You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2016/06/04 10:43:42 UTC
ambari git commit: AMBARI-17029. Cluster operator and
ServiceAdministrator not allowed to create config group (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 3b8111f3a -> 2c08fa6b6
AMBARI-17029. Cluster operator and ServiceAdministrator not allowed to create config group (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2c08fa6b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2c08fa6b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2c08fa6b
Branch: refs/heads/trunk
Commit: 2c08fa6b6db6fe18238311461ab928f7e8f23934
Parents: 3b8111f
Author: Robert Levas <rl...@hortonworks.com>
Authored: Sat Jun 4 06:43:41 2016 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Sat Jun 4 06:43:49 2016 -0400
----------------------------------------------------------------------
...usterKerberosDescriptorResourceProvider.java | 5 +-
.../AmbariAuthorizationFilter.java | 2 +
...rKerberosDescriptorResourceProviderTest.java | 53 +++++-
.../ConfigGroupResourceProviderTest.java | 184 +++++++++++++++++--
.../security/TestAuthenticationFactory.java | 2 +
.../AmbariAuthorizationFilterTest.java | 20 ++
6 files changed, 250 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
index 6fe29db..1f5d1d8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProvider.java
@@ -77,7 +77,10 @@ public class ClusterKerberosDescriptorResourceProvider extends ReadOnlyResourceP
private static final Set<String> PROPERTY_IDS;
private static final Map<Type, String> KEY_PROPERTY_IDS;
- private static final Set<RoleAuthorization> REQUIRED_GET_AUTHORIZATIONS = EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS);
+ private static final Set<RoleAuthorization> REQUIRED_GET_AUTHORIZATIONS = EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS,
+ RoleAuthorization.CLUSTER_VIEW_CONFIGS,
+ RoleAuthorization.HOST_VIEW_CONFIGS,
+ RoleAuthorization.SERVICE_VIEW_CONFIGS);
static {
Set<String> set;
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 2b9f304..922a215 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -80,6 +80,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_CLUSTER_HOSTS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/hosts.*";
private static final String API_CLUSTER_CONFIGURATIONS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/configurations.*";
private static final String API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/host_components.*";
+ private static final String API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters/.*?/config_groups.*";
private static final String API_STACK_VERSIONS_PATTERN = API_VERSION_PREFIX + "/stacks/.*?/versions/.*";
private static final String API_HOSTS_ALL_PATTERN = API_VERSION_PREFIX + "/hosts.*";
private static final String API_ALERT_TARGETS_ALL_PATTERN = API_VERSION_PREFIX + "/alert_targets.*";
@@ -310,6 +311,7 @@ public class AmbariAuthorizationFilter implements Filter {
requestURI.matches(API_CLUSTER_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_CONFIGURATIONS_ALL_PATTERN) ||
requestURI.matches(API_CLUSTER_HOST_COMPONENTS_ALL_PATTERN) ||
+ requestURI.matches(API_CLUSTER_CONFIG_GROUPS_ALL_PATTERN) ||
requestURI.matches(API_HOSTS_ALL_PATTERN) ||
requestURI.matches(API_ALERT_TARGETS_ALL_PATTERN) ||
requestURI.matches(API_PRIVILEGES_ALL_PATTERN) ||
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java
index d56ed44..898cf46 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterKerberosDescriptorResourceProviderTest.java
@@ -255,11 +255,26 @@ public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSuppo
testGetResources(TestAuthenticationFactory.createClusterAdministrator());
}
- @Test(expected = AuthorizationException.class)
+ @Test
+ public void testGetResourcesAsClusterOperator() throws Exception {
+ testGetResources(TestAuthenticationFactory.createClusterOperator());
+ }
+
+ @Test
public void testGetResourcesAsServiceAdministrator() throws Exception {
testGetResources(TestAuthenticationFactory.createServiceAdministrator());
}
+ @Test
+ public void testGetResourcesAsServiceOperator() throws Exception {
+ testGetResources(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test
+ public void testGetResourcesAsClusterUser() throws Exception {
+ testGetResources(TestAuthenticationFactory.createClusterUser());
+ }
+
private void testGetResources(Authentication authentication) throws Exception {
Cluster cluster = createMock(Cluster.class);
@@ -304,11 +319,26 @@ public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSuppo
testGetResourcesWithPredicate(TestAuthenticationFactory.createClusterAdministrator());
}
- @Test(expected = AuthorizationException.class)
+ @Test
+ public void testGetResourcesWithPredicateAsClusterOperator() throws Exception {
+ testGetResourcesWithPredicate(TestAuthenticationFactory.createClusterOperator());
+ }
+
+ @Test
public void testGetResourcesWithPredicateAsServiceAdministrator() throws Exception {
