Repository: ambari Updated Branches: refs/heads/trunk 7eeab53c7 -> 4342a6b7e
http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java index a312e6a..d2d48a9 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java @@ -18,7 +18,7 @@ package org.apache.ambari.server.view; -import com.google.common.base.Strings; +import com.google.common.collect.FluentIterable; import com.google.common.collect.Sets; import com.google.common.eventbus.AllowConcurrentEvents; import com.google.common.eventbus.Subscribe; @@ -42,6 +42,8 @@ import org.apache.ambari.server.controller.spi.ResourceProvider; import org.apache.ambari.server.events.ServiceInstalledEvent; import org.apache.ambari.server.events.publishers.AmbariEventPublisher; import org.apache.ambari.server.orm.dao.MemberDAO; +import org.apache.ambari.server.orm.dao.PermissionDAO; +import org.apache.ambari.server.orm.dao.PrincipalDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ResourceDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; @@ -64,6 +66,7 @@ import org.apache.ambari.server.orm.entities.ViewParameterEntity; import org.apache.ambari.server.orm.entities.ViewResourceEntity; import org.apache.ambari.server.security.SecurityHelper; import org.apache.ambari.server.security.authorization.AuthorizationHelper; +import org.apache.ambari.server.security.authorization.ClusterInheritedPermissionHelper; import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.security.authorization.RoleAuthorization; import org.apache.ambari.server.state.Clusters; @@ -225,6 +228,18 @@ public class ViewRegistry { ResourceTypeDAO resourceTypeDAO; /** + * Principal data access object. + */ + @Inject + PrincipalDAO principalDAO; + + /** + * Permission data access objects + */ + @Inject + PermissionDAO permissionDAO; + + /** * The Ambari managed clusters. */ @Inject @@ -1640,6 +1655,7 @@ public class ViewRegistry { } List<String> services = autoInstanceConfig.getServices(); + List<String> permissions = autoInstanceConfig.getPermissions(); Map<String, org.apache.ambari.server.state.Cluster> allClusters = clustersProvider.get().getClusters(); for (org.apache.ambari.server.state.Cluster cluster : allClusters.values()) { @@ -1656,6 +1672,7 @@ public class ViewRegistry { ViewInstanceEntity viewInstanceEntity = createViewInstanceEntity(viewEntity, viewConfig, autoInstanceConfig); viewInstanceEntity.setClusterHandle(clusterName); installViewInstance(viewInstanceEntity); + addClusterInheritedPermissions(viewInstanceEntity, permissions); } } catch (Exception e) { LOG.error("Can't auto create instance of view " + viewName + " for cluster " + clusterName + @@ -1666,6 +1683,44 @@ public class ViewRegistry { } /** + * Validates principalTypes and creates privilege entities for each permission type for the view instance entity + * resource. + * @param viewInstanceEntity - view instance entity for which permission has to be set. + * @param principalTypes - list of cluster inherited principal types + */ + @Transactional + private void addClusterInheritedPermissions(ViewInstanceEntity viewInstanceEntity, List<String> principalTypes) { + List<String> validPermissions = FluentIterable.from(principalTypes) + .filter(ClusterInheritedPermissionHelper.validPrincipalTypePredicate) + .toList(); + + for(String permission: validPermissions) { + addClusterInheritedPermission(viewInstanceEntity, permission); + } + } + + private void addClusterInheritedPermission(ViewInstanceEntity viewInstanceEntity, String principalType) { + ResourceEntity resource = viewInstanceEntity.getResource(); + List<PrincipalEntity> principals = principalDAO.findByPrincipalType(principalType); + if (principals.size() == 0) { + LOG.error("Failed to find principal for principal type '{}'", principalType); + return; + } + + PrincipalEntity principal = principals.get(0); // There will be only one principal associated with the principal type + PermissionEntity permission = permissionDAO.findViewUsePermission(); + + if (!privilegeDAO.exists(principal, resource, permission)) { + PrivilegeEntity privilege = new PrivilegeEntity(); + privilege.setPrincipal(principal); + privilege.setResource(resource); + privilege.setPermission(permission); + + privilegeDAO.create(privilege); + } + } + + /** * Check the configured view max and min Ambari versions for the given view entity * against the given Ambari server version. * http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java index e837464..11efc76 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java @@ -18,10 +18,15 @@ package org.apache.ambari.server.view.configuration; +import com.google.common.base.Function; +import com.google.common.collect.FluentIterable; +import com.google.common.collect.Lists; + import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElementWrapper; +import java.util.Arrays; import java.util.List; /** @@ -46,6 +51,13 @@ public class AutoInstanceConfig extends InstanceConfig { private List<String> services; /** + * Cluster Inherited permissions. Comma separated strings for multiple values + * Possible values: ALL.CLUSTER.ADMINISTRATOR, ALL.CLUSTER.OPERATOR, ALL.CLUSTER.USER, + * ALL.SERVICE.OPERATOR, ALL.SERVICE.ADMINISTRATOR + */ + private String permissions; + + /** * Get the stack id used for auto instance creation. * * @return the stack id @@ -62,4 +74,19 @@ public class AutoInstanceConfig extends InstanceConfig { public List<String> getServices() { return services; } + + /** + * @return the list of configured cluster inherited permissions + */ + public List<String> getPermissions() { + if(permissions == null) { + return Lists.newArrayList(); + } + return FluentIterable.from(Arrays.asList(permissions.split(","))).transform(new Function<String, String>() { + @Override + public String apply(String permission) { + return permission.trim(); + } + }).toList(); + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql index 319afa5..0cf3537 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql @@ -1015,9 +1015,9 @@ INSERT INTO ambari_sequences (sequence_name, sequence_value) union all select 'resource_id_seq', 2 FROM SYSIBM.SYSDUMMY1 union all - select 'principal_type_id_seq', 3 FROM SYSIBM.SYSDUMMY1 + select 'principal_type_id_seq', 8 FROM SYSIBM.SYSDUMMY1 union all - select 'principal_id_seq', 2 FROM SYSIBM.SYSDUMMY1 + select 'principal_id_seq', 7 FROM SYSIBM.SYSDUMMY1 union all select 'permission_id_seq', 5 FROM SYSIBM.SYSDUMMY1 union all @@ -1095,10 +1095,30 @@ INSERT INTO adminresource (resource_id, resource_type_id) INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) SELECT 1, 'USER' FROM SYSIBM.SYSDUMMY1 UNION ALL - SELECT 2, 'GROUP' FROM SYSIBM.SYSDUMMY1; + SELECT 2, 'GROUP' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 4, 'ALL.CLUSTER.OPERATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 5, 'ALL.CLUSTER.USER' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1; INSERT INTO adminprincipal (principal_id, principal_type_id) - SELECT 1, 1 FROM SYSIBM.SYSDUMMY1; + SELECT 1, 1 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 2, 3 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 3, 4 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 4, 5 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 5, 6 FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 6, 7 FROM SYSIBM.SYSDUMMY1; INSERT INTO Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' FROM SYSIBM.SYSDUMMY1; http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index 9a20b8c..2142eb6 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -1005,8 +1005,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('operation_l INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instance_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 3); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 2); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1); @@ -1052,10 +1052,30 @@ insert into adminresource (resource_id, resource_type_id) insert into adminprincipaltype (principal_type_id, principal_type_name) select 1, 'USER' union all - select 2, 'GROUP'; + select 2, 'GROUP' + union all + select 3, 'ALL.CLUSTER.ADMINISTRATOR' + union all + select 4, 'ALL.CLUSTER.OPERATOR' + union all + select 5, 'ALL.CLUSTER.USER' + union all + select 6, 'ALL.SERVICE.ADMINISTRATOR' + union all + select 7, 'ALL.SERVICE.OPERATOR'; insert into adminprincipal (principal_id, principal_type_id) - select 1, 1; + select 1, 1 + union all + select 2, 3 + union all + select 3, 4 + union all + select 4, 5 + union all + select 5, 6 + union all + select 6, 7; insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index e1da719..a118ffa 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -997,8 +997,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('operation_l INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instance_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 3); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 2); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1); @@ -1046,10 +1046,30 @@ insert into adminresource (resource_id, resource_type_id) insert into adminprincipaltype (principal_type_id, principal_type_name) select 1, 'USER' from dual union all - select 2, 'GROUP' from dual; + select 2, 'GROUP' from dual + union all + select 3, 'ALL.CLUSTER.ADMINISTRATOR' from dual + union all + select 4, 'ALL.CLUSTER.OPERATOR' from dual + union all + select 5, 'ALL.CLUSTER.USER' from dual + union all + select 6, 'ALL.SERVICE.ADMINISTRATOR' from dual + union all + select 7, 'ALL.SERVICE.OPERATOR' from dual; insert into adminprincipal (principal_id, principal_type_id) - select 1, 1 from dual; + select 1, 1 from dual + union all + select 2, 3 from dual + union all + select 3, 4 from dual + union all + select 4, 5 from dual + union all + select 5, 6 from dual + union all + select 6, 7 from dual; insert into users(user_id, principal_id, user_name, user_password) select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual; http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index ab1eec4..3032dbf 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -1011,9 +1011,9 @@ INSERT INTO ambari_sequences (sequence_name, sequence_value) union all select 'resource_id_seq', 2 union all - select 'principal_type_id_seq', 3 + select 'principal_type_id_seq', 8 union all - select 'principal_id_seq', 2 + select 'principal_id_seq', 7 union all select 'permission_id_seq', 5 union all @@ -1091,10 +1091,30 @@ INSERT INTO adminresource (resource_id, resource_type_id) INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) SELECT 1, 'USER' UNION ALL - SELECT 2, 'GROUP'; + SELECT 2, 'GROUP' + UNION ALL + SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR' + UNION ALL + SELECT 4, 'ALL.CLUSTER.OPERATOR' + UNION ALL + SELECT 5, 'ALL.CLUSTER.USER' + UNION ALL + SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' + UNION ALL + SELECT 7, 'ALL.SERVICE.OPERATOR'; INSERT INTO adminprincipal (principal_id, principal_type_id) - SELECT 1, 1; + SELECT 1, 1 + UNION ALL + SELECT 2, 3 + UNION ALL + SELECT 3, 4 + UNION ALL + SELECT 4, 5 + UNION ALL + SELECT 5, 6 + UNION ALL + SELECT 6, 7; INSERT INTO Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql index bd869f4..af6e319 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql @@ -1168,9 +1168,9 @@ INSERT INTO ambari.ambari_sequences (sequence_name, sequence_value) union all select 'resource_id_seq', 2 union all - select 'principal_type_id_seq', 3 + select 'principal_type_id_seq', 8 union all - select 'principal_id_seq', 2 + select 'principal_id_seq', 7 union all select 'permission_id_seq', 5 union all @@ -1247,10 +1247,30 @@ INSERT INTO ambari.adminresource (resource_id, resource_type_id) INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name) SELECT 1, 'USER' UNION ALL - SELECT 2, 'GROUP'; + SELECT 2, 'GROUP' + UNION ALL + SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR' + UNION ALL + SELECT 4, 'ALL.CLUSTER.OPERATOR' + UNION ALL + SELECT 5, 'ALL.CLUSTER.USER' + UNION ALL + SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' + UNION ALL + SELECT 7, 'ALL.SERVICE.OPERATOR'; INSERT INTO ambari.adminprincipal (principal_id, principal_type_id) - SELECT 1, 1; + SELECT 1, 1 + UNION ALL + SELECT 2, 3 + UNION ALL + SELECT 3, 4 + UNION ALL + SELECT 4, 5 + UNION ALL + SELECT 5, 6 + UNION ALL + SELECT 6, 7; INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index fdba489..37acfea 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -995,8 +995,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('operation_l INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instance_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 3); -INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 2); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8); +INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1); INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1); @@ -1042,10 +1042,30 @@ insert into adminresource (resource_id, resource_type_id) insert into adminprincipaltype (principal_type_id, principal_type_name) select 1, 'USER' union all - select 2, 'GROUP'; + select 2, 'GROUP' + union all + select 3, 'ALL.CLUSTER.ADMINISTRATOR' + union all + select 4, 'ALL.CLUSTER.OPERATOR' + union all + select 5, 'ALL.CLUSTER.USER' + union all + select 6, 'ALL.SERVICE.ADMINISTRATOR' + union all + select 7, 'ALL.SERVICE.OPERATOR'; insert into adminprincipal (principal_id, principal_type_id) - select 1, 1; + select 1, 1 + union all + select 2, 3 + union all + select 3, 4 + union all + select 4, 5 + union all + select 5, 6 + union all + select 6, 7; insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index a1da8e5..b97403f 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -1021,8 +1021,8 @@ BEGIN TRANSACTION ('view_instance_id_seq', 1), ('resource_type_id_seq', 4), ('resource_id_seq', 2), - ('principal_type_id_seq', 3), - ('principal_id_seq', 2), + ('principal_type_id_seq', 8), + ('principal_id_seq', 7), ('permission_id_seq', 5), ('privilege_id_seq', 1), ('alert_definition_id_seq', 0), @@ -1067,10 +1067,21 @@ BEGIN TRANSACTION insert into adminprincipaltype (principal_type_id, principal_type_name) values (1, 'USER'), - (2, 'GROUP'); + (2, 'GROUP'), + (3, 'ALL.CLUSTER.ADMINISTRATOR'), + (4, 'ALL.CLUSTER.OPERATOR'), + (5, 'ALL.CLUSTER.USER'), + (6, 'ALL.SERVICE.ADMINISTRATOR'), + (7, 'ALL.SERVICE.OPERATOR'); insert into adminprincipal (principal_id, principal_type_id) - select 1, 1; + values + (1, 1), + (2, 3), + (3, 4), + (4, 5), + (5, 6), + (6, 7); insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java index 735e927..be73a50 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java @@ -54,6 +54,7 @@ import org.apache.ambari.server.orm.entities.ClusterEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.alert.AlertDefinition; @@ -100,6 +101,7 @@ public class AlertDefinitionResourceProviderTest { new InMemoryDefaultTestModule()).with(new MockModule())); m_injector.injectMembers(m_factory); + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); } @After http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java index 1aeb9f5..e2e29f8 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java @@ -56,6 +56,7 @@ import org.apache.ambari.server.orm.entities.AlertGroupEntity; import org.apache.ambari.server.orm.entities.AlertTargetEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.alert.AlertTarget; @@ -125,6 +126,7 @@ public class AlertGroupResourceProviderTest { expect(m_clusters.getClusterById(1L)).andReturn(m_cluster).anyTimes(); expect(m_cluster.getClusterId()).andReturn(1L).anyTimes(); expect(m_cluster.getResourceId()).andReturn(4L).anyTimes(); + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); } @After http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertHistoryResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertHistoryResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertHistoryResourceProviderTest.java index c1c9679..f176605 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertHistoryResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertHistoryResourceProviderTest.java @@ -45,6 +45,7 @@ import org.apache.ambari.server.orm.entities.ClusterEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.AlertState; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; @@ -79,6 +80,7 @@ public class AlertHistoryResourceProviderTest { new InMemoryDefaultTestModule()).with(new MockModule())); m_injector.injectMembers(this); + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); } @After http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertNoticeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertNoticeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertNoticeResourceProviderTest.java index 9f38adf..d2b7c41 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertNoticeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertNoticeResourceProviderTest.java @@ -48,6 +48,7 @@ import org.apache.ambari.server.orm.entities.ClusterEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.AlertState; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; @@ -83,6 +84,7 @@ public class AlertNoticeResourceProviderTest { new InMemoryDefaultTestModule()).with(new MockModule())); Assert.assertNotNull(m_injector); + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); } @After http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertResourceProviderTest.java index 822862c..93dff82 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertResourceProviderTest.java @@ -68,6 +68,7 @@ import org.apache.ambari.server.orm.entities.ClusterEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.AlertState; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; @@ -123,6 +124,7 @@ public class AlertResourceProviderTest { expect(cluster.getClusterProperty(ConfigHelper.CLUSTER_ENV_ALERT_REPEAT_TOLERANCE, "1")).andReturn("1").atLeastOnce(); replay(m_amc, clusters, cluster); + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); } @After http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ComponentResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ComponentResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ComponentResourceProviderTest.java index d7b45e0..7ec6e66 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ComponentResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ComponentResourceProviderTest.java @@ -63,6 +63,7 @@ import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.ComponentInfo; @@ -95,6 +96,7 @@ public class ComponentResourceProviderTest { @Before public void clearAuthentication() { + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); SecurityContextHolder.getContext().setAuthentication(null); } http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java index bab9394..f03d240 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java @@ -18,6 +18,7 @@ package org.apache.ambari.server.controller.internal; +import com.google.common.collect.Lists; import junit.framework.Assert; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; @@ -27,6 +28,7 @@ import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.GroupDAO; +import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.ClusterEntity; import org.apache.ambari.server.orm.entities.MemberEntity; @@ -122,10 +124,11 @@ public class GroupPrivilegeResourceProviderTest extends EasyMockSupport { ClusterDAO clusterDAO = createMock(ClusterDAO.class); ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -172,10 +175,11 @@ public class GroupPrivilegeResourceProviderTest extends EasyMockSupport { GroupDAO groupDAO = createMock(GroupDAO.class); expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes(); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -229,9 +233,11 @@ public class GroupPrivilegeResourceProviderTest extends EasyMockSupport { GroupDAO groupDAO = createMock(GroupDAO.class); expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes(); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -286,10 +292,11 @@ public class GroupPrivilegeResourceProviderTest extends EasyMockSupport { GroupDAO groupDAO = createMock(GroupDAO.class); expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes(); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -313,6 +320,7 @@ public class GroupPrivilegeResourceProviderTest extends EasyMockSupport { final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class); final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class); + final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); expect(groupDAO.findGroupByName(requestedGroupName)).andReturn(groupEntity).anyTimes(); expect(groupEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); @@ -331,10 +339,11 @@ public class GroupPrivilegeResourceProviderTest extends EasyMockSupport { expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes(); expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes(); expect(resourceTypeEntity.getName()).andReturn(ResourceType.AMBARI.name()); + expect(viewInstanceDAO.findAll()).andReturn(Lists.<ViewInstanceEntity>newArrayList()).anyTimes(); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); final Set<String> propertyIds = new HashSet<String>(); propertyIds.add(GroupPrivilegeResourceProvider.PRIVILEGE_GROUP_NAME_PROPERTY_ID); http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostResourceProviderTest.java index 853545e..ca332fd 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostResourceProviderTest.java @@ -46,6 +46,7 @@ import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.scheduler.ExecutionScheduler; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.ComponentInfo; @@ -113,6 +114,7 @@ public class HostResourceProviderTest extends EasyMockSupport { } private void testCreateResources(Authentication authentication) throws Exception { + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); Resource.Type type = Resource.Type.Host; Injector injector = createInjector(); @@ -185,6 +187,7 @@ public class HostResourceProviderTest extends EasyMockSupport { } private void testGetResources(Authentication authentication) throws Exception { + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); Resource.Type