knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmin...@apache.org
Subject git commit: KNOX-264: Add --force switch to knoxcli create-master to allow mater to be overwritten.
Date Thu, 06 Mar 2014 17:40:58 GMT
Repository: knox
Updated Branches:
  refs/heads/master a5362cad5 -> 6ab576db0


KNOX-264: Add --force switch to knoxcli create-master to allow mater to be overwritten.


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/6ab576db
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/6ab576db
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/6ab576db

Branch: refs/heads/master
Commit: 6ab576db0bebf655c13bca89caaf14e8a1130676
Parents: a5362ca
Author: Kevin Minder <kevin.minder@hortonworks.com>
Authored: Thu Mar 6 12:40:52 2014 -0500
Committer: Kevin Minder <kevin.minder@hortonworks.com>
Committed: Thu Mar 6 12:40:52 2014 -0500

----------------------------------------------------------------------
 .../org/apache/hadoop/gateway/util/KnoxCLI.java | 66 +++++++++++++++-
 .../apache/hadoop/gateway/util/KnoxCLITest.java | 79 +++++++++++++++++---
 2 files changed, 132 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/6ab576db/gateway-server/src/main/java/org/apache/hadoop/gateway/util/KnoxCLI.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/util/KnoxCLI.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/util/KnoxCLI.java
index 040dfea..c754fd7 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/util/KnoxCLI.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/util/KnoxCLI.java
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.gateway.util;
 
+import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.conf.Configured;
 import org.apache.hadoop.gateway.GatewayCommandLine;
 import org.apache.hadoop.gateway.GatewayServer;
@@ -33,6 +34,7 @@ import org.apache.hadoop.util.Tool;
 import org.apache.hadoop.util.ToolRunner;
 import org.apache.log4j.PropertyConfigurator;
 
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintStream;
@@ -70,8 +72,9 @@ public class KnoxCLI extends Configured implements Tool {
   private String cluster = null;
   private String generate = "false";
   private String hostname = null;
+  private boolean force = false;
   
-  // for testing only
+  // For testing only
   private String master = null;
 
   /* (non-Javadoc)
@@ -86,7 +89,7 @@ public class KnoxCLI extends Configured implements Tool {
         return exitCode;
       }
       if (command.validate()) {
-          initializeServices(command instanceof MasterCreateCommand);
+          initializeServices( command instanceof MasterCreateCommand );
           command.execute();
       } else {
         exitCode = -1;
@@ -199,6 +202,8 @@ public class KnoxCLI extends Configured implements Tool {
           return -1;
         }
         this.master = args[++i];
+      } else if (args[i].equals("--force")) {
+        this.force = true;
       } else if (args[i].equals("--help")) {
         printKnoxShellUsage();
         return -1;
@@ -472,15 +477,68 @@ public class KnoxCLI extends Configured implements Tool {
   *
   */
  public class MasterCreateCommand extends Command {
-  public static final String USAGE = "create-master";
+  public static final String USAGE = "create-master [--force]";
   public static final String DESC = "The create-master command persists the\n" +
                                     "master secret in a file located at:\n" +
                                     "{GATEWAY_HOME}/data/security/master. It\n" +
-                                    "will prompt the user for the secret to persist.";
+                                    "will prompt the user for the secret to persist.\n" +
+                                    "Use --force to overwrite the master secret.";
 
    public MasterCreateCommand() {
    }
 
+   private GatewayConfig getGatewayConfig() {
+     GatewayConfig result;
+     Configuration conf = getConf();
+     if( conf != null && conf instanceof GatewayConfig ) {
+       result = (GatewayConfig)conf;
+     } else {
+       result = new GatewayConfigImpl();
+     }
+     return result;
+   }
+
+   public boolean validate() {
+     boolean valid = true;
+     GatewayConfig config = getGatewayConfig();
+     File dir = new File( config.getGatewaySecurityDir() );
+     File file = new File( dir, "master" );
+     if( file.exists() ) {
+       if( force ) {
+         if( !file.canWrite() ) {
+           out.println(
+               "This command requires write permissions on the master secret file: " +
+                   file.getAbsolutePath() );
+           valid = false;
+         } else if( !file.canWrite() ) {
+           out.println(
+               "This command requires write permissions on the master secret file: " +
+                   file.getAbsolutePath() );
+           valid = false;
+         } else {
+           valid = file.delete();
+           if( !valid ) {
+             out.println(
+                 "Unable to delete the master secret file: " +
+                     file.getAbsolutePath() );
+           }
+         }
+       } else {
+         out.println(
+             "Master secret is already present on disk. " +
+                 "Please be aware that overwriting it will require updating other security
artifacts. " +
+                 " Use --force to overwrite the existing master secret." );
+         valid = false;
+       }
+     } else if( dir.exists() && !dir.canWrite() ) {
+       out.println(
+           "This command requires write permissions on the security directory: " +
+               dir.getAbsolutePath() );
+       valid = false;
+     }
+     return valid;
+   }
+
    /* (non-Javadoc)
     * @see org.apache.hadoop.gateway.util.KnoxCLI.Command#execute()
     */

