AMBARI-15213. RBAC : For "Service Operator/Administrator and Cluster Operator" role, the "Background jobs" dialog box doesn't open up (come to foreground) when a background job is triggered. (Swapan Shridhar via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5b89dc75 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5b89dc75 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5b89dc75 Branch: refs/heads/trunk Commit: 5b89dc7525357268e862e27eb1e99c007cf074ea Parents: f3659cc Author: Swapan Shridhar <[email protected]> Authored: Fri Mar 4 16:57:22 2016 -0500 Committer: Robert Levas <[email protected]> Committed: Fri Mar 4 16:57:22 2016 -0500 ---------------------------------------------------------------------- .../persistence/PersistenceManagerImpl.java | 25 +++- .../AmbariAuthorizationFilter.java | 36 ++--- .../authorization/RoleAuthorization.java | 1 + .../server/upgrade/UpgradeCatalog240.java | 53 ++++++- .../main/resources/Ambari-DDL-Derby-CREATE.sql | 19 ++- .../main/resources/Ambari-DDL-MySQL-CREATE.sql | 17 ++- .../main/resources/Ambari-DDL-Oracle-CREATE.sql | 17 ++- .../resources/Ambari-DDL-Postgres-CREATE.sql | 17 ++- .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 18 ++- .../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 17 ++- .../resources/Ambari-DDL-SQLServer-CREATE.sql | 17 ++- .../services/PersistenceManagerImplTest.java | 81 ++++++++-- .../security/TestAuthenticationFactory.java | 14 +- .../AmbariAuthorizationFilterTest.java | 147 +++---------------- .../server/upgrade/UpgradeCatalog240Test.java | 66 ++++----- ambari-web/app/mixins/common/userPref.js | 2 +- 16 files changed, 310 insertions(+), 237 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java index 4db5611..3037446 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java @@ -19,11 +19,25 @@ package org.apache.ambari.server.api.services.persistence; import org.apache.ambari.server.api.resources.ResourceInstance; -import org.apache.ambari.server.api.services.*; -import org.apache.ambari.server.controller.spi.*; +import org.apache.ambari.server.api.services.NamedPropertySet; +import org.apache.ambari.server.api.services.RequestBody; +import org.apache.ambari.server.controller.spi.ClusterController; +import org.apache.ambari.server.controller.spi.NoSuchParentResourceException; +import org.apache.ambari.server.controller.spi.NoSuchResourceException; import org.apache.ambari.server.controller.spi.Request; +import org.apache.ambari.server.controller.spi.RequestStatus; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException; +import org.apache.ambari.server.controller.spi.Schema; +import org.apache.ambari.server.controller.spi.SystemException; +import org.apache.ambari.server.controller.spi.UnsupportedPropertyException; import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelper; +import org.apache.ambari.server.security.authorization.ResourceType; +import org.apache.ambari.server.security.authorization.RoleAuthorization; +import java.util.EnumSet; import java.util.HashMap; import java.util.Map; import java.util.Set; @@ -53,6 +67,13 @@ public class PersistenceManagerImpl implements PersistenceManager { SystemException, ResourceAlreadyExistsException, NoSuchParentResourceException { + + if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, null, + EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA))) { + throw new AuthorizationException("The authenticated user does not have authorization " + + "to create/store user persisted data."); + } + if (resource != null) { Map<Resource.Type, String> mapResourceIds = resource.getKeyValueMap(); http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java index e2a28d0..4be804d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java @@ -18,19 +18,6 @@ package org.apache.ambari.server.security.authorization; -import java.io.IOException; -import java.security.Principal; -import java.util.regex.Pattern; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import com.google.inject.Inject; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.entities.PermissionEntity; @@ -45,8 +32,19 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; -public class AmbariAuthorizationFilter implements Filter { +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.security.Principal; +import java.util.regex.Pattern; +public class AmbariAuthorizationFilter implements Filter { private static final String REALM_PARAM = "realm"; private static final String DEFAULT_REALM = "AuthFilter"; @@ -121,7 +119,6 @@ public class AmbariAuthorizationFilter implements Filter { authentication = defaultAuthentication; } } - if (authentication == null || authentication instanceof AnonymousAuthenticationToken || !authentication.isAuthenticated()) { String token = httpRequest.getHeader(INTERNAL_TOKEN_HEADER); @@ -183,11 +180,6 @@ public class AmbariAuthorizationFilter implements Filter { authorized = true; break; } - } else if (requestURI.matches(API_PERSIST_ALL_PATTERN)) { - if (permissionId.equals(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)) { - authorized = true; - break; - } } } } @@ -203,7 +195,6 @@ public class AmbariAuthorizationFilter implements Filter { return; } } - if (AuthorizationHelper.getAuthenticatedName() != null) { httpResponse.setHeader("User", AuthorizationHelper.getAuthenticatedName()); } @@ -264,7 +255,8 @@ public class