AMBARI-10522. Cannot install Ranger Admin on non-root + umask 027 (aonishuk)

ambari-agent/src/test/python/resource_management/TestFileResource.py

@@ -95,7 +95,7 @@ class TestFileResource(TestCase):
       )
     
 
-    create_file_mock.assert_called_with('/directory/file', 'file-content')
+    create_file_mock.assert_called_with('/directory/file', 'file-content', encoding=None)
     self.assertEqual(create_file_mock.call_count, 1)
     ensure_mock.assert_called()
 
@@ -120,8 +120,8 @@ class TestFileResource(TestCase):
            content='new-content'
       )
 
-    read_file_mock.assert_called_with('/directory/file')    
-    create_file_mock.assert_called_with('/directory/file', 'new-content')
+    read_file_mock.assert_called_with('/directory/file', encoding=None)    
+    create_file_mock.assert_called_with('/directory/file', 'new-content', encoding=None)
 
 
   @patch.object(sudo, "unlink")
@@ -297,7 +297,7 @@ class TestFileResource(TestCase):
       )
     
 
-    create_file_mock.assert_called_with('/directory/file', 'file-content')
+    create_file_mock.assert_called_with('/directory/file', 'file-content', encoding=None)
     self.assertEqual(create_file_mock.call_count, 1)
     stat_mock.assert_called_with('/directory/file')
     self.assertEqual(chmod_mock.call_count, 1)
@@ -346,7 +346,5 @@ class TestFileResource(TestCase):
       )
 
 
-    read_file_mock.assert_called_with('/directory/file')
-    content_mock.encode.assert_called_with('UTF-8')
-    old_content_mock.decode.assert_called_with('UTF-8')
+    read_file_mock.assert_called_with('/directory/file', encoding='UTF-8')
 

ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py

@@ -65,7 +65,7 @@ class TestPropertiesFIleResource(TestCase):
                      properties={}
       )
 
-    create_file_mock.assert_called_with('/somewhere_in_system/one_file.properties', u'# Generated by Apache Ambari. Today is Wednesday\n    \n    \n')
+    create_file_mock.assert_called_with('/somewhere_in_system/one_file.properties', u'# Generated by Apache Ambari. Today is Wednesday\n    \n    \n', encoding=None)
     ensure_mock.assert_called()
 
 
@@ -98,7 +98,7 @@ class TestPropertiesFIleResource(TestCase):
                      properties={},
       )
 
-    create_file_mock.assert_called_with('/dir/and/dir/file.txt', u'# Generated by Apache Ambari. Some other day\n    \n    \n')
+    create_file_mock.assert_called_with('/dir/and/dir/file.txt', u'# Generated by Apache Ambari. Some other day\n    \n    \n', encoding=None)
     ensure_mock.assert_called()
 
 
@@ -131,7 +131,7 @@ class TestPropertiesFIleResource(TestCase):
                      properties={'property1': 'value1'},
       )
 
-    create_file_mock.assert_called_with('/dir/new_file', u'# Generated by Apache Ambari. 777\n    \nproperty1=value1\n    \n')
+    create_file_mock.assert_called_with('/dir/new_file', u'# Generated by Apache Ambari. 777\n    \nproperty1=value1\n    \n', encoding=None)
     ensure_mock.assert_called()
 
 
@@ -169,7 +169,7 @@ class TestPropertiesFIleResource(TestCase):
                      },
       )
 
-    create_file_mock.assert_called_with('/dir/new_file', u"# Generated by Apache Ambari. 777\n    \n=\nprop.1='.'yyyy-MM-dd-HH\nprop.2=INFO, openjpa\nprop.3=%d{ISO8601} %5p %c{1}:%L - %m%n\nprop.4=${oozie.log.dir}/oozie.log\nprop.empty=\n    \n")
+    create_file_mock.assert_called_with('/dir/new_file', u"# Generated by Apache Ambari. 777\n    \n=\nprop.1='.'yyyy-MM-dd-HH\nprop.2=INFO, openjpa\nprop.3=%d{ISO8601} %5p %c{1}:%L - %m%n\nprop.4=${oozie.log.dir}/oozie.log\nprop.empty=\n    \n", encoding=None)
     ensure_mock.assert_called()
 
 
@@ -206,5 +206,5 @@ class TestPropertiesFIleResource(TestCase):
       )
 
     read_file_mock.assert_called()
-    create_file_mock.assert_called_with('/dir1/new_file', u'# Generated by Apache Ambari. 777\n    \nproperty_1=value1\n    \n')
+    create_file_mock.assert_called_with('/dir1/new_file', u'# Generated by Apache Ambari. 777\n    \nproperty_1=value1\n    \n', encoding=None)
     ensure_mock.assert_called()

ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py

@@ -62,7 +62,7 @@ class TestXmlConfigResource(TestCase):
                 configuration_attributes={}
                 )
 
-    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n  </configuration>\n')
+    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n  </configuration>\n', encoding='UTF-8')
 
 
   @patch("resource_management.core.providers.system._ensure_metadata")
@@ -91,7 +91,7 @@ class TestXmlConfigResource(TestCase):
                 configuration_attributes={'attr': {'property1': 'attr_value'}}
                 )
 
-    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n    <property>\n      <name>property1</name>\n      <value>value1</value>\n      <attr>attr_value</attr>\n    </property>\n    \n  </configuration>\n')
+    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n    <property>\n      <name>property1</name>\n      <value>value1</value>\n      <attr>attr_value</attr>\n    </property>\n    \n  </configuration>\n', encoding='UTF-8')
 
 
   @patch("resource_management.core.providers.system._ensure_metadata")
@@ -144,7 +144,7 @@ class TestXmlConfigResource(TestCase):
                     }
                 })
 
-    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n    <property>\n      <name></name>\n      <value></value>\n    </property>\n    \n    <property>\n      <name>prop.1</name>\n      <value>&#39;.&#39;yyyy-MM-dd-HH</value>\n      <attr1>x</attr1>\n    </property>\n    \n    <property>\n      <name>prop.2</name>\n      <value>INFO, openjpa</value>\n    </property>\n    \n    <property>\n      <name>prop.3</name>\n      <value>%d{ISO8601} %5p %c{1}:%L - %m%n</value>\n      <attr2>value3</attr2>\n    </property>\n    \n    <property>\n      <name>prop.4</name>\n      <value>${oozie.log.dir}/oozie.log</value>\n      <attr_value_empty></attr_value_empty>\n      <attr2>value4</attr2>\n    </property>\n    \n    <property>\n      <name>prop.empty</name>\n      <value></value>\n      <attr_value_empty></attr_value_empty>\n    </property>\n    \n  </configuration>\n')
+    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n    <property>\n      <name></name>\n      <value></value>\n    </property>\n    \n    <property>\n      <name>prop.1</name>\n      <value>&#39;.&#39;yyyy-MM-dd-HH</value>\n      <attr1>x</attr1>\n    </property>\n    \n    <property>\n      <name>prop.2</name>\n      <value>INFO, openjpa</value>\n    </property>\n    \n    <property>\n      <name>prop.3</name>\n      <value>%d{ISO8601} %5p %c{1}:%L - %m%n</value>\n      <attr2>value3</attr2>\n    </property>\n    \n    <property>\n      <name>prop.4</name>\n      <value>${oozie.log.dir}/oozie.log</value>\n      <attr_value_empty></attr_value_empty>\n      <attr2>value4</attr2>\n    </property>\n    \n    <property>\n      <name>prop.empty</name>\n      <value></value>\n      <attr_value_empty></attr_value_empty>\n    </property>\n    \n  </configuration>\n', encoding='UTF-8')
 
