp test:path12 org.apache.ambari.server.security.encryption.SensitiveDataEncryption encription > /var/log/ambari-server/ambari-server.out 2>&1',
environ)
pass
def test_only_sso_enabled_cli_option_is_collected_when_disabling_sso(
self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock,
get_silent_mock, get_ambari_properties_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
certificate_data = '-----BEGIN CERTIFICATE-----\n' \
'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \
'................................................................\n' \
'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \
'-----END CERTIFICATE-----'
mock_file = MagicFile(certificate_data)
open_mock.side_effect = [mock_file]
get_json_via_rest_api_mock.return_value = (200, {})
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
properties = Properties()
get_ambari_properties_mock.return_value = properties
sso_enabled = 'false'
sso_provider_url = 'http://testHost:8080'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
options.sso_jwt_audience_list = sso_jwt_audience_list
setup_sso(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "false")
self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], "false")
sys.stdout = sys.__stdout__
pass
def test_setup_sensitive_data_encryption_persist(
self, sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
update_properties_method, read_ambari_user_method,
read_master_key_method, get_is_persisted_method,
get_is_secure_method, exists_mock, save_passwd_for_alias_method):
is_root_method.return_value = True
p = Properties()
FAKE_PWD_STRING = "fakepasswd"
p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
search_file_message.return_value = "propertiesfile"
master_key = "aaa"
read_master_key_method.return_value = master_key
get_YN_input_method.return_value = True
read_ambari_user_method.return_value = None
get_is_persisted_method.return_value = (True, "filepath")
get_is_secure_method.return_value = False
exists_mock.return_value = False
save_passwd_for_alias_method.return_value = 0
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(read_master_key_method.called)
self.assertTrue(read_ambari_user_method.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(save_master_key_method.called)
sensitive_data_encryption_metod.assert_called_with(
options, "encryption")
result_expected = {
JDBC_PASSWORD_PROPERTY: get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
SECURITY_IS_ENCRYPTION_ENABLED: 'true',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'true'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
def test_sensitive_data_decryption_not_persisted(
self, run_os_command_mock, get_ambari_properties_method,
find_jdk_mock):
find_jdk_mock.return_value = "/"
environ = os.environ.copy()
master = "master"
environ[SECURITY_KEY_ENV_VAR_NAME] = master
run_os_command_mock.return_value = 0, "", ""
properties = Properties()
get_ambari_properties_method.return_value = properties
options = self._create_empty_options_mock()
sensitive_data_encryption(options, "decryption", master)
run_os_command_mock.assert_called_with(
'None -cp test:path12 org.apache.ambari.server.security.encryption.SensitiveDataEncryption decryption > /var/log/ambari-server/ambari-server.out 2>&1',
environ)
pass
def test_all_cli_options_are_collected_when_enabling_sso(
self, is_root_mock, is_server_runing_mock, get_silent_mock,
get_ambari_properties_mock, update_properties_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
is_root_mock.return_value = True
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
properties = Properties()
get_ambari_properties_mock.return_value = properties
sso_enabled = 'true'
sso_enabled_services = 'Ambari, SERVICE1, SERVICE2'
sso_provider_url = 'https://c7402.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
options.sso_jwt_audience_list = sso_jwt_audience_list
options.sso_enabled_services = sso_enabled_services
setup_sso(options)
self.assertTrue(update_properties_mock.called)
self.assertEqual(properties.get_property(JWT_AUTH_ENBABLED),
sso_enabled)
self.assertEqual(properties.get_property(JWT_AUTH_PROVIDER_URL),
sso_provider_url)
self.assertEqual(properties.get_property(JWT_PUBLIC_KEY),
sso_public_cert_file)
self.assertEqual(properties.get_property(JWT_COOKIE_NAME),
sso_jwt_cookie_name)
self.assertEqual(properties.get_property(JWT_AUDIENCES),
sso_jwt_audience_list)
self.assertTrue(perform_changes_via_rest_api_mock.called)
sys.stdout = sys.__stdout__
pass
def test_only_sso_enabled_cli_option_is_collected_when_disabling_sso(
self, is_root_mock, is_server_runing_mock, get_silent_mock,
get_ambari_properties_mock, update_properties_mock, urlopen_mock):