AmbariAuthorizationFilter implements Filter { requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) || requestURI.matches(API_HOSTS_ALL_PATTERN) || requestURI.matches(API_ALERT_TARGETS_ALL_PATTERN) || - requestURI.matches(API_PRIVILEGES_ALL_PATTERN); + requestURI.matches(API_PRIVILEGES_ALL_PATTERN) || + requestURI.matches(API_PERSIST_ALL_PATTERN); } @Override http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java index a77263d..ee948fe 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java @@ -43,6 +43,7 @@ public enum RoleAuthorization { CLUSTER_MODIFY_CONFIGS("CLUSTER.MODIFY_CONFIGS"), CLUSTER_MANAGE_CONFIG_GROUPS("CLUSTER.MANAGE_CONFIG_GROUPS"), CLUSTER_MANAGE_ALERTS("CLUSTER.MANAGE_ALERTS"), + CLUSTER_MANAGE_USER_PERSISTED_DATA("CLUSTER.MANAGE_USER_PERSISTED_DATA"), CLUSTER_TOGGLE_ALERTS("CLUSTER.TOGGLE_ALERTS"), CLUSTER_TOGGLE_KERBEROS("CLUSTER.TOGGLE_KERBEROS"), CLUSTER_UPGRADE_DOWNGRADE_STACK("CLUSTER.UPGRADE_DOWNGRADE_STACK"), http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java index 2f509b4..a803f73 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java @@ -159,6 +159,7 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { updateAlerts(); setRoleSortOrder(); addSettingPermission(); + addManageUserPersistedDataPermission(); } private void createSettingTable() throws SQLException { @@ -190,7 +191,57 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { String administratorPermissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", resourceTypeDAO.findByName("AMBARI")).getId().toString(); dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, - new String[]{"'" + administratorPermissionId + "'", "'AMBARI.MANAGE_SETTINGS'"}, false); + new String[]{"'" + administratorPermissionId + "'", "'AMBARI.MANAGE_SETTINGS'"}, false); + } + + /** + * Add 'MANAGE_USER_PERSISTED_DATA' permissions for CLUSTER.ADMINISTRATOR, SERVICE.OPERATOR, SERVICE.ADMINISTRATOR, + * CLUSTER.OPERATOR, AMBARI.ADMINISTRATOR. + * + */ + protected void addManageUserPersistedDataPermission() throws SQLException { + + RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); + + // Add to 'roleauthorization' table + if (roleAuthorizationDAO.findById("CLUSTER.MANAGE_USER_PERSISTED_DATA") == null) { + RoleAuthorizationEntity roleAuthorizationEntity = new RoleAuthorizationEntity(); + roleAuthorizationEntity.setAuthorizationId("CLUSTER.MANAGE_USER_PERSISTED_DATA"); + roleAuthorizationEntity.setAuthorizationName("Manage cluster-level user persisted data"); + roleAuthorizationDAO.create(roleAuthorizationEntity); + } + + // Adds to 'permission_roleauthorization' table + String permissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", + resourceTypeDAO.findByName("CLUSTER")).getId().toString(); + dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, + new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); + + permissionId = permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", + resourceTypeDAO.findByName("CLUSTER")).getId().toString(); + dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, + new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); + + permissionId = permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", + resourceTypeDAO.findByName("CLUSTER")).getId().toString(); + dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, + new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); + + permissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", + resourceTypeDAO.findByName("CLUSTER")).getId().toString(); + dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, + new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); + + permissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", + resourceTypeDAO.findByName("AMBARI")).getId().toString(); + dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, + new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); + + permissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.USER", + resourceTypeDAO.findByName("CLUSTER")).getId().toString(); + dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, + new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); + } protected void updateAlerts() { http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql index 9c61cbc..a85202d 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql @@ -1139,6 +1139,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' FROM SYSIBM.SYSDUMMY1 UNION ALL + SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' FROM SYSIBM.SYSDUMMY1 UNION ALL @@ -1168,7 +1169,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' ; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.USER'; -- Set authorizations for Service Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1189,7 +1191,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' ; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; -- Set authorizations for Service Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1216,7 +1219,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' ; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; -- Set authorizations for Cluster Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1246,7 +1250,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' ; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1282,7 +1287,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' ; + SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1320,6 +1326,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1329,7 +1336,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' ; + SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR'; INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) SELECT 1, 1, 1, 1 FROM SYSIBM.SYSDUMMY1 ; http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index 0ebfa40..9b4810c 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -1099,6 +1099,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL + SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' UNION ALL SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL @@ -1131,7 +1132,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.USER'; -- Set authorizations for Service Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1152,7 +1154,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; -- Set authorizations for Service Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1180,7 +1183,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; -- Set authorizations for Cluster Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1211,7 +1215,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1249,7 +1254,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1289,6 +1295,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index a8cbda3..cc3d197 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -1092,6 +1092,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' from dual UNION ALL SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' from dual UNION ALL SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' from dual UNION ALL + SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' from dual UNION ALL SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' FROM dual UNION ALL SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' FROM dual UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' FROM dual UNION ALL @@ -1124,7 +1125,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.USER'; -- Set authorizations for Service Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1145,7 +1147,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; -- Set authorizations for Service Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1173,7 +1176,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; -- Set authorizations for Cluster Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1204,7 +1208,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1242,7 +1247,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1282,6 +1288,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index 5d8899e..07c786d 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -1142,6 +1142,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL + SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' UNION ALL SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL @@ -1174,7 +1175,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.USER'; -- Set authorizations for Service Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1195,7 +1197,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; -- Set authorizations for Service Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1223,7 +1226,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; -- Set authorizations for Cluster Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1254,7 +1258,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1292,7 +1297,8 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1332,6 +1338,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql index 8ce2ba8..ab6dc93 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql @@ -1236,6 +1236,7 @@ INSERT INTO ambari.roleauthorization(authorization_id, authorization_name) SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL + SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' UNION ALL SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL @@ -1269,7 +1270,8 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER'; -- Set authorizations for Service Operator role INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) @@ -1290,7 +1292,8 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR'; -- Set authorizations for Service Administrator role INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) @@ -1318,7 +1321,8 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; -- Set authorizations for Cluster Operator role INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) @@ -1349,7 +1353,8 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) @@ -1387,7 +1392,8 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) @@ -1427,6 +1433,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL @@ -1438,6 +1445,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR'; + INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id) SELECT 1, 1, 1, 1; http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index b7a764e..8e91fde 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -1087,6 +1087,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL + SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' UNION ALL SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL @@ -1120,7 +1121,8 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.USER'; -- Set authorizations for Service Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1141,7 +1143,8 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; -- Set