   @patch("resource_management.core.providers.system._ensure_metadata")
   @patch.object(sudo, "create_file")
@@ -177,7 +177,7 @@ class TestXmlConfigResource(TestCase):
                 configuration_attributes={}
                 )
 
-    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n    <property>\n      <name></name>\n      <value></value>\n    </property>\n    \n    <property>\n      <name>first</name>\n      <value>should be first</value>\n    </property>\n    \n    <property>\n      <name>second</name>\n      <value>should be second</value>\n    </property>\n    \n    <property>\n      <name>third</name>\n      <value>should be third</value>\n    </property>\n    \n    <property>\n      <name>z_last</name>\n      <value>should be last</value>\n    </property>\n    \n  </configuration>\n')
+    create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n    <configuration>\n    \n    <property>\n      <name></name>\n      <value></value>\n    </property>\n    \n    <property>\n      <name>first</name>\n      <value>should be first</value>\n    </property>\n    \n    <property>\n      <name>second</name>\n      <value>should be second</value>\n    </property>\n    \n    <property>\n      <name>third</name>\n      <value>should be third</value>\n    </property>\n    \n    <property>\n      <name>z_last</name>\n      <value>should be last</value>\n    </property>\n    \n  </configuration>\n', encoding='UTF-8')
 
   @patch("resource_management.libraries.providers.xml_config.File")
   @patch.object(sudo, "path_exists")

ambari-common/src/main/python/resource_management/core/providers/system.py

@@ -111,8 +111,7 @@ class FileProvider(Provider):
       reason = "it doesn't exist"
     elif self.resource.replace:
       if content is not None:
-        old_content = sudo.read_file(path)
-        old_content = old_content.decode(self.resource.encoding) if self.resource.encoding else old_content
+        old_content = sudo.read_file(path, encoding=self.resource.encoding)
         if content != old_content:
           write = True
           reason = "contents don't match"
@@ -121,11 +120,7 @@ class FileProvider(Provider):
 
     if write:
       Logger.info("Writing %s because %s" % (self.resource, reason))
-
-      if content:
-        content = content.encode(self.resource.encoding) if self.resource.encoding else content
-        
-      sudo.create_file(path, content)
+      sudo.create_file(path, content, encoding=self.resource.encoding)
 
     _ensure_metadata(self.resource.path, self.resource.owner,
                         self.resource.group, mode=self.resource.mode, cd_access=self.resource.cd_access)

ambari-common/src/main/python/resource_management/core/sudo.py

@@ -65,13 +65,14 @@ def rmtree(path):
   shell.checked_call(["rm","-rf", path], sudo=True)
   
 # fp.write replacement
-def create_file(filename, content):
+def create_file(filename, content, encoding='utf-8'):
   """
   if content is None, create empty file
   """
   tmpf = tempfile.NamedTemporaryFile()
   
   if content:
+    content = content.encode(encoding) if encoding else content
     with open(tmpf.name, "wb") as fp:
       fp.write(content)
   
@@ -82,13 +83,16 @@ def create_file(filename, content):
   chmod(filename, 0644)
     
 # fp.read replacement
-def read_file(filename):
+def read_file(filename, encoding='utf-8'):
   tmpf = tempfile.NamedTemporaryFile()
   shell.checked_call(["cp", "-f", filename, tmpf.name], sudo=True)
   
   with tmpf:
     with open(tmpf.name, "rb") as fp:
-      return fp.read()
+      content = fp.read()
+      
+  content = content.decode(encoding) if encoding else content
+  return content
     
 # os.path.exists
 def path_exists(path):
@@ -102,6 +106,10 @@ def path_isdir(path):
 def path_lexists(path):
   return (shell.call(["test", "-L", path], sudo=True)[0] == 0)
 
+# os.path.isfile
+def path_isfile(path):
+  return (shell.call(["test", "-f", path], sudo=True)[0] == 0)
+
 # os.stat
 def stat(path):
   class Stat:

ambari-common/src/main/python/resource_management/libraries/providers/__init__.py

@@ -43,6 +43,7 @@ PROVIDERS = dict(
     PropertiesFile="resource_management.libraries.providers.properties_file.PropertiesFileProvider",
     MonitorWebserver="resource_management.libraries.providers.monitor_webserver.MonitorWebserverProvider",
     HdfsDirectory="resource_management.libraries.providers.hdfs_directory.HdfsDirectoryProvider",
-    CopyFromLocal="resource_management.libraries.providers.copy_from_local.CopyFromLocalProvider"
+    CopyFromLocal="resource_management.libraries.providers.copy_from_local.CopyFromLocalProvider",
+    ModifyPropertiesFile="resource_management.libraries.providers.modify_properties_file.ModifyPropertiesFileProvider"
   ),
 )

ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+
+from resource_management.core.resources import File
+from resource_management.core.providers import Provider
+from resource_management.libraries.functions.format import format
+from resource_management.core.environment import Environment
+from resource_management.core.logger import Logger
+from resource_management import sudo
+
+
+class ModifyPropertiesFileProvider(Provider):
+  def action_create(self):
+    filename = self.resource.filename
+    comment_symbols = self.resource.comment_symbols
+    delimiter = self.resource.key_value_delimiter
+    properties = self.resource.properties
+    unsaved_values = properties.keys()
+    new_content_lines = []
+    
+    if sudo.path_isfile(filename):
+      file_content = sudo.read_file(filename)
+      new_content_lines += file_content.split('\n')
+
+      Logger.info(format("Modifying existing properties file: {filename}"))
+      
+      for line_num in range(len(new_content_lines)):
+        line = new_content_lines[line_num]
+        
+        if line.lstrip() and not line.lstrip()[0] in comment_symbols and delimiter in line:
+          in_var_name = line.split(delimiter)[0].strip()
+          in_var_value = line.split(delimiter)[1].strip()
+          
+          if in_var_name in properties:
+            new_content_lines[line_num] = u"{0}{1}{2}".format(unicode(in_var_name), delimiter, unicode(properties[in_var_name]))
+            unsaved_values.remove(in_var_name)
+    else:
+      Logger.info(format("Creating new properties file as {filename} doesn't exist"))
+       
+    for property_name in unsaved_values:
+      line = u"{0}{1}{2}".format(unicode(property_name), delimiter, unicode(properties[property_name]))
+      new_content_lines.append(line)
+          
+    with Environment.get_instance_copy() as env:
+      File (filename,
+            content = u"\n".join(new_content_lines) + "\n",
+            owner = self.resource.owner,
+            group = self.resource.group,
+            mode = self.resource.mode,
+            encoding = self.resource.encoding,
+      )

ambari-common/src/main/python/resource_management/libraries/resources/__init__.py

