def test_server_class_path_custom_jdbc_path(self, get_native_libs_path_mock, get_jdbc_driver_path_mock,
get_conf_dir_mock):
properties = Properties()
properties.process_pair(JDBC_DRIVER_PATH_PROPERTY, "/ambari/properties/path/to/custom/jdbc.jar")
get_jdbc_driver_path_mock.return_value = "/path/to/jdbc.jar"
get_native_libs_path_mock.return_value = None
get_conf_dir_mock.return_value = "/etc/ambari-server/conf"
expected_classpath = "'/etc/ambari-server/conf:/usr/lib/ambari-server/*:/ambari/properties/path/to/custom/jdbc.jar:/path/to/jdbc.jar'"
serverClassPath = ServerClassPath(properties, MagicMock())
actual_classpath = serverClassPath.get_full_ambari_classpath_escaped_for_shell()
self.assertEquals(expected_classpath, actual_classpath)
def test_setup_sensitive_data_encryption_persist(
self, sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
update_properties_method, read_ambari_user_method,
read_master_key_method, get_is_persisted_method,
get_is_secure_method, exists_mock, save_passwd_for_alias_method):
is_root_method.return_value = True
p = Properties()
FAKE_PWD_STRING = "fakepasswd"
p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
search_file_message.return_value = "propertiesfile"
master_key = "aaa"
read_master_key_method.return_value = master_key
get_YN_input_method.return_value = True
read_ambari_user_method.return_value = None
get_is_persisted_method.return_value = (True, "filepath")
get_is_secure_method.return_value = False
exists_mock.return_value = False
save_passwd_for_alias_method.return_value = 0
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(read_master_key_method.called)
self.assertTrue(read_ambari_user_method.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(save_master_key_method.called)
sensitive_data_encryption_metod.assert_called_with(
options, "encryption")
result_expected = {
JDBC_PASSWORD_PROPERTY: get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
SECURITY_IS_ENCRYPTION_ENABLED: 'true',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'true'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
def test_decrypt_missed_masterkey_not_persisted(
self, get_original_master_key_mock, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
read_passwd_for_alias_method, save_passwd_for_alias_method,
read_ambari_user_method, exists_mock, get_is_secure_method,
get_is_persisted_method):
is_root_method.return_value = True
search_file_message.return_value = False
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY,
get_alias_string(JDBC_RCA_PASSWORD_ALIAS))
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
get_YN_input_method.side_effect = [True, False]
get_original_master_key_mock.return_value = None
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (False, "filePath")
options = self._create_empty_options_mock()
self.assertTrue(setup_sensitive_data_encryption(options) == 1)
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
pass
def update_properties(propertyMap):
conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir())
backup_file_in_temp(conf_file)
if propertyMap is not None and conf_file is not None:
properties = Properties()
try:
with open(conf_file, 'r') as file:
properties.load(file)
except (Exception), e:
print_error_msg('Could not read "%s": %s' % (conf_file, e))
return -1
for key in propertyMap.keys():
properties.removeOldProp(key)
properties.process_pair(key, str(propertyMap[key]))
for key in properties.keys():
if not propertyMap.has_key(key):
properties.removeOldProp(key)
with open(conf_file, 'w') as file:
properties.store_ordered(file)
def update_properties(propertyMap):
conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir())
backup_file_in_temp(conf_file)
if propertyMap is not None and conf_file is not None:
properties = Properties()
try:
with open(conf_file, 'r') as file:
properties.load(file)
except (Exception), e:
print_error_msg('Could not read "%s": %s' % (conf_file, e))
return -1
for key in propertyMap.keys():
properties.removeOldProp(key)
properties.process_pair(key, str(propertyMap[key]))
for key in properties.keys():
if not propertyMap.has_key(key):
properties.removeOldProp(key)
with open(conf_file, 'w') as file:
properties.store_ordered(file)
def test_decrypt_sensitive_data_persister(
self, get_is_persisted_method, get_is_secure_method,
sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, update_properties_method,
read_passwd_for_alias_method, save_passwd_for_alias_method,
read_ambari_user_method, exists_mock):
# Testing call under root
is_root_method.return_value = True
search_file_message.return_value = "filepath"
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
get_is_persisted_method.return_value = (True, "filepath")
get_is_secure_method.return_value = True
get_YN_input_method.side_effect = [True, False]
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
calls = [call(options, "decryption")]
sensitive_data_encryption_metod.assert_has_calls(calls)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(read_passwd_for_alias_method.called)
self.assertTrue(2, read_passwd_for_alias_method.call_count)
self.assertTrue(2, save_passwd_for_alias_method.call_count)
result_expected = {
JDBC_PASSWORD_PROPERTY: "fakepassword",
JDBC_RCA_PASSWORD_FILE_PROPERTY: "fakepassword",
SSL_TRUSTSTORE_PASSWORD_PROPERTY: "fakepassword",
SECURITY_IS_ENCRYPTION_ENABLED: 'false',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'false'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
try:
old_properties = Properties()
old_properties.load(hfOld)
except Exception, e:
print 'Could not read "%s": %s' % (prev_conf_file, e)
return -1
try:
new_properties = Properties()
with open(conf_file) as hfNew:
new_properties.load(hfNew)
for prop_key, prop_value in old_properties.getPropertyDict().items():
if "agent.fqdn.service.url" == prop_key:
# BUG-7179 what is agent.fqdn property in ambari.props?
new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value)
elif "server.os_type" == prop_key:
new_properties.process_pair(OS_TYPE_PROPERTY, OS_FAMILY + OS_VERSION)
else:
new_properties.process_pair(prop_key, prop_value)
# Adding custom user name property if it is absent
# In previous versions without custom user support server was started as
# "root" anyway so it's a reasonable default
if NR_USER_PROPERTY not in new_properties.keys():
new_properties.process_pair(NR_USER_PROPERTY, "root")
if OS_FAMILY_PROPERTY not in new_properties.keys():
new_properties.process_pair(OS_FAMILY_PROPERTY, OS_FAMILY + OS_VERSION)
with open(conf_file, 'w') as hfW:
try:
old_properties = Properties()
old_properties.load(open(prev_conf_file))
except Exception, e:
print 'Could not read "%s": %s' % (prev_conf_file, e)
return -1
try:
new_properties = Properties()
new_properties.load(open(conf_file))
for prop_key, prop_value in old_properties.getPropertyDict().items():
if ("agent.fqdn.service.url" == prop_key):
#BUG-7179 what is agent.fqdn property in ambari.props?
new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value)
elif ("server.os_type" == prop_key):
new_properties.process_pair(OS_TYPE_PROPERTY,
OS_FAMILY + OS_VERSION)
else:
new_properties.process_pair(prop_key, prop_value)
# Adding custom user name property if it is absent
# In previous versions without custom user support server was started as
# "root" anyway so it's a reasonable default
if not NR_USER_PROPERTY in new_properties.keys():
new_properties.process_pair(NR_USER_PROPERTY, "root")
isJDK16Installed = new_properties.get_property(
JAVA_HOME_PROPERTY) == DEFAULT_JDK16_LOCATION
if not JDK_NAME_PROPERTY in new_properties.keys() and isJDK16Installed:
try:
old_properties = Properties()
old_properties.load(hfOld)
except Exception, e:
print 'Could not read "%s": %s' % (prev_conf_file, e)
return -1
try:
new_properties = Properties()
with open(conf_file) as hfNew:
new_properties.load(hfNew)
for prop_key, prop_value in old_properties.getPropertyDict().items():
if "agent.fqdn.service.url" == prop_key:
# BUG-7179 what is agent.fqdn property in ambari.props?
new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value)
elif "server.os_type" == prop_key:
new_properties.process_pair(OS_TYPE_PROPERTY, OS_FAMILY + OS_VERSION)
else:
new_properties.process_pair(prop_key, prop_value)
# Adding custom user name property if it is absent
# In previous versions without custom user support server was started as
# "root" anyway so it's a reasonable default
if NR_USER_PROPERTY not in new_properties.keys():
new_properties.process_pair(NR_USER_PROPERTY, "root")
if OS_FAMILY_PROPERTY not in new_properties.keys():
new_properties.process_pair(OS_FAMILY_PROPERTY, OS_FAMILY + OS_VERSION)
with open(conf_file, 'w') as hfW:
try:
old_properties = Properties()
old_properties.load(open(prev_conf_file))
except Exception, e:
print 'Could not read "%s": %s' % (prev_conf_file, e)
return -1
try:
new_properties = Properties()
new_properties.load(open(conf_file))
for prop_key, prop_value in old_properties.getPropertyDict().items():
if ("agent.fqdn.service.url" == prop_key):
#BUG-7179 what is agent.fqdn property in tbds.props?
new_properties.process_pair(GET_FQDN_SERVICE_URL, prop_value)
elif ("server.os_type" == prop_key):
new_properties.process_pair(OS_TYPE_PROPERTY, OS_FAMILY + OS_VERSION)
else:
new_properties.process_pair(prop_key, prop_value)
# Adding custom user name property if it is absent
# In previous versions without custom user support server was started as
# "root" anyway so it's a reasonable default
if not NR_USER_PROPERTY in new_properties.keys():
new_properties.process_pair(NR_USER_PROPERTY, "root")
isJDK16Installed = new_properties.get_property(JAVA_HOME_PROPERTY) == DEFAULT_JDK16_LOCATION
if not JDK_NAME_PROPERTY in new_properties.keys() and isJDK16Installed:
new_properties.process_pair(JDK_NAME_PROPERTY, JDK_NAMES[1])
def test_encrypt_part_not_persisted(
self, get_original_master_key_mock,
sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
update_properties_method, read_passwd_for_alias_method,
save_passwd_for_alias_method, read_ambari_user_method, exists_mock,
get_is_secure_method, get_is_persisted_method):
is_root_method.return_value = True
search_file_message.return_value = False
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY,
get_alias_string(JDBC_RCA_PASSWORD_ALIAS))
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
master_key = "aaa"
get_YN_input_method.side_effect = [False, False, False]
get_original_master_key_mock.return_value = master_key
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (False, "filePath")
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
calls = [call(options, "encryption", master_key)]
sensitive_data_encryption_metod.assert_has_calls(calls)
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(get_original_master_key_mock.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(read_passwd_for_alias_method.called)
self.assertTrue(2, read_passwd_for_alias_method.call_count)
self.assertTrue(2, save_passwd_for_alias_method.call_count)
self.assertFalse(save_master_key_method.called)
result_expected = {
JDBC_PASSWORD_PROPERTY:
get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
JDBC_RCA_PASSWORD_FILE_PROPERTY:
get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
SSL_TRUSTSTORE_PASSWORD_PROPERTY:
get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS),
SECURITY_IS_ENCRYPTION_ENABLED:
'true',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED:
'true'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