authorizations for Service Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1169,7 +1172,8 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; -- Set authorizations for Cluster Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1200,7 +1204,8 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1238,7 +1243,8 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1278,6 +1284,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index f60f07a..440ca44 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -1195,6 +1195,7 @@ BEGIN TRANSACTION SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL + SELECT 'CLUSTER.MANAGE_USER_PERSISTED_DATA', 'Manage cluster-level user persisted data' UNION ALL SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL @@ -1228,7 +1229,8 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.USER'; -- Set authorizations for Service Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1249,7 +1251,8 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR'; -- Set authorizations for Service Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1277,7 +1280,8 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR'; -- Set authorizations for Cluster Operator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1308,7 +1312,8 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL - SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; + SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR'; -- Set authorizations for Cluster Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1346,7 +1351,8 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL - SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; + SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR'; -- Set authorizations for Administrator role INSERT INTO permission_roleauthorization(permission_id, authorization_id) @@ -1386,6 +1392,7 @@ BEGIN TRANSACTION SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/test/java/org/apache/ambari/server/api/services/PersistenceManagerImplTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/PersistenceManagerImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/PersistenceManagerImplTest.java index 9ff1506..243e06a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/api/services/PersistenceManagerImplTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/PersistenceManagerImplTest.java @@ -19,31 +19,96 @@ package org.apache.ambari.server.api.services; -import org.apache.ambari.server.controller.spi.Request; import org.apache.ambari.server.api.query.Query; -import org.apache.ambari.server.controller.spi.*; import org.apache.ambari.server.api.resources.ResourceDefinition; import org.apache.ambari.server.api.resources.ResourceInstance; import org.apache.ambari.server.api.services.persistence.PersistenceManagerImpl; import org.apache.ambari.server.controller.internal.RequestStatusImpl; +import org.apache.ambari.server.controller.spi.ClusterController; +import org.apache.ambari.server.controller.spi.Predicate; +import org.apache.ambari.server.controller.spi.Request; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.spi.Schema; import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.apache.ambari.server.security.TestAuthenticationFactory; +import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.junit.After; import org.junit.Test; +import org.springframework.security.core.context.SecurityContextHolder; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; - -import static org.easymock.EasyMock.*; -import static org.junit.Assert.*; +import static org.easymock.EasyMock.createMock; +import static org.easymock.EasyMock.createNiceMock; +import static org.easymock.EasyMock.createStrictMock; +import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.replay; +import static org.easymock.EasyMock.verify; +import static org.junit.Assert.assertEquals; /** * PersistenceManagerImpl unit tests. */ public class PersistenceManagerImplTest { + @After + public void clearAuthentication() { + SecurityContextHolder.getContext().setAuthentication(null); + } + + @Test + public void testPersistenceManagerImplAsClusterAdministrator() throws Exception { + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("ClusterAdmin", 2L)); + testCreate(); + testCreate___NoBodyProps(); + testCreate__MultipleResources(); + testUpdate(); + testDelete(); + } + + @Test + public void testPersistenceManagerImplAsServiceAdministrator() throws Exception { + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createServiceAdministrator("ServiceAdmin", 2L)); + testCreate(); + testCreate___NoBodyProps(); + testCreate__MultipleResources(); + testUpdate(); + testDelete(); + } + + @Test + public void testPersistenceManagerImplAsServiceOperator() throws Exception { + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createServiceOperator("ServiceOperator", 2L)); + testCreate(); + testCreate___NoBodyProps(); + testCreate__MultipleResources(); + testUpdate(); + testDelete(); + } + @Test + public void testPersistenceManagerImplAsClusterUser() throws Exception { + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterUser("ClusterUser", 2L)); + testCreate(); + testCreate___NoBodyProps(); + testCreate__MultipleResources(); + testUpdate(); + testDelete(); + } + + @Test (expected = AuthorizationException.class) + public void testPersistenceManagerImplAsViewUser() throws