def write_property(key, value): conf_file = find_properties_file() properties = Properties() try: properties.load(open(conf_file)) except Exception, e: print_error_msg('Could not read ambari config file "%s": %s' % (conf_file, e)) return -1
def write_property(key, value): conf_file = find_properties_file() properties = Properties() try: properties.load(open(conf_file)) except Exception, e: print_error_msg('Could not read tbds config file "%s": %s' % (conf_file, e)) return -1
def write_property(key, value): conf_file = find_properties_file() properties = Properties() try: with open(conf_file, "r") as hfR: properties.load(hfR) except Exception, e: print_error_msg('Could not read ambari config file "%s": %s' % (conf_file, e)) return -1
def get_ambari_properties(): conf_file = find_properties_file() properties = None try: properties = Properties() properties.load(open(conf_file)) except (Exception), e: print 'Could not read "%s": %s' % (conf_file, e) return -1
def test_server_class_path_custom_jdbc_path(self, get_native_libs_path_mock, get_jdbc_driver_path_mock, get_conf_dir_mock): properties = Properties() properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, "/ambari/properties/path/to/custom/jdbc.jar") get_jdbc_driver_path_mock.return_value = "/path/to/jdbc.jar" get_native_libs_path_mock.return_value = None get_conf_dir_mock.return_value = "/etc/ambari-server/conf" expected_classpath = "'/etc/ambari-server/conf:/usr/lib/ambari-server/*:/ambari/properties/path/to/custom/jdbc.jar:/path/to/jdbc.jar'" serverClassPath = ServerClassPath(properties, MagicMock()) actual_classpath = serverClassPath.get_full_ambari_classpath_escaped_for_shell() self.assertEquals(expected_classpath, actual_classpath)
def test_decrypt_missed_masterkey_not_persisted( self, get_original_master_key_mock, is_root_method, get_ambari_properties_method, search_file_message, get_YN_input_method, save_master_key_method, read_passwd_for_alias_method, save_passwd_for_alias_method, read_ambari_user_method, exists_mock, get_is_secure_method, get_is_persisted_method): is_root_method.return_value = True search_file_message.return_value = False read_ambari_user_method.return_value = None p = Properties() FAKE_PWD_STRING = '${alias=fakealias}' p.process_pair(JDBC_PASSWORD_PROPERTY, get_alias_string(JDBC_RCA_PASSWORD_ALIAS)) p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING) p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING) get_ambari_properties_method.return_value = p get_YN_input_method.side_effect = [True, False] get_original_master_key_mock.return_value = None read_passwd_for_alias_method.return_value = "fakepassword" save_passwd_for_alias_method.return_value = 0 exists_mock.return_value = False get_is_secure_method.return_value = True get_is_persisted_method.return_value = (False, "filePath") options = self._create_empty_options_mock() self.assertTrue(setup_sensitive_data_encryption(options) == 1) self.assertFalse(save_master_key_method.called) self.assertTrue(get_YN_input_method.called) pass
def update_ambari_properties(): prev_conf_file = search_file(configDefaults.AMBARI_PROPERTIES_BACKUP_FILE, get_conf_dir()) conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir()) # Previous config file does not exist if (not prev_conf_file) or (prev_conf_file is None): print_warning_msg("Can not find ambari.properties.backup file from previous version, skipping import of settings") return 0 try: old_properties = Properties() old_properties.load(open(prev_conf_file)) except Exception, e: print 'Could not read "%s": %s' % (prev_conf_file, e) return -1
def update_ambari_properties(): prev_conf_file = search_file(configDefaults.AMBARI_PROPERTIES_BACKUP_FILE, get_conf_dir()) conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir()) # Previous config file does not exist if (not prev_conf_file) or (prev_conf_file is None): print_warning_msg("Can not find tbds.properties.backup file from previous version, skipping import of settings") return 0 try: old_properties = Properties() old_properties.load(open(prev_conf_file)) except Exception, e: print 'Could not read "%s": %s' % (prev_conf_file, e) return -1