testGetResourcesWithPredicate(TestAuthenticationFactory.createServiceAdministrator());
}
+ @Test
+ public void testGetResourcesWithPredicateAsServiceOperator() throws Exception {
+ testGetResourcesWithPredicate(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test
+ public void testGetResourcesWithPredicateAsClusterUser() throws Exception {
+ testGetResourcesWithPredicate(TestAuthenticationFactory.createClusterUser());
+ }
+
private void testGetResourcesWithPredicate(Authentication authentication) throws Exception {
StackId stackVersion = createMock(StackId.class);
@@ -445,7 +475,7 @@ public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSuppo
testGetResourcesWithInvalidKerberosDescriptorType(TestAuthenticationFactory.createClusterAdministrator());
}
- @Test(expected = AuthorizationException.class)
+ @Test(expected = IllegalArgumentException.class)
public void testGetResourcesWithInvalidKerberosDescriptorTypeAsServiceAdministrator() throws Exception {
testGetResourcesWithInvalidKerberosDescriptorType(TestAuthenticationFactory.createServiceAdministrator());
}
@@ -514,11 +544,26 @@ public class ClusterKerberosDescriptorResourceProviderTest extends EasyMockSuppo
testGetResourcesWithoutPredicate(TestAuthenticationFactory.createClusterAdministrator());
}
- @Test(expected = AuthorizationException.class)
+ @Test
+ public void testGetResourcesWithoutPredicateAsClusterOperator() throws Exception {
+ testGetResourcesWithoutPredicate(TestAuthenticationFactory.createClusterOperator());
+ }
+
+ @Test
public void testGetResourcesWithoutPredicateAsServiceAdministrator() throws Exception {
testGetResourcesWithoutPredicate(TestAuthenticationFactory.createServiceAdministrator());
}
+ @Test
+ public void testGetResourcesWithoutPredicateAsServiceOperator() throws Exception {
+ testGetResourcesWithoutPredicate(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test
+ public void testGetResourcesWithoutPredicateAsClusterUser() throws Exception {
+ testGetResourcesWithoutPredicate(TestAuthenticationFactory.createClusterUser());
+ }
+
private void testGetResourcesWithoutPredicate(Authentication authentication) throws Exception {
Clusters clusters = createMock(Clusters.class);
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
index 2913cf5..a5c71c4 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
@@ -39,6 +39,7 @@ import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.orm.dao.HostDAO;
import org.apache.ambari.server.orm.entities.HostEntity;
import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
@@ -52,6 +53,7 @@ import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
+import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -65,9 +67,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
-import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertNotNull;
-import static junit.framework.Assert.assertTrue;
+import static junit.framework.Assert.*;
import static org.easymock.EasyMock.anyObject;
import static org.easymock.EasyMock.capture;
import static org.easymock.EasyMock.createMock;
@@ -86,8 +86,8 @@ public class ConfigGroupResourceProviderTest {
@BeforeClass
public static void setupAuthentication() {
- // Set authenticated user so that authorization checks will pass
- SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+ // Clear authenticated user so that authorization checks will pass
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Before
@@ -119,7 +119,36 @@ public class ConfigGroupResourceProviderTest {
}
@Test
- public void testCreateConfigGroup() throws Exception {
+ public void testCreateConfigGroupAsAmbariAdministrator() throws Exception {
+ testCreateConfigGroup(TestAuthenticationFactory.createAdministrator());
+ }
+
+ @Test
+ public void testCreateConfigGroupAsClusterAdministrator() throws Exception {
+ testCreateConfigGroup(TestAuthenticationFactory.createClusterAdministrator());
+ }
+
+ @Test
+ public void testCreateConfigGroupAsClusterOperator() throws Exception {
+ testCreateConfigGroup(TestAuthenticationFactory.createClusterOperator());
+ }
+
+ @Test
+ public void testCreateConfigGroupAsServiceAdministrator() throws Exception {
+ testCreateConfigGroup(TestAuthenticationFactory.createServiceAdministrator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testCreateConfigGroupAsServiceOperator() throws Exception {
+ testCreateConfigGroup(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testCreateConfigGroupAsClusterUser() throws Exception {
+ testCreateConfigGroup(TestAuthenticationFactory.createClusterUser());
+ }
+
+ private void testCreateConfigGroup(Authentication authentication) throws Exception {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
Clusters clusters = createNiceMock(Clusters.class);
@@ -195,6 +224,8 @@ public class ConfigGroupResourceProviderTest {
Request request = PropertyHelper.getCreateRequest(propertySet, null);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
provider.createResources(request);
