本文整理汇总了Python中resource_management.libraries.functions.security_commons.build_expectations函数的典型用法代码示例。如果您正苦于以下问题:Python build_expectations函数的具体用法?Python build_expectations怎么用?Python build_expectations使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了build_expectations函数的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
expectations = {}
expectations.update(build_expectations(
'krb5JAASLogin',
None,
['keytab', 'principal'],
None
))
expectations.update(build_expectations(
'gateway-site',
{
"gateway.hadoop.kerberos.secured" : "true"
},
None,
None
))
security_params = {
"krb5JAASLogin":
{
'keytab': status_params.knox_keytab_path,
'principal': status_params.knox_principal_name
}
}
security_params.update(get_params_from_filesystem(status_params.knox_conf_dir,
{"gateway-site.xml" : FILE_TYPE_XML}))
result_issues = validate_security_config_properties(security_params, expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ( 'krb5JAASLogin' not in security_params
or 'keytab' not in security_params['krb5JAASLogin']
or 'principal' not in security_params['krb5JAASLogin']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out({"securityIssuesFound": "Keytab file and principal are not set."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.knox_user,
security_params['krb5JAASLogin']['keytab'],
security_params['krb5JAASLogin']['principal'],
status_params.hostname,
status_params.temp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:andreysabitov,项目名称:ambari-mantl,代码行数:60,代码来源:knox_gateway.py
示例2: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
props_value_check = {"hadoop.security.authentication": "kerberos",
"hadoop.security.authorization": "true"}
props_empty_check = ["hadoop.security.auth_to_local"]
props_read_check = None
core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
props_read_check)
props_value_check = None
props_empty_check = ['dfs.secondary.namenode.kerberos.internal.spnego.principal',
'dfs.secondary.namenode.keytab.file',
'dfs.secondary.namenode.kerberos.principal']
props_read_check = ['dfs.secondary.namenode.keytab.file']
hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
props_read_check)
hdfs_expectations = {}
hdfs_expectations.update(core_site_expectations)
hdfs_expectations.update(hdfs_site_expectations)
security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
{'core-site.xml': FILE_TYPE_XML,
'hdfs-site.xml': FILE_TYPE_XML})
if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
result_issues = validate_security_config_properties(security_params, hdfs_expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ('hdfs-site' not in security_params or
'dfs.secondary.namenode.keytab.file' not in security_params['hdfs-site'] or
'dfs.secondary.namenode.kerberos.principal' not in security_params['hdfs-site']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.hdfs_user,
security_params['hdfs-site']['dfs.secondary.namenode.keytab.file'],
security_params['hdfs-site'][
'dfs.secondary.namenode.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:OpenPOWER-BigData,项目名称:HDP-ambari,代码行数:59,代码来源:snamenode.py
示例3: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
props_value_check = {"hbase.security.authentication": "kerberos",
"hbase.security.authorization": "true"}
props_empty_check = ["hbase.zookeeper.property.authProvider.1",
"hbase.master.keytab.file",
"hbase.master.kerberos.principal",
"hbase.regionserver.keytab.file",
"hbase.regionserver.kerberos.principal"
]
props_read_check = ['hbase.master.keytab.file', 'hbase.regionserver.keytab.file']
ams_hbase_site_expectations = build_expectations('hbase-site', props_value_check,
props_empty_check,
props_read_check)
expectations = {}
expectations.update(ams_hbase_site_expectations)
security_params = get_params_from_filesystem(status_params.ams_hbase_conf_dir,
{'hbase-site.xml': FILE_TYPE_XML})
is_hbase_distributed = security_params['hbase-site']['hbase.cluster.distributed']
# for embedded mode, when HBase is backed by file, security state is SECURED_KERBEROS by definition when cluster is secured
if status_params.security_enabled and not is_hbase_distributed:
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
return
result_issues = validate_security_config_properties(security_params, expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ('hbase-site' not in security_params or
'hbase.master.keytab.file' not in security_params['hbase-site'] or
