You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sw...@apache.org on 2014/08/12 20:11:54 UTC
[1/2] git commit: AMBARI-6829. Errors in Oracle DDL related to admin
table structure.
Repository: ambari
Updated Branches:
refs/heads/trunk 23c73e67a -> 0715d9bf3
AMBARI-6829. Errors in Oracle DDL related to admin table structure.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bc541bd4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bc541bd4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bc541bd4
Branch: refs/heads/trunk
Commit: bc541bd41b04ce7fa04bfe8d027a54992583b864
Parents: 23c73e6
Author: Siddharth Wagle <sw...@hortonworks.com>
Authored: Tue Aug 12 10:28:08 2014 -0700
Committer: Siddharth Wagle <sw...@hortonworks.com>
Committed: Tue Aug 12 10:28:08 2014 -0700
----------------------------------------------------------------------
.../server/upgrade/UpgradeCatalog170.java | 48 ++++++++------------
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 12 +++--
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 40 +++++++++-------
.../resources/Ambari-DDL-Postgres-CREATE.sql | 14 +++---
.../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 20 ++++----
5 files changed, 71 insertions(+), 63 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/bc541bd4/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
index 758efe9..ab9d18b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
@@ -28,7 +28,6 @@ import java.util.Map.Entry;
import java.util.Set;
import org.apache.ambari.server.AmbariException;
-import org.apache.ambari.server.actionmanager.HostRoleCommand;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.AmbariManagementController;
import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo;
@@ -110,10 +109,8 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
dbAccessor.createTable("adminprincipaltype", columns, "principal_type_id");
- dbAccessor.executeQuery("insert into adminprincipaltype (principal_type_id, principal_type_name)\n" +
- " select 1, 'USER'\n" +
- " union all\n" +
- " select 2, 'GROUP'", true);
+ dbAccessor.insertRow("adminprincipaltype", new String[]{"principal_type_id", "principal_type_name"}, new String[]{"1", "'USER'"}, true);
+ dbAccessor.insertRow("adminprincipaltype", new String[]{"principal_type_id", "principal_type_name"}, new String[]{"2", "'GROUP'"}, true);
columns = new ArrayList<DBColumnInfo>();
columns.add(new DBColumnInfo("principal_id", Long.class, null, null, false));
@@ -122,8 +119,7 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
dbAccessor.createTable("adminprincipal", columns, "principal_id");
- dbAccessor.executeQuery("insert into adminprincipal (principal_id, principal_type_id)\n" +
- " select 1, 1", true);
+ dbAccessor.insertRow("adminprincipal", new String[]{"principal_id", "principal_type_id"}, new String[]{"1", "1"}, true);
columns = new ArrayList<DBColumnInfo>();
columns.add(new DBColumnInfo("resource_type_id", Integer.class, 1, null,
@@ -133,12 +129,9 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
dbAccessor.createTable("adminresourcetype", columns, "resource_type_id");
- dbAccessor.executeQuery("insert into adminresourcetype (resource_type_id, resource_type_name)\n" +
- " select 1, 'AMBARI'\n" +
- " union all\n" +
- " select 2, 'CLUSTER'\n" +
- " union all\n" +
- " select 3, 'VIEW'", true);
+ dbAccessor.insertRow("adminresourcetype", new String[]{"resource_type_id", "resource_type_name"}, new String[]{"1", "'AMBARI'"}, true);
+ dbAccessor.insertRow("adminresourcetype", new String[]{"resource_type_id", "resource_type_name"}, new String[]{"2", "'CLUSTER'"}, true);
+ dbAccessor.insertRow("adminresourcetype", new String[]{"resource_type_id", "resource_type_name"}, new String[]{"3", "'VIEW'"}, true);
columns = new ArrayList<DBColumnInfo>();
columns.add(new DBColumnInfo("resource_id", Long.class, null, null, false));
@@ -147,8 +140,7 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
dbAccessor.createTable("adminresource", columns, "resource_id");
- dbAccessor.executeQuery("insert into adminresource (resource_id, resource_type_id)\n" +
- " select 1, 1", true);
+ dbAccessor.insertRow("adminresource", new String[]{"resource_id", "resource_type_id"}, new String[]{"1", "1"}, true);
columns = new ArrayList<DBColumnInfo>();
columns.add(new DBColumnInfo("permission_id", Long.class, null, null, false));
@@ -159,14 +151,10 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
dbAccessor.createTable("adminpermission", columns, "permission_id");
- dbAccessor.executeQuery("insert into adminpermission(permission_id, permission_name, resource_type_id)\n" +
- " select 1, 'AMBARI.ADMIN', 1\n" +
- " union all\n" +
- " select 2, 'CLUSTER.READ', 2\n" +
- " union all\n" +
- " select 3, 'CLUSTER.OPERATE', 2\n" +
- " union all\n" +
- " select 4, 'VIEW.USE', 3", true);