out = StringIO.StringIO()
sys.stdout = out
is_root_mock.return_value = True
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
properties = Properties()
get_ambari_properties_mock.return_value = properties
sso_enabled = 'false'
sso_provider_url = 'http://testHost:8080'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
options.sso_jwt_audience_list = sso_jwt_audience_list
response = MagicMock()
response.getcode.return_value = 200
urlopen_mock.return_value = response
setup_sso(options)
self.assertTrue(update_properties_mock.called)
self.assertEqual(properties.get_property(JWT_AUTH_ENBABLED),
sso_enabled)
self.assertTrue(
JWT_AUTH_PROVIDER_URL not in properties.propertyNames())
self.assertTrue(JWT_PUBLIC_KEY not in properties.propertyNames())
self.assertTrue(JWT_COOKIE_NAME not in properties.propertyNames())
self.assertTrue(JWT_AUDIENCES not in properties.propertyNames())
sys.stdout = sys.__stdout__
pass
def test_all_cli_options_are_collected_when_enabling_sso(
self, is_root_mock, get_silent_mock, get_ambari_properties_mock,
update_properties_mock):
out = StringIO.StringIO()
sys.stdout = out
is_root_mock.return_value = True
get_silent_mock.return_value = False
properties = Properties()
get_ambari_properties_mock.return_value = properties
sso_enabled = 'true'
sso_provider_url = 'http://testHost:8080'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
options.sso_jwt_audience_list = sso_jwt_audience_list
setup_sso(options)
self.assertTrue(update_properties_mock.called)
self.assertEqual(properties.get_property(JWT_AUTH_ENBABLED),
sso_enabled)
self.assertEqual(properties.get_property(JWT_AUTH_PROVIDER_URL),
sso_provider_url)
self.assertEqual(properties.get_property(JWT_PUBLIC_KEY),
sso_public_cert_file)
self.assertEqual(properties.get_property(JWT_COOKIE_NAME),
sso_jwt_cookie_name)
self.assertEqual(properties.get_property(JWT_AUDIENCES),
sso_jwt_audience_list)
sys.stdout = sys.__stdout__
pass
def update_properties(propertyMap):
conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir())
backup_file_in_temp(conf_file)
if propertyMap is not None and conf_file is not None:
properties = Properties()
try:
with open(conf_file, 'r') as file:
properties.load(file)
except (Exception), e:
print_error_msg('Could not read "%s": %s' % (conf_file, e))
return -1
for key in propertyMap.keys():
properties.removeOldProp(key)
properties.process_pair(key, str(propertyMap[key]))
for key in properties.keys():
if not propertyMap.has_key(key):
properties.removeOldProp(key)
with open(conf_file, 'w') as file:
properties.store_ordered(file)
def test_setup_sso_should_not_fail_when_sso_config_cannot_be_loaded_due_to_404_error(self, is_root_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, update_properties_mock, get_YN_input_mock,
get_cluster_name_mock, perform_changes_via_rest_api_mock, urlopen_mock):
out = StringIO.StringIO()
sys.stdout = out
is_root_mock.return_value = True
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
get_ambari_properties_mock.return_value = Properties()
get_cluster_name_mock.return_value = 'cluster1'
get_YN_input_mock.__return_value = True
urlopen_mock.side_effect = HTTPError(MagicMock(status=404), 404, 'not found', None, None)
options = self._create_empty_options_mock()
options.sso_provider_url = 'http://testHost:8080'
options.sso_public_cert_file = '/test/file/path'
options.sso_jwt_cookie_name = 'test_cookie'
options.sso_jwt_audience_list = 'test, audience, list'
setup_sso(options)
self.assertTrue(update_properties_mock.called)
pass
def test_sso_is_enabled_for_all_services_via_user_input(
self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock,
get_silent_mock, get_ambari_properties_mock, get_YN_input_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
certificate_data = '-----BEGIN CERTIFICATE-----\n' \
'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \
'................................................................\n' \
'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \
'-----END CERTIFICATE-----'
mock_file = MagicFile(certificate_data)
open_mock.side_effect = [mock_file]
get_json_via_rest_api_mock.return_value = (200, {})
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
get_ambari_properties_mock.return_value = Properties()
def yn_input_side_effect(*args, **kwargs):
if 'all services' in args[0]:
return True
else:
raise Exception(
"ShouldNotBeInvoked"
) # only the 'Use SSO for all services' question should be asked for now
get_YN_input_mock.side_effect = yn_input_side_effect
sso_enabled = 'true'
sso_provider_url = 'http://testHost:8080'
sso_public_cert_file = '/test/file/path'
sso_jwt_cookie_name = 'test_cookie'
sso_jwt_audience_list = 'test, audience, list'
