Repository: ambari Updated Branches: refs/heads/trunk 0dd7770d9 -> 176c691ea
http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java index 980b651..a5276c2 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java @@ -19,23 +19,10 @@ package org.apache.ambari.server.upgrade; import java.sql.SQLException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.DBAccessor; -import org.apache.ambari.server.orm.dao.PermissionDAO; -import org.apache.ambari.server.orm.dao.PrincipalDAO; -import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; -import org.apache.ambari.server.orm.dao.PrivilegeDAO; -import org.apache.ambari.server.orm.entities.PermissionEntity; -import org.apache.ambari.server.orm.entities.PrincipalEntity; -import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; -import org.apache.ambari.server.orm.entities.PrivilegeEntity; -import org.apache.ambari.server.orm.entities.ResourceEntity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -119,7 +106,6 @@ public class UpgradeCatalog242 extends AbstractUpgradeCatalog { @Override protected void executeDMLUpdates() throws AmbariException, SQLException { addNewConfigurationsFromXml(); - convertRolePrincipals(); } protected void updateTablesForMysql() throws SQLException { @@ -155,90 +141,4 @@ public class UpgradeCatalog242 extends AbstractUpgradeCatalog { } } - /** - * Convert the previously set inherited privileges to the more generic inherited privileges model - * based on role-based principals rather than specialized principal types. - */ - protected void convertRolePrincipals() { - LOG.info("Converting pseudo principle types to role principals"); - - PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class); - PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class); - PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class); - PrincipalTypeDAO principalTypeDAO = injector.getInstance(PrincipalTypeDAO.class); - - Map<String, String> principalTypeToRole = new HashMap<String, String>(); - principalTypeToRole.put("ALL.CLUSTER.ADMINISTRATOR", "CLUSTER.ADMINISTRATOR"); - principalTypeToRole.put("ALL.CLUSTER.OPERATOR", "CLUSTER.OPERATOR"); - principalTypeToRole.put("ALL.CLUSTER.USER", "CLUSTER.USER"); - principalTypeToRole.put("ALL.SERVICE.ADMINISTRATOR", "SERVICE.ADMINISTRATOR"); - principalTypeToRole.put("ALL.SERVICE.OPERATOR", "SERVICE.OPERATOR"); - - // Handle a typo introduced in org.apache.ambari.server.upgrade.UpgradeCatalog240.updateClusterInheritedPermissionsConfig - principalTypeToRole.put("ALL.SERVICE.OPERATIOR", "SERVICE.OPERATOR"); - - for (Map.Entry<String, String> entry : principalTypeToRole.entrySet()) { - String principalTypeName = entry.getKey(); - String roleName = entry.getValue(); - - PermissionEntity role = permissionDAO.findByName(roleName); - PrincipalEntity rolePrincipalEntity = (role == null) ? null : role.getPrincipal(); - - // Convert Privilege Records - PrincipalTypeEntity principalTypeEntity = principalTypeDAO.findByName(principalTypeName); - - if (principalTypeEntity != null) { - List<PrincipalEntity> principalEntities = principalDAO.findByPrincipalType(principalTypeName); - - for (PrincipalEntity principalEntity : principalEntities) { - Set<PrivilegeEntity> privilegeEntities = principalEntity.getPrivileges(); - - for (PrivilegeEntity privilegeEntity : privilegeEntities) { - if (rolePrincipalEntity == null) { - LOG.info("Removing privilege (id={}) since no role principle was found for {}:\n{}", - privilegeEntity.getId(), roleName, formatPrivilegeEntityDetails(privilegeEntity)); - // Remove this privilege - privilegeDAO.remove(privilegeEntity); - } else { - LOG.info("Updating privilege (id={}) to use role principle for {}:\n{}", - privilegeEntity.getId(), roleName, formatPrivilegeEntityDetails(privilegeEntity)); - - // Set the principal to the updated principal value - privilegeEntity.setPrincipal(rolePrincipalEntity); - privilegeDAO.merge(privilegeEntity); - } - } - - // Remove the obsolete principal - principalDAO.remove(principalEntity); - } - - // Remove the obsolete principal type - principalTypeDAO.remove(principalTypeEntity); - } - } - - LOG.info("Converting pseudo principle types to role principals - complete."); - } - - private String formatPrivilegeEntityDetails(PrivilegeEntity privilegeEntity) { - if (privilegeEntity == null) { - return ""; - } else { - ResourceEntity resource = privilegeEntity.getResource(); - PrincipalEntity principal = privilegeEntity.getPrincipal(); - PermissionEntity permission = privilegeEntity.getPermission(); - - return String.format("" + - "\tPrivilege ID: %d" + - "\n\tResource ID: %d" + - "\n\tPrincipal ID: %d" + - "\n\tPermission ID: %d", - privilegeEntity.getId(), - resource.getId(), - principal.getId(), - permission.getId() - ); - } - } } http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java index 7f58485..455b4f1 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java @@ -1,4 +1,4 @@ -/* +/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -86,6 +86,7 @@ import org.apache.ambari.server.orm.entities.ViewParameterEntity; import org.apache.ambari.server.orm.entities.ViewResourceEntity; import org.apache.ambari.server.security.SecurityHelper; import org.apache.ambari.server.security.authorization.AuthorizationHelper; +import org.apache.ambari.server.security.authorization.ClusterInheritedPermissionHelper; import org.apache.ambari.server.security.authorization.ResourceType; import org.apache.ambari.server.security.authorization.RoleAuthorization; import org.apache.ambari.server.state.Clusters; @@ -121,6 +122,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xml.sax.SAXException; +import com.google.common.collect.FluentIterable; import com.google.common.collect.Sets; import com.google.common.eventbus.AllowConcurrentEvents; import com.google.common.eventbus.Subscribe; @@ -1794,7 +1796,7 @@ public class ViewRegistry { } List<String> services = autoInstanceConfig.getServices(); - Collection<String> roles = autoInstanceConfig.getRoles(); + List<String> permissions = autoInstanceConfig.getPermissions(); Map<String, org.apache.ambari.server.state.Cluster> allClusters = clustersProvider.get().getClusters(); for (org.apache.ambari.server.state.Cluster cluster : allClusters.values()) { @@ -1812,7 +1814,7 @@ public class ViewRegistry { ViewInstanceEntity viewInstanceEntity = createViewInstanceEntity(viewEntity, viewConfig, autoInstanceConfig); viewInstanceEntity.setClusterHandle(clusterId); installViewInstance(viewInstanceEntity); - setViewInstanceRoleAccess(viewInstanceEntity, roles); + addClusterInheritedPermissions(viewInstanceEntity, permissions); } } catch (Exception e) { LOG.error("Can't auto create instance of view " + viewName + " for cluster " + clusterName + @@ -1823,45 +1825,40 @@ public class ViewRegistry { } /** - * Set access to the a particular view instance based on a set of roles. - * <p> - * View access to the specified view instances will be granted to anyone directly or indirectly - * assigned to one of the roles in the suppled set of role names. - * - * @param viewInstanceEntity a view instance entity - * @param roles the set of roles to use to for granting access + * Validates principalTypes and creates privilege entities for each permission type for the view instance entity + * resource. + * @param viewInstanceEntity - view instance entity for which permission has to be set. + * @param principalTypes - list of cluster inherited principal types */ @Transactional - protected void setViewInstanceRoleAccess(ViewInstanceEntity viewInstanceEntity, Collection<String> roles) { - if ((roles != null) && !roles.isEmpty()) { - PermissionEntity permissionViewUser = permissionDAO.findViewUsePermission(); + private void addClusterInheritedPermissions(ViewInstanceEntity viewInstanceEntity, List<String> principalTypes) { + List<String> validPermissions = FluentIterable.from(principalTypes) + .filter(ClusterInheritedPermissionHelper.validPrincipalTypePredicate) + .toList(); - if (permissionViewUser == null) { - LOG.error("Missing the {} role. Access to view cannot be set.", - PermissionEntity.VIEW_USER_PERMISSION_NAME, viewInstanceEntity.getName()); - } else { - for (String role : roles) { - PermissionEntity permissionRole = permissionDAO.findByName(role); - - if (permissionRole == null) { - LOG.warn("Invalid role {} encountered while setting access to view {}, Ignoring.", - role, viewInstanceEntity.getName()); - } else { - PrincipalEntity principalRole = permissionRole.getPrincipal(); - - if (principalRole == null) { - LOG.warn("Missing principal ID for role {} encountered while setting access to view {}. Ignoring.", - role, viewInstanceEntity.getName()); - } else { - PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setPermission(permissionViewUser); - privilegeEntity.setPrincipal(principalRole); - privilegeEntity.setResource(viewInstanceEntity.getResource()); - privilegeDAO.create(privilegeEntity); - } - } - } - } + for(String permission: validPermissions) { + addClusterInheritedPermission(viewInstanceEntity, permission); + } + } + + private void addClusterInheritedPermission(ViewInstanceEntity viewInstanceEntity, String principalType) { + ResourceEntity resource = viewInstanceEntity.getResource(); + List<PrincipalEntity> principals = principalDAO.findByPrincipalType(principalType); + if (principals.size() == 0) { + LOG.error("Failed to find principal for principal type '{}'", principalType); + return; + } + + PrincipalEntity principal = principals.get(0); // There will be only one principal associated with the principal type + PermissionEntity permission = permissionDAO.findViewUsePermission(); + + if (!privilegeDAO.exists(principal, resource, permission)) { + PrivilegeEntity privilege = new PrivilegeEntity(); + privilege.setPrincipal(principal); + privilege.setResource(resource); + privilege.setPermission(permission); + + privilegeDAO.create(privilege); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java index f934ed5..11efc76 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java @@ -1,4 +1,4 @@ -/* +/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -18,14 +18,16 @@ package org.apache.ambari.server.view.configuration; +import com.google.common.base.Function; +import com.google.common.collect.FluentIterable; +import com.google.common.collect.Lists; + import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElementWrapper; -import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; -import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import java.util.Arrays; import java.util.List; -import java.util.Set; /** * View auto instance configuration. @@ -46,25 +48,14 @@ public class AutoInstanceConfig extends InstanceConfig { */ @XmlElementWrapper @XmlElement(name="service") - @XmlJavaTypeAdapter(CollapsedStringAdapter.class) private List<String> services; /** - * A list of roles that should have access to this view. - * <p> - * Example values: - * <ul> - * <li>CLUSTER.ADMINISTRATOR</li> - * <li>CLUSTER.OPERATOR</li> - * <li>SERVICE.ADMINISTRATOR</li> - * <li>SERVICE.OPERATOR</li> - * <li>CLUSTER.USER</li> - * </ul> + * Cluster Inherited permissions. Comma separated strings for multiple values + * Possible values: ALL.CLUSTER.ADMINISTRATOR, ALL.CLUSTER.OPERATOR, ALL.CLUSTER.USER, + * ALL.SERVICE.OPERATOR, ALL.SERVICE.ADMINISTRATOR */ - @XmlElementWrapper - @XmlElement(name="role") - @XmlJavaTypeAdapter(CollapsedStringAdapter.class) - private Set<String> roles; + private String permissions; /** * Get the stack id used for auto instance creation. @@ -85,9 +76,17 @@ public class AutoInstanceConfig extends InstanceConfig { } /** - * @return the set of roles that should have access to this view + * @return the list of configured cluster inherited permissions */ - public Set<String> getRoles() { - return roles; + public List<String> getPermissions() { + if(permissions == null) { + return Lists.newArrayList(); + } + return FluentIterable.from(Arrays.asList(permissions.split(","))).transform(new Function<String, String>() { + @Override + public String apply(String permission) { + return permission.trim(); + } + }).toList(); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql index 7ab1dc7..ed94c40 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql @@ -1174,6 +1174,16 @@ INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) UNION ALL SELECT 2, 'GROUP' FROM SYSIBM.SYSDUMMY1 UNION ALL + SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 4, 'ALL.CLUSTER.OPERATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 5, 'ALL.CLUSTER.USER' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL + SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1 + UNION ALL SELECT 8, 'ROLE' FROM SYSIBM.SYSDUMMY1; INSERT INTO adminprincipal (principal_id, principal_type_id) http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index 5556e82..c8fbaa7 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -1123,6 +1123,11 @@ INSERT INTO adminresource (resource_id, resource_type_id) VALUES INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES (1, 'USER'), (2, 