+ dbAccessor.insertRow("adminpermission", new String[]{"permission_id", "permission_name", "resource_type_id"}, new String[]{"1", "'AMBARI.ADMIN'", "1"}, true);
+ dbAccessor.insertRow("adminpermission", new String[]{"permission_id", "permission_name", "resource_type_id"}, new String[]{"2", "'CLUSTER.READ'", "2"}, true);
+ dbAccessor.insertRow("adminpermission", new String[]{"permission_id", "permission_name", "resource_type_id"}, new String[]{"3", "'CLUSTER.OPERATE'", "3"}, true);
+ dbAccessor.insertRow("adminpermission", new String[]{"permission_id", "permission_name", "resource_type_id"}, new String[]{"4", "'VIEW.USE'", "4"}, true);
columns = new ArrayList<DBColumnInfo>();
columns.add(new DBColumnInfo("privilege_id", Long.class, null, null, false));
@@ -176,13 +164,15 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
dbAccessor.createTable("adminprivilege", columns, "privilege_id");
- dbAccessor.executeQuery("insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)\n" +
- " select 1, 1, 1, injector1", true);
+ dbAccessor.insertRow("adminprivilege", new String[]{"privilege_id", "permission_id", "resource_id", "principal_id"}, new String[]{"1", "1", "1", "1"}, true);
-
- DBColumnInfo clusterConfigAttributesColumn = new DBColumnInfo(
- "config_attributes", String.class, 32000, null, true);
- dbAccessor.addColumn("clusterconfig", clusterConfigAttributesColumn);
+ if (dbType.equals(Configuration.ORACLE_DB_NAME)) {
+ dbAccessor.executeQuery("ALTER TABLE clusterconfig ADD config_attributes CLOB NULL");
+ } else {
+ DBColumnInfo clusterConfigAttributesColumn = new DBColumnInfo(
+ "config_attributes", String.class, 32000, null, true);
+ dbAccessor.addColumn("clusterconfig", clusterConfigAttributesColumn);
+ }
// Add columns
dbAccessor.addColumn("viewmain", new DBColumnInfo("mask",
http://git-wip-us.apache.org/repos/asf/ambari/blob/bc541bd4/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index abaf35c..b4c7fb6 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -81,9 +81,18 @@ CREATE TABLE adminprincipal (principal_id BIGINT NOT NULL, principal_type_id INT
CREATE TABLE adminpermission (permission_id BIGINT NOT NULL, permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, PRIMARY KEY(permission_id));
CREATE TABLE adminprivilege (privilege_id BIGINT, permission_id BIGINT NOT NULL, resource_id BIGINT NOT NULL, principal_id BIGINT NOT NULL, PRIMARY KEY(privilege_id));
+--------altering tables by creating unique constraints----------
ALTER TABLE users ADD CONSTRAINT UNQ_users_0 UNIQUE (user_name, ldap_user);
ALTER TABLE groups ADD CONSTRAINT UNQ_groups_0 UNIQUE (group_name, ldap_group);
ALTER TABLE members ADD CONSTRAINT UNQ_members_0 UNIQUE (group_id, user_id);
+ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_tag UNIQUE (cluster_id, type_name, version_tag);
+ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_version UNIQUE (cluster_id, type_name, version);
+ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
+ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
+ALTER TABLE serviceconfig ADD CONSTRAINT UQ_scv_service_version UNIQUE (cluster_id, service_name, version);
+ALTER TABLE adminpermission ADD CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id);
+
+--------altering tables by creating foreign keys----------
ALTER TABLE members ADD CONSTRAINT FK_members_group_id FOREIGN KEY (group_id) REFERENCES groups (group_id);
ALTER TABLE members ADD CONSTRAINT FK_members_user_id FOREIGN KEY (user_id) REFERENCES users (user_id);
ALTER TABLE clusterconfig ADD CONSTRAINT FK_clusterconfig_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
@@ -127,8 +136,6 @@ ALTER TABLE blueprint_configuration ADD CONSTRAINT FK_cfg_blueprint_name FOREIGN
ALTER TABLE hostgroup_configuration ADD CONSTRAINT FK_hg_cfg_bp_hg_name FOREIGN KEY (blueprint_name, hostgroup_name) REFERENCES hostgroup (blueprint_name, name);
ALTER TABLE requestresourcefilter ADD CONSTRAINT FK_reqresfilter_req_id FOREIGN KEY (request_id) REFERENCES request (request_id);
ALTER TABLE requestoperationlevel ADD CONSTRAINT FK_req_op_level_req_id FOREIGN KEY (request_id) REFERENCES request (request_id);
-ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
-ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
ALTER TABLE viewparameter ADD CONSTRAINT FK_viewparam_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
ALTER TABLE viewresource ADD CONSTRAINT FK_viewres_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
ALTER TABLE viewinstance ADD CONSTRAINT FK_viewinst_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
@@ -138,7 +145,6 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
-ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
http://git-wip-us.apache.org/repos/asf/ambari/blob/bc541bd4/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index 6ca8fdb..6a8f35d 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -16,6 +16,7 @@
-- limitations under the License.