options = self._create_empty_options_mock()
options.sso_enabled = sso_enabled
options.sso_provider_url = sso_provider_url
options.sso_public_cert_file = sso_public_cert_file
options.sso_jwt_cookie_name = sso_jwt_cookie_name
options.sso_jwt_audience_list = sso_jwt_audience_list
setup_sso(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], sso_enabled)
self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url)
self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data)
self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name)
self.assertEqual(ssoProperties[JWT_AUDIENCES], sso_jwt_audience_list)
self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "true")
self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES], "*")
sys.stdout = sys.__stdout__
pass
def test_encrypt_part_not_persisted(
self, get_original_master_key_mock,
sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
update_properties_method, read_passwd_for_alias_method,
save_passwd_for_alias_method, read_ambari_user_method, exists_mock,
get_is_secure_method, get_is_persisted_method):
is_root_method.return_value = True
search_file_message.return_value = False
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY,
get_alias_string(JDBC_RCA_PASSWORD_ALIAS))
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
master_key = "aaa"
get_YN_input_method.side_effect = [False, False, False]
get_original_master_key_mock.return_value = master_key
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (False, "filePath")
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
calls = [call(options, "encryption", master_key)]
sensitive_data_encryption_metod.assert_has_calls(calls)
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(get_original_master_key_mock.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(read_passwd_for_alias_method.called)
self.assertTrue(2, read_passwd_for_alias_method.call_count)
self.assertTrue(2, save_passwd_for_alias_method.call_count)
self.assertFalse(save_master_key_method.called)
result_expected = {
JDBC_PASSWORD_PROPERTY:
get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
JDBC_RCA_PASSWORD_FILE_PROPERTY:
get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
SSL_TRUSTSTORE_PASSWORD_PROPERTY:
get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS),
SECURITY_IS_ENCRYPTION_ENABLED:
'true',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED:
'true'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
def test_tproxy_is_enabled_for_two_proxy_users(
self, get_json_via_rest_api_mock, is_server_runing_mock,
get_silent_mock, get_ambari_properties_mock,
get_validated_string_input_mock, get_YN_input_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
get_json_via_rest_api_mock.return_value = (200, {})
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
get_ambari_properties_mock.return_value = Properties()
user_name1 = 'knox'
hosts1 = 'knox_hosts'
users1 = 'knox_users'
groups1 = 'knox_groups'
user_name2 = 'admin'
hosts2 = 'admin_hosts'
users2 = 'admin_users'
groups2 = 'admin_groups'
get_validated_string_input_mock.side_effect = [
user_name1, hosts1, users1, groups1, user_name2, hosts2, users2,
groups2
]
get_YN_input_mock.side_effect = [
True, False
] #answer 'True' for the first time when asking for a new proxy user addition and then 'False' (indicating we do not want to add more proxy users)
options = self._create_empty_options_mock()
options.tproxy_enabled = 'true'
setup_trusted_proxy(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
tproxyProperties = requestData['Configuration']['properties']
self.assertEqual(tproxyProperties[TPROXY_SUPPORT_ENABLED], 'true')
self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name1)],
hosts1)
self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name1)],
users1)
self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name1)],
groups1)
self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name2)],
hosts2)
self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name2)],
users2)
self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name2)],
groups2)
sys.stdout = sys.__stdout__
pass
# ambari.properties file does not exists
if conf_file is None:
print_error_msg("Can't find %s file" % AMBARI_PROPERTIES_FILE)
return -1
with open(prev_conf_file) as hfOld:
try:
old_properties = Properties()
old_properties.load(hfOld)
except Exception, e:
print 'Could not read "%s": %s' % (prev_conf_file, e)
return -1
try:
new_properties = Properties()
with open(conf_file) as hfNew:
new_properties.load(hfNew)
for prop_key, prop_value in old_properties.getPropertyDict().items():
if "agent.fqdn.service.url" == prop_key:
