Repository: ambari Updated Branches: refs/heads/trunk 962976585 -> a44ca7735
AMBARI-1717. Add SERVICE.VIEW_OPERATIONAL_LOGS authorization to SERVICE.ADMINISTRATOR role and above (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a44ca773 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a44ca773 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a44ca773 Branch: refs/heads/trunk Commit: a44ca77356c19f37ceac27ae119cc1719973bdd3 Parents: 9629765 Author: Robert Levas <[email protected]> Authored: Tue Jun 14 08:23:28 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Tue Jun 14 08:23:33 2016 -0400 ---------------------------------------------------------------------- .../admin-web/app/scripts/services/Cluster.js | 1 + .../server/orm/dao/RoleAuthorizationDAO.java | 10 ++ .../authorization/RoleAuthorization.java | 1 + .../server/upgrade/AbstractUpgradeCatalog.java | 102 ++++++++++++++++++ .../server/upgrade/UpgradeCatalog230.java | 107 ++++++++----------- .../server/upgrade/UpgradeCatalog240.java | 84 +++++---------- .../main/resources/Ambari-DDL-Derby-CREATE.sql | 5 + .../main/resources/Ambari-DDL-MySQL-CREATE.sql | 5 + .../main/resources/Ambari-DDL-Oracle-CREATE.sql | 5 + .../resources/Ambari-DDL-Postgres-CREATE.sql | 5 + .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 5 + .../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 5 + .../resources/Ambari-DDL-SQLServer-CREATE.sql | 5 + .../server/upgrade/UpgradeCatalog230Test.java | 30 +++++- .../server/upgrade/UpgradeCatalog240Test.java | 3 + 15 files changed, 251 insertions(+), 122 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js ---------------------------------------------------------------------- diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js index 33ed7ed..3160cd0 100644 --- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js +++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/Cluster.js @@ -48,6 +48,7 @@ angular.module('ambariAdminConsole') "SERVICE.MANAGE_ALERTS", "SERVICE.TOGGLE_ALERTS", "SERVICE.ADD_DELETE_SERVICES", + "SERVICE.VIEW_OPERATIONAL_LOGS", "HOST.VIEW_CONFIGS", "HOST.VIEW_METRICS", "HOST.VIEW_STATUS_INFO", http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java index aa74224..f25fc6c 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java @@ -55,6 +55,16 @@ public class RoleAuthorizationDAO { } /** + * Create or updates a role authorization. + * + * @param roleAuthorizationEntity entity to create or update + */ + @Transactional + public RoleAuthorizationEntity merge(RoleAuthorizationEntity roleAuthorizationEntity) { + return entityManagerProvider.get().merge(roleAuthorizationEntity); + } + + /** * Find a authorization entity with the given id. * * @param id type id http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java index ee948fe..e22c21f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java @@ -59,6 +59,7 @@ public enum RoleAuthorization { HOST_VIEW_METRICS("HOST.VIEW_METRICS"), HOST_VIEW_STATUS_INFO("HOST.VIEW_STATUS_INFO"), SERVICE_ADD_DELETE_SERVICES("SERVICE.ADD_DELETE_SERVICES"), + SERVICE_VIEW_OPERATIONAL_LOGS("SERVICE.VIEW_OPERATIONAL_LOGS"), SERVICE_COMPARE_CONFIGS("SERVICE.COMPARE_CONFIGS"), SERVICE_DECOMMISSION_RECOMMISSION("SERVICE.DECOMMISSION_RECOMMISSION"), SERVICE_ENABLE_HA("SERVICE.ENABLE_HA"), http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java index f185346..215f8a0 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java @@ -21,6 +21,7 @@ import java.io.StringReader; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.Collection; import java.util.Collections; import java.util.Comparator; import java.util.HashMap; @@ -43,8 +44,13 @@ import org.apache.ambari.server.controller.AmbariManagementController; import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.ArtifactDAO; import org.apache.ambari.server.orm.dao.MetainfoDAO; +import org.apache.ambari.server.orm.dao.PermissionDAO; +import org.apache.ambari.server.orm.dao.ResourceTypeDAO; +import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; import org.apache.ambari.server.orm.entities.ArtifactEntity; import org.apache.ambari.server.orm.entities.MetainfoEntity; +import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.Config; @@ -701,6 +707,102 @@ public abstract class AbstractUpgradeCatalog implements UpgradeCatalog { } /** + * Add a new role authorization and optionally add it to 1 or more roles. + * <p> + * The collection of roles to add the new role authorization to may be null or empty, indicating + * that no roles are to