--
+------create tables---------
CREATE TABLE clusters (cluster_id NUMBER(19) NOT NULL, resource_id NUMBER(19) NOT NULL, cluster_info VARCHAR2(255) NULL, cluster_name VARCHAR2(100) NOT NULL UNIQUE, provisioning_state VARCHAR2(255) DEFAULT 'INIT' NOT NULL, desired_cluster_state VARCHAR2(255) NULL, desired_stack_version VARCHAR2(255) NULL, PRIMARY KEY (cluster_id));
CREATE TABLE clusterconfig (config_id NUMBER(19) NOT NULL, version_tag VARCHAR2(255) NOT NULL, version NUMBER(19) NOT NULL, type_name VARCHAR2(255) NOT NULL, cluster_id NUMBER(19) NOT NULL, config_data CLOB NOT NULL, config_attributes CLOB, create_timestamp NUMBER(19) NOT NULL, PRIMARY KEY (config_id));
CREATE TABLE serviceconfig (service_config_id NUMBER(19) NOT NULL, cluster_id NUMBER(19) NOT NULL, service_name VARCHAR(255) NOT NULL, version NUMBER(19) NOT NULL, create_timestamp NUMBER(19) NOT NULL, PRIMARY KEY (service_config_id));
@@ -71,9 +72,18 @@ CREATE TABLE adminprincipal (principal_id NUMBER(19) NOT NULL, principal_type_id
CREATE TABLE adminpermission (permission_id NUMBER(19) NOT NULL, permission_name VARCHAR(255) NOT NULL, resource_type_id NUMBER(10) NOT NULL, PRIMARY KEY(permission_id));
CREATE TABLE adminprivilege (privilege_id NUMBER(19), permission_id NUMBER(19) NOT NULL, resource_id NUMBER(19) NOT NULL, principal_id NUMBER(19) NOT NULL, PRIMARY KEY(privilege_id));
+--------altering tables by creating unique constraints----------
ALTER TABLE users ADD CONSTRAINT UNQ_users_0 UNIQUE (user_name, ldap_user);
ALTER TABLE groups ADD CONSTRAINT UNQ_groups_0 UNIQUE (group_name, ldap_group);
ALTER TABLE members ADD CONSTRAINT UNQ_members_0 UNIQUE (group_id, user_id);
+ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_tag UNIQUE (cluster_id, type_name, version_tag);
+ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_version UNIQUE (cluster_id, type_name, version);
+ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
+ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
+ALTER TABLE serviceconfig ADD CONSTRAINT UQ_scv_service_version UNIQUE (cluster_id, service_name, version);
+ALTER TABLE adminpermission ADD CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id);
+
+--------altering tables by creating foreign keys----------
ALTER TABLE members ADD CONSTRAINT FK_members_group_id FOREIGN KEY (group_id) REFERENCES groups (group_id);
ALTER TABLE members ADD CONSTRAINT FK_members_user_id FOREIGN KEY (user_id) REFERENCES users (user_id);
ALTER TABLE clusterconfig ADD CONSTRAINT FK_clusterconfig_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
@@ -117,8 +127,6 @@ ALTER TABLE blueprint_configuration ADD CONSTRAINT FK_cfg_blueprint_name FOREIGN
ALTER TABLE hostgroup_configuration ADD CONSTRAINT FK_hg_cfg_bp_hg_name FOREIGN KEY (blueprint_name, hostgroup_name) REFERENCES hostgroup(blueprint_name, name);
ALTER TABLE requestresourcefilter ADD CONSTRAINT FK_reqresfilter_req_id FOREIGN KEY (request_id) REFERENCES request (request_id);
ALTER TABLE requestoperationlevel ADD CONSTRAINT FK_req_op_level_req_id FOREIGN KEY (request_id) REFERENCES request (request_id);
-ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
-ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
ALTER TABLE viewparameter ADD CONSTRAINT FK_viewparam_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
ALTER TABLE viewresource ADD CONSTRAINT FK_viewres_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
ALTER TABLE viewinstance ADD CONSTRAINT FK_viewinst_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
@@ -128,7 +136,6 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
-ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -237,6 +244,7 @@ CREATE INDEX idx_alert_history_state on alert_history(alert_state);
CREATE INDEX idx_alert_group_name on alert_group(group_name);
CREATE INDEX idx_alert_notice_state on alert_notice(notify_state);
+---------inserting some data-----------
INSERT INTO ambari_sequences(sequence_name, value) values ('host_role_command_id_seq', 0);
INSERT INTO ambari_sequences(sequence_name, value) values ('user_id_seq', 1);
INSERT INTO ambari_sequences(sequence_name, value) values ('group_id_seq', 0);
@@ -267,14 +275,14 @@ INSERT INTO ambari_sequences(sequence_name, value) values ('alert_current_id_seq
INSERT INTO metainfo("metainfo_key", "metainfo_value") values ('version', '${ambariVersion}');
insert into adminresourcetype (resource_type_id, resource_type_name)
- select 1, 'AMBARI'
+ select 1, 'AMBARI' from dual
union all
- select 2, 'CLUSTER'
+ select 2, 'CLUSTER' from dual
union all
- select 3, 'VIEW';
+ select 3, 'VIEW' from dual;
insert into adminresource (resource_id, resource_type_id)
- select 1, 1;
+ select 1, 1 from dual;
insert into Roles(role_name)
select 'admin' from dual
@@ -282,30 +290,30 @@ union all
select 'user' from dual;
insert into adminprincipaltype (principal_type_id, principal_type_name)
- select 1, 'USER'
+ select 1, 'USER' from dual
union all
- select 2, 'GROUP';
+ select 2, 'GROUP' from dual;
insert into adminprincipal (principal_id, principal_type_id)
- select 1, 1;
+ select 1, 1 from dual;
-insert into Users(user_id, principal_id, user_name, user_password)
+insert into users(user_id, principal_id, user_name, user_password)
select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual;
insert into user_roles(role_name, user_id)
select 'admin',1 from dual;
insert into adminpermission(permission_id, permission_name, resource_type_id)
