You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/11/24 00:57:54 UTC
[2/3] ambari git commit: AMBARI-13977. Enforce granular role-based
access control for user functions (rlevas)
http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
index 68f1467..4357a24 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -18,27 +18,27 @@
package org.apache.ambari.server.controller.internal;
-import static org.easymock.EasyMock.anyObject;
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.createNiceMock;
-import static org.easymock.EasyMock.createStrictMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.reset;
-import static org.easymock.EasyMock.verify;
-
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.Request;
import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.dao.ClusterDAO;
import org.apache.ambari.server.orm.dao.GroupDAO;
import org.apache.ambari.server.orm.dao.MemberDAO;
@@ -62,110 +62,112 @@ import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.orm.entities.ViewEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.view.ViewInstanceHandlerList;
import org.apache.ambari.server.view.ViewRegistry;
import org.apache.ambari.server.view.ViewRegistryTest;
-import org.easymock.EasyMock;
+import org.easymock.EasyMockSupport;
+import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
-import org.junit.BeforeClass;
import org.junit.Test;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import javax.persistence.EntityManager;
+
+import static org.easymock.EasyMock.*;
/**
* AmbariPrivilegeResourceProvider tests.
*/
-public class AmbariPrivilegeResourceProviderTest {
- private final static PrivilegeDAO privilegeDAO = createStrictMock(PrivilegeDAO.class);
- private final static ClusterDAO clusterDAO = createStrictMock(ClusterDAO.class);
- private final static UserDAO userDAO = createStrictMock(UserDAO.class);
- private final static GroupDAO groupDAO = createStrictMock(GroupDAO.class);
- private final static PrincipalDAO principalDAO = createStrictMock(PrincipalDAO.class);
- private final static PermissionDAO permissionDAO = createStrictMock(PermissionDAO.class);
- private final static ResourceDAO resourceDAO = createStrictMock(ResourceDAO.class);
- private static final ViewDAO viewDAO = createMock(ViewDAO.class);
- private static final ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
- private static final MemberDAO memberDAO = createNiceMock(MemberDAO.class);
- private static final ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
- private static final SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
- private static final ViewInstanceHandlerList handlerList = createNiceMock(ViewInstanceHandlerList.class);
-
- @BeforeClass
- public static void initClass() {
- PrivilegeResourceProvider.init(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO);
- AmbariPrivilegeResourceProvider.init(clusterDAO);
- }
+public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
@Before
public void resetGlobalMocks() {
- ViewRegistry.initInstance(ViewRegistryTest.getRegistry(viewDAO, viewInstanceDAO, userDAO,
- memberDAO, privilegeDAO, resourceDAO, resourceTypeDAO, securityHelper, handlerList, null, null, null));
- reset(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO, handlerList);
+ resetAll();
+ }
+
+ @After
+ public void clearAuthentication() {
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Test
- public void testGetResources() throws Exception {
+ public void testCreateResources_Administrator() throws Exception {
+ createResourcesTest(TestAuthenticationFactory.createAdministrator("admin"));
+ }
- List<PrivilegeEntity> privilegeEntities = new LinkedList<PrivilegeEntity>();
+ @Test(expected = AuthorizationException.class)
+ public void testCreateResources_NonAdministrator() throws Exception {
+ createResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
- PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class);
- ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class);
- ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class);
- UserEntity userEntity = createNiceMock(UserEntity.class);
- PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class);
- PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class);
- PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class);
+ @Test
+ public void testGetResources_Administrator() throws Exception {
+ getResourcesTest(TestAuthenticationFactory.createAdministrator("admin"));
+ }
- List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
- principalEntities.add(principalEntity);
+ @Test(expected = AuthorizationException.class)
+ public void testGetResources_NonAdministrator() throws Exception {
+ getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