be altered. If set, though, each role entry in the collection must be a + * colon-delimited string like: <code>ROLE:RESOURCE TYPE</code>. Examples: + * <ul> + * <li>"AMBARI.ADMINISTRATOR:AMBARI"</li> + * <li>"CLUSTER.ADMINISTRATOR:CLUSTER"</li> + * <li>"SERVICE.OPERATOR:CLUSTER"</li> + * </ul> + * + * @param roleAuthorizationID the ID of the new authorization + * @param roleAuthorizationName the (descriptive) name of the new authorization + * @param applicableRoles an optional collection of role specification to add the new authorization to + * @throws SQLException + */ + protected void addRoleAuthorization(String roleAuthorizationID, String roleAuthorizationName, Collection<String> applicableRoles) throws SQLException { + if (!StringUtils.isEmpty(roleAuthorizationID)) { + RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); + RoleAuthorizationEntity roleAuthorization = roleAuthorizationDAO.findById(roleAuthorizationID); + + if (roleAuthorization == null) { + roleAuthorization = new RoleAuthorizationEntity(); + roleAuthorization.setAuthorizationId(roleAuthorizationID); + roleAuthorization.setAuthorizationName(roleAuthorizationName); + roleAuthorizationDAO.create(roleAuthorization); + } + + if ((applicableRoles != null) && (!applicableRoles.isEmpty())) { + for (String role : applicableRoles) { + String[] parts = role.split("\\:"); + addAuthorizationToRole(parts[0], parts[1], roleAuthorization); + } + } + } + } + + /** + * Add a new authorization to the set of authorizations for a role + * + * @param roleName the name of the role + * @param resourceType the resource type of the role (AMBARI, CLUSTER, VIEW, etc...) + * @param roleAuthorizationID the ID of the authorization + * @see #addAuthorizationToRole(String, String, RoleAuthorizationEntity) + */ + protected void addAuthorizationToRole(String roleName, String resourceType, String roleAuthorizationID) { + if (!StringUtils.isEmpty(roleAuthorizationID)) { + RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); + RoleAuthorizationEntity roleAuthorization = roleAuthorizationDAO.findById(roleAuthorizationID); + + if (roleAuthorization != null) { + addAuthorizationToRole(roleName, resourceType, roleAuthorization); + } + } + } + + /** + * Add a new authorization to the set of authorizations for a role + * + * @param roleName the name of the role + * @param resourceType the resource type of the role (AMBARI, CLUSTER, VIEW, etc...) + * @param roleAuthorization the authorization to add + */ + protected void addAuthorizationToRole(String roleName, String resourceType, RoleAuthorizationEntity roleAuthorization) { + if ((roleAuthorization != null) && !StringUtils.isEmpty(roleName) && !StringUtils.isEmpty(resourceType)) { + PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class); + ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class); + + PermissionEntity role = permissionDAO.findPermissionByNameAndType(roleName, resourceTypeDAO.findByName(resourceType)); + if (role != null) { + role.getAuthorizations().add(roleAuthorization); + permissionDAO.merge(role); + } + } + } + + /** + * Add a new authorization to the set of authorizations for a role + * + * @param role the role to add the authorization to + * @param roleAuthorizationID the authorization to add + */ + protected void addAuthorizationToRole(PermissionEntity role, String roleAuthorizationID) { + if ((role != null) && !StringUtils.isEmpty(roleAuthorizationID)) { + RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); + RoleAuthorizationEntity roleAuthorization = roleAuthorizationDAO.findById(roleAuthorizationID); + + if (roleAuthorization != null) { + PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class); + role.getAuthorizations().add(roleAuthorization); + permissionDAO.merge(role); + } + } + } + + /** * Update the specified Kerberos Descriptor artifact to conform to the new structure. * <p/> * On ambari version update some of identities can be moved between scopes(e.g. from service to component), so http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java index 6b038f4..884c2bb 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java @@ -21,28 +21,25 @@ package org.apache.ambari.server.upgrade; import java.sql.SQLException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; -import java.util.List; import java.util.Map; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo; -import org.apache.ambari.server.orm.dao.DaoUtils; import org.apache.ambari.server.orm.dao.PermissionDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; -import