- select 1, 'AMBARI.ADMIN', 1
+ select 1, 'AMBARI.ADMIN', 1 from dual
union all
- select 2, 'CLUSTER.READ', 2
+ select 2, 'CLUSTER.READ', 2 from dual
union all
- select 3, 'CLUSTER.OPERATE', 2
+ select 3, 'CLUSTER.OPERATE', 2 from dual
union all
- select 4, 'VIEW.USE', 3;
+ select 4, 'VIEW.USE', 3 from dual;
insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
- select 1, 1, 1, 1;
+ select 1, 1, 1, 1 from dual;
commit;
http://git-wip-us.apache.org/repos/asf/ambari/blob/bc541bd4/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index 6ab57ac..bec8fd9 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -110,6 +110,14 @@ CREATE TABLE adminprincipal (principal_id BIGINT NOT NULL, principal_type_id INT
CREATE TABLE adminpermission (permission_id BIGINT NOT NULL, permission_name VARCHAR(255) NOT NULL, resource_type_id INTEGER NOT NULL, PRIMARY KEY(permission_id));
CREATE TABLE adminprivilege (privilege_id BIGINT, permission_id BIGINT NOT NULL, resource_id BIGINT NOT NULL, principal_id BIGINT NOT NULL, PRIMARY KEY(privilege_id));
+--------altering tables by creating unique constraints----------
+ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_tag UNIQUE (cluster_id, type_name, version_tag);
+ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_version UNIQUE (cluster_id, type_name, version);
+ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
+ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
+ALTER TABLE serviceconfig ADD CONSTRAINT UQ_scv_service_version UNIQUE (cluster_id, service_name, version);
+ALTER TABLE adminpermission ADD CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id);
+
--------altering tables by creating foreign keys----------
ALTER TABLE members ADD CONSTRAINT FK_members_group_id FOREIGN KEY (group_id) REFERENCES groups (group_id);
ALTER TABLE members ADD CONSTRAINT FK_members_user_id FOREIGN KEY (user_id) REFERENCES users (user_id);
@@ -147,8 +155,6 @@ ALTER TABLE blueprint_configuration ADD CONSTRAINT FK_cfg_blueprint_name FOREIGN
ALTER TABLE hostgroup_configuration ADD CONSTRAINT FK_hg_cfg_bp_hg_name FOREIGN KEY (blueprint_name, hostgroup_name) REFERENCES hostgroup (blueprint_name, name);
ALTER TABLE requestresourcefilter ADD CONSTRAINT FK_reqresfilter_req_id FOREIGN KEY (request_id) REFERENCES request (request_id);
ALTER TABLE requestoperationlevel ADD CONSTRAINT FK_req_op_level_req_id FOREIGN KEY (request_id) REFERENCES request (request_id);
-ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
-ALTER TABLE viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
ALTER TABLE viewparameter ADD CONSTRAINT FK_viewparam_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
ALTER TABLE viewresource ADD CONSTRAINT FK_viewres_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
ALTER TABLE viewinstance ADD CONSTRAINT FK_viewinst_view_name FOREIGN KEY (view_name) REFERENCES viewmain(view_name);
@@ -158,7 +164,6 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
-ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -166,9 +171,6 @@ ALTER TABLE viewinstance ADD CONSTRAINT FK_viewinstance_resource_id FOREIGN KEY
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id);
ALTER TABLE users ADD CONSTRAINT FK_users_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id);
ALTER TABLE groups ADD CONSTRAINT FK_groups_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id);
-ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_tag UNIQUE (cluster_id, type_name, version_tag);
-ALTER TABLE clusterconfig ADD CONSTRAINT UQ_config_type_version UNIQUE (cluster_id, type_name, version);
-ALTER TABLE serviceconfig ADD CONSTRAINT UQ_scv_service_version UNIQUE (cluster_id, service_name, version);
ALTER TABLE serviceconfigmapping ADD CONSTRAINT FK_scvm_scv FOREIGN KEY (service_config_id) REFERENCES serviceconfig(service_config_id);
ALTER TABLE serviceconfigmapping ADD CONSTRAINT FK_scvm_config FOREIGN KEY (config_id) REFERENCES clusterconfig(config_id);
ALTER TABLE serviceconfigapplication ADD CONSTRAINT FK_scva_scv FOREIGN KEY (service_config_id) REFERENCES serviceconfig(service_config_id);
http://git-wip-us.apache.org/repos/asf/ambari/blob/bc541bd4/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index ef70439..0dd33af 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -27,7 +27,7 @@ CREATE SCHEMA ambari AUTHORIZATION :username;
ALTER SCHEMA ambari OWNER TO :username;
ALTER ROLE :username SET search_path TO 'ambari';
-------create tables ang grant privileges to db user---------
+------create tables and grant privileges to db user---------
CREATE TABLE ambari.clusters (cluster_id BIGINT NOT NULL, resource_id BIGINT NOT NULL, cluster_info VARCHAR(255) NOT NULL, cluster_name VARCHAR(100) NOT NULL UNIQUE, provisioning_state VARCHAR(255) NOT NULL DEFAULT 'INIT', desired_cluster_state VARCHAR(255) NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, PRIMARY KEY (cluster_id));
GRANT ALL PRIVILEGES ON TABLE ambari.clusters TO :username;
@@ -175,6 +175,14 @@ GRANT ALL PRIVILEGES ON TABLE ambari.adminprincipal TO :username;
GRANT ALL PRIVILEGES ON TABLE ambari.adminpermission TO :username;
GRANT ALL PRIVILEGES ON TABLE ambari.adminprivilege TO :username;
+--------altering tables by creating unique constraints----------
+ALTER TABLE ambari.clusterconfig ADD CONSTRAINT UQ_config_type_tag UNIQUE (cluster_id, type_name, version_tag);
