knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pzamp...@apache.org
Subject [3/3] knox git commit: KNOX-1215 - Hadoop Group Lookup Provider Config Wizard
Date Thu, 29 Mar 2018 14:06:14 GMT
KNOX-1215 - Hadoop Group Lookup Provider Config Wizard


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/a587795d
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/a587795d
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/a587795d

Branch: refs/heads/master
Commit: a587795d455df1a9c3b1d8d0ef2a23f965dd2127
Parents: c8a58d3
Author: Phil Zampino <pzampino@apache.org>
Authored: Thu Mar 22 08:36:16 2018 -0400
Committer: Phil Zampino <pzampino@apache.org>
Committed: Thu Mar 29 09:50:53 2018 -0400

----------------------------------------------------------------------
 .../grouplookup-id-assertion-provider-config.ts | 104 ++++++++++++++++++-
 .../identity-assertion-wizard.ts                |   2 +-
 .../applications/admin-ui/app/index.html        |   2 +-
 .../app/inline.28a8d98092b6bd6d51ba.bundle.js   |   1 +
 .../app/inline.5922232c90debf8486c1.bundle.js   |   1 -
 .../app/main.631c768090fd2016d0d1.bundle.js     |   1 +
 .../app/main.a6b3f9152a52845c9e6c.bundle.js     |   1 -
 7 files changed, 105 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts
b/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts
index 6562f26..a4aaeb1 100644
--- a/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts
+++ b/gateway-admin-ui/src/app/provider-config-wizard/grouplookup-id-assertion-provider-config.ts
@@ -16,20 +16,48 @@
  */
 
 import {IdentityAssertionProviderConfig} from "./identity-assertion-provider-config";
+import {ValidationUtils} from "../utils/validation-utils";
 
 export class GroupLookupAssertionProviderConfig extends IdentityAssertionProviderConfig {
 
-  static TODO  = 'ToDo'; // TODO: PJZ: Actual properties for
+  private static GROUP_MAPPING: string       = 'Group Mapping';
+  private static URL: string                 = 'LDAP URL';
+  private static BIND_USER: string           = 'Bind User';
+  private static BIND_PWD: string            = 'Bind Password';
+  private static USER_SEARCH_FILTER: string  = 'User Search Filter';
+  private static USER_BASE: string           = 'User Search Base';
+  private static GROUP_SEARCH_FILTER: string = 'Group Search Filter';
+  private static MEMBER_SEARCH_ATTR: string  = 'Group Member Attribute';
+  private static GROUP_SEARCH_ATTR: string   = 'Group Name Attribute';
 
-  private static displayPropertyNames = [ GroupLookupAssertionProviderConfig.TODO ];
+
+  private static displayPropertyNames = [ GroupLookupAssertionProviderConfig.URL,
+                                          GroupLookupAssertionProviderConfig.BIND_USER,
+                                          GroupLookupAssertionProviderConfig.BIND_PWD,
+                                          GroupLookupAssertionProviderConfig.USER_BASE,
+                                          GroupLookupAssertionProviderConfig.USER_SEARCH_FILTER,
+                                          GroupLookupAssertionProviderConfig.GROUP_SEARCH_FILTER,
+                                          GroupLookupAssertionProviderConfig.MEMBER_SEARCH_ATTR,
+                                          GroupLookupAssertionProviderConfig.GROUP_SEARCH_ATTR
+                                        ];
 
   private static displayPropertyNameBindings: Map<string, string> =
     new Map([
-      [GroupLookupAssertionProviderConfig.TODO, 'todo']
+      [GroupLookupAssertionProviderConfig.GROUP_MAPPING, 'hadoop.security.group.mapping'],
+      [GroupLookupAssertionProviderConfig.BIND_USER, 'hadoop.security.group.mapping.ldap.bind.user'],
+      [GroupLookupAssertionProviderConfig.BIND_PWD, 'hadoop.security.group.mapping.ldap.bind.password'],
+      [GroupLookupAssertionProviderConfig.URL, 'hadoop.security.group.mapping.ldap.url'],
+      [GroupLookupAssertionProviderConfig.USER_BASE, 'hadoop.security.group.mapping.ldap.base'],
+      [GroupLookupAssertionProviderConfig.USER_SEARCH_FILTER, 'hadoop.security.group.mapping.ldap.search.filter.user'],
+      [GroupLookupAssertionProviderConfig.GROUP_SEARCH_FILTER, 'hadoop.security.group.mapping.ldap.search.filter.group'],
+      [GroupLookupAssertionProviderConfig.MEMBER_SEARCH_ATTR, 'hadoop.security.group.mapping.ldap.search.attr.member'],
+      [GroupLookupAssertionProviderConfig.GROUP_SEARCH_ATTR, 'hadoop.security.group.mapping.ldap.search.attr.group.name']
     ]);
 