org.eclipse.persistence.jpa.JpaEntityManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.inject.Inject; import com.google.inject.Injector; -import javax.persistence.EntityManager; - /** * Upgrade catalog for version 2.3.0. @@ -64,10 +61,6 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog { private static final String ROLE_AUTHORIZATION_ID_COL = "authorization_id"; private static final String ROLE_AUTHORIZATION_NAME_COL = "authorization_name"; - @Inject - DaoUtils daoUtils; - - /** * {@inheritDoc} */ @@ -99,8 +92,6 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog { public UpgradeCatalog230(Injector injector) { super(injector); this.injector = injector; - - daoUtils = injector.getInstance(DaoUtils.class); } // ----- AbstractUpgradeCatalog -------------------------------------------- @@ -242,51 +233,53 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog { private void createPermissionRoleAuthorizationMap() throws SQLException { LOG.info("Creating permission to authorizations map"); - String[] columnNames = new String[] {PERMISSION_ID_COL, ROLE_AUTHORIZATION_ID_COL}; - - // Determine the role Ids" + // Determine the role entities PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class); ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class); - String viewPermissionId = permissionDAO.findPermissionByNameAndType("VIEW.USER", resourceTypeDAO.findByName("VIEW")).getId().toString(); - String administratorPermissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", resourceTypeDAO.findByName("AMBARI")).getId().toString(); - String clusterUserPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.USER", resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - String clusterOperatorPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - String clusterAdministratorPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - String serviceAdministratorPermissionId = permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - String serviceOperatorPermissionId = permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString(); + ResourceTypeEntity ambariResource = resourceTypeDAO.findByName("AMBARI"); + ResourceTypeEntity clusterResource = resourceTypeDAO.findByName("CLUSTER"); + ResourceTypeEntity viewResource = resourceTypeDAO.findByName("VIEW"); + + PermissionEntity viewPermission = permissionDAO.findPermissionByNameAndType("VIEW.USER", viewResource); + PermissionEntity administratorPermission = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", ambariResource); + PermissionEntity clusterUserPermission = permissionDAO.findPermissionByNameAndType("CLUSTER.USER", clusterResource); + PermissionEntity clusterOperatorPermission = permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", clusterResource); + PermissionEntity clusterAdministratorPermission = permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", clusterResource); + PermissionEntity serviceAdministratorPermission = permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", clusterResource); + PermissionEntity serviceOperatorPermission = permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", clusterResource); // Create role groups - List<String> viewUserAndAdministrator = Arrays.asList(viewPermissionId, administratorPermissionId); - List<String> clusterUserAndUp = Arrays.asList( - clusterUserPermissionId, - serviceOperatorPermissionId, - serviceAdministratorPermissionId, - clusterOperatorPermissionId, - clusterAdministratorPermissionId, - administratorPermissionId); - List<String> serviceOperatorAndUp = Arrays.asList( - serviceOperatorPermissionId, - serviceAdministratorPermissionId, - clusterOperatorPermissionId, - clusterAdministratorPermissionId, - administratorPermissionId); - List<String> serviceAdministratorAndUp = Arrays.asList( - serviceAdministratorPermissionId, - clusterOperatorPermissionId, - clusterAdministratorPermissionId, - administratorPermissionId); - List<String> clusterOperatorAndUp = Arrays.asList( - clusterOperatorPermissionId, - clusterAdministratorPermissionId, - administratorPermissionId); - List<String> clusterAdministratorAndUp = Arrays.asList( - clusterAdministratorPermissionId, - administratorPermissionId); - List<String> administratorOnly = Arrays.asList(administratorPermissionId); + Collection<PermissionEntity> viewUserAndAdministrator = Arrays.asList(viewPermission, administratorPermission); + Collection<PermissionEntity> clusterUserAndUp = Arrays.asList( + clusterUserPermission, + serviceOperatorPermission, + serviceAdministratorPermission, + clusterOperatorPermission, + clusterAdministratorPermission, + administratorPermission); + Collection<PermissionEntity> serviceOperatorAndUp = Arrays.asList( + serviceOperatorPermission, + serviceAdministratorPermission, + clusterOperatorPermission, + clusterAdministratorPermission, + administratorPermission); + Collection<PermissionEntity> serviceAdministratorAndUp = Arrays.asList( + serviceAdministratorPermission, + clusterOperatorPermission, + clusterAdministratorPermission, + administratorPermission); + Collection<PermissionEntity> clusterOperatorAndUp = Arrays.asList( + clusterOperatorPermission, + clusterAdministratorPermission, + administratorPermission); + Collection<PermissionEntity> clusterAdministratorAndUp = Arrays.asList( + clusterAdministratorPermission, + administratorPermission); + Collection<PermissionEntity> administratorOnly = Collections.singleton(administratorPermission); // A map of the authorizations to the relevant roles - Map<String, List<String>> map = new HashMap<String, List<String>>(); + Map<String, Collection<PermissionEntity>> map = new HashMap<String, Collection<PermissionEntity>>(); map.put("VIEW.USE", viewUserAndAdministrator); map.put("SERVICE.VIEW_METRICS", clusterUserAndUp); map.put("SERVICE.VIEW_STATUS_INFO", clusterUserAndUp); @@ -306,7 +299,7 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog { map.put("SERVICE.ENABLE_HA", serviceAdministratorAndUp); map.put("SERVICE.TOGGLE_ALERTS", serviceAdministratorAndUp); map.put("SERVICE.ADD_DELETE_SERVICES", clusterAdministratorAndUp); - map.put("HOST.VIEW_METRICS",clusterUserAndUp); + map.put("HOST.VIEW_METRICS", clusterUserAndUp); map.put("HOST.VIEW_STATUS_INFO", clusterUserAndUp); map.put("HOST.VIEW_CONFIGS", clusterUserAndUp); map.put("HOST.TOGGLE_MAINTENANCE", clusterOperatorAndUp); @@ -335,21 +328,13 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog { // Iterate over the map of authorizations to role to find the set of roles to map to each // authorization and then add the relevant record - for(Map.Entry<String,List<String>> entry: map.entrySet()) { + for (Map.Entry<String, Collection<PermissionEntity>> entry : map.entrySet()) { String authorizationId = entry.getKey(); - for(String permissionId : entry.getValue()) { - dbAccessor.insertRowIfMissing(PERMISSION_ROLE_AUTHORIZATION_TABLE, columnNames, - new String[]{"'" + permissionId + "'", "'" + authorizationId + "'"}, false); + for (PermissionEntity permission : entry.getValue()) { + addAuthorizationToRole(permission, authorizationId); } } - - // hack, lets make changes visible to EclipseLink, to edit this data in 240 upgrade catalog - JpaEntityManager jem = (JpaEntityManager)getEntityManagerProvider().get().getDelegate(); - if (jem != null) { - jem.getServerSession().getIdentityMapAccessor().invalidateAll(); - } - } http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java index 794ad83..78869fe 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java @@ -350,6 +350,7 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { updateAlerts(); setRoleSortOrder(); addSettingPermission(); + addViewOperationalLogsPermission(); addManageUserPersistedDataPermission(); allowClusterOperatorToManageCredentials(); updateHDFSConfigs(); @@ -476,19 +477,17 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { } protected void addSettingPermission() throws SQLException { - RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); + addRoleAuthorization("AMBARI.MANAGE_SETTINGS", "Manage settings", Collections.singleton("AMBARI.ADMINISTRATOR:AMBARI")); + } - if (roleAuthorizationDAO.findById("AMBARI.MANAGE_SETTINGS") == null) { - RoleAuthorizationEntity roleAuthorizationEntity = new RoleAuthorizationEntity(); - roleAuthorizationEntity.setAuthorizationId("AMBARI.MANAGE_SETTINGS"); - roleAuthorizationEntity.setAuthorizationName("Manage settings"); - roleAuthorizationDAO.create(roleAuthorizationEntity); - } + protected void addViewOperationalLogsPermission() throws SQLException { + Collection<String> roles = Arrays.asList( + "AMBARI.ADMINISTRATOR:AMBARI", + "CLUSTER.ADMINISTRATOR:CLUSTER", + "CLUSTER.OPERATOR:CLUSTER", + "SERVICE.ADMINISTRATOR:CLUSTER"); - String administratorPermissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", - resourceTypeDAO.findByName("AMBARI")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, - new String[]{"'" + administratorPermissionId + "'", "'AMBARI.MANAGE_SETTINGS'"}, false); + addRoleAuthorization("SERVICE.VIEW_OPERATIONAL_LOGS", "View service