http://git-wip-us.apache.org/repos/asf/knox/blob/6ab576db/gateway-server/src/test/java/org/apache/hadoop/gateway/util/KnoxCLITest.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/test/java/org/apache/hadoop/gateway/util/KnoxCLITest.java
b/gateway-server/src/test/java/org/apache/hadoop/gateway/util/KnoxCLITest.java
index 1efe6ea..fbba3a7 100644
--- a/gateway-server/src/test/java/org/apache/hadoop/gateway/util/KnoxCLITest.java
+++ b/gateway-server/src/test/java/org/apache/hadoop/gateway/util/KnoxCLITest.java
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.gateway.util;
 
+import org.apache.commons.io.FileUtils;
 import org.apache.hadoop.gateway.config.impl.GatewayConfigImpl;
 import org.apache.hadoop.gateway.services.GatewayServices;
 import org.apache.hadoop.gateway.services.security.AliasService;
@@ -88,11 +89,14 @@ public class KnoxCLITest {
   
   @Test
   public void testGatewayAndClusterStores() throws Exception {
+    GatewayConfigImpl config = new GatewayConfigImpl();
+    FileUtils.deleteQuietly( new File( config.getGatewaySecurityDir() ) );
+
     outContent.reset();
     String[] gwCreateArgs = {"create-alias", "alias1", "--value", "testvalue1", "--master",
"master"};
     int rc = 0;
     KnoxCLI cli = new KnoxCLI();
-    cli.setConf(new GatewayConfigImpl());
+    cli.setConf( config );
     rc = cli.run(gwCreateArgs);
     assertEquals(0, rc);
     assertTrue(outContent.toString(), outContent.toString().contains("alias1 has been successfully
" +
@@ -104,7 +108,7 @@ public class KnoxCLITest {
     String[] clusterCreateArgs = {"create-alias", "alias2", "--value", "testvalue1", "--cluster",
"test", 
         "--master", "master"};
     cli = new KnoxCLI();
-    cli.setConf(new GatewayConfigImpl());
+    cli.setConf( config );
     rc = cli.run(clusterCreateArgs);
     assertEquals(0, rc);
     assertTrue(outContent.toString(), outContent.toString().contains("alias2 has been successfully
" +
@@ -146,14 +150,29 @@ public class KnoxCLITest {
     assertTrue(outContent.toString(), outContent.toString().contains("alias2 has been successfully
" +
         "deleted."));
   }
-  
+
+  private void createTestMaster() throws Exception {
+    outContent.reset();
+    String[] args = new String[]{ "create-master", "--master", "master", "--force" };
+    KnoxCLI cli = new KnoxCLI();
+    int rc = cli.run(args);
+    assertThat( rc, is( 0 ) );
+    MasterService ms = cli.getGatewayServices().getService("MasterService");
+    String master = String.copyValueOf( ms.getMasterSecret() );
+    assertThat( master, is( "master" ) );
+    assertThat( outContent.toString(), containsString( "Master secret has been persisted
to disk." ) );
+  }
+
   @Test
   public void testCreateSelfSignedCert() throws Exception {
+    GatewayConfigImpl config = new GatewayConfigImpl();
+    FileUtils.deleteQuietly( new File( config.getGatewaySecurityDir() ) );
+    createTestMaster();
     outContent.reset();
+    KnoxCLI cli = new KnoxCLI();
+    cli.setConf( config );
     String[] gwCreateArgs = {"create-cert", "--hostname", "hostname1", "--master", "master"};
     int rc = 0;
-    KnoxCLI cli = new KnoxCLI();
-    cli.setConf(new GatewayConfigImpl());
     rc = cli.run(gwCreateArgs);
     assertEquals(0, rc);
     assertTrue(outContent.toString(), outContent.toString().contains("gateway-identity has
been successfully " +
@@ -162,16 +181,18 @@ public class KnoxCLITest {
 