Exception { + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createViewUser("ViewUser", 2L)); + testCreate(); + testCreate___NoBodyProps(); + testCreate__MultipleResources(); + testUpdate(); + testDelete(); + } + public void testCreate() throws Exception { ResourceInstance resource = createMock(ResourceInstance.class); ResourceDefinition resourceDefinition = createMock(ResourceDefinition.class); @@ -87,7 +152,6 @@ public class PersistenceManagerImplTest { verify(resource, resourceDefinition, controller, schema, serverRequest); } - @Test public void testCreate___NoBodyProps() throws Exception { ResourceInstance resource = createMock(ResourceInstance.class); ResourceDefinition resourceDefinition = createMock(ResourceDefinition.class); @@ -123,13 +187,11 @@ public class PersistenceManagerImplTest { expect(controller.createResources(Resource.Type.Component, serverRequest)).andReturn(new RequestStatusImpl(null)); replay(resource, resourceDefinition, controller, schema, serverRequest); - new TestPersistenceManager(controller, setExpected, serverRequest).create(resource, body); verify(resource, resourceDefinition, controller, schema, serverRequest); } - @Test public void testCreate__MultipleResources() throws Exception { ResourceInstance resource = createMock(ResourceInstance.class); ResourceDefinition resourceDefinition = createMock(ResourceDefinition.class); @@ -180,13 +242,11 @@ public class PersistenceManagerImplTest { expect(controller.createResources(Resource.Type.Component, serverRequest)).andReturn(new RequestStatusImpl(null)); replay(resource, resourceDefinition, controller, schema, serverRequest); - new TestPersistenceManager(controller, setExpected, serverRequest).create(resource, body); verify(resource, resourceDefinition, controller, schema, serverRequest); } - @Test public void testUpdate() throws Exception { ResourceInstance resource = createMock(ResourceInstance.class); ResourceDefinition resourceDefinition = createMock(ResourceDefinition.class); @@ -233,7 +293,6 @@ public class PersistenceManagerImplTest { verify(resource, resourceDefinition, controller, schema, serverRequest, query, predicate); } - @Test public void testDelete() throws Exception { ResourceInstance resource = createNiceMock(ResourceInstance.class); ResourceDefinition resourceDefinition = createNiceMock(ResourceDefinition.class); http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java index 2b2c276..69b4b08 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java @@ -195,7 +195,8 @@ public class TestAuthenticationFactory { RoleAuthorization.SERVICE_VIEW_ALERTS, RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, - RoleAuthorization.SERVICE_VIEW_STATUS_INFO))); + RoleAuthorization.SERVICE_VIEW_STATUS_INFO, + RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA))); return permissionEntity; } @@ -226,7 +227,8 @@ public class TestAuthenticationFactory { RoleAuthorization.SERVICE_VIEW_ALERTS, RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, - RoleAuthorization.SERVICE_VIEW_STATUS_INFO))); + RoleAuthorization.SERVICE_VIEW_STATUS_INFO, + RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA))); return permissionEntity; } @@ -250,7 +252,8 @@ public class TestAuthenticationFactory { RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.CLUSTER_VIEW_CONFIGS, RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS, - RoleAuthorization.CLUSTER_VIEW_STATUS_INFO + RoleAuthorization.CLUSTER_VIEW_STATUS_INFO, + RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA ))); return permissionEntity; } @@ -271,7 +274,8 @@ public class TestAuthenticationFactory { RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.CLUSTER_VIEW_CONFIGS, RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS, - RoleAuthorization.CLUSTER_VIEW_STATUS_INFO + RoleAuthorization.CLUSTER_VIEW_STATUS_INFO, + RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA ))); return permissionEntity; } @@ -281,7 +285,7 @@ public class TestAuthenticationFactory { permissionEntity.setId(PermissionEntity.VIEW_USER_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); permissionEntity.setAuthorizations(createAuthorizations(EnumSet.of( - RoleAuthorization.VIEW_USE + RoleAuthorization.VIEW_USE ))); return permissionEntity; } http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java index b30bff3..9db3904 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java @@ -18,52 +18,42 @@ package org.apache.ambari.server.security.authorization; -import static org.easymock.EasyMock.createMockBuilder; -import static org.easymock.EasyMock.createNiceMock; -import static org.easymock.EasyMock.expect; -import static org.easymock.EasyMock.expectLastCall; -import static org.easymock.EasyMock.getCurrentArguments; -import static org.easymock.EasyMock.replay; -import static org.easymock.EasyMock.verify; - -import java.util.Collection; -import java.util.Collections; -import javax.persistence.EntityManager; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import com.google.common.collect.HashBasedTable; +import com.google.common.collect.Table; +import com.google.common.collect.Table.Cell; import com.google.inject.AbstractModule; import com.google.inject.Guice; import com.google.inject.Injector; import junit.framework.Assert; - import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.UserDAO; -import