Repository: ambari Updated Branches: refs/heads/branch-2.5 9a9949a40 -> 3c8893345
AMBARI-18751. Upgrade Fails From 2.4.2 to 2.5 Due To Existing Role Authorizations (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3c889334 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3c889334 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3c889334 Branch: refs/heads/branch-2.5 Commit: 3c88933456b4c2db24c157f7cff582758378bdd5 Parents: 9a9949a Author: Robert Levas <[email protected]> Authored: Wed Nov 2 12:17:32 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Wed Nov 2 12:17:32 2016 -0400 ---------------------------------------------------------------------- .../server/upgrade/UpgradeCatalog242.java | 17 ++++ .../server/upgrade/UpgradeCatalog250.java | 16 ---- .../server/upgrade/UpgradeCatalog242Test.java | 88 ++++++++++++++++++ .../server/upgrade/UpgradeCatalog250Test.java | 93 -------------------- 4 files changed, 105 insertions(+), 109 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/3c889334/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java index 541f4da..f5445ea 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java @@ -19,6 +19,8 @@ package org.apache.ambari.server.upgrade; import java.sql.SQLException; +import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -123,9 +125,24 @@ public class UpgradeCatalog242 extends AbstractUpgradeCatalog { @Override protected void executeDMLUpdates() throws AmbariException, SQLException { addNewConfigurationsFromXml(); + createRoleAuthorizations(); convertRolePrincipals(); } + /** + * Create new role authorizations: CLUSTER.RUN_CUSTOM_COMMAND and AMBARI.RUN_CUSTOM_COMMAND + * + * @throws SQLException + */ + @Transactional + protected void createRoleAuthorizations() throws SQLException { + addRoleAuthorization("CLUSTER.RUN_CUSTOM_COMMAND", "Perform custom cluster-level actions", + Arrays.asList("AMBARI.ADMINISTRATOR:AMBARI", "CLUSTER.ADMINISTRATOR:CLUSTER")); + + addRoleAuthorization("AMBARI.RUN_CUSTOM_COMMAND", "Perform custom administrative actions", + Collections.singletonList("AMBARI.ADMINISTRATOR:AMBARI")); + } + protected void updateTablesForMysql() throws SQLException { final Configuration.DatabaseType databaseType = configuration.getDatabaseType(); if (databaseType == Configuration.DatabaseType.MYSQL) { http://git-wip-us.apache.org/repos/asf/ambari/blob/3c889334/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java index b86fad9..20dd736 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java @@ -127,7 +127,6 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog { @Override protected void executeDMLUpdates() throws AmbariException, SQLException { updateAMSConfigs(); - createRoleAuthorizations(); } protected void updateHostVersionTable() throws SQLException { @@ -188,21 +187,6 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog { } /** - * Create new role authorizations: CLUSTER.RUN_CUSTOM_COMMAND and AMBARI.RUN_CUSTOM_COMMAND - * - * @throws SQLException - */ - protected void createRoleAuthorizations() throws SQLException { - LOG.info("Adding authorizations"); - - addRoleAuthorization("CLUSTER.RUN_CUSTOM_COMMAND", "Perform custom cluster-level actions", - Arrays.asList("AMBARI.ADMINISTRATOR:AMBARI", "CLUSTER.ADMINISTRATOR:CLUSTER")); - - addRoleAuthorization("AMBARI.RUN_CUSTOM_COMMAND", "Perform custom administrative actions", - Collections.singletonList("AMBARI.ADMINISTRATOR:AMBARI")); - } - - /** * Creates the servicecomponent_version table * @throws SQLException */ http://git-wip-us.apache.org/repos/asf/ambari/blob/3c889334/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java index d44ae88..8cfcee5 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java @@ -37,6 +37,7 @@ import static org.easymock.EasyMock.verify; import java.lang.reflect.Method; import java.sql.SQLException; import java.util.ArrayList; +import java.util.Collection; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -56,12 +57,16 @@ import org.apache.ambari.server.orm.dao.PrincipalDAO; import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.RepositoryVersionDAO; +import