'hbase.master.kerberos.principal' not in security_params['hbase-site']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.hbase_user,
security_params['hbase-site']['hbase.master.keytab.file'],
security_params['hbase-site']['hbase.master.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (
cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:OpenPOWER-BigData,项目名称:HDP-ambari,代码行数:60,代码来源:metrics_collector.py
示例4: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
props_value_check = {"yarn.timeline-service.enabled": "true",
"yarn.timeline-service.http-authentication.type": "kerberos",
"yarn.acl.enable": "true"}
props_empty_check = ["yarn.timeline-service.principal",
"yarn.timeline-service.keytab",
"yarn.timeline-service.http-authentication.kerberos.principal",
"yarn.timeline-service.http-authentication.kerberos.keytab"]
props_read_check = ["yarn.timeline-service.keytab",
"yarn.timeline-service.http-authentication.kerberos.keytab"]
yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
props_read_check)
yarn_expectations ={}
yarn_expectations.update(yarn_site_props)
security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
{'yarn-site.xml': FILE_TYPE_XML})
result_issues = validate_security_config_properties(security_params, yarn_expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ( 'yarn-site' not in security_params
or 'yarn.timeline-service.keytab' not in security_params['yarn-site']
or 'yarn.timeline-service.principal' not in security_params['yarn-site']) \
or 'yarn.timeline-service.http-authentication.kerberos.keytab' not in security_params['yarn-site'] \
or 'yarn.timeline-service.http-authentication.kerberos.principal' not in security_params['yarn-site']:
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.yarn_user,
security_params['yarn-site']['yarn.timeline-service.keytab'],
security_params['yarn-site']['yarn.timeline-service.principal'],
status_params.hostname,
status_params.tmp_dir)
cached_kinit_executor(status_params.kinit_path_local,
status_params.yarn_user,
security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.keytab'],
security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:fanzhidongyzby,项目名称:ambari,代码行数:60,代码来源:application_timeline_server.py
示例5: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
props_value_check = {"*.falcon.authentication.type": "kerberos",
"*.falcon.http.authentication.type": "kerberos"}
props_empty_check = ["*.falcon.service.authentication.kerberos.principal",
"*.falcon.service.authentication.kerberos.keytab",
"*.falcon.http.authentication.kerberos.principal",
"*.falcon.http.authentication.kerberos.keytab"]
props_read_check = ["*.falcon.service.authentication.kerberos.keytab",
"*.falcon.http.authentication.kerberos.keytab"]
falcon_startup_props = build_expectations('startup', props_value_check, props_empty_check,
props_read_check)
falcon_expectations ={}
falcon_expectations.update(falcon_startup_props)
security_params = get_params_from_filesystem('/etc/falcon/conf',
{'startup.properties': FILE_TYPE_PROPERTIES})
result_issues = validate_security_config_properties(security_params, falcon_expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ( 'startup' not in security_params
or '*.falcon.service.authentication.kerberos.keytab' not in security_params['startup']
or '*.falcon.service.authentication.kerberos.principal' not in security_params['startup']) \
or '*.falcon.http.authentication.kerberos.keytab' not in security_params['startup'] \
or '*.falcon.http.authentication.kerberos.principal' not in security_params['startup']:
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.falcon_user,
security_params['startup']['*.falcon.service.authentication.kerberos.keytab'],
security_params['startup']['*.falcon.service.authentication.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
cached_kinit_executor(status_params.kinit_path_local,
status_params.falcon_user,
security_params['startup']['*.falcon.http.authentication.kerberos.keytab'],
security_params['startup']['*.falcon.http.authentication.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:OpenPOWER-BigData,项目名称:HDP-ambari,代码行数:58,代码来源:falcon_server.py
示例6: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
props_value_check = {
"hive.server2.authentication": "KERBEROS",
"hive.metastore.sasl.enabled": "true",
"hive.security.authorization.enabled": "true",
}
props_empty_check = ["hive.metastore.kerberos.keytab.file", "hive.metastore.kerberos.principal"]
