Repository: ambari Updated Branches: refs/heads/branch-2.4 13fe7434d -> a5a40dfc2
AMBARI-18751. Upgrade Fails From 2.4.2 to 2.5 Due To Existing Role Authorizations (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a5a40dfc Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a5a40dfc Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a5a40dfc Branch: refs/heads/branch-2.4 Commit: a5a40dfc2996e6c051b739f9731e6957fbf722dc Parents: 13fe743 Author: Robert Levas <[email protected]> Authored: Wed Nov 2 12:18:27 2016 -0400 Committer: Robert Levas <[email protected]> Committed: Wed Nov 2 12:18:27 2016 -0400 ---------------------------------------------------------------------- .../server/upgrade/UpgradeCatalog242.java | 17 ++++ .../server/upgrade/UpgradeCatalog242Test.java | 88 ++++++++++++++++++++ 2 files changed, 105 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/a5a40dfc/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java index 541f4da..f5445ea 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java @@ -19,6 +19,8 @@ package org.apache.ambari.server.upgrade; import java.sql.SQLException; +import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -123,9 +125,24 @@ public class UpgradeCatalog242 extends AbstractUpgradeCatalog { @Override protected void executeDMLUpdates() throws AmbariException, SQLException { addNewConfigurationsFromXml(); + createRoleAuthorizations(); convertRolePrincipals(); } + /** + * Create new role authorizations: CLUSTER.RUN_CUSTOM_COMMAND and AMBARI.RUN_CUSTOM_COMMAND + * + * @throws SQLException + */ + @Transactional + protected void createRoleAuthorizations() throws SQLException { + addRoleAuthorization("CLUSTER.RUN_CUSTOM_COMMAND", "Perform custom cluster-level actions", + Arrays.asList("AMBARI.ADMINISTRATOR:AMBARI", "CLUSTER.ADMINISTRATOR:CLUSTER")); + + addRoleAuthorization("AMBARI.RUN_CUSTOM_COMMAND", "Perform custom administrative actions", + Collections.singletonList("AMBARI.ADMINISTRATOR:AMBARI")); + } + protected void updateTablesForMysql() throws SQLException { final Configuration.DatabaseType databaseType = configuration.getDatabaseType(); if (databaseType == Configuration.DatabaseType.MYSQL) { http://git-wip-us.apache.org/repos/asf/ambari/blob/a5a40dfc/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java index d44ae88..8cfcee5 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java @@ -37,6 +37,7 @@ import static org.easymock.EasyMock.verify; import java.lang.reflect.Method; import java.sql.SQLException; import java.util.ArrayList; +import java.util.Collection; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -56,12 +57,16 @@ import org.apache.ambari.server.orm.dao.PrincipalDAO; import org.apache.ambari.server.orm.dao.PrincipalTypeDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.RepositoryVersionDAO; +import org.apache.ambari.server.orm.dao.ResourceTypeDAO; +import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO; import org.apache.ambari.server.orm.dao.StackDAO; import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; +import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; import org.apache.ambari.server.orm.entities.StackEntity; import org.apache.ambari.server.state.stack.OsFamily; import org.easymock.Capture; @@ -238,16 +243,21 @@ public class UpgradeCatalog242Test { public void testExecuteDMLUpdates() throws Exception { Method addNewConfigurationsFromXml = AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml"); Method convertRolePrincipals = UpgradeCatalog242.class.getDeclaredMethod("convertRolePrincipals"); + Method createRoleAuthorizations = UpgradeCatalog242.class.getDeclaredMethod("createRoleAuthorizations"); UpgradeCatalog242 upgradeCatalog242 = createMockBuilder(UpgradeCatalog242.class) .addMockedMethod(addNewConfigurationsFromXml) .addMockedMethod(convertRolePrincipals) + .addMockedMethod(createRoleAuthorizations) .createMock(); upgradeCatalog242.addNewConfigurationsFromXml(); expectLastCall().once(); + upgradeCatalog242.createRoleAuthorizations(); + expectLastCall().once(); + upgradeCatalog242.convertRolePrincipals(); expectLastCall().once(); @@ -364,4 +374,82 @@ public class UpgradeCatalog242Test { upgradeCatalog.convertRolePrincipals(); easyMockSupport.verifyAll(); } + + @Test + public void testCreateRoleAuthorizations() throws AmbariException, SQLException { + + EasyMockSupport easyMockSupport = new EasyMockSupport(); + + ResourceTypeEntity ambariResourceTypeEntity = easyMockSupport.createMock(ResourceTypeEntity.class); + + ResourceTypeEntity clusterResourceTypeEntity = easyMockSupport.createMock(ResourceTypeEntity.class); + + Collection<RoleAuthorizationEntity> ambariAdministratorAuthorizations = new ArrayList<RoleAuthorizationEntity>(); + Collection<RoleAuthorizationEntity> clusterAdministratorAuthorizations = new ArrayList<RoleAuthorizationEntity>(); + + PermissionEntity clusterAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class); + expect(clusterAdministratorPermissionEntity.getAuthorizations()) + .andReturn(clusterAdministratorAuthorizations) + .times(1); + + PermissionEntity ambariAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class); + expect(ambariAdministratorPermissionEntity.getAuthorizations()) + .andReturn(ambariAdministratorAuthorizations) + .times(2); + + PermissionDAO permissionDAO = easyMockSupport.createMock(PermissionDAO.class); + expect(permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", ambariResourceTypeEntity)) + .andReturn(ambariAdministratorPermissionEntity) + .times(2); + expect(permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", clusterResourceTypeEntity)) + .andReturn(clusterAdministratorPermissionEntity) + .times(1); + expect(permissionDAO.merge(ambariAdministratorPermissionEntity)) + .andReturn(ambariAdministratorPermissionEntity) + .times(2); + expect(permissionDAO.merge(clusterAdministratorPermissionEntity)) + .andReturn(clusterAdministratorPermissionEntity) + .times(1); + + ResourceTypeDAO resourceTypeDAO = easyMockSupport.createMock(ResourceTypeDAO.class); + expect(resourceTypeDAO.findByName("AMBARI")).andReturn(ambariResourceTypeEntity).times(2); + expect(resourceTypeDAO.findByName("CLUSTER")).andReturn(clusterResourceTypeEntity).times(1); + + RoleAuthorizationDAO roleAuthorizationDAO = easyMockSupport.createMock(RoleAuthorizationDAO.class); + expect(roleAuthorizationDAO.findById("CLUSTER.RUN_CUSTOM_COMMAND")).andReturn(null).times(1); + expect(roleAuthorizationDAO.findById("AMBARI.RUN_CUSTOM_COMMAND")).andReturn(null).times(1); + + Capture<RoleAuthorizationEntity> captureClusterRunCustomCommandEntity = newCapture(); + roleAuthorizationDAO.create(capture(captureClusterRunCustomCommandEntity)); + expectLastCall().times(1); + + Capture<RoleAuthorizationEntity> captureAmbariRunCustomCommandEntity = newCapture(); + roleAuthorizationDAO.create(capture(captureAmbariRunCustomCommandEntity)); + expectLastCall().times(1); + + Injector injector = easyMockSupport.createNiceMock(Injector.class); + expect(injector.getInstance(RoleAuthorizationDAO.class)).andReturn(roleAuthorizationDAO).atLeastOnce(); + expect(injector.getInstance(PermissionDAO.class)).andReturn(permissionDAO).atLeastOnce(); + expect(injector.getInstance(ResourceTypeDAO.class)).andReturn(resourceTypeDAO).atLeastOnce(); + + easyMockSupport.replayAll(); + new UpgradeCatalog242(injector).createRoleAuthorizations(); + easyMockSupport.verifyAll(); + + RoleAuthorizationEntity ambariRunCustomCommandEntity = captureAmbariRunCustomCommandEntity.getValue(); + RoleAuthorizationEntity clusterRunCustomCommandEntity = captureClusterRunCustomCommandEntity.getValue(); + + Assert.assertEquals("AMBARI.RUN_CUSTOM_COMMAND", ambariRunCustomCommandEntity.getAuthorizationId()); + Assert.assertEquals("Perform custom administrative actions", ambariRunCustomCommandEntity.getAuthorizationName()); + + Assert.assertEquals("CLUSTER.RUN_CUSTOM_COMMAND", clusterRunCustomCommandEntity.getAuthorizationId()); + Assert.assertEquals("Perform custom cluster-level actions", clusterRunCustomCommandEntity.getAuthorizationName()); + + Assert.assertEquals(2, ambariAdministratorAuthorizations.size()); + Assert.assertTrue(ambariAdministratorAuthorizations.contains(clusterRunCustomCommandEntity)); + Assert.assertTrue(ambariAdministratorAuthorizations.contains(ambariRunCustomCommandEntity)); + + Assert.assertEquals(1, clusterAdministratorAuthorizations.size()); + Assert.assertTrue(clusterAdministratorAuthorizations.contains(clusterRunCustomCommandEntity)); + } }