def test_setup_sensitive_data_encryption_persist( self, sensitive_data_encryption_metod, is_root_method, get_ambari_properties_method, search_file_message, get_YN_input_method, save_master_key_method, update_properties_method, read_ambari_user_method, read_master_key_method, get_is_persisted_method, get_is_secure_method, exists_mock, save_passwd_for_alias_method): is_root_method.return_value = True p = Properties() FAKE_PWD_STRING = "fakepasswd" p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING) get_ambari_properties_method.return_value = p search_file_message.return_value = "propertiesfile" master_key = "aaa" read_master_key_method.return_value = master_key get_YN_input_method.return_value = True read_ambari_user_method.return_value = None get_is_persisted_method.return_value = (True, "filepath") get_is_secure_method.return_value = False exists_mock.return_value = False save_passwd_for_alias_method.return_value = 0 options = self._create_empty_options_mock() setup_sensitive_data_encryption(options) self.assertTrue(get_YN_input_method.called) self.assertTrue(read_master_key_method.called) self.assertTrue(read_ambari_user_method.called) self.assertTrue(update_properties_method.called) self.assertTrue(save_master_key_method.called) sensitive_data_encryption_metod.assert_called_with( options, "encryption") result_expected = { JDBC_PASSWORD_PROPERTY: get_alias_string(JDBC_RCA_PASSWORD_ALIAS), SECURITY_IS_ENCRYPTION_ENABLED: 'true', SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'true' } sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0)) sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(), key=operator.itemgetter(0)) self.assertEquals(sorted_x, sorted_y) pass
def test_disabling_tproxy_support(self, get_json_via_rest_api_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out get_json_via_rest_api_mock.return_value = (200, {}) is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False properties = Properties() get_ambari_properties_mock.return_value = properties options = self._create_empty_options_mock() options.tproxy_enabled = 'false' setup_trusted_proxy(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestMethod = args[4] self.assertTrue(isinstance(requestMethod, str)) self.assertEqual(requestMethod, "DELETE") sys.stdout = sys.__stdout__ pass
def test_server_class_path_default(self, get_conf_dir_mock): properties = Properties() get_conf_dir_mock.return_value = "/etc/ambari-server/conf" expected_classpath = "'/etc/ambari-server/conf:/usr/lib/ambari-server/*'" serverClassPath = ServerClassPath(properties, None) self.assertEquals(expected_classpath, serverClassPath.get_full_ambari_classpath_escaped_for_shell())
def change_objects_owner(args): print 'Fixing database objects owner' properties = Properties() #Dummy, args contains the dbms name and parameters already factory = DBMSConfigFactory() dbms = factory.create(args, properties) dbms.change_db_files_owner()
def test_decrypt_sensitive_data_persister( self, get_is_persisted_method, get_is_secure_method, sensitive_data_encryption_metod, is_root_method, get_ambari_properties_method, search_file_message, get_YN_input_method, update_properties_method, read_passwd_for_alias_method, save_passwd_for_alias_method, read_ambari_user_method, exists_mock): # Testing call under root is_root_method.return_value = True search_file_message.return_value = "filepath" read_ambari_user_method.return_value = None p = Properties() FAKE_PWD_STRING = '${alias=fakealias}' p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING) p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING) p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING) get_ambari_properties_method.return_value = p get_is_persisted_method.return_value = (True, "filepath") get_is_secure_method.return_value = True get_YN_input_method.side_effect = [True, False] read_passwd_for_alias_method.return_value = "fakepassword" save_passwd_for_alias_method.return_value = 0 exists_mock.return_value = False options = self._create_empty_options_mock() setup_sensitive_data_encryption(options) calls = [call(options, "decryption")] sensitive_data_encryption_metod.assert_has_calls(calls) self.assertTrue(get_YN_input_method.called) self.assertTrue(update_properties_method.called) self.assertTrue(read_passwd_for_alias_method.called) self.assertTrue(2, read_passwd_for_alias_method.call_count) self.assertTrue(2, save_passwd_for_alias_method.call_count) result_expected = { JDBC_PASSWORD_PROPERTY: "fakepassword", JDBC_RCA_PASSWORD_FILE_PROPERTY: "fakepassword", SSL_TRUSTSTORE_PASSWORD_PROPERTY: "fakepassword", SECURITY_IS_ENCRYPTION_ENABLED: 'false', SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'false' } sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0)) sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(), key=operator.itemgetter(0)) self.assertEquals(sorted_x, sorted_y) pass
