test_knox_gateway.py 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215
  1. #!/usr/bin/env python
  2. '''
  3. Licensed to the Apache Software Foundation (ASF) under one
  4. or more contributor license agreements. See the NOTICE file
  5. distributed with this work for additional information
  6. regarding copyright ownership. The ASF licenses this file
  7. to you under the Apache License, Version 2.0 (the
  8. "License"); you may not use this file except in compliance
  9. with the License. You may obtain a copy of the License at
  10. http://www.apache.org/licenses/LICENSE-2.0
  11. Unless required by applicable law or agreed to in writing, software
  12. distributed under the License is distributed on an "AS IS" BASIS,
  13. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. See the License for the specific language governing permissions and
  15. limitations under the License.
  16. '''
  17. from resource_management import *
  18. from stacks.utils.RMFTestCase import *
  19. from mock.mock import patch
  20. class TestKnoxGateway(RMFTestCase):
  21. COMMON_SERVICES_PACKAGE_DIR = "KNOX/0.5.0.2.2/package"
  22. STACK_VERSION = "2.2"
  23. def test_configure_default(self):
  24. self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
  25. classname = "KnoxGateway",
  26. command = "configure",
  27. config_file="default.json",
  28. hdp_stack_version = self.STACK_VERSION,
  29. target = RMFTestCase.TARGET_COMMON_SERVICES
  30. )
  31. self.assertResourceCalled('Directory', '/etc/knox/conf',
  32. owner = 'knox',
  33. group = 'knox',
  34. recursive = True
  35. )
  36. self.assertResourceCalled('XmlConfig', 'gateway-site.xml',
  37. owner = 'knox',
  38. group = 'knox',
  39. conf_dir = '/etc/knox/conf',
  40. configurations = self.getConfig()['configurations']['gateway-site'],
  41. configuration_attributes = self.getConfig()['configuration_attributes']['gateway-site']
  42. )
  43. self.assertResourceCalled('File', '/etc/knox/conf/gateway-log4j.properties',
  44. mode=0644,
  45. group='knox',
  46. owner = 'knox',
  47. content = self.getConfig()['configurations']['gateway-log4j']['content']
  48. )
  49. self.assertResourceCalled('File', '/etc/knox/conf/topologies/default.xml',
  50. group='knox',
  51. owner = 'knox',
  52. content = InlineTemplate(self.getConfig()['configurations']['topology']['content'])
  53. )
  54. self.assertResourceCalled('Execute', ('chown',
  55. '-R',
  56. 'knox:knox',
  57. '/var/lib/knox/data',
  58. '/var/log/knox',
  59. '/var/log/knox',
  60. '/var/run/knox',
  61. '/etc/knox/conf'),
  62. sudo = True,
  63. )
  64. self.assertResourceCalled('Execute', '/usr/lib/knox/bin/knoxcli.sh create-master --master sa',
  65. environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
  66. not_if = "/usr/bin/sudo su knox -l -s /bin/bash -c '[RMF_EXPORT_PLACEHOLDER]test -f /var/lib/knox/data/security/master'",
  67. user = 'knox',
  68. )
  69. self.assertResourceCalled('Execute', '/usr/lib/knox/bin/knoxcli.sh create-cert --hostname c6401.ambari.apache.org',
  70. environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
  71. not_if = "/usr/bin/sudo su knox -l -s /bin/bash -c '[RMF_EXPORT_PLACEHOLDER]test -f /var/lib/knox/data/security/master'",
  72. user = 'knox',
  73. )
  74. self.assertResourceCalled('File', '/etc/knox/conf/ldap-log4j.properties',
  75. mode=0644,
  76. group='knox',
  77. owner = 'knox',
  78. content = self.getConfig()['configurations']['ldap-log4j']['content']
  79. )
  80. self.assertResourceCalled('File', '/etc/knox/conf/users.ldif',
  81. mode=0644,
  82. group='knox',
  83. owner = 'knox',
  84. content = self.getConfig()['configurations']['users-ldif']['content']
  85. )
  86. self.assertNoMoreResources()
  87. @patch("resource_management.libraries.functions.security_commons.build_expectations")
  88. @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
  89. @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
  90. @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
  91. @patch("resource_management.libraries.script.Script.put_structured_out")
  92. def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock,
  93. validate_security_config_mock, get_params_mock, build_exp_mock):
