Repository: ambari Updated Branches: refs/heads/branch-2.4 9950bcf3a -> a3bbb50fb
AMBARI-17740. Cluster user role is permitted to install packages using API (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a3bbb50f Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a3bbb50f Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a3bbb50f Branch: refs/heads/branch-2.4 Commit: a3bbb50fbcb5ccab589e3203d97b920f154e74c7 Parents: 9950bcf Author: Robert Levas <[email protected]> Authored: Tue Jul 19 15:41:28 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Tue Jul 19 15:41:28 2016 -0400 ---------------------------------------------------------------------- .../ClusterStackVersionResourceProvider.java | 14 ++- ...ClusterStackVersionResourceProviderTest.java | 117 +++++++++++++++---- 2 files changed, 105 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/a3bbb50f/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java index c11cd81..d5a14d5 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProvider.java @@ -22,6 +22,7 @@ import static org.apache.ambari.server.agent.ExecutionCommand.KeyNames.JDK_LOCAT import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.EnumSet; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; @@ -69,6 +70,7 @@ import org.apache.ambari.server.orm.entities.RepositoryEntity; import org.apache.ambari.server.orm.entities.RepositoryVersionEntity; import org.apache.ambari.server.orm.entities.StackEntity; import org.apache.ambari.server.orm.entities.UpgradeEntity; +import org.apache.ambari.server.security.authorization.RoleAuthorization; import org.apache.ambari.server.serveraction.upgrades.FinalizeUpgradeAction; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; @@ -208,10 +210,14 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou public ClusterStackVersionResourceProvider( AmbariManagementController managementController) { super(propertyIds, keyPropertyIds, managementController); + + setRequiredCreateAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_MANAGE_STACK_VERSIONS)); + setRequiredDeleteAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_MANAGE_STACK_VERSIONS)); + setRequiredUpdateAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_MANAGE_STACK_VERSIONS)); } @Override - public Set<Resource> getResources(Request request, Predicate predicate) throws + public Set<Resource> getResourcesAuthorized(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { final Set<Resource> resources = new HashSet<Resource>(); final Set<String> requestedIds = getRequestPropertyIds(request, predicate); @@ -280,7 +286,7 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou @Override - public RequestStatus createResources(Request request) throws SystemException, + public RequestStatus createResourcesAuthorized(Request request) throws SystemException, UnsupportedPropertyException, ResourceAlreadyExistsException, NoSuchParentResourceException { @@ -727,7 +733,7 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou * manual Stack Upgrade */ @Override - public RequestStatus updateResources(Request request, Predicate predicate) + public RequestStatus updateResourcesAuthorized(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { try { @@ -848,7 +854,7 @@ public class ClusterStackVersionResourceProvider extends AbstractControllerResou } @Override - public RequestStatus deleteResources(Request request, Predicate predicate) + public RequestStatus deleteResourcesAuthorized(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { throw new SystemException("Method not supported"); http://git-wip-us.apache.org/repos/asf/ambari/blob/a3bbb50f/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java index 236401a..747589f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterStackVersionResourceProviderTest.java @@ -81,6 +81,8 @@ import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import org.apache.ambari.server.orm.entities.StackEntity; import org.apache.ambari.server.orm.entities.UpgradeEntity; +import org.apache.ambari.server.security.TestAuthenticationFactory; +import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.serveraction.upgrades.FinalizeUpgradeAction; import org.apache.ambari.server.state.Cluster; @@ -118,9 +120,11 @@ import com.google.inject.Guice; import com.google.inject.Injector; import