AMBARI-13837. Ambari does not let user specify Active Directory LDAP configs when using HS2.(vbrodetskyi)

ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java

@@ -1596,10 +1596,8 @@ public class UpgradeCatalog210 extends AbstractUpgradeCatalog {
             }
             if (!"ldap".equalsIgnoreCase(hive_server2_auth)) {
               hiveSiteRemoveProps.add("hive.server2.authentication.ldap.url");
-              hiveSiteRemoveProps.add("hive.server2.authentication.ldap.baseDN");
             } else {
               hiveSiteAddProps.put("hive.server2.authentication.ldap.url", "");
-              hiveSiteAddProps.put("hive.server2.authentication.ldap.baseDN", "");
             }
             if (!"kerberos".equalsIgnoreCase(hive_server2_auth) && !cluster.getServices().containsKey("KERBEROS")) {
               hiveSiteRemoveProps.add("hive.server2.authentication.kerberos.keytab");

ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml

@@ -1745,7 +1745,6 @@ limitations under the License.
   </property>
   <property>
     <name>hive.server2.authentication.ldap.baseDN</name>
-    <value></value>
     <property-type>DONT_ADD_ON_UPGRADE</property-type>
     <depends-on>
       <property>

ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py

@@ -483,16 +483,11 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
 
     if hive_server2_auth == "ldap":
       putHiveSiteProperty("hive.server2.authentication.ldap.url", "")
-      putHiveSiteProperty("hive.server2.authentication.ldap.baseDN", " ")
     else:
       if ("hive.server2.authentication.ldap.url" in configurations["hive-site"]["properties"]) or \
               ("hive-site" not in services["configurations"]) or \
               ("hive-site" in services["configurations"] and "hive.server2.authentication.ldap.url" in services["configurations"]["hive-site"]["properties"]):
         putHiveSitePropertyAttribute("hive.server2.authentication.ldap.url", "delete", "true")
-      if ("hive.server2.authentication.ldap.baseDN" in configurations["hive-site"]["properties"]) or \
-              ("hive-site" not in services["configurations"]) or \
-              ("hive-site" in services["configurations"] and "hive.server2.authentication.ldap.baseDN" in services["configurations"]["hive-site"]["properties"]):
-        putHiveSitePropertyAttribute("hive.server2.authentication.ldap.baseDN", "delete", "true")
 
     if hive_server2_auth == "kerberos":
       putHiveSiteProperty("hive.server2.authentication.kerberos.keytab", "")
@@ -1230,6 +1225,16 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
                               "item": self.getWarnItem("Correct values are {0}".format(stripe_size_values))
                              }
       )
+    authentication_property = "hive.server2.authentication"
+    ldap_baseDN_property = "hive.server2.authentication.ldap.baseDN"
+    ldap_domain_property = "hive.server2.authentication.ldap.Domain"
+    if authentication_property in properties and properties[authentication_property].lower() == "ldap" \
+        and not (ldap_baseDN_property in properties or ldap_domain_property in properties):
+      validationItems.append({"config-name" : authentication_property, "item" :
+        self.getWarnItem("According to LDAP value for " + authentication_property + ", you should add " +
+            ldap_domain_property + " property, if you are using AD, if not, then " + ldap_baseDN_property + "!")})
+
+
     configurationValidationProblems = self.toConfigurationValidationProblems(validationItems, "hive-site")
     configurationValidationProblems.extend(parentValidationProblems)
     return configurationValidationProblems

ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py

@@ -590,7 +590,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
 
 
   def validateHiveConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
-    super(HDP23StackAdvisor, self).validateHiveConfigurations(properties, recommendedDefaults, configurations, services, hosts)
+    parentValidationProblems = super(HDP23StackAdvisor, self).validateHiveConfigurations(properties, recommendedDefaults, configurations, services, hosts)
     hive_site = properties
     hive_env_properties = getSiteProperties(configurations, "hive-env")
     validationItems = []
@@ -609,8 +609,10 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
                                 "item": self.getWarnItem(
                                   "If Hive using SQL Anywhere db." \
                                   " {0} needs to be set to {1}".format(prop_name,prop_value))})
-    return self.toConfigurationValidationProblems(validationItems, "hive-site")
 