org.apache.ambari.server.orm.dao.ResourceTypeDAO; +import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; import org.apache.ambari.server.orm.dao.StackDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; +import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; import org.apache.ambari.server.orm.entities.StackEntity; import org.apache.ambari.server.state.stack.OsFamily; import org.easymock.Capture; @@ -238,16 +243,21 @@ public class UpgradeCatalog242Test { public void testExecuteDMLUpdates() throws Exception { Method addNewConfigurationsFromXml = AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml"); Method convertRolePrincipals = UpgradeCatalog242.class.getDeclaredMethod("convertRolePrincipals"); + Method createRoleAuthorizations = UpgradeCatalog242.class.getDeclaredMethod("createRoleAuthorizations"); UpgradeCatalog242 upgradeCatalog242 = createMockBuilder(UpgradeCatalog242.class) .addMockedMethod(addNewConfigurationsFromXml) .addMockedMethod(convertRolePrincipals) + .addMockedMethod(createRoleAuthorizations) .createMock(); upgradeCatalog242.addNewConfigurationsFromXml(); expectLastCall().once(); + upgradeCatalog242.createRoleAuthorizations(); + expectLastCall().once(); + upgradeCatalog242.convertRolePrincipals(); expectLastCall().once(); @@ -364,4 +374,82 @@ public class UpgradeCatalog242Test { upgradeCatalog.convertRolePrincipals(); easyMockSupport.verifyAll(); } + + @Test + public void testCreateRoleAuthorizations() throws AmbariException, SQLException { + + EasyMockSupport easyMockSupport = new EasyMockSupport(); + + ResourceTypeEntity ambariResourceTypeEntity = easyMockSupport.createMock(ResourceTypeEntity.class); + + ResourceTypeEntity clusterResourceTypeEntity = easyMockSupport.createMock(ResourceTypeEntity.class); + + Collection<RoleAuthorizationEntity> ambariAdministratorAuthorizations = new ArrayList<RoleAuthorizationEntity>(); + Collection<RoleAuthorizationEntity> clusterAdministratorAuthorizations = new ArrayList<RoleAuthorizationEntity>(); + + PermissionEntity clusterAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class); + expect(clusterAdministratorPermissionEntity.getAuthorizations()) + .andReturn(clusterAdministratorAuthorizations) + .times(1); + + PermissionEntity ambariAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class); + expect(ambariAdministratorPermissionEntity.getAuthorizations()) + .andReturn(ambariAdministratorAuthorizations) + .times(2); + + PermissionDAO permissionDAO = easyMockSupport.createMock(PermissionDAO.class); + expect(permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", ambariResourceTypeEntity)) + .andReturn(ambariAdministratorPermissionEntity) + .times(2); + expect(permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", clusterResourceTypeEntity)) + .andReturn(clusterAdministratorPermissionEntity) + .times(1); + expect(permissionDAO.merge(ambariAdministratorPermissionEntity)) + .andReturn(ambariAdministratorPermissionEntity) + .times(2); + expect(permissionDAO.merge(clusterAdministratorPermissionEntity)) + .andReturn(clusterAdministratorPermissionEntity) + .times(1); + + ResourceTypeDAO resourceTypeDAO = easyMockSupport.createMock(ResourceTypeDAO.class); + expect(resourceTypeDAO.findByName("AMBARI")).andReturn(ambariResourceTypeEntity).times(2); + expect(resourceTypeDAO.findByName("CLUSTER")).andReturn(clusterResourceTypeEntity).times(1); + + RoleAuthorizationDAO roleAuthorizationDAO = easyMockSupport.createMock(RoleAuthorizationDAO.class); + expect(roleAuthorizationDAO.findById("CLUSTER.RUN_CUSTOM_COMMAND")).andReturn(null).times(1); + expect(roleAuthorizationDAO.findById("AMBARI.RUN_CUSTOM_COMMAND")).andReturn(null).times(1); + + Capture<RoleAuthorizationEntity> captureClusterRunCustomCommandEntity = newCapture(); + roleAuthorizationDAO.create(capture(captureClusterRunCustomCommandEntity)); + expectLastCall().times(1); + + Capture<RoleAuthorizationEntity> captureAmbariRunCustomCommandEntity = newCapture(); + roleAuthorizationDAO.create(capture(captureAmbariRunCustomCommandEntity)); + expectLastCall().times(1); + + Injector injector = easyMockSupport.createNiceMock(Injector.class); + expect(injector.getInstance(RoleAuthorizationDAO.class)).andReturn(roleAuthorizationDAO).atLeastOnce(); + expect(injector.getInstance(PermissionDAO.class)).andReturn(permissionDAO).atLeastOnce(); + expect(injector.getInstance(ResourceTypeDAO.class)).andReturn(resourceTypeDAO).atLeastOnce(); + + easyMockSupport.replayAll(); + new UpgradeCatalog242(injector).createRoleAuthorizations(); + easyMockSupport.verifyAll(); + + RoleAuthorizationEntity ambariRunCustomCommandEntity = captureAmbariRunCustomCommandEntity.getValue(); + RoleAuthorizationEntity clusterRunCustomCommandEntity = captureClusterRunCustomCommandEntity.getValue(); + + Assert.assertEquals("AMBARI.RUN_CUSTOM_COMMAND", ambariRunCustomCommandEntity.getAuthorizationId()); + Assert.assertEquals("Perform custom administrative actions", ambariRunCustomCommandEntity.getAuthorizationName()); + + Assert.assertEquals("CLUSTER.RUN_CUSTOM_COMMAND", clusterRunCustomCommandEntity.getAuthorizationId()); + Assert.assertEquals("Perform custom cluster-level actions", clusterRunCustomCommandEntity.getAuthorizationName()); + + Assert.assertEquals(2, ambariAdministratorAuthorizations.size()); + Assert.assertTrue(ambariAdministratorAuthorizations.contains(clusterRunCustomCommandEntity)); + Assert.assertTrue(ambariAdministratorAuthorizations.contains(ambariRunCustomCommandEntity)); + + Assert.assertEquals(1, clusterAdministratorAuthorizations.size()); + Assert.assertTrue(clusterAdministratorAuthorizations.contains(clusterRunCustomCommandEntity)); + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/3c889334/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java index 3d0979a..023af50 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java @@ -36,17 +36,13 @@ import static org.junit.Assert.assertTrue; import java.lang.reflect.Method; import java.sql.Connection; import java.sql.ResultSet; -import java.sql.SQLException; import java.sql.Statement; -import java.util.ArrayList; -import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.persistence.EntityManager; -import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.actionmanager.ActionManager; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.controller.AmbariManagementController; @@ -54,12 +50,6 @@ import org.apache.ambari.server.controller.AmbariManagementControllerImpl; import org.apache.ambari.server.controller.KerberosHelper; import org.apache.ambari.server.controller.MaintenanceStateHelper; import org.apache.ambari.server.orm.DBAccessor; -import org.apache.ambari.server.orm.dao.PermissionDAO; -import org.apache.ambari.server.orm.dao.ResourceTypeDAO; -import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; -import org.apache.ambari.server.orm.entities.PermissionEntity; -import org.apache.ambari.server.orm.entities.ResourceTypeEntity; -import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; import org.apache.ambari.server.state.Cluster; import org.apache.ambari.server.state.Clusters; import org.apache.ambari.server.state.Config; @@ -185,19 +175,14 @@ public class UpgradeCatalog250Test { @Test public void testExecuteDMLUpdates() throws Exception { Method updateAmsConfigs = UpgradeCatalog250.class.getDeclaredMethod("updateAMSConfigs"); - Method createRoleAuthorizations = UpgradeCatalog250.class.getDeclaredMethod("createRoleAuthorizations"); UpgradeCatalog250 upgradeCatalog250 = createMockBuilder(UpgradeCatalog250.class) .addMockedMethod(updateAmsConfigs) - .addMockedMethod(createRoleAuthorizations) .createMock(); upgradeCatalog250.updateAMSConfigs(); expectLastCall().once(); - upgradeCatalog250.createRoleAuthorizations(); - expectLastCall().once(); - replay(upgradeCatalog250); upgradeCatalog250.executeDMLUpdates(); @@ -275,82 +260,4 @@ public class UpgradeCatalog250Test { Map<String, String> updatedProperties = propertiesCapture.getValue(); assertTrue(Maps.difference(newPropertiesAmsEnv, updatedProperties).areEqual()); } - - @Test - public void testCreateRoleAuthorizations() throws AmbariException, SQLException { - - EasyMockSupport easyMockSupport = new