@@ -28,4 +28,5 @@ from resource_management.libraries.resources.repository import *
 from resource_management.libraries.resources.monitor_webserver import *
 from resource_management.libraries.resources.hdfs_directory import *
 from resource_management.libraries.resources.copy_from_local import *
-from resource_management.libraries.resources.msi import *
+from resource_management.libraries.resources.msi import *
+from resource_management.libraries.resources.modify_properties_file import *

ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py

@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+
+_all__ = ["ModifyPropertiesFile"]
+from resource_management.core.base import Resource, ForcedListArgument, ResourceArgument, BooleanArgument
+
+class ModifyPropertiesFile(Resource):
+  action = ForcedListArgument(default="create")
+  filename = ResourceArgument(default=lambda obj: obj.name)
+
+  properties = ResourceArgument()
+
+  mode = ResourceArgument()
+  owner = ResourceArgument()
+  group = ResourceArgument()
+  
+  key_value_delimiter = ResourceArgument(default='=')
+  comment_symbols = ForcedListArgument(default=['#'])
+  encoding = ResourceArgument(default='utf-8')
+
+  actions = Resource.actions + ["create"]

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml

@@ -22,43 +22,43 @@
 <configuration supports_final="false">
 
   <property>
-    <name>HTTP_SERVICE_PORT</name>
+    <name>http.service.port</name>
     <value>6080</value>
     <description>The http port to be used</description>
   </property>
 
   <property>
-    <name>HTTPS_SERVICE_PORT</name>
+    <name>https.service.port</name>
     <value>6182</value>
     <description>The secured https port to be used</description>
   </property>
 
   <property>
-    <name>HTTPS_KEYSTORE_FILE</name>
+    <name>https.attrib.keystoreFile</name>
     <value>/etc/ranger/admin/keys/server.jks</value>
     <description>The keystore file location</description>
   </property>
 
   <property>
-    <name>HTTPS_KEYSTORE_PASS</name>
+    <name>https.attrib.keystorePass</name>
     <value>ranger</value>
     <description>The keystore pass to be used </description>
   </property>
 
   <property>
-    <name>HTTPS_KEY_ALIAS</name>
+    <name>https.attrib.keyAlias</name>
     <value>myKey</value>
     <description>The key alias to be used </description>
   </property>
 
   <property>
-    <name>HTTPS_CLIENT_AUTH</name>
+    <name>https.attrib.clientAuth</name>
     <value>want</value>
     <description>The client auth to be used </description>
   </property>
 
   <property>
-    <name>HTTP_ENABLED</name>
+    <name>http.enabled</name>
     <value>true</value>
     <description>http enabled or https enabled </description>
   </property>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py

@@ -46,64 +46,17 @@ if stack_is_hdp22_or_further:
 usersync_services_file = "/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh"
 
 java_home = config['hostLevelParams']['java_home']
-unix_user  = default("/configurations/ranger-env/ranger_user", "ranger")
-unix_group = default("/configurations/ranger-env/ranger_group", "ranger")
+unix_user  = config['configurations']['ranger-env']['ranger_user']
+unix_group = config['configurations']['ranger-env']['ranger_group']
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
-# admin-properties
-db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
-sql_command_invoker = default("/configurations/admin-properties/SQL_COMMAND_INVOKER", "mysql")
-sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
-db_root_user = default("/configurations/admin-properties/db_root_user", "root")
-db_root_password = unicode(default("/configurations/admin-properties/db_root_password", " "))
-db_host = default("/configurations/admin-properties/db_host", "localhost")
-db_name = default("/configurations/admin-properties/db_name", "ranger")
-db_user = default("/configurations/admin-properties/db_user", "rangeradmin")
-db_password = unicode(default("/configurations/admin-properties/db_password", "rangeradmin"))
-audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
-audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
-audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
-policymgr_external_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
-policymgr_http_enabled = default("/configurations/admin-properties/policymgr_http_enabled", "true")
-authentication_method = default("/configurations/admin-properties/authentication_method", "UNIX")
-remoteLoginEnabled = default("/configurations/admin-properties/remoteLoginEnabled", "true")
-authServiceHostName = default("/configurations/admin-properties/authServiceHostName", "localhost")
-authServicePort = default("/configurations/admin-properties/authServicePort", "5151")
-xa_ldap_url = default("/configurations/admin-properties/xa_ldap_url", "ldap://71.127.43.33:389")
-xa_ldap_userDNpattern = default("/configurations/admin-properties/xa_ldap_userDNpattern", "uid={0},ou=users,dc=xasecure,dc=net")
-xa_ldap_groupSearchBase = default("/configurations/admin-properties/xa_ldap_groupSearchBase", "ou=groups,dc=xasecure,dc=net")
-xa_ldap_groupSearchFilter = default("/configurations/admin-properties/xa_ldap_groupSearchFilter", "(member=uid={0},ou=users,dc=xasecure,dc=net)")
-xa_ldap_groupRoleAttribute = default("/configurations/admin-properties/xa_ldap_groupRoleAttribute", "cn")
-xa_ldap_ad_domain = default("/configurations/admin-properties/xa_ldap_ad_domain", "xasecure.net")
-xa_ldap_ad_url = default("/configurations/admin-properties/xa_ldap_ad_url", "ldap://ad.xasecure.net:389")
-
-# usersync-properties
-sync_source = default("/configurations/usersync-properties/SYNC_SOURCE", "unix")
-min_unix_user_id_to_sync = default("/configurations/usersync-properties/MIN_UNIX_USER_ID_TO_SYNC", "1000")
-sync_interval = default("/configurations/usersync-properties/SYNC_INTERVAL", "1")
-sync_ldap_url = default("/configurations/usersync-properties/SYNC_LDAP_URL", "ldap://localhost:389")
-sync_ldap_bind_dn = default("/configurations/usersync-properties/SYNC_LDAP_BIND_DN", "cn=admin,dc=xasecure,dc=net")
-sync_ldap_bind_password = default("/configurations/usersync-properties/SYNC_LDAP_BIND_PASSWORD", "admin321")
-cred_keystore_filename = default("/configurations/usersync-properties/CRED_KEYSTORE_FILENAME", "/usr/lib/xausersync/.jceks/xausersync.jceks")
-sync_ldap_user_search_base = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_BASE", "ou=users,dc=xasecure,dc=net")
-sync_ldap_user_search_scope = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE", "sub")
-sync_ldap_user_object_class = default("/configurations/usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS", "person")
-sync_ldap_user_search_filter = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER", "-")
-sync_ldap_user_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE", "cn")
-sync_ldap_user_group_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE", "memberof,ismemberof")
-sync_ldap_username_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_USERNAME_CASE_CONVERSION", "lower")
-sync_ldap_groupname_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_GROUPNAME_CASE_CONVERSION", "lower")
-logdir = default("/configurations/usersync-properties/logdir", "logs")
-
-# ranger-site
-http_enabled = default("/configurations/ranger-site/HTTP_ENABLED", "true")
-http_service_port = default("/configurations/ranger-site/HTTP_SERVICE_PORT", "6080")
-https_service_port = default("/configurations/ranger-site/HTTPS_SERVICE_PORT", "6182")
-https_attrib_keystoreFile = default("/configurations/ranger-site/HTTPS_KEYSTORE_FILE", "/etc/ranger/admin/keys/server.jks")
-https_attrib_keystorePass = default("/configurations/ranger-site/HTTPS_KEYSTORE_PASS", "ranger")
-https_attrib_keyAlias = default("/configurations/ranger-site/HTTPS_KEY_ALIAS", "mykey")
-https_attrib_clientAuth = default("/configurations/ranger-site/HTTPS_CLIENT_AUTH", "want")
+db_flavor =  config['configurations']['admin-properties']['DB_FLAVOR']
+
+sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
+db_root_user = config['configurations']['admin-properties']['db_root_user']
+db_root_password = unicode(config['configurations']['admin-properties']['db_root_password'])
+db_host =  config['configurations']['admin-properties']['db_host']
 
