Repository: ambari Updated Branches: refs/heads/trunk ff83f4dd8 -> 39f4cb806
AMBARI-16224. RBAC: Clean up roles after ambari upgrade (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/39f4cb80 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/39f4cb80 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/39f4cb80 Branch: refs/heads/trunk Commit: 39f4cb806ab7522b27a48d6871c0de5a019195d3 Parents: ff83f4d Author: Robert Levas <[email protected]> Authored: Wed May 4 14:50:56 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Wed May 4 14:50:56 2016 -0400 ---------------------------------------------------------------------- .../server/upgrade/UpgradeCatalog240.java | 158 ++++++++++++++ .../server/upgrade/UpgradeCatalog240Test.java | 205 ++++++++++++++++++- 2 files changed, 362 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/39f4cb80/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java index dc8d9b7..f85a4c7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java @@ -38,12 +38,22 @@ import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.controller.AmbariManagementController; import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo; import org.apache.ambari.server.orm.dao.AlertDefinitionDAO; +import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.PermissionDAO; +import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; +import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.AlertDefinitionEntity; +import org.apache.ambari.server.orm.entities.ClusterEntity; import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.PrivilegeEntity; +import org.apache.ambari.server.orm.entities.ResourceEntity; +import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; +import org.apache.ambari.server.orm.entities.UserEntity; +import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.state.AlertFirmness; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; @@ -113,13 +123,34 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { private static final String PRINCIPAL_TYPE_TABLE = "adminprincipaltype"; private static final String PRINCIPAL_TABLE = "adminprincipal"; + private static final Map<String, Integer> ROLE_ORDER; + + static { + // Manually create role order since there really isn't any mechanism for this + ROLE_ORDER = new HashMap<String, Integer>(); + ROLE_ORDER.put("AMBARI.ADMINISTRATOR", 1); + ROLE_ORDER.put("CLUSTER.ADMINISTRATOR", 2); + ROLE_ORDER.put("CLUSTER.OPERATOR", 3); + ROLE_ORDER.put("SERVICE.ADMINISTRATOR", 4); + ROLE_ORDER.put("SERVICE.OPERATOR", 5); + ROLE_ORDER.put("CLUSTER.USER", 6); + } + + @Inject + UserDAO userDAO; @Inject PermissionDAO permissionDAO; @Inject + PrivilegeDAO privilegeDAO; + + @Inject ResourceTypeDAO resourceTypeDAO; + @Inject + ClusterDAO clusterDAO; + /** * Logger. */ @@ -231,6 +262,7 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { updateClustersAndHostsVersionStateTableDML(); removeStandardDeviationAlerts(); updateClusterInheritedPermissionsConfig(); + consolidateUserRoles(); } protected void updateClusterInheritedPermissionsConfig() throws SQLException { @@ -1643,4 +1675,130 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { } } } + + /** + * Ensures that each user has only one explicit role. + * <p> + * Before Ambari 2.4.0, users were allowed to have multiple permissions, which were like roles. + * In Ambari 2.4.0, the concept of roles was added, where each user may have a single role + * explicitly assigned - other roles may be assumed based on group assignments and access to views. + * <p> + * For each user, determine the set of explicitly set roles and prune off all but the role with + * the greater set of permissions. + */ + void consolidateUserRoles() { + LOG.info("Consolidating User Roles..."); + + List<UserEntity> users = userDAO.findAll(); + if(users != null) { + for (UserEntity user : users) { + PrincipalEntity principal = user.getPrincipal(); + + if (principal != null) { + Set<PrivilegeEntity> privileges = principal.getPrivileges(); + + if (privileges != null) { + Map<ResourceEntity, Set<PrivilegeEntity>> resourceExplicitPrivileges = new HashMap<ResourceEntity, Set<PrivilegeEntity>>(); + PrivilegeEntity ambariAdministratorPrivilege = null; + + // Find the set of explicitly assigned roles per cluster + for (PrivilegeEntity privilege : privileges) { + ResourceEntity resource = privilege.getResource(); + + if (resource != null) { + ResourceTypeEntity resourceType = resource.getResourceType(); + + if (resourceType != null) { + String type = resourceType.getName(); + + // If the privilege is for the CLUSTER or AMBARI, it is an explicitly assigned role. + if (ResourceType.CLUSTER.name().equalsIgnoreCase(type)) { + // If the privilege is for a CLUSTER, create a map of cluster to roles. + Set<PrivilegeEntity> explicitPrivileges = resourceExplicitPrivileges.get(resource); + + if (explicitPrivileges == null) { + explicitPrivileges = new HashSet<PrivilegeEntity>(); + resourceExplicitPrivileges.put(resource, explicitPrivileges); + } + + explicitPrivileges.add(privilege); + } else if (ResourceType.AMBARI.name().equalsIgnoreCase(type)) { + // If the privilege is for AMBARI, assume the user is an Ambari Administrator. + ambariAdministratorPrivilege = privilege; + } + } + } + } + + if(ambariAdministratorPrivilege != null) { + // If the user is an Ambari admin, add that privilege to each set of privileges + for (Set<PrivilegeEntity> explicitPrivileges : resourceExplicitPrivileges.values()) { + explicitPrivileges.add(ambariAdministratorPrivilege); + } + } + + // For each cluster resource, if the user has more than one role, prune off the lower + // privileged roles. + // If the user has roles for a cluster and is also an Ambari administrator + // (ambariAdministratorPrivilege is not null), the Ambari administrator role takes + // precedence over all other roles + for (Map.Entry<ResourceEntity, Set<PrivilegeEntity>> entry : resourceExplicitPrivileges.entrySet()) { + Set<PrivilegeEntity> explicitPrivileges = entry.getValue(); + + if (explicitPrivileges.size() > 1) { + LOG.info("{} has {} explicitly assigned roles for the cluster {}, consolidating...", + user.getUserName(), explicitPrivileges.size(), getClusterName(entry.getKey())); + + PrivilegeEntity toKeep = null; + PrivilegeEntity toRemove = null; + + for (PrivilegeEntity privilegeEntity : explicitPrivileges) { + if (toKeep == null) { + toKeep = privilegeEntity; + } else { + Integer toKeepLevel = ROLE_ORDER.get(toKeep.getPermission().getPermissionName()); + Integer currentLevel = ROLE_ORDER.get(privilegeEntity.getPermission().getPermissionName()); + + // If the PrivilegeEntity currently set to be kept is ordered higher than the + // PrivilegeEntity being processed, move it to the list of PrivilegeEntities to + // be removed and remember the one being processed as the one the keep. + if (toKeepLevel > currentLevel) { + toRemove = toKeep; + toKeep = privilegeEntity; + } + else { + toRemove = privilegeEntity; + } + + LOG.info("Removing the role {} from the set assigned to {} since {} is more powerful.", + toRemove.getPermission().getPermissionName(), user.getUserName(), + toKeep.getPermission().getPermissionName()); + + privilegeDAO.remove(toRemove); + } + } + } + } + } + } + } + } + } + + /** + * Given a {@link ResourceEntity}, attempts to find the relevant cluster's name. + * + * @param resourceEntity a {@link ResourceEntity} + * @return the relevant cluster's name + */ + private String getClusterName(ResourceEntity resourceEntity) { + ClusterEntity cluster = null; + ResourceTypeEntity resourceType = resourceEntity.getResourceType(); + + if (ResourceType.CLUSTER.name().equalsIgnoreCase(resourceType.getName())) { + cluster = clusterDAO.findByResourceId(resourceEntity.getId()); + } + + return (cluster == null) ? "_unknown_" : cluster.getClusterName(); + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/39f4cb80/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java index 3773253..7c85ba7 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java @@ -38,6 +38,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; @@ -58,8 +59,19 @@ import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.GuiceJpaInitializer; import