EasyMockSupport(); - - ResourceTypeEntity ambariResourceTypeEntity = easyMockSupport.createMock(ResourceTypeEntity.class); - - ResourceTypeEntity clusterResourceTypeEntity = easyMockSupport.createMock(ResourceTypeEntity.class); - - Collection<RoleAuthorizationEntity> ambariAdministratorAuthorizations = new ArrayList<RoleAuthorizationEntity>(); - Collection<RoleAuthorizationEntity> clusterAdministratorAuthorizations = new ArrayList<RoleAuthorizationEntity>(); - - PermissionEntity clusterAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class); - expect(clusterAdministratorPermissionEntity.getAuthorizations()) - .andReturn(clusterAdministratorAuthorizations) - .times(1); - - PermissionEntity ambariAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class); - expect(ambariAdministratorPermissionEntity.getAuthorizations()) - .andReturn(ambariAdministratorAuthorizations) - .times(2); - - PermissionDAO permissionDAO = easyMockSupport.createMock(PermissionDAO.class); - expect(permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", ambariResourceTypeEntity)) - .andReturn(ambariAdministratorPermissionEntity) - .times(2); - expect(permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", clusterResourceTypeEntity)) - .andReturn(clusterAdministratorPermissionEntity) - .times(1); - expect(permissionDAO.merge(ambariAdministratorPermissionEntity)) - .andReturn(ambariAdministratorPermissionEntity) - .times(2); - expect(permissionDAO.merge(clusterAdministratorPermissionEntity)) - .andReturn(clusterAdministratorPermissionEntity) - .times(1); - - ResourceTypeDAO resourceTypeDAO = easyMockSupport.createMock(ResourceTypeDAO.class); - expect(resourceTypeDAO.findByName("AMBARI")).andReturn(ambariResourceTypeEntity).times(2); - expect(resourceTypeDAO.findByName("CLUSTER")).andReturn(clusterResourceTypeEntity).times(1); - - RoleAuthorizationDAO roleAuthorizationDAO = easyMockSupport.createMock(RoleAuthorizationDAO.class); - expect(roleAuthorizationDAO.findById("CLUSTER.RUN_CUSTOM_COMMAND")).andReturn(null).times(1); - expect(roleAuthorizationDAO.findById("AMBARI.RUN_CUSTOM_COMMAND")).andReturn(null).times(1); - - Capture<RoleAuthorizationEntity> captureClusterRunCustomCommandEntity = newCapture(); - roleAuthorizationDAO.create(capture(captureClusterRunCustomCommandEntity)); - expectLastCall().times(1); - - Capture<RoleAuthorizationEntity> captureAmbariRunCustomCommandEntity = newCapture(); - roleAuthorizationDAO.create(capture(captureAmbariRunCustomCommandEntity)); - expectLastCall().times(1); - - Injector injector = easyMockSupport.createNiceMock(Injector.class); - expect(injector.getInstance(RoleAuthorizationDAO.class)).andReturn(roleAuthorizationDAO).atLeastOnce(); - expect(injector.getInstance(PermissionDAO.class)).andReturn(permissionDAO).atLeastOnce(); - expect(injector.getInstance(ResourceTypeDAO.class)).andReturn(resourceTypeDAO).atLeastOnce(); - - easyMockSupport.replayAll(); - new UpgradeCatalog250(injector).createRoleAuthorizations(); - easyMockSupport.verifyAll(); - - RoleAuthorizationEntity ambariRunCustomCommandEntity = captureAmbariRunCustomCommandEntity.getValue(); - RoleAuthorizationEntity clusterRunCustomCommandEntity = captureClusterRunCustomCommandEntity.getValue(); - - Assert.assertEquals("AMBARI.RUN_CUSTOM_COMMAND", ambariRunCustomCommandEntity.getAuthorizationId()); - Assert.assertEquals("Perform custom administrative actions", ambariRunCustomCommandEntity.getAuthorizationName()); - - Assert.assertEquals("CLUSTER.RUN_CUSTOM_COMMAND", clusterRunCustomCommandEntity.getAuthorizationId()); - Assert.assertEquals("Perform custom cluster-level actions", clusterRunCustomCommandEntity.getAuthorizationName()); - - Assert.assertEquals(2, ambariAdministratorAuthorizations.size()); - Assert.assertTrue(ambariAdministratorAuthorizations.contains(clusterRunCustomCommandEntity)); - Assert.assertTrue(ambariAdministratorAuthorizations.contains(ambariRunCustomCommandEntity)); - - Assert.assertEquals(1, clusterAdministratorAuthorizations.size()); - Assert.assertTrue(clusterAdministratorAuthorizations.contains(clusterRunCustomCommandEntity)); - } }