def test_setup_sso_should_not_fail_when_sso_config_cannot_be_loaded_due_to_404_error( self, open_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, get_YN_input_mock, get_cluster_name_mock, urlopen_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out certificate_data = '-----BEGIN CERTIFICATE-----\n' \ 'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \ '................................................................\n' \ 'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \ '-----END CERTIFICATE-----' mock_file = MagicFile(certificate_data) open_mock.side_effect = [mock_file] is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False get_ambari_properties_mock.return_value = Properties() get_cluster_name_mock.return_value = 'cluster1' get_YN_input_mock.__return_value = True urlopen_mock.side_effect = HTTPError(MagicMock(status=404), 404, 'not found', None, None) sso_enabled = 'true' sso_provider_url = 'http://testHost:8080' sso_public_cert_file = '/test/file/path' sso_jwt_cookie_name = 'test_cookie' sso_jwt_audience_list = 'test, audience, list' options = self._create_empty_options_mock() options.sso_enabled = sso_enabled options.sso_enabled_ambari = sso_enabled options.sso_manage_services = 'true' options.sso_provider_url = sso_provider_url options.sso_public_cert_file = sso_public_cert_file options.sso_jwt_cookie_name = sso_jwt_cookie_name options.sso_jwt_audience_list = sso_jwt_audience_list setup_sso(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) ssoProperties = requestData['Configuration']['properties'] self.assertEqual(ssoProperties[AMBARI_SSO_AUTH_ENABLED], sso_enabled) self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url) self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data) self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name) self.assertEqual(ssoProperties[JWT_AUDIENCES], sso_jwt_audience_list) self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "true") self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES], "*")
def test_all_cli_options_are_collected_when_enabling_sso( self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out certificate_data = '-----BEGIN CERTIFICATE-----\n' \ 'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \ '................................................................\n' \ 'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \ '-----END CERTIFICATE-----' mock_file = MagicFile(certificate_data) open_mock.side_effect = [mock_file] get_json_via_rest_api_mock.return_value = (200, {}) is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False properties = Properties() get_ambari_properties_mock.return_value = properties sso_enabled = 'true' sso_enabled_services = 'Ambari, SERVICE1, SERVICE2' sso_provider_url = 'https://c7402.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso' sso_public_cert_file = '/test/file/path' sso_jwt_cookie_name = 'test_cookie' sso_jwt_audience_list = 'test, audience, list' options = self._create_empty_options_mock() options.sso_enabled = sso_enabled options.sso_enabled_ambari = 'true' options.sso_manage_services = 'true' options.sso_provider_url = sso_provider_url options.sso_public_cert_file = sso_public_cert_file options.sso_jwt_cookie_name = sso_jwt_cookie_name options.sso_jwt_audience_list = sso_jwt_audience_list options.sso_enabled_services = sso_enabled_services setup_sso(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) ssoProperties = requestData['Configuration']['properties'] self.assertEqual(ssoProperties[AMBARI_SSO_AUTH_ENABLED], sso_enabled) self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url) self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data) self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name) self.assertEqual(ssoProperties[JWT_AUDIENCES], sso_jwt_audience_list) sys.stdout = sys.__stdout__ pass
def update_ambari_properties(): prev_conf_file = search_file(configDefaults.AMBARI_PROPERTIES_BACKUP_FILE, get_conf_dir()) conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir()) # Previous config file does not exist if (not prev_conf_file) or (prev_conf_file is None): print_warning_msg("Can not find %s file from previous version, skipping import of settings" % configDefaults.AMBARI_PROPERTIES_BACKUP_FILE) return 0 # ambari.properties file does not exists if conf_file is None: print_error_msg("Can't find %s file" % AMBARI_PROPERTIES_FILE) return -1 with open(prev_conf_file) as hfOld: try: old_properties = Properties() old_properties.load(hfOld) except Exception, e: print 'Could not read "%s": %s' % (prev_conf_file, e) return -1
def test_server_class_path_custom_env_classpath(self, get_native_libs_path_mock, get_jdbc_driver_path_mock, get_conf_dir_mock): properties = Properties() get_jdbc_driver_path_mock.return_value = "/path/to/jdbc.jar" get_native_libs_path_mock.return_value = None get_conf_dir_mock.return_value = "/etc/ambari-server/conf" os.environ[SERVER_CLASSPATH_KEY] = "/custom/server/env/classpath" expected_classpath = "'/etc/ambari-server/conf:/custom/server/env/classpath:/usr/lib/ambari-server/*:/path/to/jdbc.jar'" serverClassPath = ServerClassPath(properties, MagicMock()) actual_classpath = serverClassPath.get_full_ambari_classpath_escaped_for_shell() del os.environ[SERVER_CLASSPATH_KEY] self.assertEquals(expected_classpath, actual_classpath)