'GROUP'), + (3, 'ALL.CLUSTER.ADMINISTRATOR'), + (4, 'ALL.CLUSTER.OPERATOR'), + (5, 'ALL.CLUSTER.USER'), + (6, 'ALL.SERVICE.ADMINISTRATOR'), + (7, 'ALL.SERVICE.OPERATOR'), (8, 'ROLE'); INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index fb3ada5..04473d6 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -1119,6 +1119,16 @@ insert into adminprincipaltype (principal_type_id, principal_type_name) union all select 2, 'GROUP' from dual union all + select 3, 'ALL.CLUSTER.ADMINISTRATOR' from dual + union all + select 4, 'ALL.CLUSTER.OPERATOR' from dual + union all + select 5, 'ALL.CLUSTER.USER' from dual + union all + select 6, 'ALL.SERVICE.ADMINISTRATOR' from dual + union all + select 7, 'ALL.SERVICE.OPERATOR' from dual + union all select 8, 'ROLE' from dual; insert into adminprincipal (principal_id, principal_type_id) http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index 137a243..09ae3b0 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -1114,6 +1114,11 @@ INSERT INTO adminresource (resource_id, resource_type_id) VALUES INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES (1, 'USER'), (2, 'GROUP'), + (3, 'ALL.CLUSTER.ADMINISTRATOR'), + (4, 'ALL.CLUSTER.OPERATOR'), + (5, 'ALL.CLUSTER.USER'), + (6, 'ALL.SERVICE.ADMINISTRATOR'), + (7, 'ALL.SERVICE.OPERATOR'), (8, 'ROLE'); INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index 4922378..3dbd3fc 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -1116,6 +1116,16 @@ insert into adminprincipaltype (principal_type_id, principal_type_name) union all select 2, 'GROUP' union all + select 3, 'ALL.CLUSTER.ADMINISTRATOR' + union all + select 4, 'ALL.CLUSTER.OPERATOR' + union all + select 5, 'ALL.CLUSTER.USER' + union all + select 6, 'ALL.SERVICE.ADMINISTRATOR' + union all + select 7, 'ALL.SERVICE.OPERATOR' + union all select 8, 'ROLE'; insert into adminprincipal (principal_id, principal_type_id) http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index f72b0ab..9def741 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -1140,6 +1140,11 @@ BEGIN TRANSACTION values (1, 'USER'), (2, 'GROUP'), + (3, 'ALL.CLUSTER.ADMINISTRATOR'), + (4, 'ALL.CLUSTER.OPERATOR'), + (5, 'ALL.CLUSTER.USER'), + (6, 'ALL.SERVICE.ADMINISTRATOR'), + (7, 'ALL.SERVICE.OPERATOR'), (8, 'ROLE'); insert into adminprincipal (principal_id, principal_type_id) http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java deleted file mode 100644 index 547bba5..0000000 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.controller.internal; - -import org.apache.ambari.server.orm.dao.MemberDAO; -import org.apache.ambari.server.orm.dao.PrivilegeDAO; -import org.apache.ambari.server.security.authorization.Users; -import org.easymock.EasyMockSupport; - -class AbstractPrivilegeResourceProviderTest extends EasyMockSupport { - - static class TestUsers extends Users { - - void setPrivilegeDAO(PrivilegeDAO privilegeDAO) { - this.privilegeDAO = privilegeDAO; - } - - public void setMemberDAO(MemberDAO memberDAO) { - this.memberDAO = memberDAO; - } - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java index 7702fd0..99962ee 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java @@ -270,6 +270,9 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { UserDAO userDAO = injector.getInstance(UserDAO.class); expect(userDAO.findUsersByPrincipal(anyObject(List.class))).andReturn(userEntities).atLeastOnce(); + GroupDAO groupDAO = injector.getInstance(GroupDAO.class); + expect(groupDAO.findGroupsByPrincipal(anyObject(List.class))).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce(); + replayAll(); SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin")); @@ -353,11 +356,10 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { Map<Long, UserEntity> userEntities = new HashMap<>(); Map<Long, GroupEntity> groupEntities = new HashMap<>(); - Map<Long, PermissionEntity> roleEntities = new HashMap<>(); Map<Long, Object> resourceEntities = new HashMap<Long, Object>(); AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider(); - Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds()); + Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds()); Assert.assertEquals(ResourceType.AMBARI.name(), resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID)); @@ -397,13 +399,12 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { Map<Long, UserEntity> userEntities = new HashMap<>(); Map<Long, GroupEntity> groupEntities = new HashMap<>(); - Map<Long, PermissionEntity> roleEntities = new HashMap<>(); Map<Long, Object> resourceEntities = new HashMap<Long, Object>(); resourceEntities.put(resourceEntity.getId(), clusterEntity); AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider(); - Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds()); + Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds()); Assert.assertEquals("TestCluster", resource.getPropertyValue(ClusterPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID)); Assert.assertEquals(ResourceType.CLUSTER.name(), resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID)); @@ -449,13 +450,12 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { Map<Long, UserEntity> userEntities = new HashMap<>(); Map<Long, GroupEntity> groupEntities = new HashMap<>(); - Map<Long, PermissionEntity> roleEntities = new HashMap<>(); Map<Long, Object> resourceEntities = new HashMap<Long, Object>(); resourceEntities.put(resourceEntity.getId(), viewInstanceEntity); AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider(); - Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds()); + Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds()); Assert.assertEquals("Test View", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID)); Assert.assertEquals("TestView", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_VIEW_NAME_PROPERTY_ID)); @@ -503,13 +503,12 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { Map<Long, UserEntity> userEntities = new HashMap<>(); Map<Long, GroupEntity> groupEntities = new HashMap<>(); - Map<Long, PermissionEntity> roleEntities = new HashMap<>(); Map<Long, Object> resourceEntities = new HashMap<Long, Object>(); resourceEntities.put(resourceEntity.getId(), viewInstanceEntity); AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider(); - Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds()); + Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds()); Assert.assertEquals("Test View", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID)); Assert.assertEquals("TestView", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_VIEW_NAME_PROPERTY_ID)); @@ -609,6 +608,9 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class); expect(clusterDAO.findAll()).andReturn(Collections.