   constructor() {
     super('HadoopGroupProvider');
+    this.setParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.GROUP_MAPPING),
+                  'org.apache.hadoop.security.LdapGroupsMapping');
   }
 
   getDisplayPropertyNames(): string[] {
@@ -40,4 +68,74 @@ export class GroupLookupAssertionProviderConfig extends IdentityAssertionProvide
     return GroupLookupAssertionProviderConfig.displayPropertyNameBindings.get(name);
   }
 
+  isPasswordParam(name: string): boolean {
+    return (name === GroupLookupAssertionProviderConfig.BIND_PWD);
+  }
+
+  isValidParamValue(paramName: string): boolean {
+    let isValid: boolean;
+
+    switch (paramName) {
+      case GroupLookupAssertionProviderConfig.BIND_USER:
+        isValid = this.isBindUserValid();
+        break;
+      case GroupLookupAssertionProviderConfig.URL:
+        isValid = this.isLdapURLValid();
+        break;
+      case GroupLookupAssertionProviderConfig.BIND_PWD:
+      case GroupLookupAssertionProviderConfig.USER_BASE:
+      case GroupLookupAssertionProviderConfig.USER_SEARCH_FILTER:
+      case GroupLookupAssertionProviderConfig.GROUP_SEARCH_FILTER:
+      case GroupLookupAssertionProviderConfig.MEMBER_SEARCH_ATTR:
+      case GroupLookupAssertionProviderConfig.GROUP_SEARCH_ATTR:
+      default:
+        isValid = true;
+    }
+
+    return isValid;
+  }
+
+  private isBindUserValid(): boolean {
+    let isValid: boolean = true;
+
+    let url = this.getParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.BIND_USER));
+    if (url) {
+      isValid = ValidationUtils.isValidDNTemplate(url);
+      if (!isValid) {
+        console.debug(GroupLookupAssertionProviderConfig.BIND_USER + ' value is not a valid
DN');
+      }
+    }
+
+    return isValid;
+  }
+
+  private isLdapURLValid(): boolean {
+    let isValid: boolean = true;
+
+    let url = this.getParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.URL));
+    if (url) {
+      isValid = ValidationUtils.isValidLdapURL(url);
+      if (!isValid) {
+        console.debug(GroupLookupAssertionProviderConfig.URL+ ' value is not valid.');
+      }
+    } else {
+      isValid = false; // URL must be specified
+    }
+
+    return isValid;
+  }
+
+  private isDnTemplateValid(): boolean {
+    let isValid: boolean = true;
+
+    let dnTemplate = this.getParam(this.getDisplayNamePropertyBinding(GroupLookupAssertionProviderConfig.BIND_USER));
+    if (dnTemplate) {
+      isValid = ValidationUtils.isValidDNTemplate(dnTemplate);
+      if (!isValid) {
+        console.debug(GroupLookupAssertionProviderConfig.BIND_USER + ' value is not valid.');
+      }
+    }
+    return isValid;
+  }
+
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts
----------------------------------------------------------------------
diff --git a/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts
b/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts
index 95970a0..c704472 100644
--- a/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts
+++ b/gateway-admin-ui/src/app/provider-config-wizard/identity-assertion-wizard.ts
@@ -32,7 +32,7 @@ export class IdentityAssertionWizard extends CategoryWizard {
   private static CONCAT: string       = 'Concatenation';
   private static SWITCHCASE: string   = 'SwitchCase';
   private static REGEXP: string       = 'Regular Expression';
-  private static GROUP_LOOKUP: string = 'Group Lookup';
+  private static GROUP_LOOKUP: string = 'Hadoop Group Lookup (LDAP)';
 