- List<UserEntity> userEntities = new LinkedList<UserEntity>();
- userEntities.add(userEntity);
+ @Test
+ public void testGetResource_Administrator_Self() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createAdministrator("admin"), "admin");
+ }
- privilegeEntities.add(privilegeEntity);
+ @Test
+ public void testGetResource_Administrator_Other() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createAdministrator("admin"), "User1");
+ }
- expect(privilegeDAO.findAll()).andReturn(privilegeEntities);
- expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes();
- expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
- expect(resourceEntity.getId()).andReturn(1L).anyTimes();
- expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
- expect(resourceTypeEntity.getId()).andReturn(ResourceType.AMBARI.getId()).anyTimes();
- expect(resourceTypeEntity.getName()).andReturn(ResourceType.AMBARI.name()).anyTimes();
- expect(principalEntity.getId()).andReturn(1L).anyTimes();
- expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(userEntity.getUserName()).andReturn("joe").anyTimes();
- expect(permissionEntity.getPermissionName()).andReturn("AMBARI.ADMINISTRATOR").anyTimes();
- expect(permissionEntity.getPermissionLabel()).andReturn("Administrator").anyTimes();
- expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
- expect(principalTypeEntity.getName()).andReturn("USER").anyTimes();
+ @Test(expected = AuthorizationException.class)
+ public void testGetResource_NonAdministrator_Self() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1");
+ }
- expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
- expect(clusterDAO.findAll()).andReturn(Collections.<ClusterEntity>emptyList());
- expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
+ @Test(expected = AuthorizationException.class)
+ public void testGetResource_NonAdministrator_Other() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User10");
+ }
- replay(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO,
- privilegeEntity, resourceEntity, resourceTypeEntity, userEntity, principalEntity,
- permissionEntity, principalTypeEntity);
+ @Test
+ public void testUpdateResources_Administrator_Self() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "admin");
+ }
- PrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider();
- Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null);
+ @Test
+ public void testUpdateResources_Administrator_Other() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "User1");
+ }
- Assert.assertEquals(1, resources.size());
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateResources_NonAdministrator_Self() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1");
+ }
- Resource resource = resources.iterator().next();
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateResources_NonAdministrator_Other() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User10");
+ }
- Assert.assertEquals("AMBARI.ADMINISTRATOR", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID));
- Assert.assertEquals("Administrator", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_LABEL_PROPERTY_ID));
- Assert.assertEquals("joe", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID));
- Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID));
+ @Test
+ public void testDeleteResources_Administrator() throws Exception {
+ deleteResourcesTest(TestAuthenticationFactory.createAdministrator("admin"));
+ }
- verify(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, privilegeEntity, resourceEntity,
- userEntity, principalEntity, permissionEntity, principalTypeEntity);
+ @Test(expected = AuthorizationException.class)
+ public void testDeleteResources_NonAdministrator() throws Exception {
+ deleteResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"));
}
@Test
public void testGetResources_allTypes() throws Exception {
+ Injector injector = createInjector();
PrivilegeEntity ambariPrivilegeEntity = createNiceMock(PrivilegeEntity.class);
ResourceEntity ambariResourceEntity = createNiceMock(ResourceEntity.class);
@@ -259,19 +261,25 @@ public class AmbariPrivilegeResourceProviderTest {
List<ClusterEntity> clusterEntities = new LinkedList<ClusterEntity>();
clusterEntities.add(clusterEntity);
- expect(clusterDAO.findAll()).andReturn(clusterEntities);
- expect(privilegeDAO.findAll()).andReturn(privilegeEntities);
- expect(userDAO.findUsersByPrincipal(anyObject(List.class))).andReturn(userEntities).anyTimes();
- expect(groupDAO.findGroupsByPrincipal(anyObject(List.class))).andReturn(Collections.<GroupEntity>emptyList()).anyTimes();
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findAll()).andReturn(clusterEntities).atLeastOnce();