   @Test
   public void testCreateMaster() throws Exception {
+    GatewayConfigImpl config = new GatewayConfigImpl();
+    FileUtils.deleteQuietly( new File( config.getGatewaySecurityDir() ) );
     outContent.reset();
     String[] args = {"create-master", "--master", "master"};
     int rc = 0;
     KnoxCLI cli = new KnoxCLI();
-    cli.setConf(new GatewayConfigImpl());
+    cli.setConf( config );
     rc = cli.run(args);
+    assertEquals(0, rc);
     MasterService ms = cli.getGatewayServices().getService("MasterService");
     // assertTrue(ms.getClass().getName(), ms.getClass().getName().equals("kjdfhgjkhfdgjkh"));
-    assertTrue(new String(ms.getMasterSecret()), "master".equals(new String(ms.getMasterSecret())));
-    assertEquals(0, rc);
+    assertTrue( new String( ms.getMasterSecret() ), "master".equals( new String( ms.getMasterSecret()
) ) );
     assertTrue(outContent.toString(), outContent.toString().contains("Master secret has been
persisted to disk."));
   }
 
@@ -190,6 +211,7 @@ public class KnoxCLITest {
     KnoxCLI cli = new KnoxCLI();
     cli.setConf(config);
     rc = cli.run(args);
+    assertThat( rc, is( 0 ) );
     MasterService ms = cli.getGatewayServices().getService("MasterService");
     String master = String.copyValueOf( ms.getMasterSecret() );
     assertThat( master.length(), is( 36 ) );
@@ -198,7 +220,6 @@ public class KnoxCLITest {
     assertThat( master.indexOf( '-', 14 ), is( 18 ) );
     assertThat( master.indexOf( '-', 19 ), is( 23 ) );
     assertThat( UUID.fromString( master ), notNullValue() );
-    assertThat( rc, is( 0 ) );
     assertThat( outContent.toString(), containsString( "Master secret has been persisted
to disk." ) );
 
     // Need to delete the master file so that the change isn't ignored.
@@ -217,4 +238,44 @@ public class KnoxCLITest {
     assertThat(outContent.toString(), containsString("Master secret has been persisted to
disk."));
   }
 
+  @Test
+  public void testCreateMasterForce() throws Exception {
+    GatewayConfigImpl config = new GatewayConfigImpl();
+    File masterFile = new File( config.getGatewaySecurityDir(), "master" );
+
+    // Need to delete the master file so that the change isn't ignored.
+    if( masterFile.exists() ) {
+      assertThat( "Failed to delete existing master file.", masterFile.delete(), is( true
) );
+    }
+
+    KnoxCLI cli = new KnoxCLI();
+    cli.setConf(config);
+    MasterService ms;
+    int rc = 0;
+    outContent.reset();
+
+    String[] args = { "create-master", "--master", "test-master-1" };
+
+    rc = cli.run(args);
+    assertThat( rc, is( 0 ) );
+    ms = cli.getGatewayServices().getService("MasterService");
+    String master = String.copyValueOf( ms.getMasterSecret() );
+    assertThat( master, is( "test-master-1" ) );
+    assertThat( outContent.toString(), containsString( "Master secret has been persisted
to disk." ) );
+
+    outContent.reset();
+    rc = cli.run(args);
+    assertThat( rc, is( -1 ) );
+    assertThat( outContent.toString(), containsString( "Master secret is already present
on disk." ) );
+
+    outContent.reset();
+    args = new String[]{ "create-master", "--master", "test-master-2", "--force" };
+    rc = cli.run(args);
+    assertThat( rc, is( 0 ) );
+    ms = cli.getGatewayServices().getService("MasterService");
+    master = String.copyValueOf( ms.getMasterSecret() );
+    assertThat( master, is( "test-master-2" ) );
+    assertThat( outContent.toString(), containsString( "Master secret has been persisted
to disk." ) );
+  }
+
 }


Mime
View raw message