def test_server_class_path_custom_jar(self, get_native_libs_path_mock, get_jdbc_driver_path_mock, get_conf_dir_mock): properties = Properties() get_jdbc_driver_path_mock.return_value = "/path/to/jdbc.jar" get_native_libs_path_mock.return_value = None get_conf_dir_mock.return_value = "/etc/ambari-server/conf" os.environ[AMBARI_SERVER_LIB] = "/custom/ambari/jar/location" expected_classpath ="'/etc/ambari-server/conf:/custom/ambari/jar/location/*:/path/to/jdbc.jar'" serverClassPath = ServerClassPath(properties, MagicMock()) actual_classpath = serverClassPath.get_full_ambari_classpath_escaped_for_shell() del os.environ[AMBARI_SERVER_LIB] self.assertEquals(expected_classpath, actual_classpath)
def test_sso_is_enabled_for_all_services_via_user_input( self, is_root_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, update_properties_mock, get_YN_input_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out is_root_mock.return_value = True is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False get_ambari_properties_mock.return_value = Properties() def yn_input_side_effect(*args, **kwargs): if 'all services' in args[0]: return True else: raise Exception( "ShouldNotBeInvoked" ) # only the 'Use SSO for all services' question should be asked for now get_YN_input_mock.side_effect = yn_input_side_effect options = self._create_empty_options_mock() options.sso_enabled = 'true' options.sso_provider_url = 'http://testHost:8080' options.sso_public_cert_file = '/test/file/path' options.sso_jwt_cookie_name = 'test_cookie' options.sso_jwt_audience_list = 'test, audience, list' setup_sso(options) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) ssoProperties = requestData['Configuration']['properties'] properties_updated_in_ambari_db = sorted(ssoProperties.iteritems(), key=operator.itemgetter(0)) properties_should_be_updated_in_ambari_db = sorted( { "ambari.sso.enabled_services": "*", "ambari.sso.manage_services": "true" }.iteritems(), key=operator.itemgetter(0)) self.assertEqual(properties_should_be_updated_in_ambari_db, properties_updated_in_ambari_db) sys.stdout = sys.__stdout__ pass
def test_sensitive_data_encryption(self, run_os_command_mock, get_ambari_properties_method, find_jdk_mock): find_jdk_mock.return_value = "/" environ = os.environ.copy() run_os_command_mock.return_value = 0, "", "" properties = Properties() get_ambari_properties_method.return_value = properties options = self._create_empty_options_mock() sensitive_data_encryption(options, "encription") run_os_command_mock.assert_called_with( 'None -cp test:path12 org.apache.ambari.server.security.encryption.SensitiveDataEncryption encription > /var/log/ambari-server/ambari-server.out 2>&1', environ) pass
def test_only_sso_enabled_cli_option_is_collected_when_disabling_sso( self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out certificate_data = '-----BEGIN CERTIFICATE-----\n' \ 'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \ '................................................................\n' \ 'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \ '-----END CERTIFICATE-----' mock_file = MagicFile(certificate_data) open_mock.side_effect = [mock_file] get_json_via_rest_api_mock.return_value = (200, {}) is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False properties = Properties() get_ambari_properties_mock.return_value = properties sso_enabled = 'false' sso_provider_url = 'http://testHost:8080' sso_public_cert_file = '/test/file/path' sso_jwt_cookie_name = 'test_cookie' sso_jwt_audience_list = 'test, audience, list' options = self._create_empty_options_mock() options.sso_enabled = sso_enabled options.sso_provider_url = sso_provider_url options.sso_public_cert_file = sso_public_cert_file options.sso_jwt_cookie_name = sso_jwt_cookie_name options.sso_jwt_audience_list = sso_jwt_audience_list setup_sso(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) ssoProperties = requestData['Configuration']['properties'] self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "false") self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], "false") sys.stdout = sys.__stdout__ pass
def test_sensitive_data_decryption_not_persisted( self, run_os_command_mock, get_ambari_properties_method, find_jdk_mock): find_jdk_mock.return_value = "/" environ = os.environ.copy() master = "master" environ[SECURITY_KEY_ENV_VAR_NAME] = master run_os_command_mock.return_value = 0, "", "" properties = Properties() get_ambari_properties_method.return_value = properties options = self._create_empty_options_mock() sensitive_data_encryption(options, "decryption", master) run_os_command_mock.assert_called_with( 'None -cp test:path12 org.apache.ambari.server.security.encryption.SensitiveDataEncryption decryption > /var/log/ambari-server/ambari-server.out 2>&1', environ) pass