verify(managementController, clusters, cluster, configGroupFactory,
@@ -207,7 +238,36 @@ public class ConfigGroupResourceProviderTest {
}
@Test
- public void testDuplicateNameConfigGroup() throws Exception {
+ public void testDuplicateNameConfigGroupAsAmbariAdministrator() throws Exception {
+ testDuplicateNameConfigGroup(TestAuthenticationFactory.createAdministrator());
+ }
+
+ @Test
+ public void testDuplicateNameConfigGroupAsClusterAdministrator() throws Exception {
+ testDuplicateNameConfigGroup(TestAuthenticationFactory.createClusterAdministrator());
+ }
+
+ @Test
+ public void testDuplicateNameConfigGroupAsClusterOperator() throws Exception {
+ testDuplicateNameConfigGroup(TestAuthenticationFactory.createClusterOperator());
+ }
+
+ @Test
+ public void testDuplicateNameConfigGroupAsServiceAdministrator() throws Exception {
+ testDuplicateNameConfigGroup(TestAuthenticationFactory.createServiceAdministrator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testDuplicateNameConfigGroupAsServiceOperator() throws Exception {
+ testDuplicateNameConfigGroup(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testDuplicateNameConfigGroupAsClusterUser() throws Exception {
+ testDuplicateNameConfigGroup(TestAuthenticationFactory.createClusterUser());
+ }
+
+ private void testDuplicateNameConfigGroup(Authentication authentication) throws Exception {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
Clusters clusters = createNiceMock(Clusters.class);
@@ -251,9 +311,13 @@ public class ConfigGroupResourceProviderTest {
propertySet.add(properties);
Request request = PropertyHelper.getCreateRequest(propertySet, null);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
Exception exception = null;
try {
provider.createResources(request);
+ } catch (AuthorizationException e){
+ throw e;
} catch (Exception e) {
exception = e;
}
@@ -264,6 +328,7 @@ public class ConfigGroupResourceProviderTest {
assertNotNull(exception);
assertTrue(exception instanceof ResourceAlreadyExistsException);
}
+
@Test
public void testUpdateConfigGroupWithWrongConfigType() throws Exception {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
@@ -358,6 +423,9 @@ public class ConfigGroupResourceProviderTest {
("Cluster100").and().
property(ConfigGroupResourceProvider.CONFIGGROUP_ID_PROPERTY_ID).equals
(25L).toPredicate();
+
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
SystemException systemException = null;
try {
provider.updateResources(request, predicate);
@@ -369,8 +437,38 @@ public class ConfigGroupResourceProviderTest {
verify(managementController, clusters, cluster,
configGroup, response, configGroupResponse, configHelper, hostDAO, hostEntity1, hostEntity2, h1, h2);
}
+
+ @Test
+ public void testUpdateConfigGroupAsAmbariAdministrator() throws Exception {
+ testUpdateConfigGroup(TestAuthenticationFactory.createAdministrator());
+ }
+
+ @Test
+ public void testUpdateConfigGroupAsClusterAdministrator() throws Exception {
+ testUpdateConfigGroup(TestAuthenticationFactory.createClusterAdministrator());
+ }
+
+ @Test
+ public void testUpdateConfigGroupAsClusterOperator() throws Exception {
+ testUpdateConfigGroup(TestAuthenticationFactory.createClusterOperator());
+ }
+
@Test
- public void testUpdateConfigGroup() throws Exception {
+ public void testUpdateConfigGroupAsServiceAdministrator() throws Exception {
+ testUpdateConfigGroup(TestAuthenticationFactory.createServiceAdministrator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateConfigGroupAsServiceOperator() throws Exception {
+ testUpdateConfigGroup(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateConfigGroupAsClusterUser() throws Exception {
+ testUpdateConfigGroup(TestAuthenticationFactory.createClusterUser());
+ }
+
+ private void testUpdateConfigGroup(Authentication authentication) throws Exception {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
ConfigHelper configHelper = createNiceMock(ConfigHelper.class);
@@ -467,15 +565,46 @@ public class ConfigGroupResourceProviderTest {
property(ConfigGroupResourceProvider.CONFIGGROUP_ID_PROPERTY_ID).equals
(25L).toPredicate();
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
provider.updateResources(request, predicate);
verify(managementController, clusters, cluster,
configGroup, response, configGroupResponse, configHelper, hostDAO, hostEntity1, hostEntity2, h1, h2);
}
- @SuppressWarnings("unchecked")
@Test
- public void testGetConfigGroup() throws Exception {
+ public void testGetConfigGroupAsAmbariAdministrator() throws Exception {
+ testGetConfigGroup(TestAuthenticationFactory.createAdministrator());
+ }
+
+ @Test
+ public void testGetConfigGroupAsClusterAdministrator() throws Exception {
+ testGetConfigGroup(TestAuthenticationFactory.createClusterAdministrator());
+ }
+
+ @Test
+ public void testGetConfigGroupAsClusterOperator() throws Exception {
+ testGetConfigGroup(TestAuthenticationFactory.createClusterOperator());
+ }
+
+ @Test
+ public void testGetConfigGroupAsServiceAdministrator() throws Exception {