<ClusterEntity>emptyList()).atLeastOnce(); + GroupDAO groupDAO = injector.getInstance(GroupDAO.class); + expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce(); + replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); @@ -662,6 +664,9 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class); expect(clusterDAO.findAll()).andReturn(clusterEntities).atLeastOnce(); + GroupDAO groupDAO = injector.getInstance(GroupDAO.class); + expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce(); + replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java index 976dd34..f00a21a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java @@ -38,6 +38,7 @@ import org.apache.ambari.server.orm.dao.ResourceDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.ClusterEntity; +import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; @@ -60,6 +61,7 @@ import org.springframework.security.core.context.SecurityContextHolder; import javax.persistence.EntityManager; import java.util.ArrayList; +import java.util.Collections; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.LinkedList; @@ -249,6 +251,9 @@ public class ClusterPrivilegeResourceProviderTest extends EasyMockSupport { UserDAO userDAO = injector.getInstance(UserDAO.class); expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities); + GroupDAO groupDAO = injector.getInstance(GroupDAO.class); + expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()); + replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); @@ -301,6 +306,9 @@ public class ClusterPrivilegeResourceProviderTest extends EasyMockSupport { UserDAO userDAO = injector.getInstance(UserDAO.class); expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities); + GroupDAO groupDAO = injector.getInstance(GroupDAO.class); + expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()); + replayAll(); SecurityContextHolder.getContext().setAuthentication(authentication); http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java index d417595..c3510a8 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java @@ -18,6 +18,7 @@ package org.apache.ambari.server.controller.internal; +import com.google.common.collect.Lists; import junit.framework.Assert; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; @@ -30,6 +31,7 @@ import org.apache.ambari.server.orm.dao.GroupDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.ClusterEntity; +import org.apache.ambari.server.orm.entities.MemberEntity; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; @@ -42,15 +44,13 @@ import org.apache.ambari.server.orm.entities.ViewInstanceEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.ResourceType; -import org.apache.ambari.server.security.authorization.Users; +import org.easymock.EasyMockSupport; import org.junit.Test; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import java.util.Collections; import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; import java.util.Set; import static org.easymock.EasyMock.anyObject; @@ -59,7 +59,7 @@ import static org.easymock.EasyMock.expect; /** * GroupPrivilegeResourceProvider tests. */ -public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourceProviderTest { +public class GroupPrivilegeResourceProviderTest extends EasyMockSupport { @Test(expected = SystemException.class) public void testCreateResources() throws Exception { @@ -124,11 +124,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc ClusterDAO clusterDAO = createMock(ClusterDAO.class); ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -175,11 +175,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc GroupDAO groupDAO = createMock(GroupDAO.class); expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes(); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -233,11 +233,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc GroupDAO groupDAO = createMock(GroupDAO.class); expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes(); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -292,11 +292,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc GroupDAO groupDAO = createMock(GroupDAO.class); expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes(); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds()); @@ -320,32 +320,30 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class); final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class); - final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class); - - final TestUsers users = new TestUsers(); - users.setPrivilegeDAO(privilegeDAO); - - List<PrincipalEntity> groupPrincipals = new LinkedList<PrincipalEntity>(); - groupPrincipals.add(principalEntity); - - expect(privilegeDAO.findAllByPrincipal(groupPrincipals)). - andReturn(Collections.singletonList(privilegeEntity)) - .once(); - expect(groupDAO.findGroupByName(requestedGroupName)).andReturn(groupEntity).atLeastOnce(); - expect(groupEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); - expect(privilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce(); - expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); - expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).atLeastOnce(); - expect(principalTypeEntity.getName()).andReturn(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME).atLeastOnce(); - expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).atLeastOnce(); - expect(groupEntity.getGroupName()).andReturn(requestedGroupName).atLeastOnce(); - expect(privilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); - expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).atLeastOnce(); + final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + + expect(groupDAO.findGroupByName(requestedGroupName)).andReturn(groupEntity).anyTimes(); + expect(groupEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); + expect(groupEntity.getMemberEntities()).andReturn(Collections.<MemberEntity>emptySet()).anyTimes(); + expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes(); + expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); + expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); + expect(principalTypeEntity.getName()).andReturn(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME).anyTimes(); + expect(principalEntity.getPrivileges()).andReturn(new HashSet<PrivilegeEntity>() { + { + add(privilegeEntity); + } + }).anyTimes(); + expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes(); + expect(groupEntity.getGroupName()).andReturn(requestedGroupName).anyTimes(); + expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes(); + expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes(); expect(resourceTypeEntity.getName()).andReturn(ResourceType.AMBARI.name()); + expect(viewInstanceDAO.findAll()).andReturn(Lists.