 #ranger-env properties
 oracle_home = default("/configurations/ranger-env/oracle_home", "-")

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py

@@ -23,7 +23,7 @@ from resource_management.core.exceptions import ComponentIsNotRunning
 from resource_management.libraries.functions.format import format
 from resource_management.core.logger import Logger
 from resource_management.core import shell
-from setup_ranger import setup_ranger
+from setup_ranger import setup_ranger_admin
 from ranger_service import ranger_service
 import upgrade
 
@@ -67,7 +67,7 @@ class RangerAdmin(Script):
     import params
     env.set_params(params)
     
-    setup_ranger()
+    setup_ranger_admin()
 
 
 if __name__ == "__main__":

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py

@@ -19,12 +19,12 @@ limitations under the License.
 """
 from resource_management import *
 
-def ranger_service(name):
+def ranger_service(name, action=None):
   import params
   
   if name == 'ranger_admin':
     no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
-    Execute(format('{params.ranger_start}'), user=params.unix_user, not_if=no_op_test)
+    Execute(params.ranger_start, user=params.unix_user, not_if=no_op_test)
   elif name == 'ranger_usersync':
     no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
     

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py

@@ -23,37 +23,35 @@ from resource_management.core.exceptions import ComponentIsNotRunning
 from resource_management.libraries.functions.format import format
 from resource_management.core.logger import Logger
 from resource_management.core import shell
-from setup_ranger import setup_usersync
 from ranger_service import ranger_service
+from setup_ranger import setup_usersync
 import upgrade
 
 class RangerUsersync(Script):
-
-  def get_stack_to_component(self):
-    return {"HDP": "ranger-usersync"}
-
+  
   def install(self, env):
     self.install_packages(env)
     self.configure(env)
-
-  def stop(self, env, rolling_restart=False):
-    import params
-
-    env.set_params(params)
-    Execute((params.usersync_stop,), sudo=True)
-
-  def pre_rolling_restart(self, env):
+    
+  def configure(self, env):
     import params
     env.set_params(params)
-    upgrade.prestart(env, "ranger-usersync")
-
+    
+    setup_usersync()
+    
   def start(self, env, rolling_restart=False):
     import params
     env.set_params(params)
+    
     self.configure(env)
     ranger_service('ranger_usersync')
-
-
+    
+  def stop(self, env, rolling_restart=False):
+    import params
+    env.set_params(params)
+    
+    Execute((params.usersync_stop,), sudo=True)
+    
   def status(self, env):
     cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
     code, output = shell.call(cmd, timeout=20)
@@ -63,10 +61,13 @@ class RangerUsersync(Script):
       raise ComponentIsNotRunning()
     pass
 
-  def configure(self, env):
+  def pre_rolling_restart(self, env):
     import params
     env.set_params(params)
-    setup_usersync()
+    upgrade.prestart(env, "ranger-usersync")
+
+  def get_stack_to_component(self):
+    return {"HDP": "ranger-usersync"}
 
 
 if __name__ == "__main__":

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py

@@ -23,234 +23,74 @@ import os
 from resource_management import *
 from resource_management.core.logger import Logger
 
-def setup_ranger():
+def setup_ranger_admin():
   import params
 
-  if check_db_connnection():
-    File(params.downloaded_custom_connector,
-         content = DownloadSource(params.driver_curl_source)
-    )
-
-    if not os.path.isfile(params.driver_curl_target):
-      Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
-              path=["/bin", "/usr/bin/"],
-              sudo=True)                        
-
-    file_path = format("{ranger_home}/install.properties")
-    bk_file_path = format("{ranger_home}/install-bk.properties")
-    
-    File(bk_file_path,
-         content = StaticFile(file_path),
-    )
-
-    write_properties_to_file(file_path, admin_properties())
-    ##if db flavor == oracle - set oracle home env variable
-    if params.db_flavor.lower() == 'oracle' and params.oracle_home:
-      env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home} 
-    else: 
-      env_dict = {'JAVA_HOME': params.java_home}
-    setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
-    
-    try:
-      Execute(setup_sh, 
-              environment=env_dict, 
-              logoutput=True,
-      )
-    except Fail, e:
-      if os.path.isfile(bk_file_path):
-        File(file_path,
-          action = "delete",
-        )
-        Execute(('mv', bk_file_path, file_path),
-          sudo = True,
-        )
-      raise Fail('Ranger installation Failed, {0}'.format(str(e)))
-
-    do_post_installation()
-
-    if os.path.isfile(bk_file_path):
-      File(file_path,
-        action = "delete",
-      )
-      Execute(('mv', bk_file_path, file_path),
-        sudo = True,
-      )
-    else:
-      raise Fail('Ranger admin install.properties backup file doesnot exist')
-
-def do_post_installation():
-  import params
-
-  Logger.info('Performing Ranger post installation')
+  check_db_connnection()
+  
+  File(params.downloaded_custom_connector,
+       content = DownloadSource(params.driver_curl_source)
+  )
 
