Repository: ambari Updated Branches: refs/heads/trunk 85a2728a2 -> 64b493c49
AMBARI-20462. Duplicate entries in DB for auto_<view>_instance privileges upon Ambari server restart (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/64b493c4 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/64b493c4 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/64b493c4 Branch: refs/heads/trunk Commit: 64b493c49bc7c6eac766e4194683441683f75d75 Parents: 85a2728 Author: Robert Levas <[email protected]> Authored: Fri Mar 17 13:59:34 2017 -0400 Committer: Robert Levas <[email protected]> Committed: Fri Mar 17 13:59:34 2017 -0400 ---------------------------------------------------------------------- .../server/orm/entities/PrivilegeEntity.java | 21 ++--- .../apache/ambari/server/view/ViewRegistry.java | 2 +- .../AmbariPrivilegeResourceProviderTest.java | 1 + .../ViewPrivilegeResourceProviderTest.java | 2 +- .../security/TestAuthenticationFactory.java | 83 ++++++++++------- .../ambari/server/view/ViewRegistryTest.java | 98 +++++++++++++++++--- .../dummy_stack/HIVE/package/.hash | 0 7 files changed, 145 insertions(+), 62 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java index 1832acc..ba39efb 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrivilegeEntity.java @@ -1,4 +1,4 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -19,6 +19,8 @@ package org.apache.ambari.server.orm.entities; +import java.util.Objects; + import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.GeneratedValue; @@ -161,21 +163,14 @@ public class PrivilegeEntity { if (o == null || getClass() != o.getClass()) return false; PrivilegeEntity that = (PrivilegeEntity) o; - - if (!id.equals(that.id)) return false; - if (permission != null ? !permission.equals(that.permission) : that.permission != null) return false; - if (principal != null ? !principal.equals(that.principal) : that.principal != null) return false; - if (resource != null ? !resource.equals(that.resource) : that.resource != null) return false; - - return true; + return Objects.equals(id, that.id) && + Objects.equals(permission, that.permission) && + Objects.equals(principal, that.principal) && + Objects.equals(resource, that.resource); } @Override public int hashCode() { - int result = id != null ? id.hashCode() : 0; - result = 31 * result + (permission != null ? permission.hashCode() : 0); - result = 31 * result + (resource != null ? resource.hashCode() : 0); - result = 31 * result + (principal != null ? principal.hashCode() : 0); - return result; + return Objects.hash(id, permission, resource, principal); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java index 81c4734..bc3e721 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java @@ -1966,7 +1966,7 @@ public class ViewRegistry { if (principalRole == null) { LOG.warn("Missing principal ID for role {} encountered while setting access to view {}. Ignoring.", role, viewInstanceEntity.getName()); - } else { + } else if (!privilegeDAO.exists(principalRole, resourceEntity, permissionViewUser)) { PrivilegeEntity privilegeEntity = new PrivilegeEntity(); privilegeEntity.setPermission(permissionViewUser); privilegeEntity.setPrincipal(principalRole); http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java index e777d5c..84b1959 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java @@ -862,6 +862,7 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport { injector.getInstance(UserDAO.class), injector.getInstance(MemberDAO.class), injector.getInstance(PrivilegeDAO.class), + injector.getInstance(PermissionDAO.class), injector.getInstance(ResourceDAO.class), injector.getInstance(ResourceTypeDAO.class), injector.getInstance(SecurityHelper.class), http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java index 9dfe1a2..ffff348 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java @@ -90,7 +90,7 @@ public class ViewPrivilegeResourceProviderTest { public void resetGlobalMocks() { ViewRegistry.initInstance(ViewRegistryTest.getRegistry(viewDAO, viewInstanceDAO, userDAO, - memberDAO, privilegeDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null)); + memberDAO, privilegeDAO, permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null)); reset(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, handlerList); } http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java index 39b3d47..43d56cd 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java @@ -23,6 +23,8 @@ import java.util.Collections; import java.util.EnumSet; import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.PrincipalEntity; +import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; @@ -117,67 +119,56 @@ public class TestAuthenticationFactory { return new AmbariGrantedAuthority(createViewUserPrivilegeEntity(resourceId)); } - private static PrivilegeEntity createAdministratorPrivilegeEntity() { + public static PrivilegeEntity createPrivilegeEntity(ResourceEntity resourceEntity, PermissionEntity permissionEntity, PrincipalEntity principalEntity) { PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setResource(createAmbariResourceEntity()); - privilegeEntity.setPermission(createAdministratorPermission()); + privilegeEntity.setResource(resourceEntity); + privilegeEntity.setPermission(permissionEntity); + privilegeEntity.setPrincipal(principalEntity); return privilegeEntity; } + private static PrivilegeEntity createAdministratorPrivilegeEntity() { + return createPrivilegeEntity(createAmbariResourceEntity(), createAdministratorPermission(), null); + } + private static PrivilegeEntity createClusterAdministratorPrivilegeEntity(Long clusterResourceId) { - PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId)); - privilegeEntity.setPermission(createClusterAdministratorPermission()); - return privilegeEntity; + return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterAdministratorPermission(), null); } private static PrivilegeEntity createClusterOperatorPrivilegeEntity(Long clusterResourceId) { - PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId)); - privilegeEntity.setPermission(createClusterOperatorPermission()); - return privilegeEntity; + return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterOperatorPermission(), null); } private static PrivilegeEntity createServiceAdministratorPrivilegeEntity(Long clusterResourceId) { - PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId)); - privilegeEntity.setPermission(createServiceAdministratorPermission()); - return privilegeEntity; + return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createServiceAdministratorPermission(), null); } private static PrivilegeEntity createServiceOperatorPrivilegeEntity(Long clusterResourceId) { - PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId)); - privilegeEntity.setPermission(createServiceOperatorPermission()); - return privilegeEntity; + return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createServiceOperatorPermission(), null); } private static PrivilegeEntity createClusterUserPrivilegeEntity(Long clusterResourceId) { - PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setResource(createClusterResourceEntity(clusterResourceId)); - privilegeEntity.setPermission(createClusterUserPermission()); - return privilegeEntity; + return createPrivilegeEntity(createClusterResourceEntity(clusterResourceId), createClusterUserPermission(), null); } private static PrivilegeEntity createViewUserPrivilegeEntity(Long resourceId) { - PrivilegeEntity privilegeEntity = new PrivilegeEntity(); - privilegeEntity.setResource(createViewResourceEntity(resourceId)); - privilegeEntity.setPermission(createViewUserPermission()); - return privilegeEntity; + return createPrivilegeEntity(createViewResourceEntity(resourceId), createViewUserPermission(), null); } - private static PermissionEntity createAdministratorPermission() { + public static PermissionEntity createAdministratorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.AMBARI)); + permissionEntity.setPrincipal(createPrincipalEntity(1L)); permissionEntity.addAuthorizations(EnumSet.allOf(RoleAuthorization.class)); return permissionEntity; } - private static PermissionEntity createClusterAdministratorPermission() { + public static PermissionEntity createClusterAdministratorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + permissionEntity.setPrincipal(createPrincipalEntity(2L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS, RoleAuthorization.CLUSTER_MODIFY_CONFIGS, @@ -221,10 +212,11 @@ public class TestAuthenticationFactory { return permissionEntity; } - private static PermissionEntity createClusterOperatorPermission() { + public static PermissionEntity createClusterOperatorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(5); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + permissionEntity.setPrincipal(createPrincipalEntity(3L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.HOST_VIEW_CONFIGS, RoleAuthorization.HOST_ADD_DELETE_COMPONENTS, @@ -262,10 +254,11 @@ public class TestAuthenticationFactory { return permissionEntity; } - private static PermissionEntity createServiceAdministratorPermission() { + public static PermissionEntity createServiceAdministratorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(5); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + permissionEntity.setPrincipal(createPrincipalEntity(4L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.CLUSTER_VIEW_ALERTS, RoleAuthorization.CLUSTER_VIEW_CONFIGS, @@ -297,10 +290,11 @@ public class TestAuthenticationFactory { return permissionEntity; } - private static PermissionEntity createServiceOperatorPermission() { + public static PermissionEntity createServiceOperatorPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(6); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + permissionEntity.setPrincipal(createPrincipalEntity(5L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, @@ -323,10 +317,11 @@ public class TestAuthenticationFactory { return permissionEntity; } - private static PermissionEntity createClusterUserPermission() { + public static PermissionEntity createClusterUserPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.CLUSTER_USER_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + permissionEntity.setPrincipal(createPrincipalEntity(6L)); permissionEntity.addAuthorizations(EnumSet.of( RoleAuthorization.SERVICE_VIEW_CONFIGS, RoleAuthorization.SERVICE_VIEW_METRICS, @@ -345,10 +340,11 @@ public class TestAuthenticationFactory { return permissionEntity; } - private static PermissionEntity createViewUserPermission() { + public static PermissionEntity createViewUserPermission() { PermissionEntity permissionEntity = new PermissionEntity(); permissionEntity.setId(PermissionEntity.VIEW_USER_PERMISSION); permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER)); + permissionEntity.setPrincipal(createPrincipalEntity(7L)); permissionEntity.addAuthorizations(EnumSet.of(RoleAuthorization.VIEW_USE)); return permissionEntity; } @@ -374,7 +370,7 @@ public class TestAuthenticationFactory { private static ResourceEntity createViewResourceEntity(Long resourceId) { ResourceEntity resourceEntity = new ResourceEntity(); resourceEntity.setId(resourceId); - if(resourceId != null) { + if (resourceId != null) { resourceEntity.setResourceType(createResourceTypeEntity(ResourceType.VIEW.name(), resourceId.intValue())); } return resourceEntity; @@ -386,11 +382,26 @@ public class TestAuthenticationFactory { private static ResourceTypeEntity createResourceTypeEntity(String resourceName, Integer resourceId) { ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity(); - resourceTypeEntity.setId(resourceId.intValue()); + resourceTypeEntity.setId(resourceId); resourceTypeEntity.setName(resourceName); return resourceTypeEntity; } + private static PrincipalEntity createPrincipalEntity(Long principalId) { + PrincipalEntity principalEntity = new PrincipalEntity(); + principalEntity.setId(principalId); + principalEntity.setPrincipalType(createPrincipalTypeEntity()); + return principalEntity; + } + + private static PrincipalTypeEntity createPrincipalTypeEntity() { + PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity(); + principalTypeEntity.setId(1); + principalTypeEntity.setName("ROLE"); + return principalTypeEntity; + } + + private static class TestAuthorization implements Authentication { private final String name; private final Collection<? extends GrantedAuthority> authorities; http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java index 132dd7e..013023d 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java @@ -1,4 +1,4 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information @@ -24,6 +24,7 @@ import static org.easymock.EasyMock.createMock; import static org.easymock.EasyMock.createNiceMock; import static org.easymock.EasyMock.eq; import static org.easymock.EasyMock.expect; +import static org.easymock.EasyMock.expectLastCall; import static org.easymock.EasyMock.replay; import static org.easymock.EasyMock.reset; import static org.easymock.EasyMock.verify; @@ -58,12 +59,14 @@ import org.apache.ambari.server.controller.spi.ResourceProvider; import org.apache.ambari.server.events.ServiceInstalledEvent; import org.apache.ambari.server.events.publishers.AmbariEventPublisher; import