   private static assertionTypes: string[] = [ IdentityAssertionWizard.DEFAULT,
                                               IdentityAssertionWizard.CONCAT,

http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
b/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
index e482f6e..1e51bc4 100644
--- a/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
+++ b/gateway-applications/src/main/resources/applications/admin-ui/app/index.html
@@ -11,4 +11,4 @@
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
---><!doctype html><html><head><meta charset="utf-8"><title>Apache
Knox Manager</title><meta name="viewport" content="width=device-width,initial-scale=1"><link
rel="icon" type="image/x-icon" href="favicon.ico"><meta name="viewport" content="width=device-width,initial-scale=1"><!--
Latest compiled and minified CSS --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"><!--
Optional theme --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css"
integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"><!--
Custom styles for this template --><link href="assets/sticky-footer.css" rel="stylesheet"><script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><!--
Latest compiled and minified JavaScript --><scr
 ipt src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa"
crossorigin="anonymous"></script><script src="assets/vkbeautify.js"></script><link
href="styles.2ee5b7f4cd59a6cf015e.bundle.css" rel="stylesheet"/></head><body><div
class="navbar-wrapper"><div class="container-fluid"><nav class="navbar navbar-inverse
navbar-static-top"><div class="container-fluid"><div class="navbar-header"><button
type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span> <span class="icon-bar"></span> <span
class="icon-bar"></span></button> <a class="navbar-brand" href="#"><img
style="max-width:200px; margin-top: -9px;" src="assets/knox-logo-transparent.gif" alt="Apache
Knox Manager"></a></div></div></nav></div><!-- Content
--><resource-management></res
 ource-management><footer class="footer"><div class="container-fluid"><div>Knox
Manager Version 0.1.0</div><gateway-version></gateway-version></div></footer><script
type="text/javascript" src="inline.5922232c90debf8486c1.bundle.js"></script><script
type="text/javascript" src="scripts.c50bb762c438ae0f8842.bundle.js"></script><script
type="text/javascript" src="main.a6b3f9152a52845c9e6c.bundle.js"></script></div></body></html>
\ No newline at end of file
+--><!doctype html><html><head><meta charset="utf-8"><title>Apache
Knox Manager</title><meta name="viewport" content="width=device-width,initial-scale=1"><link
rel="icon" type="image/x-icon" href="favicon.ico"><meta name="viewport" content="width=device-width,initial-scale=1"><!--
Latest compiled and minified CSS --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"><!--
Optional theme --><link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css"
integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"><!--
Custom styles for this template --><link href="assets/sticky-footer.css" rel="stylesheet"><script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js"></script><!--
Latest compiled and minified JavaScript --><scr
 ipt src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa"
crossorigin="anonymous"></script><script src="assets/vkbeautify.js"></script><link
href="styles.2ee5b7f4cd59a6cf015e.bundle.css" rel="stylesheet"/></head><body><div
class="navbar-wrapper"><div class="container-fluid"><nav class="navbar navbar-inverse
navbar-static-top"><div class="container-fluid"><div class="navbar-header"><button
type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar"
aria-expanded="false" aria-controls="navbar"><span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span> <span class="icon-bar"></span> <span
class="icon-bar"></span></button> <a class="navbar-brand" href="#"><img
style="max-width:200px; margin-top: -9px;" src="assets/knox-logo-transparent.gif" alt="Apache
Knox Manager"></a></div></div></nav></div><!-- Content
--><resource-management></res