-  file_path = format("{ranger_conf}/ranger_webserver.properties")
-  ranger_site = dict()
-  ranger_site['http.service.port'] = params.http_service_port
-  ranger_site['https.service.port'] = params.https_service_port
-  ranger_site['https.attrib.keystoreFile'] = params.https_attrib_keystoreFile
-  ranger_site['https.attrib.keystorePass'] = params.https_attrib_keystorePass
-  ranger_site['https.attrib.keyAlias'] = params.https_attrib_keyAlias
-  ranger_site['https.attrib.clientAuth'] = params.https_attrib_clientAuth
-  write_properties_to_file(file_path, ranger_site)
+  Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+          path=["/bin", "/usr/bin/"],
+          not_if=format("test -f {driver_curl_target}"),
+          sudo=True)
+  
+  ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+    properties = params.config['configurations']['admin-properties']
+  )
 
-  ranger_site.clear()
+  ##if db flavor == oracle - set oracle home env variable
+  if params.db_flavor.lower() == 'oracle' and params.oracle_home:
+    env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home} 
+  else: 
+    env_dict = {'JAVA_HOME': params.java_home}
+  
+  setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
+  Execute(setup_sh, 
+          environment=env_dict, 
+          logoutput=True,
+  )
+  
+  ModifyPropertiesFile(format("{ranger_conf}/xa_system.properties"),
+       properties = params.config['configurations']['ranger-site'],
+  )
 
-  file_path = format("{ranger_conf}/xa_system.properties")
-  ranger_site['http.enabled'] = params.http_enabled
-  write_properties_to_file(file_path, ranger_site)
-  Logger.info('Performing Ranger post installation DONE')
-  File(format('{params.ranger_conf}/ranger_webserver.properties'), mode=0744)
+  ModifyPropertiesFile(format("{ranger_conf}/ranger_webserver.properties"),
+    properties = params.config['configurations']['ranger-site'],
+    mode=0744
+  )
 
 def setup_usersync():
   import params
 
-  file_path = format("{usersync_home}/install.properties")
-  write_properties_to_file(file_path, usersync_properties())
+  PropertiesFile(format("{usersync_home}/install.properties"),
+    properties = params.config['configurations']['usersync-properties'],
+  )
 
   cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')])
   Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
-  Execute(('chown', params.unix_user, params.usersync_start),
-    sudo = True,
-  )
-  Execute(('chown', params.unix_user, params.usersync_stop),
-    sudo = True,
+  
+  File([params.usersync_start, params.usersync_stop],
+       owner = params.unix_user
   )
   File(params.usersync_services_file,
     mode = 0755,
   )
 
-def write_properties_to_file(file_path, value):
-  for key in value:
-    modify_config(file_path, key, value[key])
-
-def modify_config(filepath, variable, setting):
-  var_found = False
-  already_set = False
-  V = str(variable)
-  S = str(setting)
-
-  if ' ' in S:
-    S = '%s' % S
-    
-  tmp_filepath = format("{tmp_dir}/temporary_ranger_config.properties")
-  # we need to copy so non-root user is able to read it.
-  File(tmp_filepath,
-    content = StaticFile(filepath),
-  )
-
-  for line in fileinput.input(tmp_filepath, inplace=1):
-    if not line.lstrip(' ').startswith('#') and '=' in line:
-      _infile_var = str(line.split('=')[0].rstrip(' '))
-      _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
-      if var_found == False and _infile_var.rstrip(' ') == V:
-        var_found = True
-        if _infile_set.lstrip(' ') == S:
-          already_set = True
-        else:
-          line = format("{V}={S}\n")
-
-    sys.stdout.write(line)
-    
-  # copy it back
-  File(filepath,
-    content = StaticFile(tmp_filepath),
-  )
-
-  if not var_found:
-    Execute(format("echo '{V}={S}\\n' | ") + as_sudo(['tee', '-a', filepath]))
-  elif already_set == True:
-    pass
-  else:
-    pass
-
-  return
-
-def admin_properties():
-  import params
-
-  admin_properties = dict()
-
-  admin_properties['DB_FLAVOR'] = params.db_flavor
-  admin_properties['SQL_COMMAND_INVOKER'] = params.sql_command_invoker
-  admin_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
-  admin_properties['db_root_user'] = params.db_root_user
-  admin_properties['db_root_password'] = params.db_root_password
-  admin_properties['db_host'] = params.db_host
-  admin_properties['db_name'] = params.db_name
-  admin_properties['db_user'] = params.db_user
-  admin_properties['db_password'] = params.db_password
-  admin_properties['audit_db_name'] = params.audit_db_name
-  admin_properties['audit_db_user'] = params.audit_db_user
-  admin_properties['audit_db_password'] = params.audit_db_password
-  admin_properties['policymgr_external_url'] = params.policymgr_external_url
-  admin_properties['policymgr_http_enabled'] = params.policymgr_http_enabled
-  admin_properties['authentication_method'] = params.authentication_method
-  admin_properties['remoteLoginEnabled'] = params.remoteLoginEnabled
-  admin_properties['authServiceHostName'] = params.authServiceHostName
-  admin_properties['authServicePort'] = params.authServicePort
-  admin_properties['xa_ldap_url'] = params.xa_ldap_url
-  admin_properties['xa_ldap_userDNpattern'] = params.xa_ldap_userDNpattern
-  admin_properties['xa_ldap_groupSearchBase'] = params.xa_ldap_groupSearchBase
-  admin_properties['xa_ldap_groupSearchFilter'] = params.xa_ldap_groupSearchFilter
-  admin_properties['xa_ldap_groupRoleAttribute'] = params.xa_ldap_groupRoleAttribute
-  admin_properties['xa_ldap_ad_domain'] = params.xa_ldap_ad_domain
-  admin_properties['xa_ldap_ad_url'] = params.xa_ldap_ad_url
-
-  return admin_properties
-
-def usersync_properties():
-  import params
-  
-  usersync_properties = dict()
-
-  usersync_properties['POLICY_MGR_URL'] = params.policymgr_external_url
-
-  usersync_properties['SYNC_SOURCE'] = params.sync_source
-  usersync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = params.min_unix_user_id_to_sync
-  usersync_properties['SYNC_INTERVAL'] = params.sync_interval
-  usersync_properties['SYNC_LDAP_URL'] = params.sync_ldap_url
-  usersync_properties['SYNC_LDAP_BIND_DN'] = params.sync_ldap_bind_dn
-  usersync_properties['SYNC_LDAP_BIND_PASSWORD'] = params.sync_ldap_bind_password
-  usersync_properties['CRED_KEYSTORE_FILENAME'] = params.cred_keystore_filename
-  usersync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = params.sync_ldap_user_search_base
-  usersync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.sync_ldap_user_search_scope
-  usersync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = params.sync_ldap_user_object_class
-  usersync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = params.sync_ldap_user_search_filter
-  usersync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.sync_ldap_user_name_attribute
-  usersync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.sync_ldap_user_group_name_attribute
-  usersync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.sync_ldap_username_case_conversion
-  usersync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.sync_ldap_groupname_case_conversion
-  usersync_properties['logdir'] = params.logdir
-
-  return usersync_properties
-
 def check_db_connnection():
   import params
 