<ViewInstanceEntity>newArrayList()).anyTimes(); replayAll(); - GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users); + GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); final Set<String> propertyIds = new HashSet<String>(); propertyIds.add(GroupPrivilegeResourceProvider.PRIVILEGE_GROUP_NAME_PROPERTY_ID); @@ -369,4 +367,5 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc verifyAll(); } + } http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java index ddb510d..1f3cb52 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java @@ -1,4 +1,4 @@ -/* +/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -18,6 +18,8 @@ package org.apache.ambari.server.controller.internal; +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; import junit.framework.Assert; import org.apache.ambari.server.controller.spi.Predicate; import org.apache.ambari.server.controller.spi.Request; @@ -27,7 +29,6 @@ import org.apache.ambari.server.controller.utilities.PredicateBuilder; import org.apache.ambari.server.controller.utilities.PropertyHelper; import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.GroupDAO; -import org.apache.ambari.server.orm.dao.MemberDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; @@ -45,7 +46,7 @@ import org.apache.ambari.server.orm.entities.ViewInstanceEntity; import org.apache.ambari.server.security.TestAuthenticationFactory; import org.apache.ambari.server.security.authorization.AuthorizationException; import org.apache.ambari.server.security.authorization.ResourceType; -import org.apache.ambari.server.security.authorization.Users; +import org.easymock.EasyMockSupport; import org.junit.Test; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -53,8 +54,6 @@ import org.springframework.security.core.context.SecurityContextHolder; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; import java.util.Set; import static org.easymock.EasyMock.anyObject; @@ -63,7 +62,7 @@ import static org.easymock.EasyMock.expect; /** * UserPrivilegeResourceProvider tests. */ -public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResourceProviderTest { +public class UserPrivilegeResourceProviderTest extends EasyMockSupport { @Test(expected = SystemException.class) public void testCreateResources() throws Exception { @@ -135,11 +134,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource GroupDAO groupDAO = createMock(GroupDAO.class); ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -188,11 +187,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource UserDAO userDAO = createMock(UserDAO.class); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -247,11 +246,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource UserDAO userDAO = createMock(UserDAO.class); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -308,11 +307,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource UserDAO userDAO = createMock(UserDAO.class); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); - Users users = createNiceMock(Users.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds()); @@ -328,14 +327,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource public void testToResource_SpecificVIEW_WithClusterInheritedPermission() throws Exception { SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L)); - PrincipalTypeEntity rolePrincipalTypeEntity = createMock(PrincipalTypeEntity.class); - expect(rolePrincipalTypeEntity.getName()).andReturn("ROLE").atLeastOnce(); - - PrincipalEntity rolePrincipalEntity = createMock(PrincipalEntity.class); - expect(rolePrincipalEntity.getPrincipalType()).andReturn(rolePrincipalTypeEntity).atLeastOnce(); - PermissionEntity permissionEntity = createMock(PermissionEntity.class); - expect(permissionEntity.getPrincipal()).andReturn(rolePrincipalEntity).atLeastOnce(); expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").atLeastOnce(); expect(permissionEntity.getPermissionLabel()).andReturn("Cluster Administrator").atLeastOnce(); @@ -345,10 +337,19 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource PrincipalEntity principalEntity = createMock(PrincipalEntity.class); expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).atLeastOnce(); + + PrincipalTypeEntity principalTypeWithAllClusterAdministrator = createNiceMock(PrincipalTypeEntity.class); + expect(principalTypeWithAllClusterAdministrator.getName()).andReturn("ALL.CLUSTER.ADMINISTRATOR").atLeastOnce(); + + PrincipalEntity principalEntityWithAllClusterAdministrator = createNiceMock(PrincipalEntity.class); + expect(principalEntityWithAllClusterAdministrator.getPrincipalType()).andReturn(principalTypeWithAllClusterAdministrator).atLeastOnce(); + ViewEntity viewEntity = createMock(ViewEntity.class); expect(viewEntity.getCommonName()).andReturn("TestView").atLeastOnce(); expect(viewEntity.getVersion()).andReturn("1.2.3.4").atLeastOnce(); + + ResourceTypeEntity resourceTypeEntity = createMock(ResourceTypeEntity.class); expect(resourceTypeEntity.getName()).andReturn("TestView{1.2.3.4}").atLeastOnce(); @@ -359,56 +360,38 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource ViewInstanceEntity viewInstanceEntity = createMock(ViewInstanceEntity.class); expect(viewInstanceEntity.getViewEntity()).andReturn(viewEntity).atLeastOnce(); expect(viewInstanceEntity.getName()).andReturn("Test View").atLeastOnce(); + expect(viewInstanceEntity.getClusterHandle()).andReturn(1L).atLeastOnce(); + expect(viewInstanceEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); - PrivilegeEntity explicitPrivilegeEntity = createMock(PrivilegeEntity.class); - expect(explicitPrivilegeEntity.getId()).andReturn(1).atLeastOnce(); - expect(explicitPrivilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce(); - expect(explicitPrivilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); - expect(explicitPrivilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); + PrivilegeEntity privilegeEntityViewWithClusterAdminAccess = createMock(PrivilegeEntity.class); + expect(privilegeEntityViewWithClusterAdminAccess.getPrincipal()).andReturn(principalEntityWithAllClusterAdministrator).atLeastOnce(); - PrivilegeEntity implicitPrivilegeEntity = createMock(PrivilegeEntity.class); - expect(implicitPrivilegeEntity.getId()).andReturn(2).atLeastOnce(); - expect(implicitPrivilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce(); - expect(implicitPrivilegeEntity.getPrincipal()).andReturn(rolePrincipalEntity).atLeastOnce(); - expect(implicitPrivilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); + PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class); + expect(privilegeEntity.getId()).andReturn(1).atLeastOnce(); + expect(privilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce(); + expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); + expect(privilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce(); + + expect(principalEntity.getPrivileges()).andReturn(Sets.newHashSet(privilegeEntity)).atLeastOnce(); UserEntity userEntity = createMock(UserEntity.class); expect(userEntity.getUserName()).andReturn("jdoe").atLeastOnce(); expect(userEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce(); + expect(userEntity.getMemberEntities()).andReturn(Sets.<MemberEntity>newHashSet()).atLeastOnce(); ClusterDAO clusterDAO = createMock(ClusterDAO.class); GroupDAO groupDAO = createMock(GroupDAO.class); ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class); expect(viewInstanceDAO.findByResourceId(1L)).andReturn(viewInstanceEntity).atLeastOnce(); + expect(viewInstanceDAO.findAll()).andReturn(Lists.newArrayList(viewInstanceEntity)).atLeastOnce(); final UserDAO userDAO = createNiceMock(UserDAO.class); expect(userDAO.findLocalUserByName("jdoe")).andReturn(userEntity).anyTimes(); expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes(); - final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class); - final MemberDAO memberDAO = createMock(MemberDAO.class); - - final TestUsers users = new TestUsers(); - users.setPrivilegeDAO(privilegeDAO); - users.setMemberDAO(memberDAO); - - List<PrincipalEntity> rolePrincipals = new LinkedList<PrincipalEntity>(); - rolePrincipals.add(rolePrincipalEntity); - - List<PrincipalEntity> userPrincipals = new LinkedList<PrincipalEntity>(); - userPrincipals.add(principalEntity); - - expect(privilegeDAO.findAllByPrincipal(userPrincipals)). - andReturn(Collections.singletonList(explicitPrivilegeEntity)) - .once(); - // Implicit privileges... - expect(privilegeDAO.findAllByPrincipal(rolePrincipals)). - andReturn(Collections.singletonList(implicitPrivilegeEntity)) - .once(); - expect(memberDAO.findAllMembersByUser(userEntity)). - andReturn(Collections.<MemberEntity>emptyList()) - .atLeastOnce(); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + expect(privilegeDAO.findByResourceId(1L)).andReturn(Lists.newArrayList(privilegeEntity, privilegeEntityViewWithClusterAdminAccess)).anyTimes(); replayAll(); @@ -421,7 +404,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L); Request request = PropertyHelper.getReadRequest(propertyIds); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider(); Set<Resource> resources = provider.getResources(request, predicate); @@ -441,6 +424,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource final GroupDAO groupDAO = createNiceMock(GroupDAO.class); final ClusterDAO clusterDAO = createNiceMock(ClusterDAO.class); final ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); final UserEntity userEntity = createNiceMock(UserEntity.class); final PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class); final PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); @@ -448,22 +432,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class); final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class); - final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class); - final MemberDAO memberDAO = createMock(MemberDAO.class); - - final TestUsers users = new TestUsers(); - users.setPrivilegeDAO(privilegeDAO); - users.setMemberDAO(memberDAO); - - List<PrincipalEntity> userPrincipals = new LinkedList<PrincipalEntity>(); - userPrincipals.add(principalEntity); - - expect(privilegeDAO.findAllByPrincipal(userPrincipals)). - andReturn(Collections.singletonList(privilegeEntity)) - .atLeastOnce(); - expect(memberDAO.findAllMembersByUser(userEntity)). - andReturn(Collections.<MemberEntity>emptyList()) - .atLeastOnce(); + expect(userDAO.findLocalUserByName(requestedUsername)).andReturn(userEntity).anyTimes(); expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); expect(userEntity.getMemberEntities()).andReturn(Collections.<MemberEntity>emptySet()).anyTimes(); @@ -485,7 +454,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource replayAll(); - UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users); + UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO); final Set<String> propertyIds = new HashSet<String>(); propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID); http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java index 20ecc88..d85b37b 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java @@ -1,4 +1,4 @@ -/* +/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -30,6 +30,7 @@ import org.apache.ambari.server.orm.dao.ResourceTypeDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.dao.ViewDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; +import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; @@ -52,6 +53,7 @@ import org.junit.BeforeClass; import org.junit.Test; import org.springframework.security.core.context.SecurityContextHolder; +import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.Set; @@ -144,6 +146,7 @@ public class ViewPrivilegeResourceProviderTest { expect(permissionDAO.findById(PermissionEntity.VIEW_USER_PERMISSION)).andReturn(permissionEntity); expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities); + expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()); replay(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, privilegeEntity, resourceEntity, userEntity, principalEntity, permissionEntity, principalTypeEntity); http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java index d376d4b..47211ef 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java @@ -362,6 +362,72 @@ public class AuthorizationHelperTest extends EasyMockSupport { } @Test + public void testIsAuthorizedForClusterInheritedPermission() { + + ResourceTypeEntity clusterResourceTypeEntity = new ResourceTypeEntity(); + clusterResourceTypeEntity.setId(1); + clusterResourceTypeEntity.setName(ResourceType.CLUSTER.name()); + + ResourceEntity clusterResourceEntity = new ResourceEntity(); + clusterResourceEntity.setResourceType(clusterResourceTypeEntity); + clusterResourceEntity.setId(1L); + + PermissionEntity