org.apache.ambari.server.orm.entities.PermissionEntity; -import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.state.stack.OsFamily; import org.apache.ambari.server.view.ViewRegistry; import org.easymock.EasyMock; -import org.easymock.IAnswer; import org.junit.After; import org.junit.Test; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContext; - -import com.google.common.collect.HashBasedTable; -import com.google.common.collect.Table; -import com.google.common.collect.Table.Cell; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.crypto.password.PasswordEncoder; +import javax.persistence.EntityManager; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Collections; + +import static org.easymock.EasyMock.createMockBuilder; +import static org.easymock.EasyMock.createNiceMock; +import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.replay; +import static org.easymock.EasyMock.verify; + public class AmbariAuthorizationFilterTest { @After public void clearAuthentication() { @@ -71,101 +61,6 @@ public class AmbariAuthorizationFilterTest { } @Test - public void testDoFilter_postPersist_hasOperatePermission() throws Exception { - FilterChain chain = createNiceMock(FilterChain.class); - HttpServletRequest request = createNiceMock(HttpServletRequest.class); - HttpServletResponse response = createNiceMock(HttpServletResponse.class); - AmbariAuthorizationFilter filter = createMockBuilder(AmbariAuthorizationFilter.class) - .addMockedMethod("getSecurityContext").withConstructor().createMock(); - SecurityContext securityContext = createNiceMock(SecurityContext.class); - Authentication authentication = createNiceMock(Authentication.class); - AmbariGrantedAuthority authority = createNiceMock(AmbariGrantedAuthority.class); - PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); - PermissionEntity permission = createNiceMock(PermissionEntity.class); - FilterConfig filterConfig = createNiceMock(FilterConfig.class); - Authentication auth = new UsernamePasswordAuthenticationToken("admin",null); - SecurityContextHolder.getContext().setAuthentication(auth); - - - expect(filterConfig.getInitParameter("realm")).andReturn("AuthFilter"); - expect(authentication.isAuthenticated()).andReturn(true); - expect(request.getRequestURI()).andReturn("/api/v1/persist/some_val"); - expect(authority.getPrivilegeEntity()).andReturn(privilegeEntity); - expect(privilegeEntity.getPermission()).andReturn(permission); - EasyMock.<Collection<? extends GrantedAuthority>>expect(authentication.getAuthorities()) - .andReturn(Collections.singletonList(authority)); - expect(filter.getSecurityContext()).andReturn(securityContext); - expect(securityContext.getAuthentication()).andReturn(authentication); - response.setHeader("User", "admin"); - expectLastCall().andAnswer(new IAnswer() { - public Object answer() { - String arg1 = (String) getCurrentArguments()[0]; - String arg2 = (String) getCurrentArguments()[1]; - Assert.assertEquals("User", arg1); - Assert.assertEquals("admin", arg2); - return null; - } - }); - - expect(permission.getId()).andReturn(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION); - - // expect continue filtering - chain.doFilter(request, response); - - replay(request, response, chain, filter, securityContext, authentication, authority, - privilegeEntity, permission, filterConfig); - - filter.init(filterConfig); - filter.doFilter(request, response, chain); - - verify(request, response, chain, filter, securityContext, authentication, authority, - privilegeEntity, permission, filterConfig); - } - - @Test - public void testDoFilter_postPersist_hasNoOperatePermission() throws Exception { - FilterChain chain = createNiceMock(FilterChain.class); - HttpServletRequest request = createNiceMock(HttpServletRequest.class); - HttpServletResponse response = createNiceMock(HttpServletResponse.class); - AmbariAuthorizationFilter filter = createMockBuilder(AmbariAuthorizationFilter.class) - .addMockedMethod("getSecurityContext").withConstructor().createMock(); - SecurityContext securityContext = createNiceMock(SecurityContext.class); - Authentication authentication = createNiceMock(Authentication.class); - AmbariGrantedAuthority authority = createNiceMock(AmbariGrantedAuthority.class); - PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); - PermissionEntity permission = createNiceMock(PermissionEntity.class); - FilterConfig filterConfig = createNiceMock(FilterConfig.class); - - expect(filterConfig.getInitParameter("realm")).andReturn("AuthFilter"); - expect(authentication.isAuthenticated()).andReturn(true); - expect(request.getRequestURI()).andReturn("/api/v1/persist/some_val"); - expect(authority.getPrivilegeEntity()).andReturn(privilegeEntity); - expect(privilegeEntity.getPermission()).andReturn(permission); - EasyMock.