org.apache.ambari.server.orm.dao.MemberDAO; +import org.apache.ambari.server.orm.dao.PermissionDAO; import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ResourceDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.dao.ViewDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; +import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; @@ -96,7 +99,9 @@ import org.apache.ambari.view.events.Listener; import org.apache.ambari.view.validation.ValidationResult; import org.apache.ambari.view.validation.Validator; import org.easymock.Capture; +import org.easymock.CaptureType; import org.easymock.EasyMock; +import org.easymock.IAnswer; import org.junit.After; import org.junit.Assert; import org.junit.Before; @@ -210,6 +215,7 @@ public class ViewRegistryTest { private static final UserDAO userDAO = createNiceMock(UserDAO.class); private static final MemberDAO memberDAO = createNiceMock(MemberDAO.class); private static final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); + private static final PermissionDAO permissionDAO = createNiceMock(PermissionDAO.class); private static final ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class); private static final ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class); private static final SecurityHelper securityHelper = createNiceMock(SecurityHelper.class); @@ -222,7 +228,7 @@ public class ViewRegistryTest { @Before public void resetGlobalMocks() { ViewRegistry.initInstance(getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, - resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, ambariMetaInfo, clusters)); + permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, ambariMetaInfo, clusters)); reset(viewDAO, resourceDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, resourceTypeDAO, securityHelper, configuration, handlerList, ambariMetaInfo, @@ -442,7 +448,7 @@ public class ViewRegistryTest { TestViewArchiveUtility archiveUtility = new TestViewArchiveUtility(viewConfigs, files, outputStreams, jarFiles, badArchive); - ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, + ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, archiveUtility, ambariMetaInfo, clusters); registry.readViewArchives(); @@ -631,7 +637,7 @@ public class ViewRegistryTest { TestViewArchiveUtility archiveUtility = new TestViewArchiveUtility(viewConfigs, files, outputStreams, jarFiles, false); - ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, + ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, archiveUtility, ambariMetaInfo); registry.readViewArchives(); @@ -1625,6 +1631,72 @@ public class ViewRegistryTest { libDir, metaInfDir, fileEntry, viewJarFile, jarEntry, is, fos, viewExtractor, resourceDAO, viewDAO, viewInstanceDAO); } + @Test + public void testSetViewInstanceRoleAccess() throws Exception { + + final Map<String, PermissionEntity> permissions = new HashMap<>(); + permissions.put("CLUSTER.ADMINISTRATOR", TestAuthenticationFactory.createClusterAdministratorPermission()); + permissions.put("CLUSTER.OPERATOR", TestAuthenticationFactory.createClusterOperatorPermission()); + permissions.put("SERVICE.ADMINISTRATOR", TestAuthenticationFactory.createServiceAdministratorPermission()); + permissions.put("SERVICE.OPERATOR", TestAuthenticationFactory.createServiceOperatorPermission()); + permissions.put("CLUSTER.USER", TestAuthenticationFactory.createClusterUserPermission()); + + PermissionEntity permissionViewUser = TestAuthenticationFactory.createViewUserPermission(); + + ViewInstanceEntity viewInstanceEntity = ViewInstanceEntityTest.getViewInstanceEntity(); + ResourceEntity resourceEntity = viewInstanceEntity.getResource(); + + // Expected PrivilegeEntity items to be created... + Map<String, PrivilegeEntity> expectedPrivileges = new HashMap<>(); + for (Map.Entry<String, PermissionEntity> entry : permissions.entrySet()) { + if(!entry.getKey().equals("CLUSTER.ADMINISTRATOR")) { + expectedPrivileges.put(entry.getKey(), TestAuthenticationFactory.createPrivilegeEntity(resourceEntity, permissionViewUser, entry.getValue().getPrincipal())); + } + } + + Capture<PrivilegeEntity> captureCreatedPrivilegeEntity = Capture.newInstance(CaptureType.ALL); + + for (Map.Entry<String, PermissionEntity> entry : permissions.entrySet()) { + expect(permissionDAO.findByName(entry.getKey())).andReturn(entry.getValue()).atLeastOnce(); + } + expect(permissionDAO.findViewUsePermission()).andReturn(permissionViewUser).atLeastOnce(); + + // The