AMBARI-19235. 'Cluster User' role issue after Ambari 2.4.2.0 upgrade (echekanskiy via dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c08df0ef Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c08df0ef Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c08df0ef Branch: refs/heads/branch-dev-patch-upgrade Commit: c08df0ef4aa67acba21c057e0b0ffd4cb6f0fde7 Parents: 7990368 Author: Lisnichenko Dmitro <dlysniche...@hortonworks.com> Authored: Wed Dec 21 17:48:39 2016 +0200 Committer: Lisnichenko Dmitro <dlysniche...@hortonworks.com> Committed: Wed Dec 21 17:49:40 2016 +0200 ---------------------------------------------------------------------- .../AmbariLdapAuthoritiesPopulator.java | 21 ++----- ...ariAuthorizationProviderDisableUserTest.java | 2 +- .../TestAmbariLdapAuthoritiesPopulator.java | 63 ++------------------ 3 files changed, 12 insertions(+), 74 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java index b3be046..92037fc 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java @@ -19,14 +19,10 @@ package org.apache.ambari.server.security.authorization; import java.util.Collection; import java.util.Collections; -import java.util.LinkedList; -import java.util.List; import org.apache.ambari.server.orm.dao.MemberDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.UserDAO; -import org.apache.ambari.server.orm.entities.MemberEntity; -import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.slf4j.Logger; @@ -47,14 +43,17 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator UserDAO userDAO; MemberDAO memberDAO; PrivilegeDAO privilegeDAO; + Users users; @Inject public AmbariLdapAuthoritiesPopulator(AuthorizationHelper authorizationHelper, - UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO) { + UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO, + Users users) { this.authorizationHelper = authorizationHelper; this.userDAO = userDAO; this.memberDAO = memberDAO; this.privilegeDAO = privilegeDAO; + this.users = users; } @Override @@ -74,18 +73,8 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator if(!user.getActive()){ throw new InvalidUsernamePasswordCombinationException(); } - // get all of the privileges for the user - List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>(); - principalEntities.add(user.getPrincipal()); - - List<MemberEntity> memberEntities = memberDAO.findAllMembersByUser(user); - - for (MemberEntity memberEntity : memberEntities) { - principalEntities.add(memberEntity.getGroup().getPrincipal()); - } - - List<PrivilegeEntity> privilegeEntities = privilegeDAO.findAllByPrincipal(principalEntities); + Collection<PrivilegeEntity> privilegeEntities = users.getUserPrivileges(user); return authorizationHelper.convertPrivilegesToAuthorities(privilegeEntities); } http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java index 90d4be0..6b98a5b 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java @@ -58,7 +58,7 @@ public class AmbariAuthorizationProviderDisableUserTest { alup = new AmbariLocalUserProvider(userDAO, users, encoder); - ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao, privilegeDao); + ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao, privilegeDao, users); } http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java index 5715906..cf6cd32 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java @@ -20,18 +20,12 @@ package org.apache.ambari.server.security.authorization; import static org.easymock.EasyMock.expect; import java.util.Collections; -import java.util.LinkedList; -import java.util.List; import org.apache.ambari.server.orm.dao.MemberDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.UserDAO; -import org.apache.ambari.server.orm.entities.GroupEntity; -import org.apache.ambari.server.orm.entities.MemberEntity; -import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.UserEntity; -import org.easymock.EasyMock; import org.easymock.EasyMockSupport; import org.junit.Before; import org.junit.Test; @@ -47,14 +41,11 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport { AuthorizationHelper helper = new AuthorizationHelper(); UserDAO userDAO = createMock(UserDAO.class); + Users users = createMock(Users.class); MemberDAO memberDAO = createMock(MemberDAO.class); PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class); DirContextOperations userData = createMock(DirContextOperations.class); UserEntity userEntity = createMock(UserEntity.class); - PrincipalEntity principalEntity = createMock(PrincipalEntity.class); - PrincipalEntity groupPrincipalEntity = createMock(PrincipalEntity.class); - MemberEntity memberEntity = createMock(MemberEntity.class); - GroupEntity groupEntity = createMock(GroupEntity.class); PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class); @Before @@ -64,21 +55,14 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport { } @Test - public void testGetGrantedAuthorities_mappingDisabled() throws Exception { + public void testGetGrantedAuthorities() throws Exception { String username = "user"; AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class) - .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock(); + .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock(); - expect(userEntity.getPrincipal()).andReturn(principalEntity); expect(userEntity.getActive()).andReturn(true); - expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)); - expect(memberEntity.getGroup()).andReturn(groupEntity); - expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity); - List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>(); - principalEntityList.add(principalEntity); - principalEntityList.add(groupPrincipalEntity); - expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)); + expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity)); expect(userDAO.findLdapUserByName(username)).andReturn(userEntity); replayAll(); @@ -90,34 +74,6 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport { } @Test - public void testGetGrantedAuthorities_mappingEnabled() throws Exception { - - AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class) - .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock(); - - expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); - expect(userEntity.getActive()).andReturn(true); - expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)).anyTimes(); - expect(memberEntity.getGroup()).andReturn(groupEntity).anyTimes(); - expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity).anyTimes(); - List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>(); - principalEntityList.add(principalEntity); - principalEntityList.add(groupPrincipalEntity); - expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)).anyTimes(); - - expect(userDAO.findLdapUserByName(EasyMock.<String> anyObject())).andReturn(null).andReturn(userEntity).once(); - - replayAll(); - - //test with admin user - populator.getGrantedAuthorities(userData, "admin"); - //test with non-admin - populator.getGrantedAuthorities(userData, "user"); - - verifyAll(); - } - - @Test public void testGetGrantedAuthoritiesWithLoginAlias() throws Exception { // Given String loginAlias = "testloginal...@testdomain.com"; @@ -129,17 +85,10 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport { PowerMock.replay(AuthorizationHelper.class); AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class) - .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock(); + .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock(); - expect(userEntity.getPrincipal()).andReturn(principalEntity); expect(userEntity.getActive()).andReturn(true); - expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)); - expect(memberEntity.getGroup()).andReturn(groupEntity); - expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity); - List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>(); - principalEntityList.add(principalEntity); - principalEntityList.add(groupPrincipalEntity); - expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)); + expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity)); expect(userDAO.findLdapUserByName(ambariUserName)).andReturn(userEntity); // user should be looked up by user name instead of login alias