def test_all_cli_options_are_collected_when_enabling_sso( self, is_root_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, update_properties_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out is_root_mock.return_value = True is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False properties = Properties() get_ambari_properties_mock.return_value = properties sso_enabled = 'true' sso_enabled_services = 'Ambari, SERVICE1, SERVICE2' sso_provider_url = 'https://c7402.ambari.apache.org:8443/gateway/knoxsso/api/v1/websso' sso_public_cert_file = '/test/file/path' sso_jwt_cookie_name = 'test_cookie' sso_jwt_audience_list = 'test, audience, list' options = self._create_empty_options_mock() options.sso_enabled = sso_enabled options.sso_provider_url = sso_provider_url options.sso_public_cert_file = sso_public_cert_file options.sso_jwt_cookie_name = sso_jwt_cookie_name options.sso_jwt_audience_list = sso_jwt_audience_list options.sso_enabled_services = sso_enabled_services setup_sso(options) self.assertTrue(update_properties_mock.called) self.assertEqual(properties.get_property(JWT_AUTH_ENBABLED), sso_enabled) self.assertEqual(properties.get_property(JWT_AUTH_PROVIDER_URL), sso_provider_url) self.assertEqual(properties.get_property(JWT_PUBLIC_KEY), sso_public_cert_file) self.assertEqual(properties.get_property(JWT_COOKIE_NAME), sso_jwt_cookie_name) self.assertEqual(properties.get_property(JWT_AUDIENCES), sso_jwt_audience_list) self.assertTrue(perform_changes_via_rest_api_mock.called) sys.stdout = sys.__stdout__ pass
def test_only_sso_enabled_cli_option_is_collected_when_disabling_sso( self, is_root_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, update_properties_mock, urlopen_mock): out = StringIO.StringIO() sys.stdout = out is_root_mock.return_value = True is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False properties = Properties() get_ambari_properties_mock.return_value = properties sso_enabled = 'false' sso_provider_url = 'http://testHost:8080' sso_public_cert_file = '/test/file/path' sso_jwt_cookie_name = 'test_cookie' sso_jwt_audience_list = 'test, audience, list' options = self._create_empty_options_mock() options.sso_enabled = sso_enabled options.sso_provider_url = sso_provider_url options.sso_public_cert_file = sso_public_cert_file options.sso_jwt_cookie_name = sso_jwt_cookie_name options.sso_jwt_audience_list = sso_jwt_audience_list response = MagicMock() response.getcode.return_value = 200 urlopen_mock.return_value = response setup_sso(options) self.assertTrue(update_properties_mock.called) self.assertEqual(properties.get_property(JWT_AUTH_ENBABLED), sso_enabled) self.assertTrue( JWT_AUTH_PROVIDER_URL not in properties.propertyNames()) self.assertTrue(JWT_PUBLIC_KEY not in properties.propertyNames()) self.assertTrue(JWT_COOKIE_NAME not in properties.propertyNames()) self.assertTrue(JWT_AUDIENCES not in properties.propertyNames()) sys.stdout = sys.__stdout__ pass
def test_all_cli_options_are_collected_when_enabling_sso( self, is_root_mock, get_silent_mock, get_ambari_properties_mock, update_properties_mock): out = StringIO.StringIO() sys.stdout = out is_root_mock.return_value = True get_silent_mock.return_value = False properties = Properties() get_ambari_properties_mock.return_value = properties sso_enabled = 'true' sso_provider_url = 'http://testHost:8080' sso_public_cert_file = '/test/file/path' sso_jwt_cookie_name = 'test_cookie' sso_jwt_audience_list = 'test, audience, list' options = self._create_empty_options_mock() options.sso_enabled = sso_enabled options.sso_provider_url = sso_provider_url options.sso_public_cert_file = sso_public_cert_file options.sso_jwt_cookie_name = sso_jwt_cookie_name options.sso_jwt_audience_list = sso_jwt_audience_list setup_sso(options) self.assertTrue(update_properties_mock.called) self.assertEqual(properties.get_property(JWT_AUTH_ENBABLED), sso_enabled) self.assertEqual(properties.get_property(JWT_AUTH_PROVIDER_URL), sso_provider_url) self.assertEqual(properties.get_property(JWT_PUBLIC_KEY), sso_public_cert_file) self.assertEqual(properties.get_property(JWT_COOKIE_NAME), sso_jwt_cookie_name) self.assertEqual(properties.get_property(JWT_AUDIENCES), sso_jwt_audience_list) sys.stdout = sys.__stdout__ pass
def test_setup_sso_should_not_fail_when_sso_config_cannot_be_loaded_due_to_404_error(self, is_root_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, update_properties_mock, get_YN_input_mock, get_cluster_name_mock, perform_changes_via_rest_api_mock, urlopen_mock): out = StringIO.StringIO() sys.stdout = out is_root_mock.return_value = True is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False get_ambari_properties_mock.return_value = Properties() get_cluster_name_mock.return_value = 'cluster1' get_YN_input_mock.__return_value = True urlopen_mock.side_effect = HTTPError(MagicMock(status=404), 404, 'not found', None, None) options = self._create_empty_options_mock() options.sso_provider_url = 'http://testHost:8080' options.sso_public_cert_file = '/test/file/path' options.sso_jwt_cookie_name = 'test_cookie' options.sso_jwt_audience_list = 'test, audience, list' setup_sso(options) self.assertTrue(update_properties_mock.called) pass