+    configurationValidationProblems = self.toConfigurationValidationProblems(validationItems, "hive-site")
+    configurationValidationProblems.extend(parentValidationProblems)
+    return configurationValidationProblems
 
   def validateHiveServer2Configurations(self, properties, recommendedDefaults, configurations, services, hosts):
     super(HDP23StackAdvisor, self).validateHiveServer2Configurations(properties, recommendedDefaults, configurations, services, hosts)

ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py

@@ -1035,8 +1035,7 @@ class TestHDP22StackAdvisor(TestCase):
          'hive.auto.convert.join.noconditionaltask.size': {'maximum': '805306368'},
          'hive.server2.authentication.pam.services': {'delete': 'true'}, 
          'hive.server2.custom.authentication.class': {'delete': 'true'}, 
-         'hive.server2.authentication.ldap.baseDN': {'delete': 'true'}, 
-         'hive.server2.authentication.kerberos.principal': {'delete': 'true'}, 
+         'hive.server2.authentication.kerberos.principal': {'delete': 'true'},
          'hive.server2.authentication.kerberos.keytab': {'delete': 'true'}, 
          'hive.server2.authentication.ldap.url': {'delete': 'true'},
          'hive.server2.tez.default.queues': {
@@ -3093,6 +3092,7 @@ class TestHDP22StackAdvisor(TestCase):
 
   def test_validateHiveConfigurations(self):
     properties = {"hive_security_authorization": "None",
+                  "hive.server2.authentication": "LDAP",
                   "hive.exec.orc.default.stripe.size": "8388608",
                   'hive.tez.container.size': '2048',
                   'hive.tez.java.opts': '-Xmx300m',
@@ -3113,7 +3113,10 @@ class TestHDP22StackAdvisor(TestCase):
     }
 
     # Test for 'ranger-hive-plugin-properties' not being in configs
-    res_expected = []
+    res_expected = [{'config-type': 'hive-site', 'message': 'According to LDAP value for hive.server2.authentication, '
+                   'you should add hive.server2.authentication.ldap.Domain property, if you are using AD, if not, '
+                   'then hive.server2.authentication.ldap.baseDN!', 'type': 'configuration', 'config-name':
+                  'hive.server2.authentication', 'level': 'WARN'}]
     res = self.stackAdvisor.validateHiveConfigurations(properties, recommendedDefaults, configurations, services, {})
     self.assertEquals(res, res_expected)
 

ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py

@@ -726,8 +726,7 @@ class TestHDP23StackAdvisor(TestCase):
          'hive.auto.convert.join.noconditionaltask.size': {'maximum': '805306368'},
          'hive.server2.authentication.pam.services': {'delete': 'true'}, 
          'hive.server2.custom.authentication.class': {'delete': 'true'}, 
-         'hive.server2.authentication.ldap.baseDN': {'delete': 'true'}, 
-         'hive.server2.authentication.kerberos.principal': {'delete': 'true'}, 
+         'hive.server2.authentication.kerberos.principal': {'delete': 'true'},
          'hive.server2.authentication.kerberos.keytab': {'delete': 'true'}, 
          'hive.server2.authentication.ldap.url': {'delete': 'true'},
          'hive.server2.tez.default.queues': {
@@ -1313,4 +1312,4 @@ class TestHDP23StackAdvisor(TestCase):
 
     recommendedConfigurations = {}
     self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
-    self.assertEquals(recommendedConfigurations['ranger-admin-site']['properties']['ranger.audit.solr.zookeepers'], 'NONE')
+    self.assertEquals(recommendedConfigurations['ranger-admin-site']['properties']['ranger.audit.solr.zookeepers'], 'NONE')