CLUSTER.ADMINISTRATOR privilege for this View instance already exists... + expect(privilegeDAO.exists(EasyMock.anyObject(PrincipalEntity.class), eq(resourceEntity), eq(permissionViewUser))) + .andAnswer(new IAnswer<Boolean>() { + @Override + public Boolean answer() throws Throwable { + return EasyMock.getCurrentArguments()[0] == permissions.get("CLUSTER.ADMINISTRATOR").getPrincipal(); + } + }) + .anyTimes(); + + privilegeDAO.create(capture(captureCreatedPrivilegeEntity)); + expectLastCall().times(expectedPrivileges.size()); + + replay(privilegeDAO, permissionDAO); + + ViewRegistry viewRegistry = ViewRegistry.getInstance(); + + viewRegistry.setViewInstanceRoleAccess(viewInstanceEntity, permissions.keySet()); + + verify(privilegeDAO, permissionDAO); + + Assert.assertTrue(expectedPrivileges.size() != permissions.size()); + + Assert.assertTrue(captureCreatedPrivilegeEntity.hasCaptured()); + + List<PrivilegeEntity> capturedValues = captureCreatedPrivilegeEntity.getValues(); + Assert.assertNotNull( capturedValues); + + Set<PrivilegeEntity> uniqueCapturedValues = new HashSet<>(capturedValues); + Assert.assertEquals(expectedPrivileges.size(), uniqueCapturedValues.size()); + + for(PrivilegeEntity capturedValue: uniqueCapturedValues) { + Assert.assertTrue(expectedPrivileges.containsValue(capturedValue)); + } + } + public static class TestViewModule extends ViewRegistry.ViewModule { private final ViewExtractor extractor; @@ -1730,20 +1802,23 @@ public class ViewRegistryTest { public static ViewRegistry getRegistry(ViewDAO viewDAO, ViewInstanceDAO viewInstanceDAO, UserDAO userDAO, MemberDAO memberDAO, - PrivilegeDAO privilegeDAO, ResourceDAO resourceDAO, + PrivilegeDAO privilegeDAO, PermissionDAO permissionDAO, + ResourceDAO resourceDAO, ResourceTypeDAO resourceTypeDAO, SecurityHelper securityHelper, ViewInstanceHandlerList handlerList, ViewExtractor viewExtractor, ViewArchiveUtility archiveUtility, AmbariMetaInfo ambariMetaInfo) { - return getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, resourceDAO, resourceTypeDAO, - securityHelper, handlerList, viewExtractor, archiveUtility, ambariMetaInfo, null); + return getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, permissionDAO, + resourceDAO, resourceTypeDAO, securityHelper, handlerList, viewExtractor, archiveUtility, + ambariMetaInfo, null); } public static ViewRegistry getRegistry(ViewDAO viewDAO, ViewInstanceDAO viewInstanceDAO, UserDAO userDAO, MemberDAO memberDAO, - PrivilegeDAO privilegeDAO, ResourceDAO resourceDAO, - ResourceTypeDAO resourceTypeDAO, SecurityHelper securityHelper, + PrivilegeDAO privilegeDAO, PermissionDAO permissionDAO, + ResourceDAO resourceDAO, ResourceTypeDAO resourceTypeDAO, + SecurityHelper securityHelper, ViewInstanceHandlerList handlerList, ViewExtractor viewExtractor, ViewArchiveUtility archiveUtility, @@ -1765,6 +1840,7 @@ public class ViewRegistryTest { instance.memberDAO = memberDAO; instance.privilegeDAO = privilegeDAO; instance.resourceTypeDAO = resourceTypeDAO; + instance.permissionDAO = permissionDAO; instance.securityHelper = securityHelper; instance.configuration = configuration; instance.handlerList = handlerList; @@ -1794,7 +1870,7 @@ public class ViewRegistryTest { ClassLoader cl, String archivePath) throws Exception{ ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, - resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null); + permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null); ViewEntity viewDefinition = new ViewEntity(viewConfig, ambariConfig, archivePath); @@ -1806,7 +1882,7 @@ public class ViewRegistryTest { public static ViewInstanceEntity getViewInstanceEntity(ViewEntity viewDefinition, InstanceConfig instanceConfig) throws Exception { ViewRegistry registry = getRegistry(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, - resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null); + permissionDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null); ViewInstanceEntity viewInstanceDefinition = new ViewInstanceEntity(viewDefinition, instanceConfig); http://git-wip-us.apache.org/repos/asf/ambari/blob/64b493c4/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/.hash ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/.hash b/ambari-server/src/test/resources/TestAmbaryServer.samples/dummy_stack/HIVE/package/.hash old mode 100644 new mode 100755