-  db_root_password = params.db_root_password
-  db_root_user = params.db_root_user
-  db_host = params.db_host
-  sql_command_invoker = params.sql_command_invoker
-  db_flavor = params.db_flavor
-  cmd_str = ""
   Logger.info('Checking DB connection')
 
-  if db_flavor and db_flavor.lower() == 'mysql':
-    cmd_str = "\"" + sql_command_invoker + "\"" + " -u " + db_root_user + " --password=" + db_root_password + " -h " + db_host + " -s -e \"select version();\""
-  elif db_flavor and db_flavor.lower() == 'oracle':
-    cmd_str = sql_command_invoker +" " +  db_root_user + "/" + db_root_password + "@" + db_host + " AS SYSDBA"
-  status, output = get_status_output(cmd_str)
-
-  if status == 0:
-    Logger.info('Checking DB connection DONE')
-    return True
-  else:
-    Logger.info(
-      'Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host, DB administrative privileges configured for connectivity from the Ranger Admin host to the configured DB host/instance and the DB server up and running on the DB host.')
-    sys.exit(1)
-
-def get_status_output(cmd):
-  import subprocess
+  if params.db_flavor.lower() == 'mysql':
+    cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password} -h {db_host}  -s -e "select version();"')
+  elif params.db_flavor.lower() == 'oracle':
+    cmd = format('{sql_command_invoker} {db_root_user}/{db_root_password}@{db_host} AS SYSDBA')
 
-  ret = subprocess.call(cmd, shell=True)
-  return ret, ret
+  try:
+    Execute(cmd)
+  except Fail as ex:
+    Logger.info(ex)
+    raise Fail('Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host, DB administrative privileges configured for connectivity from the Ranger Admin host to the configured DB host/instance and the DB server up and running on the DB host.')

ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py

@@ -17,29 +17,143 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 '''
-
-import sys
-import os
-from stacks.utils.RMFTestCase import RMFTestCase
-from mock.mock import patch
-
+from mock.mock import MagicMock, patch
+from stacks.utils.RMFTestCase import *
 
 class TestRangerAdmin(RMFTestCase):
   COMMON_SERVICES_PACKAGE_DIR = "RANGER/0.4.0/package"
   STACK_VERSION = "2.2"
 
-  def setUp(self):
-    sys.path.insert(0, os.path.join(os.getcwd(), "../../main/resources/common-services", self.COMMON_SERVICES_PACKAGE_DIR, "scripts"))
-
-  @patch("setup_ranger.setup_ranger")
-  def test_upgrade(self, setup_ranger_mock):
+  def test_configure_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+                   classname = "RangerAdmin",
+                   command = "configure",
+                   config_file="default.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_default()
+    self.assertNoMoreResources()
+    
+  def test_start_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+                   classname = "RangerAdmin",
+                   command = "start",
+                   config_file="default.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_default()
+    self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-start',
+        not_if = 'ps -ef | grep proc_rangeradmin | grep -v grep',
+        user = 'ranger',
+    )
+    self.assertNoMoreResources()
+    
+  def test_stop_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+                   classname = "RangerAdmin",
+                   command = "stop",
+                   config_file="default.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-stop',
+        user = 'ranger',
+    )
+    self.assertNoMoreResources()
+    
+  def test_configure_secured(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+                   classname = "RangerAdmin",
+                   command = "configure",
+                   config_file="secured.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_secured()
+    self.assertNoMoreResources()
+    
+  def test_start_secured(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+                   classname = "RangerAdmin",
+                   command = "start",
+                   config_file="secured.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_secured()
+    self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-start',
+        not_if = 'ps -ef | grep proc_rangeradmin | grep -v grep',
+        user = 'ranger',
+    )
+    self.assertNoMoreResources()
+    
+  def test_stop_secured(self):
     self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
-                       classname = "RangerAdmin",
-                       command = "restart",
-                       config_file="ranger-admin-upgrade.json",
-                       hdp_stack_version = self.STACK_VERSION,
-                       target = RMFTestCase.TARGET_COMMON_SERVICES)
+                   classname = "RangerAdmin",
+                   command = "stop",
+                   config_file="secured.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-stop',
+        user = 'ranger',
+    )
+    self.assertNoMoreResources()
 
-    self.assertTrue(setup_ranger_mock.called)
-    self.assertResourceCalled("Execute", "/usr/bin/ranger-admin-stop", user="ranger")
-    self.assertResourceCalled("Execute", "hdp-select set ranger-admin 2.2.2.0-2399")
+  def assert_configure_default(self):
+    self.assertResourceCalled('Execute', 'mysql -u root --password=aa -h localhost  -s -e "select version();"',)
+    self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar',
+        content = DownloadSource('http://c6401.ambari.apache.org:8080/resources//mysql-jdbc-driver.jar'),
+    )
+    self.assertResourceCalled('Execute', ('cp',
+     '--remove-destination',
+     '/tmp/mysql-connector-java.jar',
+     '/usr/share/java/mysql-connector-java.jar'),
+        not_if = 'test -f /usr/share/java/mysql-connector-java.jar',
+        sudo = True,
+        path = ['/bin', '/usr/bin/'],
+    )
+    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties',
+        properties = self.getConfig()['configurations']['admin-properties'],
+    )
+    self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh',
+        logoutput = True,
+        environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+    )
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties',
+        properties = self.getConfig()['configurations']['ranger-site'],
+    )
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties',
+        mode = 0744,
+        properties = self.getConfig()['configurations']['ranger-site']
+    )
+      
+  def assert_configure_secured(self):
+    self.assertResourceCalled('Execute', 'mysql -u root --password=rootpassword -h localhost  -s -e "select version();"',)
+    self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar',
+        content = DownloadSource('http://c6401.ambari.apache.org:8080/resources//mysql-jdbc-driver.jar'),
+    )
+    self.assertResourceCalled('Execute', ('cp',
+     '--remove-destination',
+     '/tmp/mysql-connector-java.jar',
+     '/usr/share/java/mysql-connector-java.jar'),
+        not_if = 'test -f /usr/share/java/mysql-connector-java.jar',
+        sudo = True,
+        path = ['/bin', '/usr/bin/'],
+    )
+    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties',
+        properties = self.getConfig()['configurations']['admin-properties'],
+    )
+    self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh',
+        logoutput = True,
+        environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+    )
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties',
+        properties = self.getConfig()['configurations']['ranger-site'],
+    )
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties',
+        mode = 0744,
+        properties = self.getConfig()['configurations']['ranger-site']
+    )

ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py

@@ -17,22 +17,91 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 '''
+from mock.mock import MagicMock, patch
+from stacks.utils.RMFTestCase import *
 
-import sys
-import os
-from stacks.utils.RMFTestCase import RMFTestCase
-from mock.mock import patch
-
-
-class TestRangerUserSync(RMFTestCase):
+class TestRangerUsersync(RMFTestCase):
   COMMON_SERVICES_PACKAGE_DIR = "RANGER/0.4.0/package"
   STACK_VERSION = "2.2"
 
-  def setUp(self):
-    sys.path.insert(0, os.path.join(os.getcwd(),
-      "../../main/resources/common-services", self.COMMON_SERVICES_PACKAGE_DIR,
-      "scripts"))
-
+  def test_configure_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+                   classname = "RangerUsersync",
+                   command = "configure",
+                   config_file="default.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_default()
+    self.assertNoMoreResources()
+    
+  def test_start_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+                   classname = "RangerUsersync",
+                   command = "start",
+                   config_file="default.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_default()
+    self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-start',),
+        not_if = 'ps -ef | grep proc_rangerusersync | grep -v grep',
+        sudo = True,
+    )
+    self.assertNoMoreResources()
+    
+  def test_stop_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+                   classname = "RangerUsersync",
+                   command = "stop",
+                   config_file="default.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-stop',),
+        sudo = True,
+    )
+    self.assertNoMoreResources()
+    
+  def test_configure_secured(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+                   classname = "RangerUsersync",
+                   command = "configure",
+                   config_file="secured.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_secured()
+    self.assertNoMoreResources()
+    
+  def test_start_secured(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+                   classname = "RangerUsersync",
+                   command = "start",
+                   config_file="secured.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_secured()
+    self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-start',),
+        not_if = 'ps -ef | grep proc_rangerusersync | grep -v grep',
+        sudo = True,
+    )
+    self.assertNoMoreResources()
+    
+  def test_stop_secured(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
+                   classname = "RangerUsersync",
+                   command = "stop",
+                   config_file="secured.json",
+                   hdp_stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-stop',),
+        sudo = True,
+    )
+    self.assertNoMoreResources()
+    
   @patch("setup_ranger.setup_usersync")
   def test_upgrade(self, setup_usersync_mock):
     self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py",
@@ -44,4 +113,40 @@ class TestRangerUserSync(RMFTestCase):
 
     self.assertTrue(setup_usersync_mock.called)
     self.assertResourceCalled("Execute", ("/usr/bin/ranger-usersync-stop",), sudo=True)
-    self.assertResourceCalled("Execute", "hdp-select set ranger-usersync 2.2.2.0-2399")
+    self.assertResourceCalled("Execute", "hdp-select set ranger-usersync 2.2.2.0-2399")
+
+  def assert_configure_default(self):
+    self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties',
+        properties = self.getConfig()['configurations']['usersync-properties'],
+    )
+    self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh',
+        logoutput = True,
+        environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+    )
+    self.assertResourceCalled('File', '/usr/bin/ranger-usersync-start',
+        owner = 'ranger',
+    )
+    self.assertResourceCalled('File', '/usr/bin/ranger-usersync-stop',
+        owner = 'ranger',
+    )
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh',
+        mode = 0755,
+    )
+      
+  def assert_configure_secured(self):
+    self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties',
+        properties = self.getConfig()['configurations']['usersync-properties'],
+    )
+    self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh',
+        logoutput = True,
+        environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+    )
+    self.assertResourceCalled('File', '/usr/bin/ranger-usersync-start',
+        owner = 'ranger',
+    )
+    self.assertResourceCalled('File', '/usr/bin/ranger-usersync-stop',
+        owner = 'ranger',
+    )
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh',
+        mode = 0755,
+    )

ambari-server/src/test/python/stacks/2.2/configs/default.json

@@ -31,6 +31,89 @@
     "taskId": 152,
     "public_hostname": "c6401.ambari.apache.org",
     "configurations": {
+        "admin-properties": {
+            "authentication_method": "UNIX", 
+            "db_root_user": "root", 
+            "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"", 
+            "audit_db_name": "ranger_audit", 
+            "xa_ldap_ad_domain": "\"xasecure.net\"", 
+            "remoteLoginEnabled": "true", 
+            "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar", 
+            "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"", 
+            "SQL_COMMAND_INVOKER": "mysql", 
+            "db_user": "rangeradmin", 
+            "db_password": "aa", 
+            "authServicePort": "5151", 
+            "audit_db_password": "aa", 
+            "DB_FLAVOR": "MYSQL", 
+            "audit_db_user": "rangerlogger", 
+            "db_root_password": "aa", 
+            "xa_ldap_url": "\"ldap://71.127.43.33:389\"", 
+            "db_name": "ranger", 
+            "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"", 
+            "authServiceHostName": "localhost", 
+            "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"", 
+            "policymgr_external_url": "http://localhost:6080", 
+            "policymgr_http_enabled": "true", 
+            "db_host": "localhost", 
+            "xa_ldap_groupRoleAttribute": "\"cn\""
+        }, 
+        "ranger-site": {
+            "http.enabled": "true", 
+            "http.service.port": "6080", 
+            "https.attrib.keystorePass": "ranger", 
+            "https.attrib.clientAuth": "want", 
+            "https.attrib.keystoreFile": "/etc/ranger/admin/keys/server.jks", 
+            "https.service.port": "6182", 
+            "https.attrib.keyAlias": "myKey"
+        }, 
+        "usersync-properties": {
+            "SYNC_INTERVAL": "1", 
+            "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower", 
+            "SYNC_LDAP_USER_SEARCH_FILTER": "-", 
+            "SYNC_LDAP_URL": "ldap://localhost:389", 
+            "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower", 
+            "SYNC_LDAP_USER_SEARCH_SCOPE": "sub", 
+            "SYNC_LDAP_BIND_PASSWORD": "admin321", 
+            "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn", 
+            "MIN_UNIX_USER_ID_TO_SYNC": "1000", 
+            "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net", 
+            "SYNC_LDAP_USER_OBJECT_CLASS": "person", 
+            "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks", 
+            "SYNC_SOURCE": "unix", 
+            "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net", 
+            "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof", 
+            "logdir": "logs"
+        }, 
+        "usersync-properties": {
+            "SYNC_INTERVAL": "1", 
+            "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower", 
+            "SYNC_LDAP_USER_SEARCH_FILTER": "-", 
+            "SYNC_LDAP_URL": "ldap://localhost:389", 
+            "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower", 
+            "SYNC_LDAP_USER_SEARCH_SCOPE": "sub", 
+            "SYNC_LDAP_BIND_PASSWORD": "admin321", 
+            "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn", 
+            "MIN_UNIX_USER_ID_TO_SYNC": "1000", 
+            "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net", 
+            "SYNC_LDAP_USER_OBJECT_CLASS": "person", 
+            "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks", 
+            "SYNC_SOURCE": "unix", 
+            "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net", 
+            "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof", 
+            "logdir": "logs"
+        }, 
+        "ranger-env": {
+            "ranger_group": "ranger", 
+            "ranger_admin_log_dir": "/var/log/ranger/admin", 
+            "oracle_home": "-", 
+            "admin_username": "admin", 
+            "ranger_user": "ranger", 
+            "ranger_admin_username": "amb_ranger_admin", 
+            "admin_password": "admin", 
+            "ranger_admin_password": "aa", 
+            "ranger_usersync_log_dir": "/var/log/ranger/usersync"
+        }, 
         "spark-defaults": {
             "spark.yarn.applicationMaster.waitTries": "10", 
             "spark.history.kerberos.keytab": "none", 