com.google.inject.persist.PersistService; import com.google.inject.util.Modules; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; -/** + /** * ClusterStackVersionResourceProvider tests. */ public class ClusterStackVersionResourceProviderTest { @@ -184,10 +188,21 @@ public class ClusterStackVersionResourceProviderTest { @After public void teardown() { injector.getInstance(PersistService.class).stop(); + + SecurityContextHolder.getContext().setAuthentication(null); } @Test - public void testCreateResources() throws Exception { + public void testCreateResourcesAsAdministrator() throws Exception { + testCreateResources(TestAuthenticationFactory.createAdministrator()); + } + + @Test(expected = AuthorizationException.class) + public void testCreateResourcesAsClusterAdministrator() throws Exception { + testCreateResources(TestAuthenticationFactory.createClusterAdministrator()); + } + + private void testCreateResources(Authentication authentication) throws Exception { Resource.Type type = Resource.Type.ClusterStackVersion; AmbariManagementController managementController = createMock(AmbariManagementController.class); @@ -356,6 +371,8 @@ public class ClusterStackVersionResourceProviderTest { // create the request Request request = PropertyHelper.getCreateRequest(propertySet, null); + SecurityContextHolder.getContext().setAuthentication(authentication); + RequestStatus status = provider.createResources(request); Assert.assertNotNull(status); @@ -587,8 +604,17 @@ public class ClusterStackVersionResourceProviderTest { Assert.assertEquals(Float.valueOf(0.85f), successFactor); } - @Test - public void testCreateResourcesWithRepoDefinition() throws Exception { + @Test + public void testCreateResourcesWithRepoDefinitionAsAdministrator() throws Exception { + testCreateResourcesWithRepoDefinition(TestAuthenticationFactory.createAdministrator()); + } + + @Test(expected = AuthorizationException.class) + public void testCreateResourcesWithRepoDefinitionAsClusterAdministrator() throws Exception { + testCreateResourcesWithRepoDefinition(TestAuthenticationFactory.createClusterAdministrator()); + } + + private void testCreateResourcesWithRepoDefinition(Authentication authentication) throws Exception { Resource.Type type = Resource.Type.ClusterStackVersion; AmbariManagementController managementController = createMock(AmbariManagementController.class); @@ -783,6 +809,8 @@ public class ClusterStackVersionResourceProviderTest { // create the request Request request = PropertyHelper.getCreateRequest(propertySet, null); + SecurityContextHolder.getContext().setAuthentication(authentication); + RequestStatus status = provider.createResources(request); Assert.assertNotNull(status); @@ -796,8 +824,17 @@ public class ClusterStackVersionResourceProviderTest { Assert.assertTrue(executionCommand.getRoleParams().containsKey(KeyNames.PACKAGE_VERSION)); } - @Test - public void testCreateResourcesWithNonManagedOS() throws Exception { + @Test + public void testCreateResourcesWithNonManagedOSAsAdministrator() throws Exception { + testCreateResourcesWithNonManagedOS(TestAuthenticationFactory.createAdministrator()); + } + + @Test(expected = AuthorizationException.class) + public void testCreateResourcesWithNonManagedOSAsClusterAdministrator() throws Exception { + testCreateResourcesWithNonManagedOS(TestAuthenticationFactory.createClusterAdministrator()); + } + + private void testCreateResourcesWithNonManagedOS(Authentication authentication) throws Exception { JsonArray json = new JsonParser().parse(OS_JSON).getAsJsonArray(); JsonObject jsonObj = json.get(0).getAsJsonObject(); @@ -998,6 +1035,8 @@ public class ClusterStackVersionResourceProviderTest { // create the request Request request = PropertyHelper.getCreateRequest(propertySet, null); + SecurityContextHolder.getContext().setAuthentication(authentication); + RequestStatus status = provider.createResources(request); Assert.assertNotNull(status); @@ -1013,12 +1052,17 @@ public class ClusterStackVersionResourceProviderTest { Assert.assertEquals("[]", executionCommand.getRoleParams().get("base_urls")); } - /** - * Tests manual finalization scenario - * @throws Exception - */ - @Test - public void testUpdateResources() throws Exception { + @Test + public void testUpdateResourcesAsAdministrator() throws Exception { + testUpdateResources(TestAuthenticationFactory.createAdministrator()); + } + + @Test(expected = AuthorizationException.class) + public void testUpdateResourcesAsClusterAdministrator() throws Exception { + testUpdateResources(TestAuthenticationFactory.createClusterAdministrator()); + } + + private void testUpdateResources(Authentication authentication) throws Exception { Resource.Type type = Resource.Type.ClusterStackVersion; String clusterName = "Cluster100"; @@ -1149,6 +1193,8 @@ public class ClusterStackVersionResourceProviderTest { // create the request Request request = PropertyHelper.getUpdateRequest(properties, null); + SecurityContextHolder.getContext().setAuthentication(authentication); + provider.updateResources(request, null); // verify @@ -1157,14 +1203,17 @@ public class ClusterStackVersionResourceProviderTest { new StackId(newDesiredStack.getStackName(), newDesiredStack.getStackVersion())); } - /** - * Tests manual finalization scenario - * @throws Exception - */ - @Test - public void testUpdateResourcesWithForce() throws Exception { + @Test + public void testUpdateResourcesWithForceAsAdministrator() throws Exception { + testUpdateResourcesWithForce(TestAuthenticationFactory.createAdministrator()); + } + @Test(expected = AuthorizationException.class) + public void testUpdateResourcesWithForceAsClusterAdministrator() throws Exception { + testUpdateResourcesWithForce(TestAuthenticationFactory.createClusterAdministrator()); + } + private void testUpdateResourcesWithForce(Authentication authentication) throws Exception { Resource.Type type = Resource.Type.ClusterStackVersion; String clusterName = "Cluster100"; @@ -1296,6 +1345,8 @@ public class ClusterStackVersionResourceProviderTest { // create the request Request request = PropertyHelper.getUpdateRequest(properties, null); + SecurityContextHolder.getContext().setAuthentication(authentication); + provider.updateResources(request, null); // verify @@ -1304,8 +1355,17 @@ public class ClusterStackVersionResourceProviderTest { new StackId(newDesiredStack.getStackName(), newDesiredStack.getStackVersion())); } - @Test - public void testCreateResourcesMixed() throws Exception { + @Test + public void testCreateResourcesMixedAsAdministrator() throws Exception { + testCreateResourcesMixed(TestAuthenticationFactory.createAdministrator()); + } + + @Test(expected = AuthorizationException.class) + public void testCreateResourcesMixedAsClusterAdministrator() throws Exception { + testCreateResourcesMixed(TestAuthenticationFactory.createClusterAdministrator()); + } + + private void testCreateResourcesMixed(Authentication authentication) throws Exception { Resource.Type type = Resource.Type.ClusterStackVersion; AmbariManagementController managementController = createMock(AmbariManagementController.class); @@ -1492,6 +1552,8 @@ public class ClusterStackVersionResourceProviderTest { // create the request Request request = PropertyHelper.getCreateRequest(propertySet, null); + SecurityContextHolder.getContext().setAuthentication(authentication); + try { provider.createResources(request); Assert.fail("Expecting the create to fail due to an already installed version"); @@ -1501,8 +1563,17 @@ public class ClusterStackVersionResourceProviderTest { } - @Test - public void testCreateResourcesExistingUpgrade() throws Exception { + @Test + public void testCreateResourcesExistingUpgradeAsAdministrator() throws Exception { + testCreateResourcesExistingUpgrade(TestAuthenticationFactory.createAdministrator()); + } + + @Test(expected = AuthorizationException.class) + public void testCreateResourcesExistingUpgradeAsClusterAdministrator() throws Exception { + testCreateResourcesExistingUpgrade(TestAuthenticationFactory.createClusterAdministrator()); + } + + private void testCreateResourcesExistingUpgrade(Authentication authentication) throws Exception { Resource.Type type = Resource.Type.ClusterStackVersion; AmbariManagementController managementController = createMock(AmbariManagementController.class); @@ -1548,6 +1619,8 @@ public class ClusterStackVersionResourceProviderTest { // create the request Request request = PropertyHelper.getCreateRequest(propertySet, null); + SecurityContextHolder.getContext().setAuthentication(authentication); + try { provider.createResources(request); Assert.fail("Expecting the create to fail due to an already installed version");