org.apache.ambari.server.orm.InMemoryDefaultTestModule; import org.apache.ambari.server.orm.dao.AlertDefinitionDAO; +import org.apache.ambari.server.orm.dao.ClusterDAO; +import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.StackDAO; +import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.AlertDefinitionEntity; +import org.apache.ambari.server.orm.entities.ClusterEntity; +import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.PrivilegeEntity; +import org.apache.ambari.server.orm.entities.ResourceEntity; +import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.UserEntity; +import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.state.AlertFirmness; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; @@ -385,7 +397,7 @@ public class UpgradeCatalog240Test { Method updateClustersAndHostsVersionStateTableDML = UpgradeCatalog240.class.getDeclaredMethod("updateClustersAndHostsVersionStateTableDML"); Method removeStandardDeviationAlerts = UpgradeCatalog240.class.getDeclaredMethod("removeStandardDeviationAlerts"); Method getAndIncrementSequence = AbstractUpgradeCatalog.class.getDeclaredMethod("getAndIncrementSequence", String.class); - + Method consolidateUserRoles = UpgradeCatalog240.class.getDeclaredMethod("consolidateUserRoles"); Capture<String> capturedStatements = newCapture(CaptureType.ALL); Capture<String> capturedTablesNames = newCapture(CaptureType.ALL); @@ -413,6 +425,7 @@ public class UpgradeCatalog240Test { .addMockedMethod(updateClustersAndHostsVersionStateTableDML) .addMockedMethod(removeStandardDeviationAlerts) .addMockedMethod(getAndIncrementSequence) + .addMockedMethod(consolidateUserRoles) .createMock(); expect(upgradeCatalog240.getAndIncrementSequence(anyString())).andReturn(1).anyTimes(); @@ -434,6 +447,7 @@ public class UpgradeCatalog240Test { upgradeCatalog240.removeHiveOozieDBConnectionConfigs(); upgradeCatalog240.updateClustersAndHostsVersionStateTableDML(); upgradeCatalog240.removeStandardDeviationAlerts(); + upgradeCatalog240.consolidateUserRoles(); replay(upgradeCatalog240, dbAccessor); @@ -1196,5 +1210,194 @@ public class UpgradeCatalog240Test { assertTrue(namenodeWebUiAlertDefinitionEntity.getSource().contains("{{hdfs-site/dfs.internal.nameservices}}")); easyMockSupport.verifyAll(); } + + @Test + public void testConsolidateUserRoles() { + final EasyMockSupport ems = new EasyMockSupport(); + + ResourceTypeEntity resourceTypeAmbari = ems.createMock(ResourceTypeEntity.class); + expect(resourceTypeAmbari.getName()).andReturn(ResourceType.AMBARI.name()).anyTimes(); + + ResourceTypeEntity resourceTypeCluster = ems.createMock(ResourceTypeEntity.class); + expect(resourceTypeCluster.getName()).andReturn(ResourceType.CLUSTER.name()).anyTimes(); + + ResourceEntity resourceAmbari = ems.createMock(ResourceEntity.class); + expect(resourceAmbari.getResourceType()).andReturn(resourceTypeAmbari).anyTimes(); + + ResourceEntity resourceC1 = ems.createMock(ResourceEntity.class); + expect(resourceC1.getResourceType()).andReturn(resourceTypeCluster).anyTimes(); + expect(resourceC1.getId()).andReturn(1L).anyTimes(); + + ResourceEntity resourceC2 = ems.createMock(ResourceEntity.class); + expect(resourceC2.getResourceType()).andReturn(resourceTypeCluster).anyTimes(); + expect(resourceC2.getId()).andReturn(2L).anyTimes(); + + PermissionEntity permissionAmbariAdministrator = ems.createMock(PermissionEntity.class); + expect(permissionAmbariAdministrator.getPermissionName()).andReturn("AMBARI.ADMINISTRATOR").anyTimes(); + + PermissionEntity permissionClusterUser = ems.createMock(PermissionEntity.class); + expect(permissionClusterUser.getPermissionName()).andReturn("CLUSTER.USER").anyTimes(); + + PermissionEntity permissionClusterOperator = ems.createMock(PermissionEntity.class); + expect(permissionClusterOperator.getPermissionName()).andReturn("CLUSTER.OPERATOR").anyTimes(); + + PrivilegeEntity privilegeAdmin = ems.createMock(PrivilegeEntity.class); + expect(privilegeAdmin.getResource()).andReturn(resourceAmbari).anyTimes(); + expect(privilegeAdmin.getPermission()).andReturn(permissionAmbariAdministrator).anyTimes(); + + PrivilegeEntity