type = Resource.Type.Host; Injector injector = createInjector(); AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class); http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java index d509fd3..65efc63 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java @@ -69,6 +69,7 @@ import org.apache.ambari.server.orm.dao.RequestDAO; import org.apache.ambari.server.orm.entities.RequestEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.topology.ClusterTopology; @@ -134,6 +135,8 @@ public class RequestResourceProviderTest { field = RequestResourceProvider.class.getDeclaredField("topologyManager"); field.setAccessible(true); field.set(null, topologyManager); + + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); } @After http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java index d8bd566..4e0ba24 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java @@ -18,12 +18,9 @@ package org.apache.ambari.server.controller.internal; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; import junit.framework.Assert; - import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; import org.apache.ambari.server.controller.spi.Resource; @@ -32,6 +29,7 @@ import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.GroupDAO; +import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.ClusterEntity; @@ -45,14 +43,19 @@ import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.orm.entities.ViewEntity; import org.apache.ambari.server.orm.entities.ViewInstanceEntity; +import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.ResourceType; -import org.apache.ambari.server.security.TestAuthenticationFactory; import org.easymock.EasyMockSupport; import org.junit.Test; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + import static org.easymock.EasyMock.anyObject; import static org.easymock.EasyMock.expect; @@ -131,9 +134,11 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { GroupDAO groupDAO = createMock(GroupDAO.class); ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -182,9 +187,11 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { UserDAO userDAO = createMock(UserDAO.class); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -239,9 +246,11 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { UserDAO userDAO = createMock(UserDAO.class); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -298,9 +307,11 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { UserDAO userDAO = createMock(UserDAO.class); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -312,6 +323,100 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { verifyAll(); } + @Test + public void testToResource_SpecificVIEW_WithClusterInheritedPermission() throws Exception { + SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L)); + + PermissionEntity permissionEntity = createMock(PermissionEntity.class); + expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").atLeastOnce(); + expect(permissionEntity.getPermissionLabel()).andReturn("Cluster Administrator").atLeastOnce(); + + PrincipalTypeEntity principalTypeEntity = createMock(PrincipalTypeEntity.class); + expect(principalTypeEntity.getName()).andReturn("USER").atLeastOnce(); + + PrincipalEntity principalEntity = createMock(PrincipalEntity.class); + expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).atLeastOnce(); + + + PrincipalTypeEntity principalTypeWithAllClusterAdministrator = createNiceMock(PrincipalTypeEntity.class); + expect(principalTypeWithAllClusterAdministrator.getName()).andReturn("ALL.CLUSTER.ADMINISTRATOR").atLeastOnce(); + + PrincipalEntity principalEntityWithAllClusterAdministrator = createNiceMock(PrincipalEntity.class); + expect(principalEntityWithAllClusterAdministrator.getPrincipalType()).andReturn(principalTypeWithAllClusterAdministrator).atLeastOnce(); + + ViewEntity viewEntity = createMock(ViewEntity.class); + expect(viewEntity.getCommonName()).andReturn("TestView").atLeastOnce(); + expect(viewEntity.getVersion()).andReturn("1.2.3.4").atLeastOnce(); + + + + ResourceTypeEntity resourceTypeEntity = createMock(ResourceTypeEntity.class); + expect(resourceTypeEntity.getName()).andReturn("TestView{1.2.3.4}").atLeastOnce(); + + ResourceEntity resourceEntity = createMock(ResourceEntity.class); + expect(resourceEntity.getId()).andReturn(1L).anyTimes(); + expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes(); + + ViewInstanceEntity viewInstanceEntity = createMock(ViewInstanceEntity.class); + expect(viewInstanceEntity.getViewEntity()).andReturn(viewEntity).atLeastOnce(); + expect(viewInstanceEntity.getName()).andReturn("Test View").atLeastOnce(); + expect(viewInstanceEntity.getClusterHandle()).andReturn("c1").atLeastOnce(); + expect(viewInstanceEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); + + PrivilegeEntity privilegeEntityViewWithClusterAdminAccess = createMock(PrivilegeEntity.class); + expect(privilegeEntityViewWithClusterAdminAccess.getPrincipal()).andReturn(principalEntityWithAllClusterAdministrator).atLeastOnce(); + + PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class); + expect(privilegeEntity.getId()).andReturn(1).atLeastOnce(); + expect(privilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce(); + expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); + expect(privilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); + + expect(principalEntity.getPrivileges()).andReturn(Sets.newHashSet(privilegeEntity)).atLeastOnce(); + + UserEntity userEntity = createMock(UserEntity.class); + expect(userEntity.getUserName()).andReturn("jdoe").atLeastOnce(); + expect(userEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); + expect(userEntity.getMemberEntities()).andReturn(Sets.