operational logs", roles); } /** @@ -497,48 +496,15 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { * */ protected void addManageUserPersistedDataPermission() throws SQLException { + Collection<String> roles = Arrays.asList( + "AMBARI.ADMINISTRATOR:AMBARI", + "CLUSTER.ADMINISTRATOR:CLUSTER", + "CLUSTER.OPERATOR:CLUSTER", + "SERVICE.ADMINISTRATOR:CLUSTER", + "SERVICE.OPERATOR:CLUSTER", + "CLUSTER.USER:CLUSTER"); - RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); - - // Add to 'roleauthorization' table - if (roleAuthorizationDAO.findById("CLUSTER.MANAGE_USER_PERSISTED_DATA") == null) { - RoleAuthorizationEntity roleAuthorizationEntity = new RoleAuthorizationEntity(); - roleAuthorizationEntity.setAuthorizationId("CLUSTER.MANAGE_USER_PERSISTED_DATA"); - roleAuthorizationEntity.setAuthorizationName("Manage cluster-level user persisted data"); - roleAuthorizationDAO.create(roleAuthorizationEntity); - } - - // Adds to 'permission_roleauthorization' table - String permissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", - resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, - new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); - - permissionId = permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", - resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, - new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); - - permissionId = permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", - resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, - new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); - - permissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", - resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id" }, - new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'" }, false); - - permissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", - resourceTypeDAO.findByName("AMBARI")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, - new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); - - permissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.USER", - resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id"}, - new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_USER_PERSISTED_DATA'"}, false); - + addRoleAuthorization("CLUSTER.MANAGE_USER_PERSISTED_DATA", "Manage cluster-level user persisted data", roles); } /** @@ -547,10 +513,7 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { * @throws SQLException */ protected void allowClusterOperatorToManageCredentials() throws SQLException { - String permissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", - resourceTypeDAO.findByName("CLUSTER")).getId().toString(); - dbAccessor.insertRowIfMissing("permission_roleauthorization", new String[]{"permission_id", "authorization_id" }, - new String[]{"'" + permissionId + "'", "'CLUSTER.MANAGE_CREDENTIALS'" }, false); + addAuthorizationToRole("CLUSTER.OPERATOR", "CLUSTER", "CLUSTER.MANAGE_CREDENTIAL"); } protected void removeHiveOozieDBConnectionConfigs() throws AmbariException { @@ -2465,7 +2428,12 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog { } void fixAuthorizationDescriptions() throws SQLException { - // Change the description of the SERVICE.ADD_DELETE_SERVICES authorization to "Add/delete services" - dbAccessor.executeUpdate("UPDATE roleauthorization SET authorization_name='Add/delete services' WHERE authorization_id='SERVICE.ADD_DELETE_SERVICES'"); + RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); + RoleAuthorizationEntity roleAuthorization = roleAuthorizationDAO.findById("SERVICE.ADD_DELETE_SERVICES"); + + if (roleAuthorization != null) { + roleAuthorization.setAuthorizationName("Add/delete services"); + roleAuthorizationDAO.merge(roleAuthorization); + } } } http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql index fff1716..965306c 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql @@ -1213,6 +1213,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ENABLE_HA', 'Enable HA' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/Delete services' FROM SYSIBM.SYSDUMMY1 UNION ALL + SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' FROM SYSIBM.SYSDUMMY1 UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' FROM SYSIBM.SYSDUMMY1 UNION ALL @@ -1301,6 +1302,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1328,6 +1330,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1361,6 +1364,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1399,6 +1403,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index e7eff93..1aea288 