+ testGetConfigGroup(TestAuthenticationFactory.createServiceAdministrator());
+ }
+
+ @Test
+ public void testGetConfigGroupAsServiceOperator() throws Exception {
+ testGetConfigGroup(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test
+ public void testGetConfigGroupAsClusterUser() throws Exception {
+ testGetConfigGroup(TestAuthenticationFactory.createClusterUser());
+ }
+
+ @SuppressWarnings("unchecked")
+ private void testGetConfigGroup(Authentication authentication) throws Exception {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
Clusters clusters = createNiceMock(Clusters.class);
Cluster cluster = createNiceMock(Cluster.class);
@@ -577,6 +706,8 @@ public class ConfigGroupResourceProviderTest {
(ConfigGroupResourceProvider.CONFIGGROUP_CLUSTER_NAME_PROPERTY_ID)
.equals("Cluster100").toPredicate();
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
resources = resourceProvider.getResources(request, predicate);
assertEquals(1, resources.size());
@@ -693,7 +824,36 @@ public class ConfigGroupResourceProviderTest {
}
@Test
- public void testDeleteConfigGroup() throws Exception {
+ public void testDeleteConfigGroupAsAmbariAdministrator() throws Exception {
+ testDeleteConfigGroup(TestAuthenticationFactory.createAdministrator());
+ }
+
+ @Test
+ public void testDeleteConfigGroupAsClusterAdministrator() throws Exception {
+ testDeleteConfigGroup(TestAuthenticationFactory.createClusterAdministrator());
+ }
+
+ @Test
+ public void testDeleteConfigGroupAsClusterOperator() throws Exception {
+ testDeleteConfigGroup(TestAuthenticationFactory.createClusterOperator());
+ }
+
+ @Test
+ public void testDeleteConfigGroupAsServiceAdministrator() throws Exception {
+ testDeleteConfigGroup(TestAuthenticationFactory.createServiceAdministrator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testDeleteConfigGroupAsServiceOperator() throws Exception {
+ testDeleteConfigGroup(TestAuthenticationFactory.createServiceOperator());
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testDeleteConfigGroupAsClusterUser() throws Exception {
+ testDeleteConfigGroup(TestAuthenticationFactory.createClusterUser());
+ }
+
+ private void testDeleteConfigGroup(Authentication authentication) throws Exception {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
Clusters clusters = createNiceMock(Clusters.class);
Cluster cluster = createNiceMock(Cluster.class);
@@ -720,6 +880,8 @@ public class ConfigGroupResourceProviderTest {
.equals("Cluster100").and().property(ConfigGroupResourceProvider
.CONFIGGROUP_ID_PROPERTY_ID).equals(1L).toPredicate();
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
resourceProvider.deleteResources(new RequestImpl(null, null, null, null), predicate);
ResourceProviderEvent lastEvent = observer.getLastEvent();
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
index 4301bf8..80ec449 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
@@ -184,6 +184,7 @@ public class TestAuthenticationFactory {
permissionEntity.setAuthorizations(createAuthorizations(EnumSet.of(
RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS,
RoleAuthorization.CLUSTER_MODIFY_CONFIGS,
+ RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS,
RoleAuthorization.CLUSTER_TOGGLE_ALERTS,
RoleAuthorization.CLUSTER_MANAGE_ALERTS,
RoleAuthorization.CLUSTER_TOGGLE_KERBEROS,
@@ -267,6 +268,7 @@ public class TestAuthenticationFactory {
RoleAuthorization.CLUSTER_VIEW_METRICS,
RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS,
RoleAuthorization.CLUSTER_VIEW_STATUS_INFO,
+ RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS,
RoleAuthorization.HOST_VIEW_CONFIGS,
RoleAuthorization.HOST_VIEW_METRICS,
RoleAuthorization.HOST_VIEW_STATUS_INFO,
http://git-wip-us.apache.org/repos/asf/ambari/blob/2c08fa6b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index 96b2cfb..1d71fe6 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -79,6 +79,10 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "DELETE", true);
urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
@@ -116,6 +120,10 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "DELETE", true);
urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
@@ -153,6 +161,10 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "DELETE", true);
urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
@@ -190,6 +202,10 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "DELETE", true);
urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);
@@ -227,6 +243,10 @@ public class AmbariAuthorizationFilterTest {
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "GET", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "PUT", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "POST", true);
+ urlTests.put("/api/v1/clusters/c1/config_groups", "DELETE", true);
urlTests.put("/api/v1/clusters/c1/configurations", "GET", true);
urlTests.put("/api/v1/clusters/c1/configurations", "PUT", true);
urlTests.put("/api/v1/clusters/c1/configurations", "POST", true);