clusterPermissionEntity = new PermissionEntity(); + clusterPermissionEntity.setPermissionName("CLUSTER.ADMINISTRATOR"); + + RoleAuthorizationEntity readOnlyRoleAuthorizationEntity = new RoleAuthorizationEntity(); + readOnlyRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_VIEW_METRICS.getId()); + + RoleAuthorizationEntity privilegedRoleAuthorizationEntity = new RoleAuthorizationEntity(); + privilegedRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS.getId()); + + + clusterPermissionEntity.setAuthorizations(Arrays.asList(readOnlyRoleAuthorizationEntity, + privilegedRoleAuthorizationEntity)); + + PrivilegeEntity clusterPrivilegeEntity = new PrivilegeEntity(); + clusterPrivilegeEntity.setPermission(clusterPermissionEntity); + clusterPrivilegeEntity.setResource(clusterResourceEntity); + + GrantedAuthority clusterAuthority = new AmbariGrantedAuthority(clusterPrivilegeEntity); + Authentication clusterUser = new TestAuthentication(Collections.singleton(clusterAuthority)); + + + Provider viewInstanceDAOProvider = createNiceMock(Provider.class); + Provider privilegeDAOProvider = createNiceMock(Provider.class); + + ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + + ViewInstanceEntity viewInstanceEntity = createNiceMock(ViewInstanceEntity.class); + expect(viewInstanceEntity.getClusterHandle()).andReturn(1L).anyTimes(); + + PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class); + PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class); + PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class); + + expect(viewInstanceDAOProvider.get()).andReturn(viewInstanceDAO).anyTimes(); + expect(privilegeDAOProvider.get()).andReturn(privilegeDAO).anyTimes(); + + expect(viewInstanceDAO.findByResourceId(2L)).andReturn(viewInstanceEntity).anyTimes(); + + expect(privilegeDAO.findByResourceId(2L)).andReturn(Lists.newArrayList(privilegeEntity)).anyTimes(); + + expect(principalTypeEntity.getName()).andReturn("ALL.CLUSTER.ADMINISTRATOR").anyTimes(); + expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); + expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); + + replayAll(); + + AuthorizationHelper.viewInstanceDAOProvider = viewInstanceDAOProvider; + AuthorizationHelper.privilegeDAOProvider = privilegeDAOProvider; + + SecurityContext context = SecurityContextHolder.getContext(); + context.setAuthentication(clusterUser); + + assertTrue(AuthorizationHelper.isAuthorized(ResourceType.VIEW, 2L, EnumSet.of(RoleAuthorization.VIEW_USE))); + } + public void testIsAuthorizedForSpecificView() { RoleAuthorizationEntity readOnlyRoleAuthorizationEntity = new RoleAuthorizationEntity(); readOnlyRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_VIEW_METRICS.getId()); http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java index 29bf820..4457858 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java @@ -20,8 +20,6 @@ package org.apache.ambari.server.upgrade; import javax.persistence.EntityManager; import junit.framework.Assert; - -import static org.easymock.EasyMock.anyString; import static org.easymock.EasyMock.aryEq; import static org.easymock.EasyMock.capture; import static org.easymock.EasyMock.createMockBuilder; @@ -36,13 +34,7 @@ import static org.easymock.EasyMock.reset; import static org.easymock.EasyMock.verify; import java.lang.reflect.Method; -import java.sql.SQLException; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Set; -import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.api.services.AmbariMetaInfo; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.controller.AmbariManagementController; @@ -52,22 +44,12 @@ import org.apache.ambari.server.orm.InMemoryDefaultTestModule; import org.apache.ambari.server.orm.dao.ClusterDAO; import org.apache.ambari.server.orm.dao.ClusterVersionDAO; import org.apache.ambari.server.orm.dao.HostVersionDAO; -import org.apache.ambari.server.orm.dao.PermissionDAO; -import org.apache.ambari.server.orm.dao.PrincipalDAO; -import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; -import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.RepositoryVersionDAO; import org.apache.ambari.server.orm.dao.StackDAO; -import org.apache.ambari.server.orm.entities.PermissionEntity; -import org.apache.ambari.server.orm.entities.PrincipalEntity; -import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; -import org.apache.ambari.server.orm.entities.PrivilegeEntity; -import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.StackEntity; import org.apache.ambari.server.state.stack.OsFamily; import org.easymock.Capture; import org.easymock.EasyMock; -import org.easymock.EasyMockSupport; import org.easymock.IMocksControl; import org.junit.After; import org.junit.Before; @@ -237,19 +219,16 @@ public class UpgradeCatalog242Test { @Test public void testExecuteDMLUpdates() throws Exception { Method addNewConfigurationsFromXml = AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml"); - Method convertRolePrincipals = UpgradeCatalog242.class.getDeclaredMethod("convertRolePrincipals"); + UpgradeCatalog242 upgradeCatalog242 = createMockBuilder(UpgradeCatalog242.class) - .addMockedMethod(addNewConfigurationsFromXml) - .addMockedMethod(convertRolePrincipals) - .createMock(); + .addMockedMethod(addNewConfigurationsFromXml) + .createMock(); upgradeCatalog242.addNewConfigurationsFromXml(); expectLastCall().once(); - upgradeCatalog242.convertRolePrincipals(); - expectLastCall().once(); replay(upgradeCatalog242); @@ -257,111 +236,4 @@ public class UpgradeCatalog242Test { verify(upgradeCatalog242); } - - @Test - public void testConvertRolePrincipals() throws AmbariException, SQLException { - - EasyMockSupport easyMockSupport = new EasyMockSupport(); - - PrincipalEntity clusterAdministratorPrincipalEntity = easyMockSupport.createMock(PrincipalEntity.class); - - PermissionEntity clusterAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class); - expect(clusterAdministratorPermissionEntity.getPrincipal()) - .andReturn(clusterAdministratorPrincipalEntity) - .once(); - - PrincipalTypeEntity allClusterAdministratorPrincipalTypeEntity = easyMockSupport.createMock(PrincipalTypeEntity.class); - - PermissionDAO permissionDAO = easyMockSupport.createMock(PermissionDAO.class); - expect(permissionDAO.findByName("CLUSTER.ADMINISTRATOR")) - .andReturn(clusterAdministratorPermissionEntity) - .once(); - expect(permissionDAO.findByName(anyString())) - .andReturn(null) - .anyTimes(); - - PrincipalTypeDAO principalTypeDAO = easyMockSupport.createMock(PrincipalTypeDAO.class); - expect(principalTypeDAO.findByName("ALL.CLUSTER.ADMINISTRATOR")) - .andReturn(allClusterAdministratorPrincipalTypeEntity) - .once(); - expect(principalTypeDAO.findByName(anyString())) - .andReturn(null) - .anyTimes(); - principalTypeDAO.remove(allClusterAdministratorPrincipalTypeEntity); - expectLastCall().once(); - - ResourceEntity allClusterAdministratorPrivilege1Resource = easyMockSupport.createMock(ResourceEntity.class); - expect(allClusterAdministratorPrivilege1Resource.getId()).andReturn(1L).once(); - - PrincipalEntity allClusterAdministratorPrivilege1Principal = easyMockSupport.createMock(PrincipalEntity.class); - expect(allClusterAdministratorPrivilege1Principal.getId()).andReturn(1L).once(); - - PermissionEntity allClusterAdministratorPrivilege1Permission = easyMockSupport.createMock(PermissionEntity.class); - expect(allClusterAdministratorPrivilege1Permission.getId()).andReturn(1).once(); - - PrivilegeEntity allClusterAdministratorPrivilege1 = easyMockSupport.createMock(PrivilegeEntity.class); - expect(allClusterAdministratorPrivilege1.getId()).andReturn(1).atLeastOnce(); - expect(allClusterAdministratorPrivilege1.getResource()).andReturn(allClusterAdministratorPrivilege1Resource).once(); - expect(allClusterAdministratorPrivilege1.getPrincipal()).andReturn(allClusterAdministratorPrivilege1Principal).once(); - expect(allClusterAdministratorPrivilege1.getPermission()).andReturn(allClusterAdministratorPrivilege1Permission).once(); - allClusterAdministratorPrivilege1.setPrincipal(clusterAdministratorPrincipalEntity); - expectLastCall().once(); - - ResourceEntity allClusterAdministratorPrivilege2Resource = easyMockSupport.createMock(ResourceEntity.class); - expect(allClusterAdministratorPrivilege2Resource.getId()).andReturn(2L).once(); - - PrincipalEntity allClusterAdministratorPrivilege2Principal = easyMockSupport.createMock(PrincipalEntity.class); - expect(allClusterAdministratorPrivilege2Principal.getId()).andReturn(2L).once(); - - PermissionEntity allClusterAdministratorPrivilege2Permission = easyMockSupport.createMock(PermissionEntity.class); - expect(allClusterAdministratorPrivilege2Permission.getId()).andReturn(2).once(); - - PrivilegeEntity allClusterAdministratorPrivilege2 = easyMockSupport.createMock(PrivilegeEntity.class); - expect(allClusterAdministratorPrivilege2.getId()).andReturn(2).atLeastOnce(); - expect(allClusterAdministratorPrivilege2.getResource()).andReturn(allClusterAdministratorPrivilege2Resource).once(); - expect(allClusterAdministratorPrivilege2.getPrincipal()).andReturn(allClusterAdministratorPrivilege2Principal).once(); - expect(allClusterAdministratorPrivilege2.getPermission()).andReturn(allClusterAdministratorPrivilege2Permission).once(); - allClusterAdministratorPrivilege2.setPrincipal(clusterAdministratorPrincipalEntity); - expectLastCall().once(); - - Set<PrivilegeEntity> allClusterAdministratorPrivileges = new HashSet<PrivilegeEntity>(); - allClusterAdministratorPrivileges.add(allClusterAdministratorPrivilege1); - allClusterAdministratorPrivileges.add(allClusterAdministratorPrivilege2); - - PrincipalEntity allClusterAdministratorPrincipalEntity = easyMockSupport.createMock(PrincipalEntity.class); - expect(allClusterAdministratorPrincipalEntity.getPrivileges()) - .andReturn(allClusterAdministratorPrivileges) - .once(); - - List<PrincipalEntity> allClusterAdministratorPrincipals = new ArrayList<PrincipalEntity>(); - allClusterAdministratorPrincipals.add(allClusterAdministratorPrincipalEntity); - - PrincipalDAO principalDAO = easyMockSupport.createMock(PrincipalDAO.class); - expect(principalDAO.findByPrincipalType("ALL.CLUSTER.ADMINISTRATOR")) - .andReturn(allClusterAdministratorPrincipals) - .once(); - principalDAO.remove(allClusterAdministratorPrincipalEntity); - expectLastCall().once(); - - - PrivilegeDAO privilegeDAO = easyMockSupport.createMock(PrivilegeDAO.class); - expect(privilegeDAO.merge(allClusterAdministratorPrivilege1)) - .andReturn(allClusterAdministratorPrivilege1) - .once(); - expect(privilegeDAO.merge(allClusterAdministratorPrivilege2)) - .andReturn(allClusterAdministratorPrivilege2) - .once(); - - Injector injector = easyMockSupport.createNiceMock(Injector.class); - expect(injector.getInstance(PrincipalTypeDAO.class)).andReturn(principalTypeDAO).atLeastOnce(); - expect(injector.getInstance(PrincipalDAO.class)).andReturn(principalDAO).atLeastOnce(); - expect(injector.getInstance(PermissionDAO.class)).andReturn(permissionDAO).atLeastOnce(); - expect(injector.getInstance(PrivilegeDAO.class)).andReturn(privilegeDAO).atLeastOnce(); - - easyMockSupport.replayAll(); - UpgradeCatalog242 upgradeCatalog = new UpgradeCatalog242(injector); - injector.injectMembers(upgradeCatalog); - upgradeCatalog.convertRolePrincipals(); - easyMockSupport.verifyAll(); - } } http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java index a24f041..3c4a440 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java @@ -1,4 +1,4 @@ -/* +/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -22,8 +22,9 @@ import junit.framework.Assert; import org.junit.Test; import javax.xml.bind.JAXBException; -import java.util.Collection; +import java.util.LinkedList; import java.util.List; +import java.util.Set; import static org.junit.Assert.*; @@ -74,7 +75,7 @@ public class AutoInstanceConfigTest { " </property>\n" + " <stack-id>HDP-2.0</stack-id>\n" + " <services><service>HIVE</service><service>HDFS</service></services>\n" + - " <roles><role>CLUSTER.OPERATOR </role><role> CLUSTER.USER</role></roles>\n" + + " <permissions>ALL.CLUSTER.OPERATOR, ALL.CLUSTER.USER</permissions>\n" + " </auto-instance>\n" + "</view>"; @@ -112,13 +113,13 @@ public class AutoInstanceConfigTest { @Test public void shouldParseClusterInheritedPermissions() throws Exception { AutoInstanceConfig config = getAutoInstanceConfigs(VIEW_XML); - Collection<String> roles = config.getRoles(); - assertEquals(2, roles.size()); - assertTrue(roles.contains("CLUSTER.OPERATOR")); - assertTrue(roles.contains("CLUSTER.USER")); + List<String> permissions = config.getPermissions(); + assertEquals(2, permissions.size()); + assertTrue(permissions.contains("ALL.CLUSTER.OPERATOR")); + assertTrue(permissions.contains("ALL.CLUSTER.USER")); } - private static AutoInstanceConfig getAutoInstanceConfigs(String xml) throws JAXBException { + public static AutoInstanceConfig getAutoInstanceConfigs(String xml) throws JAXBException { ViewConfig config = ViewConfigTest.getConfig(xml); return config.getAutoInstance(); }