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -1143,6 +1143,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL + SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1232,6 +1233,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1259,6 +1261,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1293,6 +1296,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1333,6 +1337,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index b90c7da..7a07048 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -1162,6 +1162,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ENABLE_HA', 'Enable HA' FROM dual UNION ALL SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' FROM dual UNION ALL SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' FROM dual UNION ALL + SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' from dual UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' FROM dual UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' FROM dual UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' FROM dual UNION ALL @@ -1251,6 +1252,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1278,6 +1280,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1312,6 +1315,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1352,6 +1356,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index b9181d2..1df782c 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -1134,6 +1134,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL + SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1223,6 +1224,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1250,6 +1252,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1284,6 +1287,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1324,6 +1328,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql index c840b9c..8826feb 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql @@ -1296,6 +1296,7 @@ INSERT INTO ambari.roleauthorization(authorization_id, authorization_name) SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL + SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1385,6 +1386,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1412,6 +1414,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1446,6 +1449,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1486,6 +1490,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id) SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index 742eaa3..24c1b63 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -1159,6 +1159,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL + SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1248,6 +1249,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1275,6 +1277,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1309,6 +1312,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1349,6 +1353,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index 87ef7fb..fb7e0eb 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -1162,6 +1162,7 @@ BEGIN TRANSACTION SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add/delete services' UNION ALL + SELECT 'SERVICE.VIEW_OPERATIONAL_LOGS', 'View service operational logs' UNION ALL SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL @@ -1251,6 +1252,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL @@ -1278,6 +1280,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL @@ -1312,6 +1315,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL @@ -1352,6 +1356,7 @@ BEGIN TRANSACTION SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL + SELECT permission_id, 'SERVICE.VIEW_OPERATIONAL_LOGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog230Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog230Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog230Test.java index d7e13ea..947ba2e 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog230Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog230Test.java @@ -22,6 +22,8 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import java.lang.reflect.Field; +import java.util.ArrayList; +import java.util.Collection; import java.util.List; import org.apache.ambari.server.configuration.Configuration; @@ -29,8 +31,10 @@ import org.apache.ambari.server.orm.DBAccessor; import org.apache.ambari.server.orm.dao.DaoUtils; import org.apache.ambari.server.orm.dao.PermissionDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; +import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; import org.apache.ambari.server.state.stack.OsFamily; import org.easymock.Capture; import