privilegeClusterUserC1 = ems.createMock(PrivilegeEntity.class); + expect(privilegeClusterUserC1.getResource()).andReturn(resourceC1).anyTimes(); + expect(privilegeClusterUserC1.getPermission()).andReturn(permissionClusterUser).anyTimes(); + + PrivilegeEntity privilegeClusterOperatorC1 = ems.createMock(PrivilegeEntity.class); + expect(privilegeClusterOperatorC1.getResource()).andReturn(resourceC1).anyTimes(); + expect(privilegeClusterOperatorC1.getPermission()).andReturn(permissionClusterOperator).anyTimes(); + + PrivilegeEntity privilegeClusterUserC2 = ems.createMock(PrivilegeEntity.class); + expect(privilegeClusterUserC2.getResource()).andReturn(resourceC2).anyTimes(); + expect(privilegeClusterUserC2.getPermission()).andReturn(permissionClusterUser).anyTimes(); + + PrivilegeEntity privilegeClusterOperatorC2 = ems.createMock(PrivilegeEntity.class); + expect(privilegeClusterOperatorC2.getResource()).andReturn(resourceC2).anyTimes(); + expect(privilegeClusterOperatorC2.getPermission()).andReturn(permissionClusterOperator).anyTimes(); + + PrincipalEntity principalAdministratorOnly = ems.createStrictMock(PrincipalEntity.class); + expect(principalAdministratorOnly.getPrivileges()) + .andReturn(new HashSet<PrivilegeEntity>(Arrays.asList(privilegeAdmin))) + .once(); + + PrincipalEntity principalNonAdminSingleRoleSingleCluster = ems.createStrictMock(PrincipalEntity.class); + expect(principalNonAdminSingleRoleSingleCluster.getPrivileges()) + .andReturn(new HashSet<PrivilegeEntity>(Arrays.asList(privilegeClusterUserC1))) + .once(); + + PrincipalEntity principalNonAdminMultipleRolesSingleCluster = ems.createStrictMock(PrincipalEntity.class); + expect(principalNonAdminMultipleRolesSingleCluster.getPrivileges()) + .andReturn(new HashSet<PrivilegeEntity>(Arrays.asList(privilegeClusterUserC1, privilegeClusterOperatorC1))) + .once(); + + PrincipalEntity principalNonAdminMultipleRolesMultipleClusters = ems.createStrictMock(PrincipalEntity.class); + expect(principalNonAdminMultipleRolesMultipleClusters.getPrivileges()) + .andReturn(new HashSet<PrivilegeEntity>(Arrays.asList(privilegeClusterUserC1, privilegeClusterOperatorC1, + privilegeClusterUserC2, privilegeClusterOperatorC2))) + .once(); + + PrincipalEntity principalAdminSingleRoleSingleCluster = ems.createStrictMock(PrincipalEntity.class); + expect(principalAdminSingleRoleSingleCluster.getPrivileges()) + .andReturn(new HashSet<PrivilegeEntity>(Arrays.asList(privilegeAdmin, privilegeClusterOperatorC1))) + .once(); + + PrincipalEntity principalAdminMultipleRolesSingleCluster = ems.createStrictMock(PrincipalEntity.class); + expect(principalAdminMultipleRolesSingleCluster.getPrivileges()) + .andReturn(new HashSet<PrivilegeEntity>(Arrays.asList(privilegeAdmin, privilegeClusterUserC1, privilegeClusterOperatorC1))) + .once(); + + PrincipalEntity principalAdminMultipleRolesMultipleClusters = ems.createStrictMock(PrincipalEntity.class); + expect(principalAdminMultipleRolesMultipleClusters.getPrivileges()) + .andReturn(new HashSet<PrivilegeEntity>(Arrays.asList(privilegeAdmin, privilegeClusterUserC1, + privilegeClusterOperatorC1, privilegeClusterUserC2, privilegeClusterOperatorC2))) + .once(); + + UserEntity userAdministratorOnly = ems.createStrictMock(UserEntity.class); + expect(userAdministratorOnly.getPrincipal()).andReturn(principalAdministratorOnly).once(); + expect(userAdministratorOnly.getUserName()).andReturn("userAdministratorOnly").anyTimes(); + + UserEntity userNonAdminSingleRoleSingleCluster = ems.createStrictMock(UserEntity.class); + expect(userNonAdminSingleRoleSingleCluster.getPrincipal()).andReturn(principalNonAdminSingleRoleSingleCluster).once(); + expect(userNonAdminSingleRoleSingleCluster.getUserName()).andReturn("userNonAdminSingleRoleSingleCluster").anyTimes(); + + UserEntity userNonAdminMultipleRolesSingleCluster = ems.createStrictMock(UserEntity.class); + expect(userNonAdminMultipleRolesSingleCluster.getPrincipal()).andReturn(principalNonAdminMultipleRolesSingleCluster).once(); + expect(userNonAdminMultipleRolesSingleCluster.getUserName()).andReturn("userNonAdminMultipleRolesSingleCluster").anyTimes(); + + UserEntity