props_read_check = ["hive.metastore.kerberos.keytab.file"]
hive_site_props = build_expectations("hive-site", props_value_check, props_empty_check, props_read_check)
hive_expectations = {}
hive_expectations.update(hive_site_props)
security_params = get_params_from_filesystem(status_params.hive_conf_dir, {"hive-site.xml": FILE_TYPE_XML})
result_issues = validate_security_config_properties(security_params, hive_expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if (
"hive-site" not in security_params
or "hive.metastore.kerberos.keytab.file" not in security_params["hive-site"]
or "hive.metastore.kerberos.principal" not in security_params["hive-site"]
):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Keytab file or principal are not set property."}
)
return
cached_kinit_executor(
status_params.kinit_path_local,
status_params.hive_user,
security_params["hive-site"]["hive.metastore.kerberos.keytab.file"],
security_params["hive-site"]["hive.metastore.kerberos.principal"],
status_params.hostname,
status_params.tmp_dir,
)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append(
"Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])
)
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:zouzhberk,项目名称:ambaridemo,代码行数:57,代码来源:hive_metastore.py
示例7: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
expectations = {}
expectations.update(build_expectations('mapred-site',
None,
[
'mapreduce.jobhistory.keytab',
'mapreduce.jobhistory.principal',
'mapreduce.jobhistory.webapp.spnego-keytab-file',
'mapreduce.jobhistory.webapp.spnego-principal'
],
None))
security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
{'mapred-site.xml': FILE_TYPE_XML})
result_issues = validate_security_config_properties(security_params, expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ( 'mapred-site' not in security_params or
'mapreduce.jobhistory.keytab' not in security_params['mapred-site'] or
'mapreduce.jobhistory.principal' not in security_params['mapred-site'] or
'mapreduce.jobhistory.webapp.spnego-keytab-file' not in security_params['mapred-site'] or
'mapreduce.jobhistory.webapp.spnego-principal' not in security_params['mapred-site']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Keytab file or principal not set."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.mapred_user,
security_params['mapred-site']['mapreduce.jobhistory.keytab'],
security_params['mapred-site']['mapreduce.jobhistory.principal'],
status_params.hostname,
status_params.tmp_dir)
cached_kinit_executor(status_params.kinit_path_local,
status_params.mapred_user,
security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-keytab-file'],
security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:zouzhberk,项目名称:ambaridemo,代码行数:55,代码来源:historyserver.py
示例8: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
props_value_check = {'atlas.authentication.method': 'kerberos',
'atlas.http.authentication.enabled': 'true',
'atlas.http.authentication.type': 'kerberos'}
props_empty_check = ['atlas.authentication.principal',
'atlas.authentication.keytab',
'atlas.http.authentication.kerberos.principal',
'atlas.http.authentication.kerberos.keytab']
props_read_check = ['atlas.authentication.keytab',
'atlas.http.authentication.kerberos.keytab']
atlas_site_expectations = build_expectations('application-properties',
props_value_check,
props_empty_check,
props_read_check)
atlas_expectations = {}
atlas_expectations.update(atlas_site_expectations)
security_params = get_params_from_filesystem(status_params.conf_dir,
{'application.properties': FILE_TYPE_PROPERTIES})
result_issues = validate_security_config_properties(security_params, atlas_expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ( 'application-properties' not in security_params
or 'atlas.authentication.keytab' not in security_params['application-properties']
or 'atlas.authentication.principal' not in security_params['application-properties']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Atlas service keytab file or principal are not set property."})
return
if ( 'application-properties' not in security_params
or 'atlas.http.authentication.kerberos.keytab' not in security_params['application-properties']
or 'atlas.http.authentication.kerberos.principal' not in security_params['application-properties']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "HTTP Authentication keytab file or principal are not set property."})
return