org.easymock.EasyMock; @@ -66,6 +70,7 @@ public class UpgradeCatalog230Test extends EasyMockSupport { binder.bind(DaoUtils.class).toInstance(createNiceMock(DaoUtils.class)); binder.bind(PermissionDAO.class).toInstance(createMock(PermissionDAO.class)); binder.bind(ResourceTypeDAO.class).toInstance(createMock(ResourceTypeDAO.class)); + binder.bind(RoleAuthorizationDAO.class).toInstance(createMock(RoleAuthorizationDAO.class)); } }; @@ -265,9 +270,28 @@ public class UpgradeCatalog230Test extends EasyMockSupport { PermissionEntity.VIEW_USER_PERMISSION_NAME, PermissionEntity.VIEW_USER_PERMISSION))) .andReturn(1).once(); - expect(dbAccessor.insertRowIfMissing(anyString(), anyObject(String[].class), anyObject(String[].class), eq(false))) - .andReturn(true) - .atLeastOnce(); + RoleAuthorizationEntity roleAuthorization = createMock(RoleAuthorizationEntity.class); + + RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class); + expect(roleAuthorizationDAO.findById(anyString())).andReturn(roleAuthorization).anyTimes(); + + Collection<RoleAuthorizationEntity> authorizations = new ArrayList<RoleAuthorizationEntity>(); + + expect(ambariAdministratorPermissionEntity.getAuthorizations()).andReturn(authorizations).atLeastOnce(); + expect(clusterAdministratorPermissionEntity.getAuthorizations()).andReturn(authorizations).atLeastOnce(); + expect(clusterOperatorPermissionEntity.getAuthorizations()).andReturn(authorizations).atLeastOnce(); + expect(serviceAdministratorPermissionEntity.getAuthorizations()).andReturn(authorizations).atLeastOnce(); + expect(serviceOperatorPermissionEntity.getAuthorizations()).andReturn(authorizations).atLeastOnce(); + expect(clusterUserPermissionEntity.getAuthorizations()).andReturn(authorizations).atLeastOnce(); + expect(viewUserPermissionEntity.getAuthorizations()).andReturn(authorizations).atLeastOnce(); + + expect(permissionDAO.merge(ambariAdministratorPermissionEntity)).andReturn(ambariAdministratorPermissionEntity).atLeastOnce(); + expect(permissionDAO.merge(clusterAdministratorPermissionEntity)).andReturn(clusterAdministratorPermissionEntity).atLeastOnce(); + expect(permissionDAO.merge(clusterOperatorPermissionEntity)).andReturn(clusterOperatorPermissionEntity).atLeastOnce(); + expect(permissionDAO.merge(serviceAdministratorPermissionEntity)).andReturn(serviceAdministratorPermissionEntity).atLeastOnce(); + expect(permissionDAO.merge(serviceOperatorPermissionEntity)).andReturn(serviceOperatorPermissionEntity).atLeastOnce(); + expect(permissionDAO.merge(clusterUserPermissionEntity)).andReturn(clusterUserPermissionEntity).atLeastOnce(); + expect(permissionDAO.merge(viewUserPermissionEntity)).andReturn(viewUserPermissionEntity).atLeastOnce(); replayAll(); upgradeCatalog.executeDMLUpdates(); http://git-wip-us.apache.org/repos/asf/ambari/blob/a44ca773/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java index c221138..d8aa62a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java @@ -481,6 +481,7 @@ public class UpgradeCatalog240Test { Method addManageUserPersistedDataPermission = UpgradeCatalog240.class.getDeclaredMethod("addManageUserPersistedDataPermission"); Method allowClusterOperatorToManageCredentials = UpgradeCatalog240.class.getDeclaredMethod("allowClusterOperatorToManageCredentials"); Method addSettingPermission = UpgradeCatalog240.class.getDeclaredMethod("addSettingPermission"); + Method addViewOperationalLogsPermission = UpgradeCatalog240.class.getDeclaredMethod("addViewOperationalLogsPermission"); Method updateHDFSConfigs = UpgradeCatalog240.class.getDeclaredMethod("updateHDFSConfigs"); Method updateHIVEConfigs = UpgradeCatalog240.class.getDeclaredMethod("updateHIVEConfigs"); Method updateAmsConfigs = UpgradeCatalog240.class.getDeclaredMethod("updateAMSConfigs"); @@ -515,6 +516,7 @@ public class UpgradeCatalog240Test { .addMockedMethod(addNewConfigurationsFromXml) .addMockedMethod(updateAlerts) .addMockedMethod(addSettingPermission) + .addMockedMethod(addViewOperationalLogsPermission) .addMockedMethod(addManageUserPersistedDataPermission) .addMockedMethod(allowClusterOperatorToManageCredentials) .addMockedMethod(updateHDFSConfigs) @@ -546,6 +548,7 @@ public class UpgradeCatalog240Test { upgradeCatalog240.addNewConfigurationsFromXml(); upgradeCatalog240.updateAlerts(); upgradeCatalog240.addSettingPermission(); + upgradeCatalog240.addViewOperationalLogsPermission(); upgradeCatalog240.addManageUserPersistedDataPermission(); upgradeCatalog240.allowClusterOperatorToManageCredentials(); upgradeCatalog240.updateHDFSConfigs();