def test_enable_tproxy_support_using_configuration_file_path_from_command_line( self, open_mock, isfile_mock, get_json_via_rest_api_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out get_json_via_rest_api_mock.return_value = (200, {}) is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False properties = Properties() get_ambari_properties_mock.return_value = properties isfile_mock.return_value = True tproxy_configurations = "["\ " {"\ " \"proxyuser\" : \"knox\"," \ " \"hosts\" : \"host1\"," \ " \"users\" : \"user1\"," \ " \"groups\" : \"group1\"" \ " }," \ " {"\ " \"proxyuser\": \"admin\"," \ " \"hosts\" : \"host2\"," \ " \"users\" : \"user2\"," \ " \"groups\" : \"group2\"" \ " }" \ "]" mock_file = MagicFile(tproxy_configurations) open_mock.side_effect = [mock_file] options = self._create_empty_options_mock() options.tproxy_enabled = 'true' options.tproxy_configuration_file_path = 'samplePath' setup_trusted_proxy(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) tproxyProperties = requestData['Configuration']['properties'] self.assertEqual(tproxyProperties[TPROXY_SUPPORT_ENABLED], 'true') user_name1 = "knox" self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name1)], "host1") self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name1)], "user1") self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name1)], "group1") user_name2 = "admin" self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name2)], "host2") self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name2)], "user2") self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name2)], "group2") sys.stdout = sys.__stdout__ pass
conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir()) # Previous config file does not exist if (not prev_conf_file) or (prev_conf_file is None): print_warning_msg("Can not find tbds.properties.backup file from previous version, skipping import of settings") return 0 try: old_properties = Properties() old_properties.load(open(prev_conf_file)) except Exception, e: print 'Could not read "%s": %s' % (prev_conf_file, e) return -1 try: new_properties = Properties() new_properties.load(open(conf_file)) for prop_key, prop_value in old_properties.getPropertyDict().items(): if ("agent.fqdn.service.url" == prop_key): #BUG-7179 what is agent.fqdn property in tbds.props? new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value) elif ("server.os_type" == prop_key): new_properties.process_pair(OS_TYPE_PROPERTY, OS_FAMILY + OS_VERSION) else: new_properties.process_pair(prop_key, prop_value) # Adding custom user name property if it is absent # In previous versions without custom user support server was started as # "root" anyway so it's a reasonable default if not NR_USER_PROPERTY in new_properties.keys():
def update_properties(propertyMap): conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir()) backup_file_in_temp(conf_file) if propertyMap is not None and conf_file is not None: properties = Properties() try: with open(conf_file, 'r') as file: properties.load(file) except (Exception), e: print_error_msg('Could not read "%s": %s' % (conf_file, e)) return -1 for key in propertyMap.keys(): properties.removeOldProp(key) properties.process_pair(key, str(propertyMap[key])) for key in properties.keys(): if not propertyMap.has_key(key): properties.removeOldProp(key) with open(conf_file, 'w') as file: properties.store_ordered(file)
# ambari.properties file does not exists if conf_file is None: print_error_msg("Can't find %s file" % AMBARI_PROPERTIES_FILE) return -1 with open(prev_conf_file) as hfOld: try: old_properties = Properties() old_properties.load(hfOld) except Exception, e: print 'Could not read "%s": %s' % (prev_conf_file, e) return -1 try: new_properties = Properties() with open(conf_file) as hfNew: new_properties.load(hfNew) for prop_key, prop_value in old_properties.getPropertyDict().items(): if "agent.fqdn.service.url" == prop_key: # BUG-7179 what is agent.fqdn property in ambari.props? new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value) elif "server.os_type" == prop_key: new_properties.process_pair(OS_TYPE_PROPERTY, OS_FAMILY + OS_VERSION) else: new_properties.process_pair(prop_key, prop_value) # Adding custom user name property if it is absent # In previous versions without custom user support server was started as # "root" anyway so it's a reasonable default
def