コード例 #1
0
def populate_sso_provider_url(options, properties):
    if not options.sso_provider_url:
        provider_url = get_value_from_dictionary(properties, SSO_PROVIDER_URL,
                                                 SSO_PROVIDER_URL_DEFAULT)
        provider_url = get_validated_string_input(
            "Provider URL ({0}): ".format(provider_url), provider_url,
            REGEX_URL, "Invalid provider URL", False)
    else:
        provider_url = options.sso_provider_url

    properties[SSO_PROVIDER_URL] = provider_url
コード例 #2
0
def populate_jwt_cookie_name(options, properties):
    if not options.sso_jwt_cookie_name and (not options.sso_provider_url or
                                            not options.sso_public_cert_file):
        cookie_name = get_value_from_dictionary(properties, JWT_COOKIE_NAME,
                                                JWT_COOKIE_NAME_DEFAULT)
        cookie_name = get_validated_string_input(
            "JWT Cookie name ({0}): ".format(cookie_name), cookie_name,
            REGEX_ANYTHING, "Invalid cookie name", False)
    else:
        cookie_name = options.sso_jwt_cookie_name if options.sso_jwt_cookie_name else JWT_COOKIE_NAME_DEFAULT

    properties[JWT_COOKIE_NAME] = cookie_name
コード例 #3
0
def populate_tproxy_configuration_property(properties, tproxy_user_name,
                                           property_name,
                                           question_text_qualifier):
    resolved_property_name = property_name.format(tproxy_user_name)
    resolved_property_value = get_value_from_dictionary(
        properties, resolved_property_name, WILDCARD_FOR_ALL)
    resolved_property_value = get_validated_string_input(
        "Allowed {0} for {1} ({2})? ".format(question_text_qualifier,
                                             tproxy_user_name,
                                             resolved_property_value),
        resolved_property_value, REGEX_ANYTHING, "Invalid input", False)
    properties[resolved_property_name] = resolved_property_value
コード例 #4
0
def populate_jwt_audiences(options, properties):
    if options.sso_jwt_audience_list is None and (
            not options.sso_provider_url or not options.sso_public_cert_file):
        audiences = get_value_from_dictionary(properties, JWT_AUDIENCES,
                                              JWT_AUDIENCES_DEFAULT)
        audiences = get_validated_string_input(
            "JWT audiences list (comma-separated), empty for any ({0}): ".
            format(audiences), audiences, REGEX_ANYTHING, "Invalid value",
            False)
    else:
        audiences = options.sso_jwt_audience_list if options.sso_jwt_audience_list else JWT_AUDIENCES_DEFAULT

    properties[JWT_AUDIENCES] = audiences
コード例 #5
0
def populate_sso_public_cert(options, properties):
    if not options.sso_public_cert_file:
        cert = get_value_from_dictionary(properties, SSO_CERTIFICATE)
        get_cert = True if not cert else get_YN_input(
            "The SSO provider's public certificate has already set. Do you want to change it [y/n] (n)? ",
            False)

        if get_cert:
            cert_string = get_multi_line_input("Public Certificate PEM")
            properties[SSO_CERTIFICATE] = ensure_complete_cert(
                cert_string) if cert_string else ""
    else:
        cert_path = options.sso_public_cert_file
        with open(cert_path) as cert_file:
            cert_string = cert_file.read()
        properties[SSO_CERTIFICATE] = ensure_complete_cert(
            cert_string) if cert_string else ""
コード例 #6
0
def setup_sso(options):
    print_info_msg("Setup SSO.")

    server_status, pid = is_server_runing()
    if not server_status:
        err = 'Ambari Server is not running.'
        raise FatalException(1, err)

    if not get_silent():
        validate_options(options)

        ambari_properties = get_ambari_properties()

        admin_login, admin_password = get_ambari_admin_username_password_pair(
            options)
        properties = get_sso_properties(ambari_properties, admin_login,
                                        admin_password)

        if not options.sso_enabled:
            ambari_auth_enabled = get_value_from_dictionary(
                properties, AMBARI_SSO_AUTH_ENABLED)
            manage_services = get_value_from_dictionary(
                properties, SSO_MANAGE_SERVICES)

            if ambari_auth_enabled or manage_services:
                if (ambari_auth_enabled and 'true' == ambari_auth_enabled) or \
                  (manage_services and 'true' == manage_services):
                    sso_status = "enabled"
                else:
                    sso_status = "disabled"
            else:
                sso_status = "not configured"
            sys.stdout.write("\nSSO is currently %s\n" % sso_status)

            if sso_status == "enabled":
                enable_sso = not get_YN_input(
                    "Do you want to disable SSO authentication [y/n] (n)? ",
                    False)
            elif get_YN_input(
                    "Do you want to configure SSO authentication [y/n] (y)? ",
                    True):
                enable_sso = True
            else:
                return False
        else:
            enable_sso = options.sso_enabled == 'true'