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:zouzhberk,项目名称:ambaridemo,代码行数:54,代码来源:metadata_server.py
示例9: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
# Expect the following files to be available in status_params.config_dir:
# storm_jaas.conf
try:
props_value_check = None
props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab']
props_read_check = ['storm_ui_keytab']
storm_env_expectations = build_expectations('storm_ui', props_value_check, props_empty_check,
props_read_check)
storm_expectations = {}
storm_expectations.update(storm_env_expectations)
security_params = {}
security_params['storm_ui'] = {}
security_params['storm_ui']['storm_ui_principal_name'] = status_params.storm_ui_principal
security_params['storm_ui']['storm_ui_keytab'] = status_params.storm_ui_keytab
result_issues = validate_security_config_properties(security_params, storm_expectations)
if not result_issues: # If all validations passed successfully
# Double check the dict before calling execute
if ( 'storm_ui' not in security_params
or 'storm_ui_principal_name' not in security_params['storm_ui']
or 'storm_ui_keytab' not in security_params['storm_ui']):
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.storm_user,
security_params['storm_ui']['storm_ui_keytab'],
security_params['storm_ui']['storm_ui_principal_name'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:andreysabitov,项目名称:ambari-mantl,代码行数:52,代码来源:ui_server.py
示例10: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
# Expect the following files to be available in status_params.config_dir:
# zookeeper_jaas.conf
# zookeeper_client_jaas.conf
try:
props_value_check = None
props_empty_check = ['Server/keyTab', 'Server/principal']
props_read_check = ['Server/keyTab']
zk_env_expectations = build_expectations('zookeeper_jaas', props_value_check, props_empty_check,
props_read_check)
zk_expectations = {}
zk_expectations.update(zk_env_expectations)
security_params = get_params_from_filesystem(status_params.config_dir,
{'zookeeper_jaas.conf': FILE_TYPE_JAAS_CONF})
result_issues = validate_security_config_properties(security_params, zk_expectations)
if not result_issues: # If all validations passed successfully
# Double check the dict before calling execute
if ( 'zookeeper_jaas' not in security_params
or 'Server' not in security_params['zookeeper_jaas']
or 'keyTab' not in security_params['zookeeper_jaas']['Server']
or 'principal' not in security_params['zookeeper_jaas']['Server']):
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.zk_user,
security_params['zookeeper_jaas']['Server']['keyTab'],
security_params['zookeeper_jaas']['Server']['principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:fanzhidongyzby,项目名称:ambari,代码行数:51,代码来源:zookeeper_server.py
示例11: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
props_value_check = {}
props_empty_check = ['general.kerberos.keytab',
'general.kerberos.principal']
props_read_check = ['general.kerberos.keytab']
accumulo_site_expectations = build_expectations('accumulo-site',
props_value_check, props_empty_check, props_read_check)
accumulo_expectations = {}
accumulo_expectations.update(accumulo_site_expectations)
security_params = get_params_from_filesystem(status_params.conf_dir,
{'accumulo-site.xml': FILE_TYPE_XML})
result_issues = validate_security_config_properties(security_params, accumulo_expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ( 'accumulo-site' not in security_params
or 'general.kerberos.keytab' not in security_params['accumulo-site']
or 'general.kerberos.principal' not in security_params['accumulo-site']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out(
{"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.accumulo_user,
security_params['accumulo-site']['general.kerberos.keytab'],
security_params['accumulo-site']['general.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir,
30)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:andreysabitov,项目名称:ambari-mantl,代码行数:48,代码来源:accumulo_script.py
示例12: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
props_value_check = {"hadoop.security.authentication": "kerberos",
"hadoop.security.authorization": "true"}
props_empty_check = ["hadoop.security.auth_to_local"]
props_read_check = None
core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
props_read_check)
hdfs_expectations = {}
hdfs_expectations.update(core_site_expectations)
security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
{'core-site.xml': FILE_TYPE_XML})