userNonAdminMultipleRolesMultipleClusters = ems.createStrictMock(UserEntity.class); + expect(userNonAdminMultipleRolesMultipleClusters.getPrincipal()).andReturn(principalNonAdminMultipleRolesMultipleClusters).once(); + expect(userNonAdminMultipleRolesMultipleClusters.getUserName()).andReturn("userNonAdminMultipleRolesMultipleClusters").anyTimes(); + + UserEntity userAdminSingleRoleSingleCluster = ems.createStrictMock(UserEntity.class); + expect(userAdminSingleRoleSingleCluster.getPrincipal()).andReturn(principalAdminSingleRoleSingleCluster).once(); + expect(userAdminSingleRoleSingleCluster.getUserName()).andReturn("userAdminSingleRoleSingleCluster").anyTimes(); + + UserEntity userAdminMultipleRolesSingleCluster = ems.createStrictMock(UserEntity.class); + expect(userAdminMultipleRolesSingleCluster.getPrincipal()).andReturn(principalAdminMultipleRolesSingleCluster).once(); + expect(userAdminMultipleRolesSingleCluster.getUserName()).andReturn("userAdminMultipleRolesSingleCluster").anyTimes(); + + UserEntity userAdminMultipleRolesMultipleClusters = ems.createStrictMock(UserEntity.class); + expect(userAdminMultipleRolesMultipleClusters.getPrincipal()).andReturn(principalAdminMultipleRolesMultipleClusters).once(); + expect(userAdminMultipleRolesMultipleClusters.getUserName()).andReturn("userAdminMultipleRolesMultipleClusters").anyTimes(); + + final UserDAO userDAO = ems.createStrictMock(UserDAO.class); + expect(userDAO.findAll()) + .andReturn(Arrays.asList( + userAdministratorOnly, + userNonAdminSingleRoleSingleCluster, + userNonAdminMultipleRolesSingleCluster, + userNonAdminMultipleRolesMultipleClusters, + userAdminSingleRoleSingleCluster, + userAdminMultipleRolesSingleCluster, + userAdminMultipleRolesMultipleClusters)) + .once(); + + + final PrivilegeDAO privilegeDAO = ems.createMock(PrivilegeDAO.class); + + // principalNonAdminMultipleRolesSingleCluster + privilegeDAO.remove(privilegeClusterUserC1); + expectLastCall().once(); + + // principalNonAdminMultipleRolesMultipleClusters + privilegeDAO.remove(privilegeClusterUserC1); + expectLastCall().once(); + privilegeDAO.remove(privilegeClusterUserC2); + expectLastCall().once(); + + // principalAdminSingleRoleSingleCluster + privilegeDAO.remove(privilegeClusterOperatorC1); + expectLastCall().once(); + + // principalAdminMultipleRolesSingleCluster + privilegeDAO.remove(privilegeClusterUserC1); + expectLastCall().once(); + privilegeDAO.remove(privilegeClusterOperatorC1); + expectLastCall().once(); + + // principalAdminMultipleRolesMultipleClusters + privilegeDAO.remove(privilegeClusterUserC1); + expectLastCall().once(); + privilegeDAO.remove(privilegeClusterOperatorC1); + expectLastCall().once(); + privilegeDAO.remove(privilegeClusterUserC2); + expectLastCall().once(); + privilegeDAO.remove(privilegeClusterOperatorC2); + expectLastCall().once(); + + ClusterEntity clusterC1 = ems.createStrictMock(ClusterEntity.class); + expect(clusterC1.getClusterName()).andReturn("c1").anyTimes(); + + ClusterEntity clusterC2 = ems.createStrictMock(ClusterEntity.class); + expect(clusterC2.getClusterName()).andReturn("c2").anyTimes(); + + final ClusterDAO clusterDAO = ems.createMock(ClusterDAO.class); + expect(clusterDAO.findByResourceId(1L)).andReturn(clusterC1).anyTimes(); + expect(clusterDAO.findByResourceId(2L)).andReturn(clusterC2).anyTimes(); + + final Injector injector = Guice.createInjector(new AbstractModule() { + @Override + protected void configure() { + bind(EntityManager.class).toInstance(ems.createNiceMock(EntityManager.class)); + bind(UserDAO.class).toInstance(userDAO); + bind(PrivilegeDAO.class).toInstance(privilegeDAO); + bind(ClusterDAO.class).toInstance(clusterDAO); + bind(DBAccessor.class).toInstance(ems.createNiceMock(DBAccessor.class)); + bind(OsFamily.class).toInstance(ems.createNiceMock(OsFamily.class)); + } + }); + + ems.replayAll(); + injector.getInstance(UpgradeCatalog240.class).consolidateUserRoles(); + ems.verifyAll(); + + + } }