+ALTER TABLE ambari.clusterconfig ADD CONSTRAINT UQ_config_type_version UNIQUE (cluster_id, type_name, version);
+ALTER TABLE ambari.viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
+ALTER TABLE ambari.viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
+ALTER TABLE ambari.serviceconfig ADD CONSTRAINT UQ_scv_service_version UNIQUE (cluster_id, service_name, version);
+ALTER TABLE ambari.adminpermission ADD CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id);
+
--------altering tables by creating foreign keys----------
ALTER TABLE members ADD CONSTRAINT FK_members_group_id FOREIGN KEY (group_id) REFERENCES groups (group_id);
ALTER TABLE members ADD CONSTRAINT FK_members_user_id FOREIGN KEY (user_id) REFERENCES users (user_id);
@@ -202,8 +210,6 @@ ALTER TABLE ambari.user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY
ALTER TABLE ambari.hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id);
ALTER TABLE ambari.hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES ambari.hosts (host_name);
ALTER TABLE ambari.configgroup ADD CONSTRAINT FK_configgroup_cluster_id FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id);
-ALTER TABLE ambari.confgroupclusterconfigmapping ADD CONSTRAINT FK_confg FOREIGN KEY (version_tag, config_type, cluster_id) REFERENCES ambari.clusterconfig (version_tag, type_name, cluster_id);
-ALTER TABLE ambari.confgroupclusterconfigmapping ADD CONSTRAINT FK_cgccm_gid FOREIGN KEY (config_group_id) REFERENCES ambari.configgroup (group_id);
ALTER TABLE ambari.configgrouphostmapping ADD CONSTRAINT FK_cghm_cgid FOREIGN KEY (config_group_id) REFERENCES ambari.configgroup (group_id);
ALTER TABLE ambari.configgrouphostmapping ADD CONSTRAINT FK_cghm_hname FOREIGN KEY (host_name) REFERENCES ambari.hosts (host_name);
ALTER TABLE ambari.requestschedulebatchrequest ADD CONSTRAINT FK_rsbatchrequest_schedule_id FOREIGN KEY (schedule_id) REFERENCES ambari.requestschedule (schedule_id);
@@ -213,24 +219,20 @@ ALTER TABLE ambari.blueprint_configuration ADD CONSTRAINT FK_cfg_blueprint_name
ALTER TABLE ambari.hostgroup_configuration ADD CONSTRAINT FK_hg_cfg_bp_hg_name FOREIGN KEY (blueprint_name, hostgroup_name) REFERENCES ambari.hostgroup (blueprint_name, name);
ALTER TABLE ambari.requestresourcefilter ADD CONSTRAINT FK_reqresfilter_req_id FOREIGN KEY (request_id) REFERENCES ambari.request (request_id);
ALTER TABLE ambari.requestoperationlevel ADD CONSTRAINT FK_req_op_level_req_id FOREIGN KEY (request_id) REFERENCES ambari.request (request_id);
-ALTER TABLE ambari.viewinstance ADD CONSTRAINT UQ_viewinstance_name UNIQUE (view_name, name);
-ALTER TABLE ambari.viewinstance ADD CONSTRAINT UQ_viewinstance_name_id UNIQUE (view_instance_id, view_name, name);
ALTER TABLE ambari.viewparameter ADD CONSTRAINT FK_viewparam_view_name FOREIGN KEY (view_name) REFERENCES ambari.viewmain(view_name);
ALTER TABLE ambari.viewresource ADD CONSTRAINT FK_viewres_view_name FOREIGN KEY (view_name) REFERENCES ambari.viewmain(view_name);
ALTER TABLE ambari.viewinstance ADD CONSTRAINT FK_viewinst_view_name FOREIGN KEY (view_name) REFERENCES ambari.viewmain(view_name);
ALTER TABLE ambari.viewinstanceproperty ADD CONSTRAINT FK_viewinstprop_view_name FOREIGN KEY (view_name, view_instance_name) REFERENCES ambari.viewinstance(view_name, name);
ALTER TABLE ambari.viewinstancedata ADD CONSTRAINT FK_viewinstdata_view_name FOREIGN KEY (view_instance_id, view_name, view_instance_name) REFERENCES ambari.viewinstance(view_instance_id, view_name, name);
ALTER TABLE ambari.viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_name, view_instance_name) REFERENCES ambari.viewinstance(view_name, name);
-ALTER TABLE ambari.clusterconfig ADD CONSTRAINT UQ_config_type_tag UNIQUE (cluster_id, type_name, version_tag);
-ALTER TABLE ambari.clusterconfig ADD CONSTRAINT UQ_config_type_version UNIQUE (cluster_id, type_name, version);
-ALTER TABLE ambari.serviceconfig ADD CONSTRAINT UQ_scv_service_version UNIQUE (cluster_id, service_name, version);
+ALTER TABLE ambari.confgroupclusterconfigmapping ADD CONSTRAINT FK_confg FOREIGN KEY (version_tag, config_type, cluster_id) REFERENCES ambari.clusterconfig (version_tag, type_name, cluster_id);
+ALTER TABLE ambari.confgroupclusterconfigmapping ADD CONSTRAINT FK_cgccm_gid FOREIGN KEY (config_group_id) REFERENCES ambari.configgroup (group_id);
ALTER TABLE ambari.serviceconfigmapping ADD CONSTRAINT FK_scvm_scv FOREIGN KEY (service_config_id) REFERENCES ambari.serviceconfig(service_config_id);
ALTER TABLE ambari.serviceconfigmapping ADD CONSTRAINT FK_scvm_config FOREIGN KEY (config_id) REFERENCES ambari.clusterconfig(config_id);
ALTER TABLE ambari.serviceconfigapplication ADD CONSTRAINT FK_scva_scv FOREIGN KEY (service_config_id) REFERENCES ambari.serviceconfig(service_config_id);
ALTER TABLE ambari.adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id);
ALTER TABLE ambari.adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES ambari.adminprincipaltype(principal_type_id);
ALTER TABLE ambari.adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id);
-ALTER TABLE ambari.adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES ambari.adminpermission(permission_id);
ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES ambari.adminresource(resource_id);
ALTER TABLE ambari.viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id);
[2/2] git commit: AMBARI-6830. Admin View: add boolean is_admin to
api for /users.
Posted by sw...@apache.org.