result_issues = validate_security_config_properties(security_params, hdfs_expectations)
if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
if not result_issues: # If all validations passed successfully
if status_params.hdfs_user_principal or status_params.hdfs_user_keytab:
try:
cached_kinit_executor(status_params.kinit_path_local,
status_params.hdfs_user,
status_params.hdfs_user_keytab,
status_params.hdfs_user_principal,
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
self.put_structured_out(
{"securityIssuesFound": "hdfs principal and/or keytab file is not specified"})
self.put_structured_out({"securityState": "UNSECURED"})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:fanzhidongyzby,项目名称:ambari,代码行数:44,代码来源:zkfc_slave.py
示例13: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
expectations = {
"oozie-site":
build_expectations('oozie-site',
{
"oozie.authentication.type": "kerberos",
"oozie.service.AuthorizationService.security.enabled": "true",
"oozie.service.HadoopAccessorService.kerberos.enabled": "true"
},
[
"local.realm",
"oozie.authentication.kerberos.principal",
"oozie.authentication.kerberos.keytab",
"oozie.service.HadoopAccessorService.kerberos.principal",
"oozie.service.HadoopAccessorService.keytab.file"
],
None)
}
security_params = get_params_from_filesystem(status_params.conf_dir,
{'oozie-site.xml': FILE_TYPE_XML})
result_issues = validate_security_config_properties(security_params, expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if ('oozie-site' not in security_params
or 'oozie.authentication.kerberos.principal' not in security_params['oozie-site']
or 'oozie.authentication.kerberos.keytab' not in security_params['oozie-site']
or 'oozie.service.HadoopAccessorService.kerberos.principal' not in security_params['oozie-site']
or 'oozie.service.HadoopAccessorService.keytab.file' not in security_params['oozie-site']):
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.oozie_user,
security_params['oozie-site']['oozie.authentication.kerberos.keytab'],
security_params['oozie-site']['oozie.authentication.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
cached_kinit_executor(status_params.kinit_path_local,
status_params.oozie_user,
security_params['oozie-site']['oozie.service.HadoopAccessorService.keytab.file'],
security_params['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
self.put_structured_out({"securityState": "UNSECURED"})
else:
self.put_structured_out({"securityState": "UNSECURED"})
开发者ID:OpenPOWER-BigData,项目名称:HDP-ambari,代码行数:62,代码来源:oozie_server.py
示例14: security_status
def security_status(self, env):
import status_params
env.set_params(status_params)
if status_params.security_enabled:
expectations ={}
expectations.update(
build_expectations(
'webhcat-site',
{
"templeton.kerberos.secret": "secret"
},
[
"templeton.kerberos.keytab",
"templeton.kerberos.principal"
],
[
"templeton.kerberos.keytab"
]
)
)
expectations.update(
build_expectations(
'hive-site',
{
"hive.server2.authentication": "KERBEROS",
"hive.metastore.sasl.enabled": "true",
"hive.security.authorization.enabled": "true"
},
None,
None
)
)
security_params = {}
security_params.update(get_params_from_filesystem(status_params.hive_conf_dir,
{'hive-site.xml': FILE_TYPE_XML}))
security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir,
{'webhcat-site.xml': FILE_TYPE_XML}))
result_issues = validate_security_config_properties(security_params, expectations)
if not result_issues: # If all validations passed successfully
try:
# Double check the dict before calling execute
if 'webhcat-site' not in security_params \
or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \
or 'templeton.kerberos.principal' not in security_params['webhcat-site']:
self.put_structured_out({"securityState": "UNSECURED"})
self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
return
cached_kinit_executor(status_params.kinit_path_local,
status_params.webhcat_user,
security_params['webhcat-site']['templeton.kerberos.keytab'],
security_params['webhcat-site']['templeton.kerberos.principal'],
status_params.hostname,
status_params.tmp_dir)
self.put_structured_out({"securityState": "SECURED_KERBEROS"})
except Exception as e:
self.put_structured_out({"securityState": "ERROR"})
self.put_structured_out({"securityStateErrorInfo": str(e)})
else:
issues = []
for cf in result_issues:
issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
self.put_structured_out({"securityIssu
|
请发表评论