test_sso_enabled_services_are_collected_via_user_input( self, is_root_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, update_properties_mock, get_YN_input_mock, get_cluster_name_mock, perform_changes_via_rest_api_mock, urlopen_mock): out = StringIO.StringIO() sys.stdout = out is_root_mock.return_value = True is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False get_ambari_properties_mock.return_value = Properties() get_cluster_name_mock.return_value = 'cluster1' def yn_input_side_effect(*args, **kwargs): if 'all services' in args[0]: return False else: return True get_YN_input_mock.side_effect = yn_input_side_effect eligible_services = \ """ { "href": "http://c7401:8080/api/v1/clusters/cluster1/services?ServiceInfo/sso_integration_supported=true", "items": [ { "href": "http://c7401:8080/api/v1/clusters/cluster1/services/HDFS", "ServiceInfo": { "cluster_name": "cluster1", "service_name": "HDFS" } }, { "href": "http://c7401:8080/api/v1/clusters/cluster1/services/ZOOKEPER", "ServiceInfo": { "cluster_name": "cluster1", "service_name": "ZOOKEPER" } } ] } """ response = MagicMock() response.getcode.return_value = 200 response.read.return_value = eligible_services urlopen_mock.return_value = response options = self._create_empty_options_mock() options.sso_enabled = 'true' options.sso_provider_url = 'http://testHost:8080' options.sso_public_cert_file = '/test/file/path' options.sso_jwt_cookie_name = 'test_cookie' options.sso_jwt_audience_list = 'test, audience, list' setup_sso(options) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) ssoProperties = requestData['Configuration']['properties'] properties_updated_in_ambari_db = sorted(ssoProperties.iteritems(), key=operator.itemgetter(0)) properties_should_be_updated_in_ambari_db = sorted( { "ambari.sso.enabled_services": "Ambari, HDFS, ZOOKEPER", "ambari.sso.manage_services": "true" }.iteritems(), key=operator.itemgetter(0)) self.assertEqual(properties_should_be_updated_in_ambari_db, properties_updated_in_ambari_db) sys.stdout = sys.__stdout__ pass
def test_sso_is_enabled_for_all_services_via_user_input( self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, get_YN_input_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out certificate_data = '-----BEGIN CERTIFICATE-----\n' \ 'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \ '................................................................\n' \ 'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \ '-----END CERTIFICATE-----' mock_file = MagicFile(certificate_data) open_mock.side_effect = [mock_file] get_json_via_rest_api_mock.return_value = (200, {}) is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False get_ambari_properties_mock.return_value = Properties() def yn_input_side_effect(*args, **kwargs): if 'all services' in args[0]: return True else: raise Exception( "ShouldNotBeInvoked" ) # only the 'Use SSO for all services' question should be asked for now get_YN_input_mock.side_effect = yn_input_side_effect sso_enabled = 'true' sso_provider_url = 'http://testHost:8080' sso_public_cert_file = '/test/file/path' sso_jwt_cookie_name = 'test_cookie' sso_jwt_audience_list = 'test, audience, list' options = self._create_empty_options_mock() options.sso_enabled = sso_enabled options.sso_provider_url = sso_provider_url options.sso_public_cert_file = sso_public_cert_file options.sso_jwt_cookie_name = sso_jwt_cookie_name options.sso_jwt_audience_list = sso_jwt_audience_list setup_sso(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) ssoProperties = requestData['Configuration']['properties'] self.assertEqual(ssoProperties[AMBARI_JWT_AUTH_ENBABLED], sso_enabled) self.assertEqual(ssoProperties[SSO_PROVIDER_URL], sso_provider_url) self.assertEqual(ssoProperties[SSO_CERTIFICATE], certificate_data) self.assertEqual(ssoProperties[JWT_COOKIE_NAME], sso_jwt_cookie_name) self.assertEqual(ssoProperties[JWT_AUDIENCES], sso_jwt_audience_list) self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "true") self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES], "*") sys.stdout = sys.__stdout__ pass
# Previous config file does not exist if (not prev_conf_file) or (prev_conf_file is None): print_warning_msg( "Can not find ambari.properties.backup file from previous version, skipping import of settings" ) return 0 try: old_properties = Properties() old_properties.load(open(prev_conf_file)) except Exception, e: print 'Could not read "%s": %s' % (prev_conf_file, e) return -1 try: new_properties = Properties() new_properties.load(open(conf_file)) for prop_key, prop_value in old_properties.getPropertyDict().items(): if ("agent.fqdn.service.url" == prop_key): #BUG-7179 what is agent.fqdn property in ambari.props? new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value) elif ("server.os_type" == prop_key): new_properties.process_pair(OS_TYPE_PROPERTY, OS_FAMILY + OS_VERSION) else: new_properties.process_pair(prop_key, prop_value) # Adding custom user name property if it is absent # In previous versions without custom user support server was started as # "root" anyway so it's a reasonable default
def test_tproxy_is_enabled_for_two_proxy_users( self, get_json_via_rest_api_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, get_validated_string_input_mock, get_YN_input_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out get_json_via_rest_api_mock.return_value = (200, {}) is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False get_ambari_properties_mock.return_value = Properties() user_name1 = 'knox' hosts1 = 'knox_hosts' users1 = 'knox_users' groups1 = 'knox_groups' user_name2 = 'admin' hosts2 = 'admin_hosts' users2 = 'admin_users' groups2 = 'admin_groups' get_validated_string_input_mock.side_effect = [ user_name1, hosts1, users1, groups1, user_name2, hosts2, users2, groups2 ] get_YN_input_mock.side_effect = [ True, False ] #answer 'True' for the first time when asking for a new proxy user addition and then 'False' (indicating we do not want to add more proxy users) options = self._create_empty_options_mock() options.tproxy_enabled = 'true' setup_trusted_proxy(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) tproxyProperties = requestData['Configuration']['properties'] self.assertEqual(tproxyProperties[TPROXY_SUPPORT_ENABLED], 'true') self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name1)], hosts1) self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name1)], users1) self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name1)], groups1) self.assertEqual(tproxyProperties[PROXYUSER_HOSTS.format(user_name2)], hosts2) self.assertEqual(tproxyProperties[PROXYUSER_USERS.format(user_name2)], users2) self.assertEqual(tproxyProperties[PROXYUSER_GROUPS.format(user_name2)], groups2) sys.stdout = sys.__stdout__ pass
def test_sso_enabled_services_are_collected_via_user_input( self, open_mock, get_json_via_rest_api_mock, is_server_runing_mock, get_silent_mock, get_ambari_properties_mock, get_YN_input_mock, get_cluster_name_mock, perform_changes_via_rest_api_mock): out = StringIO.StringIO() sys.stdout = out certificate_data = '-----BEGIN CERTIFICATE-----\n' \ 'MIIE3DCCA8SgAwIBAgIJAKfbOMmFyOlNMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD\n' \ '................................................................\n' \ 'dXRpbmcxFzAVBgNVBAMTDmNsb3VkYnJlYWstcmdsMSUwIwYJKoZIhvcNAQkBFhZy\n' \ '-----END CERTIFICATE-----' mock_file = MagicFile(certificate_data) open_mock.side_effect = [mock_file] eligible_services = \ """ { "href": "http://c7401:8080/api/v1/clusters/cluster1/services?ServiceInfo/sso_integration_supported=true", "items": [ { "href": "http://c7401:8080/api/v1/clusters/cluster1/services/HDFS", "ServiceInfo": { "cluster_name": "cluster1", "service_name": "HDFS" } }, { "href": "http://c7401:8080/api/v1/clusters/cluster1/services/ZOOKEPER", "ServiceInfo": { "cluster_name": "cluster1", "service_name": "ZOOKEPER" } } ] } """ eligible_services_json = { "href": "http://c7401:8080/api/v1/clusters/cluster1/services?ServiceInfo/sso_integration_supported=true", "items": [{ "href": "http://c7401:8080/api/v1/clusters/cluster1/services/HDFS", "ServiceInfo": { "cluster_name": "cluster1", "service_name": "HDFS" } }, { "href": "http://c7401:8080/api/v1/clusters/cluster1/services/ZOOKEPER", "ServiceInfo": { "cluster_name": "cluster1", "service_name": "ZOOKEPER" } }] } get_json_via_rest_api_mock.return_value = (200, {}) get_json_via_rest_api_mock.return_value = (200, eligible_services_json) is_server_runing_mock.return_value = (True, 0) get_silent_mock.return_value = False get_ambari_properties_mock.return_value = Properties() get_cluster_name_mock.return_value = 'cluster1' def yn_input_side_effect(*args, **kwargs): if 'all services' in args[0]: return False else: return True get_YN_input_mock.side_effect = yn_input_side_effect response = MagicMock() response.getcode.return_value = 200 response.read.return_value = eligible_services options = self._create_empty_options_mock() options.sso_enabled = 'true' options.sso_provider_url = 'http://testHost:8080' options.sso_public_cert_file = '/test/file/path' options.sso_jwt_cookie_name = 'test_cookie' options.sso_jwt_audience_list = 'test, audience, list' setup_sso(options) self.assertTrue(perform_changes_via_rest_api_mock.called) requestCall = perform_changes_via_rest_api_mock.call_args_list[0] args, kwargs = requestCall requestData = args[5] self.assertTrue(isinstance(requestData, dict)) ssoProperties = requestData['Configuration']['properties'] self.assertEqual(ssoProperties[SSO_MANAGE_SERVICES], "true") self.assertEqual(ssoProperties[SSO_ENABLED_SERVICES], "AMBARI,HDFS,ZOOKEPER") sys.stdout = sys.__stdout__ pass