AMBARI-13975. Add support for knoxsso topology to HDP versions 2.3.8 and higher (Sumit Gupta via smohanty)

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py

@@ -66,11 +66,12 @@ def knox():
      content=InlineTemplate(params.admin_topology_template)
   )
 
-  File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
-     group=params.knox_group,
-     owner=params.knox_user,
-     content=InlineTemplate(params.knoxsso_topology_template)
-  )
+  if Script.is_hdp_stack_greater_or_equal_to(params.version_formatted, "2.3.8.0"):
+      File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
+         group=params.knox_group,
+         owner=params.knox_user,
+         content=InlineTemplate(params.knoxsso_topology_template)
+      )
 
   if params.security_enabled:
     TemplateConfig( os.path.join(params.knox_conf_dir, "krb5JAASLogin.conf"),
@@ -123,6 +124,15 @@ def knox():
          owner=params.knox_user,
          content=InlineTemplate(params.admin_topology_template)
     )
+
+    if Script.is_hdp_stack_greater_or_equal_to(params.version_formatted, "2.3.8.0"):
+        File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
+            group=params.knox_group,
+            owner=params.knox_user,
+            content=InlineTemplate(params.knoxsso_topology_template)
+        )
+
+
     if params.security_enabled:
       TemplateConfig( format("{knox_conf_dir}/krb5JAASLogin.conf"),
                       owner = params.knox_user,

ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/knoxsso-topology.xml

@@ -0,0 +1,94 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false" supports_adding_forbidden="true">
+    <!-- topology file -->
+
+    <property>
+    <name>content</name>
+    <value>
+      &lt;topology&gt;
+      
+          &lt;gateway&gt;
+      
+              &lt;provider&gt;
+                  &lt;role&gt;federation&lt;/role&gt;
+                  &lt;name&gt;Picketlink&lt;/name&gt;
+                  &lt;enabled&gt;true&lt;/enabled&gt;
+                  &lt;param&gt;
+                      &lt;name&gt;identity.url&lt;/name&gt;
+                      &lt;value&gt;https://SSO_PROVIDER_HOST_NAME:SSO_PROVIDER_PORT/idp/profile/SAML2/POST/SSO&lt;/value&gt;
+                  &lt;/param&gt;
+                  &lt;param&gt;
+                      &lt;name&gt;service.url&lt;/name&gt;
+                      &lt;value&gt;http://{{knox_host_name}}:{{knox_port}}/gateway/knoxsso/api/v1/websso&lt;/value&gt;
+                  &lt;/param&gt;
+                  &lt;param&gt;
+                      &lt;name&gt;keystore.url&lt;/name&gt;
+                      &lt;value&gt;{{knox_cert_store_path}}&lt;/value&gt;
+                  &lt;/param&gt;
+                  &lt;param&gt;
+                      &lt;name&gt;validating.alias.key&lt;/name&gt;
+                      &lt;value&gt;SSO_PROVIDER_DOMAIN&lt;/value&gt;
+                  &lt;/param&gt;
+                  &lt;param&gt;
+                      &lt;name&gt;validating.alias.value&lt;/name&gt;
+                      &lt;value&gt;SSO_PROVIDER_CERT_ALIAS&lt;/value&gt;
+                  &lt;/param&gt;
+                  &lt;param&gt;
+                      &lt;name&gt;clock.skew.milis&lt;/name&gt;
+                      &lt;value&gt;2000&lt;/value&gt;
+                  &lt;/param&gt;
+              &lt;/provider&gt;
+              
+              &lt;provider&gt;
+                  &lt;role&gt;identity-assertion&lt;/role&gt;
+                  &lt;name&gt;Default&lt;/name&gt;
+                  &lt;enabled&gt;true&lt;/enabled&gt;
+              &lt;/provider&gt;
+      
+          &lt;/gateway&gt;
+      
+          &lt;service&gt;
+              &lt;role&gt;KNOXSSO&lt;/role&gt;
+              &lt;param&gt;
+                &lt;name&gt;knoxsso.cookie.secure.only&lt;/name&gt;
+                &lt;value&gt;true&lt;/value&gt;
+              &lt;/param&gt;
+              &lt;param&gt;
+                &lt;name&gt;knoxsso.token.ttl&lt;/name&gt;
+                &lt;value&gt;36000000&lt;/value&gt;
+              &lt;/param&gt;
+          &lt;/service&gt;
+      
+      &lt;/topology&gt;
+    </value>
+    <description>
+        The configuration specifies the KnoxSSO provider integration, cookie and token management details.
+    </description>
+    <value-attributes>
+       <type>content</type>
+       <empty-value-valid>true</empty-value-valid>
+       <show-property-name>false</show-property-name>
+    </value-attributes>
+    </property>
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml

@@ -1,94 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-
-<configuration supports_final="false" supports_adding_forbidden="true">
-    <!-- topology file -->
-
-    <property>
-    <name>content</name>
-    <value>
-      &lt;topology&gt;
-      
-          &lt;gateway&gt;
-      
-              &lt;provider&gt;
-                  &lt;role&gt;federation&lt;/role&gt;
-                  &lt;name&gt;Picketlink&lt;/name&gt;
-                  &lt;enabled&gt;true&lt;/enabled&gt;
-                  &lt;param&gt;
-                      &lt;name&gt;identity.url&lt;/name&gt;
-                      &lt;value&gt;https://SSO_PROVIDER_HOST_NAME:SSO_PROVIDER_PORT/idp/profile/SAML2/POST/SSO&lt;/value&gt;
-                  &lt;/param&gt;
-                  &lt;param&gt;
-                      &lt;name&gt;service.url&lt;/name&gt;
-                      &lt;value&gt;http://{{knox_host_name}}:{{knox_port}}/gateway/idp/knoxsso/api/v1/websso&lt;/value&gt;
-                  &lt;/param&gt;
-                  &lt;param&gt;
-                      &lt;name&gt;keystore.url&lt;/name&gt;
-                      &lt;value&gt;{{knox_cert_store_path}}&lt;/value&gt;
-                  &lt;/param&gt;
-                  &lt;param&gt;
-                      &lt;name&gt;validating.alias.key&lt;/name&gt;
-                      &lt;value&gt;SSO_PROVIDER_DOMAIN&lt;/value&gt;
-                  &lt;/param&gt;
-                  &lt;param&gt;
-                      &lt;name&gt;validating.alias.value&lt;/name&gt;
-                      &lt;value&gt;SSO_PROVIDER_CERT_ALIAS&lt;/value&gt;
-                  &lt;/param&gt;
-                  &lt;param&gt;
-                      &lt;name&gt;clock.skew.milis&lt;/name&gt;
-                      &lt;value&gt;2000&lt;/value&gt;
-                  &lt;/param&gt;
-              &lt;/provider&gt;
-              
-              &lt;provider&gt;
-                  &lt;role&gt;identity-assertion&lt;/role&gt;
-                  &lt;name&gt;Default&lt;/name&gt;
-                  &lt;enabled&gt;true&lt;/enabled&gt;
-              &lt;/provider&gt;
-      
-          &lt;/gateway&gt;
-      
-          &lt;service&gt;
-              &lt;role&gt;KNOXSSO&lt;/role&gt;
-              &lt;param&gt;
-                &lt;name&gt;knoxsso.cookie.secure.only&lt;/name&gt;
-                &lt;value&gt;true&lt;/value&gt;
-              &lt;/param&gt;
-              &lt;param&gt;
-                &lt;name&gt;knoxsso.cookie.max.age&lt;/name&gt;
-                &lt;value&gt;600&lt;/value&gt;
-              &lt;/param&gt;
-          &lt;/service&gt;
-      
-      &lt;/topology&gt;
-    </value>
-    <description>
-        The configuration specifies the KnoxSSO provider integration, cookie and token management details.
-    </description>
-    <value-attributes>
-       <type>content</type>
-       <empty-value-valid>true</empty-value-valid>
-       <show-property-name>false</show-property-name>
-    </value-attributes>
-    </property>
-</configuration>