# BUG-7179 what is agent.fqdn property in ambari.props?
new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value)
elif "server.os_type" == prop_key:
new_properties.process_pair(OS_TYPE_PROPERTY, OS_FAMILY + OS_VERSION)
else:
new_properties.process_pair(prop_key, prop_value)
# Adding custom user name property if it is absent
# In previous versions without custom user support server was started as
# "root" anyway so it's a reasonable default
def test_sso_enabled_services_are_collected_via_user_input(
self, is_root_mock, is_server_runing_mock, get_silent_mock,
get_ambari_properties_mock, update_properties_mock,
get_YN_input_mock, get_cluster_name_mock,
perform_changes_via_rest_api_mock, urlopen_mock):
out = StringIO.StringIO()
sys.stdout = out
is_root_mock.return_value = True
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
get_ambari_properties_mock.return_value = Properties()
get_cluster_name_mock.return_value = 'cluster1'
def yn_input_side_effect(*args, **kwargs):
if 'all services' in args[0]:
return False
else:
return True
get_YN_input_mock.side_effect = yn_input_side_effect
eligible_services = \
"""
{
"href": "http://c7401:8080/api/v1/clusters/cluster1/services?ServiceInfo/sso_integration_supported=true",
"items": [
{
"href": "http://c7401:8080/api/v1/clusters/cluster1/services/HDFS",
"ServiceInfo": {
"cluster_name": "cluster1",
"service_name": "HDFS"
}
},
{
"href": "http://c7401:8080/api/v1/clusters/cluster1/services/ZOOKEPER",
"ServiceInfo": {
"cluster_name": "cluster1",
"service_name": "ZOOKEPER"
}
}
]
}
"""
response = MagicMock()
response.getcode.return_value = 200
response.read.return_value = eligible_services
urlopen_mock.return_value = response
options = self._create_empty_options_mock()
options.sso_enabled = 'true'
options.sso_provider_url = 'http://testHost:8080'
options.sso_public_cert_file = '/test/file/path'
options.sso_jwt_cookie_name = 'test_cookie'
options.sso_jwt_audience_list = 'test, audience, list'
setup_sso(options)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
properties_updated_in_ambari_db = sorted(ssoProperties.iteritems(),
key=operator.itemgetter(0))
properties_should_be_updated_in_ambari_db = sorted(
{
"ambari.sso.enabled_services": "Ambari, HDFS, ZOOKEPER",
"ambari.sso.manage_services": "true"
}.iteritems(),
key=operator.itemgetter(0))
self.assertEqual(properties_should_be_updated_in_ambari_db,
properties_updated_in_ambari_db)
sys.stdout = sys.__stdout__
pass
def test_enable_tproxy_support_using_configuration_file_path_from_command_line(
self, open_mock, isfile_mock, get_json_via_rest_api_mock,
is_server_runing_mock, get_silent_mock, get_ambari_properties_mock,
perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
get_json_via_rest_api_mock.return_value = (200, {})
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
properties = Properties()
get_ambari_properties_mock.return_value = properties
isfile_mock.return_value = True
tproxy_configurations = "["\
" {"\
" \"proxyuser\" : \"knox\"," \
" \"hosts\" : \"host1\"," \
" \"users\" : \"user1\"," \
" \"groups\" : \"group1\"" \
" }," \
" {"\
" \"proxyuser\": \"admin\"," \
" \"hosts\" : \"host2\"," \
" \"users\" : \"user2\"," \
" \"groups\" : \"group2\"" \
" }" \
"]"
mock_file = MagicFile(tproxy_configurations)
open_mock.side_effect = [mock_file]
options = self._create_empty_options_mock()
options.tproxy_enabled = 'true'
options.tproxy_configuration_file_path = 'samplePath'
setup_trusted_proxy(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