<MemberEntity>newHashSet()).atLeastOnce(); + + ClusterDAO clusterDAO = createMock(ClusterDAO.class); + GroupDAO groupDAO = createMock(GroupDAO.class); + + ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); + expect(viewInstanceDAO.findByResourceId(1L)).andReturn(viewInstanceEntity).atLeastOnce(); + expect(viewInstanceDAO.findAll()).andReturn(Lists.newArrayList(viewInstanceEntity)).atLeastOnce(); + + final UserDAO userDAO = createNiceMock(UserDAO.class); + expect(userDAO.findLocalUserByName("jdoe")).andReturn(userEntity).anyTimes(); + expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); + + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + expect(privilegeDAO.findByResourceId(1L)).andReturn(Lists.newArrayList(privilegeEntity, privilegeEntityViewWithClusterAdminAccess)).anyTimes(); + + replayAll(); + + final Set<String> propertyIds = new HashSet<String>(); + propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); + final Predicate predicate = new PredicateBuilder() + .property(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID) + .equals("jdoe") + .toPredicate(); + TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L); + Request request = PropertyHelper.getReadRequest(propertyIds); + + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); + UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); + Set<Resource> resources = provider.getResources(request, predicate); + + Assert.assertEquals(1, resources.size()); + for (Resource resource : resources) { + String userName = (String) resource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); + Assert.assertEquals("jdoe", userName); + } + + verifyAll(); + } + // @SuppressWarnings("serial") private void getResourcesTest(Authentication authentication, String requestedUsername) throws Exception { final UserPrivilegeResourceProvider resourceProvider = new UserPrivilegeResourceProvider(); @@ -319,6 +424,7 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { final GroupDAO groupDAO = createNiceMock(GroupDAO.class); final ClusterDAO clusterDAO = createNiceMock(ClusterDAO.class); final ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); final UserEntity userEntity = createNiceMock(UserEntity.class); final PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class); final PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); @@ -344,10 +450,11 @@ public class UserPrivilegeResourceProviderTest extends EasyMockSupport { expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes(); expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes(); expect(resourceTypeEntity.getName()).andReturn(ResourceType.AMBARI.name()); + expect(viewInstanceDAO.findAll()).andReturn(new ArrayList<ViewInstanceEntity>()).anyTimes(); replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); final Set<String> propertyIds = new HashSet<String>(); propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java index d8bf496..1628f1f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/JMXPropertyProviderTest.java @@ -34,6 +34,7 @@ import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.orm.InMemoryDefaultTestModule; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.junit.After; @@ -95,6 +96,7 @@ public class JMXPropertyProviderTest { } replay(amc, clusters, cluster); + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); } @After http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java index 8611e68..8954970 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/metrics/ganglia/GangliaPropertyProviderTest.java @@ -34,6 +34,7 @@ import org.apache.ambari.server.controller.spi.TemporalInfo; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; +import org.apache.ambari.server.security.authorization.AuthorizationHelperInitializer; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.utils.CollectionPresentationUtils; @@ -173,6 +174,7 @@ public class GangliaPropertyProviderTest { @Test(expected = AuthorizationException.class) public void testGangliaPropertyProviderAsViewUser() throws Exception { + AuthorizationHelperInitializer.viewInstanceDAOReturningNull(); // Setup user with 'ViewUser' // ViewUser doesn't have the 'CLUSTER_VIEW_METRICS', 'HOST_VIEW_METRICS' and 'SERVICE_VIEW_METRICS', thus // can't retrieve the Metrics. http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperInitializer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperInitializer.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperInitializer.java new file mode 100644 index 0000000..532cb21 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperInitializer.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * <p/> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p/> + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.security.authorization; + +import com.google.inject.Provider; +import org.apache.ambari.server.orm.dao.ViewInstanceDAO; + +import static org.easymock.EasyMock.anyLong; +import static org.easymock.EasyMock.createNiceMock; +import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.replay; + +/** + * Test helper to set DAO object to static variables and set proper expectation in AuthenticationHelper + */ +public class AuthorizationHelperInitializer { + + public static void viewInstanceDAOReturningNull() { + Provider viewInstanceDAOProvider = createNiceMock(Provider.class); + ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + expect(viewInstanceDAOProvider.get()).andReturn(viewInstanceDAO).anyTimes(); + expect(viewInstanceDAO.findByResourceId(anyLong())).andReturn(null).anyTimes(); + + replay(viewInstanceDAOProvider, viewInstanceDAO); + + AuthorizationHelper.viewInstanceDAOProvider = viewInstanceDAOProvider; + } + + + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java index 5f24299..9c59aab 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java @@ -17,14 +17,11 @@ */ package org.apache.ambari.server.security.authorization; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.EnumSet; -import java.util.HashSet; -import java.util.Set; - +import com.google.common.collect.Lists; +import com.google.inject.AbstractModule; +import com.google.inject.Provider; +import org.apache.ambari.server.orm.dao.PrivilegeDAO; +import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; @@ -32,7 +29,9 @@ import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; +import org.apache.ambari.server.orm.entities.ViewInstanceEntity; import org.easymock.EasyMockRule; +import org.easymock.EasyMockSupport; import org.easymock.Mock; import org.easymock.MockType; import org.junit.Assert; @@ -47,6 +46,14 @@ import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.EnumSet; +import java.util.HashSet; +import java.util.Set; + import static org.easymock.EasyMock.eq; import static org.easymock.EasyMock.expect; import static org.easymock.EasyMock.expectLastCall; @@ -57,7 +64,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; -public class AuthorizationHelperTest { +public class AuthorizationHelperTest extends EasyMockSupport { @Rule public EasyMockRule mocks = new EasyMockRule(this); @@ -164,6 +171,23 @@ public class AuthorizationHelperTest { @Test public void testIsAuthorized() { + + Provider viewInstanceDAOProvider = createNiceMock(Provider.class); + Provider privilegeDAOProvider = createNiceMock(Provider.class); + + ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + + expect(viewInstanceDAOProvider.get()).andReturn(viewInstanceDAO).anyTimes(); + expect(privilegeDAOProvider.get()).andReturn(privilegeDAO).anyTimes(); + + replayAll(); + + AuthorizationHelper.viewInstanceDAOProvider = viewInstanceDAOProvider; + AuthorizationHelper.privilegeDAOProvider = privilegeDAOProvider; + + + RoleAuthorizationEntity readOnlyRoleAuthorizationEntity = new RoleAuthorizationEntity(); readOnlyRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_VIEW_METRICS.getId()); @@ -297,6 +321,73 @@ public class AuthorizationHelperTest { assertTrue(AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, 1L, EnumSet.of(RoleAuthorization.AMBARI_MANAGE_USERS))); } + @Test + public void testIsAuthorizedForClusterInheritedPermission() { + + ResourceTypeEntity clusterResourceTypeEntity = new ResourceTypeEntity(); + clusterResourceTypeEntity.setId(1); + clusterResourceTypeEntity.setName(ResourceType.CLUSTER.name()); + + ResourceEntity clusterResourceEntity = new ResourceEntity(); + clusterResourceEntity.setResourceType(clusterResourceTypeEntity); + clusterResourceEntity.setId(1L); + + PermissionEntity clusterPermissionEntity = new PermissionEntity(); + clusterPermissionEntity.setPermissionName("CLUSTER.ADMINISTRATOR"); + + RoleAuthorizationEntity readOnlyRoleAuthorizationEntity = new RoleAuthorizationEntity(); + readOnlyRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_VIEW_METRICS.getId()); + + RoleAuthorizationEntity privilegedRoleAuthorizationEntity = new RoleAuthorizationEntity(); + privilegedRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS.getId()); + + + clusterPermissionEntity.setAuthorizations(Arrays.asList(readOnlyRoleAuthorizationEntity, + privilegedRoleAuthorizationEntity)); + + PrivilegeEntity clusterPrivilegeEntity = new PrivilegeEntity(); + clusterPrivilegeEntity.setPermission(clusterPermissionEntity); + clusterPrivilegeEntity.setResource(clusterResourceEntity); + + GrantedAuthority clusterAuthority = new AmbariGrantedAuthority(clusterPrivilegeEntity); + Authentication clusterUser = new TestAuthentication(Collections.singleton(clusterAuthority)); + + + Provider viewInstanceDAOProvider = createNiceMock(Provider.class); + Provider privilegeDAOProvider = createNiceMock(Provider.class); + + ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + + ViewInstanceEntity viewInstanceEntity = createNiceMock(ViewInstanceEntity.class); + expect(viewInstanceEntity.getClusterHandle()).andReturn("c1").anyTimes(); + + PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); + PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class); + PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); + + expect(viewInstanceDAOProvider.get()).andReturn(viewInstanceDAO).anyTimes(); + expect(privilegeDAOProvider.get()).andReturn(privilegeDAO).anyTimes(); + + expect(viewInstanceDAO.findByResourceId(2L)).andReturn(viewInstanceEntity).anyTimes(); + + expect(privilegeDAO.findByResourceId(2L)).andReturn(Lists.newArrayList(privilegeEntity)).anyTimes(); + + expect(principalTypeEntity.getName()).andReturn("ALL.CLUSTER.ADMINISTRATOR").anyTimes(); + expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); + expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); + + replayAll(); + + AuthorizationHelper.viewInstanceDAOProvider = viewInstanceDAOProvider; + AuthorizationHelper.privilegeDAOProvider = privilegeDAOProvider; + + SecurityContext context = SecurityContextHolder.getContext(); + context.setAuthentication(clusterUser); + + assertTrue(AuthorizationHelper.isAuthorized(ResourceType.VIEW, 