        if enable_sso:
            populate_sso_provider_url(options, properties)
            populate_sso_public_cert(options, properties)
            populate_ambari_requires_sso(options, properties)
            populate_service_management(options, properties, ambari_properties,
                                        admin_login, admin_password)
            populate_jwt_cookie_name(options, properties)
            populate_jwt_audiences(options, properties)

            update_sso_conf(ambari_properties, properties, admin_login,
                            admin_password)
        else:
            remove_sso_conf(ambari_properties, admin_login, admin_password)

    else:
        warning = "setup-sso is not enabled in silent mode."
        raise NonFatalException(warning)
    pass
コード例 #7
0
def populate_service_management(options, properties, ambari_properties,
                                admin_login, admin_password):
    if not options.sso_enabled_services:
        if not options.sso_manage_services:
            manage_services = get_boolean_from_dictionary(
                properties, SSO_MANAGE_SERVICES, False)
            manage_services = get_YN_input(
                "Manage SSO configurations for eligible services [y/n] ({0})? "
                .format('y' if manage_services else 'n'), manage_services)
        else:
            manage_services = 'true' == options.sso_manage_services

            if not options.sso_provider_url:
                stored_manage_services = get_boolean_from_dictionary(
                    properties, SSO_MANAGE_SERVICES, False)
                print(
                    "Manage SSO configurations for eligible services [y/n] ({0})? {1}"
                    .format('y' if stored_manage_services else 'n',
                            'y' if manage_services else 'n'))

        if manage_services:
            enabled_services = get_value_from_dictionary(
                properties, SSO_ENABLED_SERVICES, "").upper().split(',')

            all = "*" in enabled_services
            configure_for_all_services = get_YN_input(
                " Use SSO for all services [y/n] ({0})? ".format(
                    'y' if all else 'n'), all)
            if configure_for_all_services:
                services = WILDCARD_FOR_ALL_SERVICES
            else:
                cluster_name = get_cluster_name(ambari_properties, admin_login,
                                                admin_password)

                if cluster_name:
                    eligible_services = get_eligible_services(
                        ambari_properties, admin_login, admin_password,
                        cluster_name)

                    if eligible_services and len(eligible_services) > 0:
                        service_list = []

                        for service in eligible_services:
                            enabled = service.upper() in enabled_services
                            question = "   Use SSO for {0} [y/n] ({1})? ".format(
                                service, 'y' if enabled else 'n')
                            if get_YN_input(question, enabled):
                                service_list.append(service)

                        services = ','.join(service_list)
                    else:
                        print("   There are no eligible services installed.")
                        services = ""
                else:
                    services = ""
        else:
            services = ""
    else:
        if options.sso_manage_services:
            manage_services = 'true' == options.sso_manage_services
        else:
            manage_services = True

        services = options.sso_enabled_services.upper(
        ) if options.sso_enabled_services else ""

    properties[SSO_MANAGE_SERVICES] = 'true' if manage_services else "false"
    properties[SSO_ENABLED_SERVICES] = services
コード例 #8
0
def setup_trusted_proxy(options):
    print_info_msg("Setup Trusted Proxy")

    server_status, pid = is_server_runing()
    if not server_status:
        err = 'Ambari Server is not running.'
        raise FatalException(1, err)

    if not get_silent():
        validate_options(options)

        ambari_properties = get_ambari_properties()

        admin_login, admin_password = get_ambari_admin_username_password_pair(
            options)
        properties = get_trusted_proxy_properties(ambari_properties,
                                                  admin_login, admin_password)

        if not options.tproxy_enabled:
            tproxy_support_enabled = get_value_from_dictionary(
                properties, TPROXY_SUPPORT_ENABLED)

            if tproxy_support_enabled:
                if 'true' == tproxy_support_enabled:
                    tproxy_status = "enabled"
                else:
                    tproxy_status = "disabled"
            else:
                tproxy_status = "not configured"
            print_info_msg("\nTrusted Proxy support is currently %s\n" %
                           tproxy_status)

            if tproxy_status == "enabled":
                enable_tproxy = not get_YN_input(
                    "Do you want to disable Trusted Proxy support [y/n] (n)? ",
                    False)
            elif get_YN_input(
                    "Do you want to configure Trusted Proxy Support [y/n] (y)? ",
                    True):
                enable_tproxy = True
            else:
                return False
        else:
            enable_tproxy = options.tproxy_enabled == 'true'

        if enable_tproxy:
            properties[TPROXY_SUPPORT_ENABLED] = "true"
            if not options.tproxy_configuration_file_path:
                add_new_trusted_proxy = add_new_trusted_proxy_config(
                    properties)
                while add_new_trusted_proxy:
                    add_new_trusted_proxy = add_new_trusted_proxy_config(
                        properties)
            else:
                parse_trusted_configuration_file(
                    options.tproxy_configuration_file_path, properties)

            update_tproxy_conf(ambari_properties, properties, admin_login,
                               admin_password)
        else:
            remove_tproxy_conf(ambari_properties, admin_login, admin_password)

    else:
        warning = "setup-trusted-proxy is not enabled in silent mode."
        raise NonFatalException(warning)
    pass