AMBARI-6830. Admin View: add boolean is_admin to api for /users.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0715d9bf
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0715d9bf
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0715d9bf
Branch: refs/heads/trunk
Commit: 0715d9bf3574fd371d2d11191843318d29bce8dd
Parents: bc541bd
Author: Siddharth Wagle <sw...@hortonworks.com>
Authored: Tue Aug 12 10:30:50 2014 -0700
Committer: Siddharth Wagle <sw...@hortonworks.com>
Committed: Tue Aug 12 10:30:50 2014 -0700
----------------------------------------------------------------------
.../AmbariManagementControllerImpl.java | 14 +++-
.../ambari/server/controller/AmbariServer.java | 8 +--
.../ambari/server/controller/UserRequest.java | 9 +++
.../ambari/server/controller/UserResponse.java | 8 ++-
.../internal/UserResourceProvider.java | 8 +++
.../ambari/server/orm/dao/PermissionDAO.java | 23 ++++---
.../ambari/server/orm/dao/ResourceDAO.java | 9 +++
.../server/orm/entities/PrincipalEntity.java | 42 ++++++++++--
.../authorization/AmbariLdapDataPopulator.java | 4 +-
.../server/security/authorization/User.java | 13 ++++
.../server/security/authorization/Users.java | 69 +++++++++++++++++++-
.../src/main/resources/properties.json | 1 +
.../internal/UserResourceProviderTest.java | 2 +-
13 files changed, 179 insertions(+), 31 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 1530a20..2a9ea73 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -704,7 +704,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
throw new AmbariException("User already exists.");
}
- users.createUser(request.getUsername(), request.getPassword());
+ users.createUser(request.getUsername(), request.getPassword(), request.isActive(), request.isAdmin());
if (0 != request.getRoles().size()) {
user = users.getAnyUser(request.getUsername());
@@ -2396,6 +2396,14 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
if (null != request.isActive()) {
users.setUserActive(u, request.isActive());
}
+
+ if (null != request.isAdmin()) {
+ if (request.isAdmin()) {
+ users.grantAdminPrivilege(u.getUserId());
+ } else {
+ users.revokeAdminPrivilege(u.getUserId());
+ }
+ }
}
}
@@ -2738,7 +2746,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
// get them all
if (null == r.getUsername()) {
for (User u : users.getAllUsers()) {
- UserResponse resp = new UserResponse(u.getUserName(), u.isLdapUser(), u.isActive());
+ UserResponse resp = new UserResponse(u.getUserName(), u.isLdapUser(), u.isActive(), u.isAdmin());
resp.setRoles(new HashSet<String>(u.getRoles()));
resp.setGroups(new HashSet<String>(u.getGroups()));
responses.add(resp);
@@ -2754,7 +2762,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
+ r.getUsername() + "'");
}
} else {
- UserResponse resp = new UserResponse(u.getUserName(), u.isLdapUser(), u.isActive());
+ UserResponse resp = new UserResponse(u.getUserName(), u.isLdapUser(), u.isActive(), u.isAdmin());
resp.setRoles(new HashSet<String>(u.getRoles()));
resp.setGroups(new HashSet<String>(u.getGroups()));
responses.add(resp);
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 723feba..e6eab3f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -464,12 +464,8 @@ public class AmbariServer {
Users users = injector.getInstance(Users.class);
users.createDefaultRoles();
- users.createUser("admin", "admin");
- users.createUser("user", "user");
- try {
- users.promoteToAdmin(users.getLocalUser("admin"));
- } catch (AmbariException ignored) {
- }
+ users.createUser("admin", "admin", true, true);
+ users.createUser("user", "user", true, false);
MetainfoEntity schemaVersion = new MetainfoEntity();
schemaVersion.setMetainfoName(Configuration.SERVER_VERSION_KEY);
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
index bd9a9f9..6e4c7fe 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserRequest.java
@@ -29,6 +29,7 @@ public class UserRequest {
private String oldPassword;
private Boolean active;
private Set<String> roles = new HashSet<String>();
+ private Boolean admin;
public UserRequest(String name) {
this.userName = name;
@@ -70,6 +71,14 @@ public class UserRequest {
this.active = active;
}
+ public Boolean isAdmin() {
+ return admin;
+ }
+
+ public void setAdmin(Boolean admin) {
+ this.admin = admin;
+ }
+
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
index 2281186..b42b667 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/UserResponse.java
@@ -29,12 +29,14 @@ public class UserResponse {
private final String userName;
private final boolean isLdapUser;
private final boolean isActive;
+ private final boolean isAdmin;
private Set<String> groups = Collections.emptySet();
- public UserResponse(String name, boolean isLdapUser, boolean isActive) {
+ public UserResponse(String name, boolean isLdapUser, boolean isActive, boolean isAdmin) {
this.userName = name;
this.isLdapUser = isLdapUser;
this.isActive = isActive;
+ this.isAdmin = isAdmin;
}
public String getUsername() {
@@ -88,4 +90,8 @@ public class UserResponse {
public boolean isActive() {
return isActive;
}
+
+ public boolean isAdmin() {
+ return isAdmin;
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserResourceProvider.java
index a873bc0..2e0a659 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserResourceProvider.java
@@ -45,6 +45,7 @@ class UserResourceProvider extends AbstractControllerResourceProvider {
protected static final String USER_LDAP_USER_PROPERTY_ID = PropertyHelper.getPropertyId("Users", "ldap_user");
protected static final String USER_ACTIVE_PROPERTY_ID = PropertyHelper.getPropertyId("Users", "active");
protected static final String USER_GROUPS_PROPERTY_ID = PropertyHelper.getPropertyId("Users", "groups");
+ protected static final String USER_ADMIN_PROPERTY_ID = PropertyHelper.getPropertyId("Users", "admin");
private static Set<String> pkPropertyIds =
new HashSet<String>(Arrays.asList(new String[]{
@@ -129,6 +130,9 @@ class UserResourceProvider extends AbstractControllerResourceProvider {
setResourceProperty(resource, USER_GROUPS_PROPERTY_ID,
userResponse.getGroups(), requestedIds);
+ setResourceProperty(resource, USER_ADMIN_PROPERTY_ID,
+ userResponse.isAdmin(), requestedIds);
+
resources.add(resource);
}
@@ -207,6 +211,10 @@ class UserResourceProvider extends AbstractControllerResourceProvider {
request.setActive(Boolean.valueOf(properties.get(USER_ACTIVE_PROPERTY_ID).toString()));
}
+ if (null != properties.get(USER_ADMIN_PROPERTY_ID)) {
+ request.setAdmin(Boolean.valueOf(properties.get(USER_ADMIN_PROPERTY_ID).toString()));
+ }
+
return request;
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
index f88add3..0c44006 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
@@ -35,16 +35,6 @@ import java.util.List;
public class PermissionDAO {
/**
- * Id of built-in VIEW.USE permission.