2L, EnumSet.of(RoleAuthorization.VIEW_USE))); + } + public void testIsAuthorizedForSpecificView() { RoleAuthorizationEntity readOnlyRoleAuthorizationEntity = new RoleAuthorizationEntity(); readOnlyRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_VIEW_METRICS.getId()); http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java index 542c324..3773253 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java @@ -384,11 +384,18 @@ public class UpgradeCatalog240Test { Method removeHiveOozieDBConnectionConfigs = UpgradeCatalog240.class.getDeclaredMethod("removeHiveOozieDBConnectionConfigs"); Method updateClustersAndHostsVersionStateTableDML = UpgradeCatalog240.class.getDeclaredMethod("updateClustersAndHostsVersionStateTableDML"); Method removeStandardDeviationAlerts = UpgradeCatalog240.class.getDeclaredMethod("removeStandardDeviationAlerts"); + Method getAndIncrementSequence = AbstractUpgradeCatalog.class.getDeclaredMethod("getAndIncrementSequence", String.class); + Capture<String> capturedStatements = newCapture(CaptureType.ALL); + Capture<String> capturedTablesNames = newCapture(CaptureType.ALL); + Capture<String[]> captureColumnNames = newCapture(CaptureType.ALL); + Capture<String[]> captureColumnValues = newCapture(CaptureType.ALL); + DBAccessor dbAccessor = createStrictMock(DBAccessor.class); expect(dbAccessor.executeUpdate(capture(capturedStatements))).andReturn(1).times(7); + expect(dbAccessor.insertRow(capture(capturedTablesNames), capture(captureColumnNames), capture(captureColumnValues), anyBoolean())).andReturn(true).times(10); UpgradeCatalog240 upgradeCatalog240 = createMockBuilder(UpgradeCatalog240.class) .addMockedMethod(addNewConfigurationsFromXml) @@ -405,8 +412,11 @@ public class UpgradeCatalog240Test { .addMockedMethod(removeHiveOozieDBConnectionConfigs) .addMockedMethod(updateClustersAndHostsVersionStateTableDML) .addMockedMethod(removeStandardDeviationAlerts) + .addMockedMethod(getAndIncrementSequence) .createMock(); + expect(upgradeCatalog240.getAndIncrementSequence(anyString())).andReturn(1).anyTimes(); + Field field = AbstractUpgradeCatalog.class.getDeclaredField("dbAccessor"); field.set(upgradeCatalog240, dbAccessor); @@ -441,6 +451,47 @@ public class UpgradeCatalog240Test { Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=5 WHERE permission_name='SERVICE.OPERATOR'")); Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=6 WHERE permission_name='CLUSTER.USER'")); Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=7 WHERE permission_name='VIEW.USER'")); + + + List<String> tableNames = capturedTablesNames.getValues(); + Assert.assertNotNull(tableNames); + Assert.assertEquals(10, tableNames.size()); + Assert.assertTrue(tableNames.contains("adminprincipaltype")); + Assert.assertTrue(tableNames.contains("adminprincipal")); + + List<String[]> tableColumns = captureColumnNames.getValues(); + Assert.assertNotNull(tableColumns); + Assert.assertEquals(10, tableColumns.size()); + Assert.assertTrue(shouldOnlyHaveValidColumns(tableColumns)); + + List<String[]> tableColumnsValue = captureColumnValues.getValues(); + Assert.assertNotNull(tableColumnsValue); + Assert.assertEquals(10, tableColumnsValue.size()); + isValidValues(tableColumnsValue.get(0), "3", "'ALL.CLUSTER.ADMINISTRATOR'"); + isValidValues(tableColumnsValue.get(1), "4", "'ALL.CLUSTER.OPERATOR'"); + isValidValues(tableColumnsValue.get(2), "5", "'ALL.CLUSTER.USER'"); + isValidValues(tableColumnsValue.get(3), "6", "'ALL.SERVICE.ADMINISTRATOR'"); + isValidValues(tableColumnsValue.get(4), "7", "'ALL.SERVICE.OPERATOR'"); + isValidValues(tableColumnsValue.get(5), "1", "3"); + isValidValues(tableColumnsValue.get(6), "1", "4"); + isValidValues(tableColumnsValue.get(7), "1", "5"); + isValidValues(tableColumnsValue.get(8), "1", "6"); + isValidValues(tableColumnsValue.get(9), "1", "7"); + } + + private void isValidValues(String[] actual, String expectedFirst, String expectedSecond) { + Assert.assertEquals(expectedFirst, actual[0]); + Assert.assertEquals(expectedSecond, actual[1]); + } + + private boolean shouldOnlyHaveValidColumns(List<String[]> tableColumns) { + for(String[] columns: tableColumns) { + if (!(("principal_type_id".equalsIgnoreCase(columns[0]) && "principal_type_name".equalsIgnoreCase(columns[1])) + || ("principal_id".equalsIgnoreCase(columns[0]) && "principal_type_id".equalsIgnoreCase(columns[1])))) { + return false; + } + } + return true; } @Test http://git-wip-us.apache.org/repos/asf/ambari/blob/4342a6b7/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java index fde5376..3c4a440 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java @@ -75,6 +75,7 @@ public class AutoInstanceConfigTest { " </property>\n" + " <stack-id>HDP-2.0</stack-id>\n" + " <services><service>HIVE</service><service>HDFS</service></services>\n" + + " <permissions>ALL.CLUSTER.OPERATOR, ALL.CLUSTER.USER</permissions>\n" + " </auto-instance>\n" + "</view>"; @@ -109,6 +110,15 @@ public class AutoInstanceConfigTest { assertTrue(serviceNames.contains("HDFS")); } + @Test + public void shouldParseClusterInheritedPermissions() throws Exception { + AutoInstanceConfig config = getAutoInstanceConfigs(VIEW_XML); + List<String> permissions = config.getPermissions(); + assertEquals(2, permissions.size()); + assertTrue(permissions.contains("ALL.CLUSTER.OPERATOR")); + assertTrue(permissions.contains("ALL.CLUSTER.USER")); + } + public static AutoInstanceConfig getAutoInstanceConfigs(String xml) throws JAXBException { ViewConfig config = ViewConfigTest.getConfig(xml); return config.getAutoInstance();