<Collection<? extends GrantedAuthority>>expect(authentication.getAuthorities()) - .andReturn(Collections.singletonList(authority)); - expect(filter.getSecurityContext()).andReturn(securityContext); - expect(securityContext.getAuthentication()).andReturn(authentication); - - - expect(request.getMethod()).andReturn("POST").anyTimes(); - expect(permission.getId()).andReturn(PermissionEntity.VIEW_USER_PERMISSION); - - // expect permission denial - response.setHeader("WWW-Authenticate", "Basic realm=\"AuthFilter\""); - response.sendError(HttpServletResponse.SC_FORBIDDEN, "You do not have permissions to access this resource."); - response.flushBuffer(); - - replay(request, response, chain, filter, securityContext, authentication, authority, - privilegeEntity, permission, filterConfig); - - filter.init(filterConfig); - filter.doFilter(request, response, chain); - - verify(request, response, chain, filter, securityContext, authentication, authority, - privilegeEntity, permission, filterConfig); - } - - @Test public void testDoFilter_adminAccess() throws Exception { final Table<String, String, Boolean> urlTests = HashBasedTable.create(); urlTests.put("/api/v1/clusters/cluster", "GET", true); @@ -206,7 +101,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/api/v1/views", "GET", true); urlTests.put("/api/v1/views", "POST", true); urlTests.put("/api/v1/persist/SomeValue", "GET", true); - urlTests.put("/api/v1/persist/SomeValue", "POST", false); + urlTests.put("/api/v1/persist/SomeValue", "POST", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", true); @@ -272,7 +167,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/api/v1/views", "GET", true); urlTests.put("/api/v1/views", "POST", true); urlTests.put("/api/v1/persist/SomeValue", "GET", true); - urlTests.put("/api/v1/persist/SomeValue", "POST", false); + urlTests.put("/api/v1/persist/SomeValue", "POST", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", true); @@ -305,7 +200,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/api/v1/views", "GET", true); urlTests.put("/api/v1/views", "POST", true); urlTests.put("/api/v1/persist/SomeValue", "GET", true); - urlTests.put("/api/v1/persist/SomeValue", "POST", false); + urlTests.put("/api/v1/persist/SomeValue", "POST", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", true); urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", true); http://git-wip-us.apache.org/repos/asf/ambari/blob/5b89dc75/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java index a909f84..7f3b80c 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java @@ -19,33 +19,12 @@ package org.apache.ambari.server.upgrade; -import static org.easymock.EasyMock.anyObject; -import static org.easymock.EasyMock.capture; -import static org.easymock.EasyMock.createMockBuilder; -import static org.easymock.EasyMock.createNiceMock; -import static org.easymock.EasyMock.createStrictMock; -import static org.easymock.EasyMock.eq; -import static org.easymock.EasyMock.expect; -import static org.easymock.EasyMock.newCapture; -import static org.easymock.EasyMock.replay; -import static org.easymock.EasyMock.reset; -import static org.easymock.EasyMock.verify; -import static org.junit.Assert.assertEquals; - -import java.lang.reflect.Field; -import java.lang.reflect.Method; -import java.sql.Connection; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.persistence.EntityManager; - +import com.google.inject.Binder; +import com.google.inject.Guice; +import com.google.inject.Injector; +import com.google.inject.Module; +import com.google.inject.Provider; +import junit.framework.Assert; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.api.services.AmbariMetaInfo; import org.apache.ambari.server.configuration.Configuration; @@ -62,13 +41,31 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; -import com.google.inject.Binder; -import com.google.inject.Guice; -import com.google.inject.Injector; -import com.google.inject.Module; -import com.google.inject.Provider; +import javax.persistence.EntityManager; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; -import junit.framework.Assert; +import static org.easymock.EasyMock.anyObject; +import static org.easymock.EasyMock.capture; +import static org.easymock.EasyMock.createMockBuilder; +import static org.easymock.EasyMock.createNiceMock; +import static org.easymock.EasyMock.createStrictMock; +import static org.easymock.EasyMock.eq; +import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.newCapture; +import static org.easymock.EasyMock.replay; +import static org.easymock.EasyMock.reset; +import static org.easymock.EasyMock.verify; +import static org.junit.Assert.assertEquals; public class UpgradeCatalog240Test { private static Injector injector; @@ -251,6 +248,7 @@ public class UpgradeCatalog240Test { public void testExecuteDMLUpdates() throws Exception { Method addNewConfigurationsFromXml = AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml"); Method updateAlerts = UpgradeCatalog240.class.getDeclaredMethod("updateAlerts"); + Method addManageUserPersistedDataPermission = UpgradeCatalog240.class.getDeclaredMethod("addManageUserPersistedDataPermission"); Method addSettingPermission = UpgradeCatalog240.class.getDeclaredMethod("addSettingPermission"); Capture<String> capturedStatements = newCapture(CaptureType.ALL); @@ -262,6 +260,7 @@ public class UpgradeCatalog240Test { .addMockedMethod(addNewConfigurationsFromXml) .addMockedMethod(updateAlerts) .addMockedMethod(addSettingPermission) + .addMockedMethod(addManageUserPersistedDataPermission) .createMock(); Field field = AbstractUpgradeCatalog.class.getDeclaredField("dbAccessor"); @@ -270,6 +269,7 @@ public class UpgradeCatalog240Test { upgradeCatalog240.addNewConfigurationsFromXml(); upgradeCatalog240.updateAlerts(); upgradeCatalog240.addSettingPermission(); + upgradeCatalog240.addManageUserPersistedDataPermission(); replay(upgradeCatalog240, dbAccessor);