- */
- private static int VIEW_USE_PERMISSION_ID = 4;
-
- /**
- * Name of built-in VIEW.USE permission.
- */
- private static String VIEW_USE_PERMISSION_NAME = "VIEW.USE";
-
- /**
* JPA entity manager
*/
@Inject
@@ -83,7 +73,7 @@ public class PermissionDAO {
* @return a matching permission entity or null
*/
public PermissionEntity findPermissionByNameAndType(String name, ResourceTypeEntity resourceType) {
- if (name.equals(VIEW_USE_PERMISSION_NAME)) {
+ if (name.equals(PermissionEntity.VIEW_USE_PERMISSION_NAME)) {
// VIEW.USE permission should be available for any type of views
return findViewUsePermission();
}
@@ -94,11 +84,20 @@ public class PermissionDAO {
}
/**
+ * Find AMBARI.ADMIN permission.
+ *
+ * @return a matching permission entity or null
+ */
+ public PermissionEntity findAmbariAdminPermission() {
+ return findById(PermissionEntity.AMBARI_ADMIN_PERMISSION);
+ }
+
+ /**
* Find VIEW.USE permission.
*
* @return a matching permission entity or null
*/
public PermissionEntity findViewUsePermission() {
- return findById(VIEW_USE_PERMISSION_ID);
+ return findById(PermissionEntity.VIEW_USE_PERMISSION);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java
index 764cd66..e4ed9c6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java
@@ -80,4 +80,13 @@ public class ResourceDAO {
public ResourceEntity merge(ResourceEntity entity) {
return entityManagerProvider.get().merge(entity);
}
+
+ /**
+ * Finds root level resource.
+ *
+ * @return the matching resource or null
+ */
+ public ResourceEntity findAmbariResource() {
+ return findById(ResourceEntity.AMBARI_RESOURCE_ID);
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
index 611ed7a..51438cd 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
@@ -18,7 +18,20 @@
package org.apache.ambari.server.orm.entities;
-import javax.persistence.*;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.JoinColumns;
+import javax.persistence.ManyToOne;
+import javax.persistence.OneToMany;
+import javax.persistence.Table;
+import javax.persistence.TableGenerator;
/**
* Represents an admin principal.
@@ -47,6 +60,9 @@ public class PrincipalEntity {
})
private PrincipalTypeEntity principalType;
+ @OneToMany(mappedBy = "principal")
+ private Set<PrivilegeEntity> privileges = new HashSet<PrivilegeEntity>();
+
// ----- PrincipalEntity ---------------------------------------------------
@@ -62,7 +78,7 @@ public class PrincipalEntity {
/**
* Set the principal id.
*
- * @param id the type id.
+ * @param id the type id.
*/
public void setId(Long id) {
this.id = id;
@@ -71,7 +87,7 @@ public class PrincipalEntity {
/**
* Get the principal type entity.
*
- * @return the principal type entity
+ * @return the principal type entity
*/
public PrincipalTypeEntity getPrincipalType() {
return principalType;
@@ -80,12 +96,30 @@ public class PrincipalEntity {
/**
* Set the principal type entity.
*
- * @param principalType the principal type entity
+ * @param principalType the principal type entity
*/
public void setPrincipalType(PrincipalTypeEntity principalType) {
this.principalType = principalType;
}
+ /**
+ * Get the principal privileges.
+ *
+ * @return the principal privileges
+ */
+ public Set<PrivilegeEntity> getPrivileges() {
+ return privileges;
+ }
+
+ /**
+ * Set the principal privileges.