ambari-server/src/test/python/stacks/2.2/configs/secured.json

@@ -30,6 +30,100 @@
     "taskId": 152,
     "public_hostname": "c6401.ambari.apache.org",
     "configurations": {
+        "ranger-env": {
+            "ranger_group": "ranger", 
+            "ranger_admin_password": "ambari123", 
+            "oracle_home": "-", 
+            "admin_username": "admin", 
+            "ranger_user": "ranger", 
+            "ranger_admin_username": "amb_ranger_admin", 
+            "admin_password": "admin", 
+            "ranger_admin_log_dir": "/var/log/ranger/admin", 
+            "ranger_usersync_log_dir": "/var/log/ranger/usersync"
+        }, 
+        "admin-properties": {
+            "db_password": "admin", 
+            "db_root_user": "root", 
+            "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"", 
+            "xa_ldap_ad_domain": "\"xasecure.net\"", 
+            "SQL_COMMAND_INVOKER": "mysql", 
+            "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar", 
+            "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"", 
+            "remoteLoginEnabled": "true", 
+            "audit_db_name": "ranger_audit", 
+            "ambari_user_password": "admin", 
+            "authServicePort": "5151", 
+            "audit_db_password": "admin", 
+            "DB_FLAVOR": "MYSQL", 
+            "audit_db_user": "rangerlogger", 
+            "xa_ldap_groupRoleAttribute": "\"cn\"", 
+            "xa_ldap_url": "\"ldap://71.127.43.33:389\"", 
+            "db_name": "ranger", 
+            "authentication_method": "UNIX", 
+            "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"", 
+            "policymgr_http_enabled": "true", 
+            "authServiceHostName": "localhost", 
+            "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"", 
+            "unix_group": "ranger", 
+            "policymgr_external_url": "http://localhost:6080", 
+            "db_user": "rangeradmin", 
+            "db_host": "localhost", 
+            "unix_user": "ranger", 
+            "db_root_password": "rootpassword"
+        }, 
+        "ranger-hdfs-plugin-properties": {
+            "XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS": "900", 
+            "XAAUDIT.HDFS.DESTINATION_DIRECTORY": "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%", 
+            "POLICY_USER": "ambari-qa", 
+            "XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit", 
+            "common.name.for.certificate": "-", 
+            "XAAUDIT.HDFS.IS_ENABLED": "false", 
+            "XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log", 
+            "SSL_KEYSTORE_PASSWORD": "myKeyFilePassword", 
+            "XAAUDIT.DB.IS_ENABLED": "true", 
+            "XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS": "600", 
+            "hadoop.rpc.protection": "-", 
+            "ranger-hdfs-plugin-enabled": "No", 
+            "SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks", 
+            "XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60", 
+            "policy_user": "ambari-qa", 
+            "XAAUDIT.HDFS.DESTINTATION_FILE": "%hostname%-audit.log", 
+            "XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS": "86400", 
+            "XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT": "10", 
+            "SSL_TRUSTSTORE_PASSWORD": "changeit", 
+            "XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive", 
+            "REPOSITORY_CONFIG_USERNAME": "hadoop", 
+            "XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS": "60", 
+            "SSL_TRUSTSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-truststore.jks", 
+            "REPOSITORY_CONFIG_PASSWORD": "hadoop"
+        }, 
+        "ranger-site": {
+            "HTTPS_KEYSTORE_FILE": "/etc/ranger/admin/keys/server.jks", 
+            "HTTPS_CLIENT_AUTH": "want", 
+            "HTTPS_SERVICE_PORT": "6182", 
+            "HTTPS_KEY_ALIAS": "myKey", 
+            "HTTPS_KEYSTORE_PASS": "ranger", 
+            "HTTP_ENABLED": "true", 
+            "HTTP_SERVICE_PORT": "6080"
+        }, 
+        "usersync-properties": {
+            "SYNC_INTERVAL": "1", 
+            "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower", 
+            "SYNC_LDAP_USER_SEARCH_FILTER": "-", 
+            "SYNC_LDAP_URL": "ldap://localhost:389", 
+            "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower", 
+            "SYNC_LDAP_USER_SEARCH_SCOPE": "sub", 
+            "SYNC_LDAP_BIND_PASSWORD": "admin321", 
+            "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn", 
+            "MIN_UNIX_USER_ID_TO_SYNC": "1000", 
+            "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net", 
+            "logdir": "logs", 
+            "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks", 
+            "SYNC_SOURCE": "unix", 
+            "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net", 
+            "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof", 
+            "SYNC_LDAP_USER_OBJECT_CLASS": "person"
+        }, 
         "spark-defaults": {
             "spark.yarn.applicationMaster.waitTries": "10", 
             "spark.history.kerberos.keytab": "/etc/security/keytabs/spark.service.keytab",