tproxyProperties = requestData['Configuration']['properties']
self.assertEqual(tproxyProperties[TPROXY_SUPPORT_ENABLED], 'true')
user_name1 = "knox"
self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name1)],
"host1")
self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name1)],
"user1")
self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name1)],
"group1")
user_name2 = "admin"
self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name2)],
"host2")
self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name2)],
"user2")
self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name2)],
"group2")
sys.stdout = sys.__stdout__
pass
def test_sso_enabled_services_are_collected_via_user_input(
self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock,
get_silent_mock, get_ambari_properties_mock, get_YN_input_mock,
get_cluster_name_mock, perform_changes_via_rest_api_mock):
out = StringIO.StringIO()
sys.stdout = out
certificate_data = '-----BEGIN CERTIFICATE-----\n' \
'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \
'................................................................\n' \
'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \
'-----END CERTIFICATE-----'
mock_file = MagicFile(certificate_data)
open_mock.side_effect = [mock_file]
eligible_services = \
"""
{
"href": "http://c7401:8080/api/v1/clusters/cluster1/services?ServiceInfo/sso_integration_supported=true",
"items": [
{
"href": "http://c7401:8080/api/v1/clusters/cluster1/services/HDFS",
"ServiceInfo": {
"cluster_name": "cluster1",
"service_name": "HDFS"
}
},
{
"href": "http://c7401:8080/api/v1/clusters/cluster1/services/ZOOKEPER",
"ServiceInfo": {
"cluster_name": "cluster1",
"service_name": "ZOOKEPER"
}
}
]
}
"""
eligible_services_json = {
"href":
"http://c7401:8080/api/v1/clusters/cluster1/services?ServiceInfo/sso_integration_supported=true",
"items": [{
"href":
"http://c7401:8080/api/v1/clusters/cluster1/services/HDFS",
"ServiceInfo": {
"cluster_name": "cluster1",
"service_name": "HDFS"
}
}, {
"href":
"http://c7401:8080/api/v1/clusters/cluster1/services/ZOOKEPER",
"ServiceInfo": {
"cluster_name": "cluster1",
"service_name": "ZOOKEPER"
}
}]
}
get_json_via_rest_api_mock.return_value = (200, {})
get_json_via_rest_api_mock.return_value = (200, eligible_services_json)
is_server_runing_mock.return_value = (True, 0)
get_silent_mock.return_value = False
get_ambari_properties_mock.return_value = Properties()
get_cluster_name_mock.return_value = 'cluster1'
def yn_input_side_effect(*args, **kwargs):
if 'all services' in args[0]:
return False
else:
return True
get_YN_input_mock.side_effect = yn_input_side_effect
response = MagicMock()
response.getcode.return_value = 200
response.read.return_value = eligible_services
options = self._create_empty_options_mock()
options.sso_enabled = 'true'
options.sso_provider_url = 'http://testHost:8080'
options.sso_public_cert_file = '/test/file/path'
options.sso_jwt_cookie_name = 'test_cookie'
options.sso_jwt_audience_list = 'test, audience, list'
setup_sso(options)
self.assertTrue(perform_changes_via_rest_api_mock.called)
requestCall = perform_changes_via_rest_api_mock.call_args_list[0]
args, kwargs = requestCall
requestData = args[5]
self.assertTrue(isinstance(requestData, dict))
ssoProperties = requestData['Configuration']['properties']
self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "true")
self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES],
"AMBARI,HDFS,ZOOKEPER")
sys.stdout = sys.__stdout__
pass