+ *
+ * @param privileges the principal privileges
+ */
+ public void setPrivileges(Set<PrivilegeEntity> privileges) {
+ this.privileges = privileges;
+ }
+
// ----- Object overrides --------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulator.java
index c4a6eaa..3e0d49f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulator.java
@@ -204,7 +204,7 @@ public class AmbariLdapDataPopulator {
this.users.setUserLdap(userName);
}
} else {
- this.users.createUser(userName, "");
+ this.users.createUser(userName, "", true, false);
this.users.setUserLdap(userName);
}
}
@@ -230,7 +230,7 @@ public class AmbariLdapDataPopulator {
internalUsers.remove(externalMember);
internalMembers.remove(externalMember);
} else {
- users.createUser(externalMember, "");
+ users.createUser(externalMember, "", true, false);
users.setUserLdap(externalMember);
}
users.addMemberToGroup(groupName, externalMember);
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
index e0e84c2..00f1ee1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
@@ -22,6 +22,8 @@ import java.util.Collection;
import java.util.Date;
import org.apache.ambari.server.orm.entities.MemberEntity;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
@@ -36,6 +38,7 @@ public class User {
final boolean active;
final Collection<String> roles = new ArrayList<String>();
final Collection<String> groups = new ArrayList<String>();
+ boolean admin = false;
User(UserEntity userEntity) {
userId = userEntity.getUserId();
@@ -49,6 +52,12 @@ public class User {
for (MemberEntity memberEntity : userEntity.getMemberEntities()) {
groups.add(memberEntity.getGroup().getGroupName());
}
+ for (PrivilegeEntity privilegeEntity: userEntity.getPrincipal().getPrivileges()) {
+ if (privilegeEntity.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME)) {
+ admin = true;
+ break;
+ }
+ }
}
public int getUserId() {
@@ -71,6 +80,10 @@ public class User {
return active;
}
+ public boolean isAdmin() {
+ return admin;
+ }
+
public Collection<String> getRoles() {
return roles;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index cbafb16..2f60571 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@ -27,14 +27,19 @@ import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.dao.GroupDAO;
import org.apache.ambari.server.orm.dao.MemberDAO;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
import org.apache.ambari.server.orm.dao.PrincipalDAO;
import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
+import org.apache.ambari.server.orm.dao.PrivilegeDAO;
+import org.apache.ambari.server.orm.dao.ResourceDAO;
import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.MemberEntity;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.slf4j.Logger;
@@ -68,6 +73,12 @@ public class Users {
@Inject
protected PrincipalDAO principalDAO;
@Inject
+ protected PermissionDAO permissionDAO;
+ @Inject
+ protected PrivilegeDAO privilegeDAO;
+ @Inject
+ protected ResourceDAO resourceDAO;
+ @Inject
protected PrincipalTypeDAO principalTypeDAO;
@Inject
protected PasswordEncoder passwordEncoder;
@@ -217,10 +228,22 @@ public class Users {
}
/**
- * Creates new local user with provided userName and password
+ * Creates new local user with provided userName and password.
+ */
+ public void createUser(String userName, String password) {
+ createUser(userName, password, true, false);
+ }
+
+ /**
+ * Creates new local user with provided userName and password.
+ *
+ * @param userName user name
+ * @param password password
+ * @param active is user active
+ * @param admin is user admin
*/
@Transactional
- public synchronized void createUser(String userName, String password) {
+ public synchronized void createUser(String userName, String password, Boolean active, Boolean admin) {
// create an admin principal to represent this user
PrincipalTypeEntity principalTypeEntity = principalTypeDAO.findById(PrincipalTypeEntity.USER_PRINCIPAL_TYPE);
@@ -239,6 +262,9 @@ public class Users {
userEntity.setUserPassword(passwordEncoder.encode(password));
userEntity.setRoleEntities(new HashSet<RoleEntity>());
userEntity.setPrincipal(principalEntity);
+ if (active != null) {
+ userEntity.setActive(active);
+ }
RoleEntity roleEntity = roleDAO.findByName(getUserRole());
if (roleEntity == null) {
@@ -249,6 +275,10 @@ public class Users {
userEntity.getRoleEntities().add(roleEntity);
userDAO.create(userEntity);
+ if (admin != null && admin) {
+ grantAdminPrivilege(userEntity.getUserId());
+ }
+
roleEntity.getUserEntities().add(userEntity);
roleDAO.merge(roleEntity);
}
@@ -366,6 +396,41 @@ public class Users {
}
/**
+ * Grants AMBARI.ADMIN privilege to provided user.
+ *
+ * @param user user
+ */
+ public synchronized void grantAdminPrivilege(Integer userId) {
+ final UserEntity user = userDAO.findByPK(userId);
+ final PrivilegeEntity adminPrivilege = new PrivilegeEntity();
+ adminPrivilege.setPermission(permissionDAO.findAmbariAdminPermission());
+ adminPrivilege.setPrincipal(user.getPrincipal());
+ adminPrivilege.setResource(resourceDAO.findAmbariResource());
+ if (!user.getPrincipal().getPrivileges().contains(adminPrivilege)) {
+ privilegeDAO.create(adminPrivilege);
+ user.getPrincipal().getPrivileges().add(adminPrivilege);
+ userDAO.merge(user);
+ }
+ }
+
+ /**
+ * Revokes AMBARI.ADMIN privilege from provided user.
+ *
+ * @param user user
+ */
+ public synchronized void revokeAdminPrivilege(Integer userId) {
+ final UserEntity user = userDAO.findByPK(userId);
+ for (PrivilegeEntity privilege: user.getPrincipal().getPrivileges()) {
+ if (privilege.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME)) {
+ user.getPrincipal().getPrivileges().remove(privilege);
+ userDAO.merge(user);
+ privilegeDAO.remove(privilege);
+ break;
+ }
+ }
+ }
+
+ /**
* Grants ADMIN role to provided user
* @throws AmbariException
*/
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/main/resources/properties.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/properties.json b/ambari-server/src/main/resources/properties.json
index b1ef323..e515b91 100644
--- a/ambari-server/src/main/resources/properties.json
+++ b/ambari-server/src/main/resources/properties.json
@@ -176,6 +176,7 @@
"Users/ldap_user",
"Users/active",
"Users/groups",
+ "Users/admin",
"_"
],
"Group":[
http://git-wip-us.apache.org/repos/asf/ambari/blob/0715d9bf/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
index 3c1be40..98657bf 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
@@ -92,7 +92,7 @@ public class UserResourceProviderTest {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
Set<UserResponse> allResponse = new HashSet<UserResponse>();
- allResponse.add(new UserResponse("User100", false, true));
+ allResponse.add(new UserResponse("User100", false, true, false));
// set expectations
expect(managementController.getUsers(AbstractResourceProviderTest.Matcher.getUserRequestSet("User100"))).