  94. # Test that function works when is called with correct parameters
  95. security_params = {
  96. "krb5JAASLogin":
  97. {
  98. 'keytab': "/path/to/keytab",
  99. 'principal': "principal"
  100. },
  101. "gateway-site" : {
  102. "gateway.hadoop.kerberos.secured" : "true"
  103. }
  104. }
  105. result_issues = []
  106. get_params_mock.return_value = security_params
  107. validate_security_config_mock.return_value = result_issues
  108. self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
  109. classname = "KnoxGateway",
  110. command="security_status",
  111. config_file="secured.json",
  112. hdp_stack_version = self.STACK_VERSION,
  113. target = RMFTestCase.TARGET_COMMON_SERVICES
  114. )
  115. import status_params
  116. self.assertTrue(build_exp_mock.call_count, 2)
  117. build_exp_mock.assert_called_with('gateway-site', {"gateway.hadoop.kerberos.secured": "true"}, None, None)
  118. put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
  119. self.assertTrue(cached_kinit_executor_mock.call_count, 1)
  120. cached_kinit_executor_mock.assert_called_with(status_params.kinit_path_local,
  121. status_params.knox_user,
  122. security_params['krb5JAASLogin']['keytab'],
  123. security_params['krb5JAASLogin']['principal'],
  124. status_params.hostname,
  125. status_params.temp_dir)
  126. # Testing that the exception throw by cached_executor is caught
  127. cached_kinit_executor_mock.reset_mock()
  128. cached_kinit_executor_mock.side_effect = Exception("Invalid command")
  129. try:
  130. self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
  131. classname = "KnoxGateway",
  132. command="security_status",
  133. config_file="secured.json",
  134. hdp_stack_version = self.STACK_VERSION,
  135. target = RMFTestCase.TARGET_COMMON_SERVICES
  136. )
  137. except:
  138. self.assertTrue(True)
  139. # Testing with a security_params which doesn't contains krb5JAASLogin
  140. empty_security_params = {"krb5JAASLogin" : {}}
  141. cached_kinit_executor_mock.reset_mock()
  142. get_params_mock.reset_mock()
  143. put_structured_out_mock.reset_mock()
  144. get_params_mock.return_value = empty_security_params
  145. self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
  146. classname = "KnoxGateway",
  147. command="security_status",
  148. config_file="secured.json",
  149. hdp_stack_version = self.STACK_VERSION,
  150. target = RMFTestCase.TARGET_COMMON_SERVICES
  151. )
  152. put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file and principal are not set."})
  153. # Testing with not empty result_issues
  154. result_issues_with_params = {'krb5JAASLogin': "Something bad happened"}
  155. validate_security_config_mock.reset_mock()
  156. get_params_mock.reset_mock()
  157. validate_security_config_mock.return_value = result_issues_with_params
  158. get_params_mock.return_value = security_params
  159. self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
  160. classname = "KnoxGateway",
  161. command="security_status",
  162. config_file="secured.json",
  163. hdp_stack_version = self.STACK_VERSION,
  164. target = RMFTestCase.TARGET_COMMON_SERVICES
  165. )
  166. put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
  167. # Testing with security_enable = false
  168. self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
  169. classname = "KnoxGateway",
  170. command="security_status",
  171. config_file="default.json",
  172. hdp_stack_version = self.STACK_VERSION,
  173. target = RMFTestCase.TARGET_COMMON_SERVICES
  174. )
  175. put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
  176. @patch("tarfile.open")
  177. @patch("os.path.isdir")
  178. def test_pre_rolling_restart(self, isdir_mock, tarfile_open_mock):
  179. isdir_mock.return_value = True
  180. self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
  181. classname = "KnoxGateway",
  182. command = "pre_rolling_restart",
  183. config_file="default.json",
  184. hdp_stack_version = self.STACK_VERSION,
  185. target = RMFTestCase.TARGET_COMMON_SERVICES)
  186. self.assertTrue(tarfile_open_mock.called)
  187. self.assertResourceCalled("Execute", "hdp-select set knox-server 2.2.1.0-2067")