 ource-management><footer class="footer"><div class="container-fluid"><div>Knox
Manager Version 0.1.0</div><gateway-version></gateway-version></div></footer><script
type="text/javascript" src="inline.28a8d98092b6bd6d51ba.bundle.js"></script><script
type="text/javascript" src="scripts.c50bb762c438ae0f8842.bundle.js"></script><script
type="text/javascript" src="main.631c768090fd2016d0d1.bundle.js"></script></div></body></html>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js
b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js
new file mode 100644
index 0000000..b1de9f0
--- /dev/null
+++ b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.28a8d98092b6bd6d51ba.bundle.js
@@ -0,0 +1 @@
+!function(e){var n=window.webpackJsonp;window.webpackJsonp=function(r,c,u){for(var a,i,f,l=0,s=[];l<r.length;l++)t[i=r[l]]&&s.push(t[i][0]),t[i]=0;for(a
in c)Object.prototype.hasOwnProperty.call(c,a)&&(e[a]=c[a]);for(n&&n(r,c,u);s.length;)s.shift()();if(u)for(l=0;l<u.length;l++)f=o(o.s=u[l]);return
f};var r={},t={2:0};function o(n){if(r[n])return r[n].exports;var t=r[n]={i:n,l:!1,exports:{}};return
e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.e=function(e){var n=t[e];if(0===n)return
new Promise(function(e){e()});if(n)return n[2];var r=new Promise(function(r,o){n=t[e]=[r,o]});n[2]=r;var
c=document.getElementsByTagName("head")[0],u=document.createElement("script");u.type="text/javascript",u.charset="utf-8",u.async=!0,u.timeout=12e4,o.nc&&u.setAttribute("nonce",o.nc),u.src=o.p+""+e+"."+{0:"631c768090fd2016d0d1",1:"aed76669724804835353"}[e]+".chunk.js";var
a=setTimeout(i,12e4);function i(){u.onerror=u.onload=null,clearTimeout(a);var n=t[e];0!==n&&(n&&n[1](new
Error("Loading chu
 nk "+e+" failed.")),t[e]=void 0)}return u.onerror=u.onload=i,c.appendChild(u),r},o.m=e,o.c=r,o.d=function(e,n,r){o.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},o.n=function(e){var
n=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(n,"a",n),n},o.o=function(e,n){return
Object.prototype.hasOwnProperty.call(e,n)},o.p="",o.oe=function(e){throw console.error(e),e}}([]);
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/knox/blob/a587795d/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js
----------------------------------------------------------------------
diff --git a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js
b/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js
deleted file mode 100644
index 7f97753..0000000
--- a/gateway-applications/src/main/resources/applications/admin-ui/app/inline.5922232c90debf8486c1.bundle.js
+++ /dev/null
@@ -1 +0,0 @@
-!function(e){var n=window.webpackJsonp;window.webpackJsonp=function(r,c,a){for(var u,i,f,l=0,s=[];l<r.length;l++)t[i=r[l]]&&s.push(t[i][0]),t[i]=0;for(u
in c)Object.prototype.hasOwnProperty.call(c,u)&&(e[u]=c[u]);for(n&&n(r,c,a);s.length;)s.shift()();if(a)for(l=0;l<a.length;l++)f=o(o.s=a[l]);return
f};var r={},t={2:0};function o(n){if(r[n])return r[n].exports;var t=r[n]={i:n,l:!1,exports:{}};return
e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}o.e=function(e){var n=t[e];if(0===n)return
new Promise(function(e){e()});if(n)return n[2];var r=new Promise(function(r,o){n=t[e]=[r,o]});n[2]=r;var
c=document.getElementsByTagName("head")[0],a=document.createElement("script");a.type="text/javascript",a.charset="utf-8",a.async=!0,a.timeout=12e4,o.nc&&a.setAttribute("nonce",o.nc),a.src=o.p+""+e+"."+{0:"a6b3f9152a52845c9e6c",1:"aed76669724804835353"}[e]+".chunk.js";var
u=setTimeout(i,12e4);function i(){a.onerror=a.onload=null,clearTimeout(u);var n=t[e];0!==n&&(n&&n[1](new
Error("Loading chu
 nk "+e+" failed.")),t[e]=void 0)}return a.onerror=a.onload=i,c.appendChild(a),r},o.m=e,o.c=r,o.d=function(e,n,r){o.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},o.n=function(e){var
n=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(n,"a",n),n},o.o=function(e,n){return
Object.prototype.hasOwnProperty.call(e,n)},o.p="",o.oe=function(e){throw console.error(e),e}}([]);
\ No newline at end of file


Mime
View raw message