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findAll()).andReturn(privilegeEntities).atLeastOnce();
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUsersByPrincipal(anyObject(List.class))).andReturn(userEntities).atLeastOnce();
+
+ GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+ expect(groupDAO.findGroupsByPrincipal(anyObject(List.class))).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce();
- replay(privilegeDAO, userDAO, principalDAO, permissionDAO, groupDAO, resourceDAO, clusterDAO, ambariPrivilegeEntity,
- ambariResourceEntity, ambariResourceTypeEntity, ambariUserEntity, ambariPrincipalEntity, ambariPermissionEntity, viewPrivilegeEntity,
- viewResourceEntity, viewResourceTypeEntity, viewUserEntity, viewPrincipalEntity, viewPrincipalTypeEntity, viewPermissionEntity, clusterPrivilegeEntity,
- clusterResourceEntity, clusterResourceTypeEntity, clusterUserEntity, clusterPrincipalEntity, clusterPermissionEntity,clusterPrincipalTypeEntity,
- ambariPrincipalTypeEntity, clusterEntity, viewEntity, viewInstanceEntity);
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
+
+ ResourceProvider provider = getResourceProvider(injector);
ViewRegistry.getInstance().addDefinition(viewEntity);
- PrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider();
Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null);
Assert.assertEquals(3, resources.size());
@@ -316,61 +324,7 @@ public class AmbariPrivilegeResourceProviderTest {
Assert.assertEquals("inst1", resource3.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID));
Assert.assertEquals("VIEW", resource3.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID));
- verify(privilegeDAO, userDAO, principalDAO, permissionDAO, groupDAO, resourceDAO, clusterDAO, ambariPrivilegeEntity,
- ambariResourceEntity, ambariResourceTypeEntity, ambariUserEntity, ambariPrincipalEntity, ambariPermissionEntity, viewPrivilegeEntity,
- viewResourceEntity, viewResourceTypeEntity, viewUserEntity, viewPrincipalEntity, viewPrincipalTypeEntity, viewPermissionEntity, clusterPrivilegeEntity,
- clusterResourceEntity, clusterResourceTypeEntity, clusterUserEntity, clusterPrincipalEntity, clusterPermissionEntity,clusterPrincipalTypeEntity,
- ambariPrincipalTypeEntity, clusterEntity, viewEntity, viewInstanceEntity);
- }
-
- @Test
- public void testUpdateResources() throws Exception {
- PrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider();
-
- PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class);
- ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class);
- ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class);
- Request request = createNiceMock(Request.class);
- PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class);
- PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class);
- UserEntity userEntity = createNiceMock(UserEntity.class);
-
- expect(privilegeDAO.findByResourceId(1L)).andReturn(Collections.singletonList(privilegeEntity)).anyTimes();
- privilegeDAO.remove(privilegeEntity);
- EasyMock.expectLastCall().anyTimes();
- expect(request.getProperties()).andReturn(new HashSet<Map<String,Object>>() {
- {
- add(new HashMap<String, Object>() {
- {
- put(PrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID, "READ");
- put(PrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID, "admin");
- put(PrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID, "user");
- }
- });
- }
- }).anyTimes();
- expect(clusterDAO.findAll()).andReturn(Collections.<ClusterEntity>emptyList());
- expect(permissionDAO.findPermissionByNameAndType(EasyMock.eq("READ"), EasyMock.<ResourceTypeEntity> anyObject())).andReturn(permissionEntity);
- expect(resourceDAO.findById(EasyMock.anyLong())).andReturn(resourceEntity);
- expect(userDAO.findUserByName("admin")).andReturn(userEntity);
- expect(principalDAO.findById(EasyMock.anyLong())).andReturn(principalEntity);
- expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(principalEntity.getId()).andReturn(2L).anyTimes();
- expect(permissionEntity.getPermissionName()).andReturn("READ").anyTimes();
- expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
- expect(resourceTypeEntity.getId()).andReturn(3).anyTimes();
- expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
- expect(permissionEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
- expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- privilegeDAO.create(EasyMock.<PrivilegeEntity> anyObject());
- EasyMock.expectLastCall().anyTimes();
-
- replay(privilegeEntity, privilegeDAO, request, permissionDAO, permissionEntity, resourceEntity, resourceDAO,
- principalEntity, principalDAO, userDAO, userEntity, resourceTypeEntity, clusterDAO);
-
- provider.updateResources(request, null);
-
- verify(privilegeEntity, privilegeDAO, request, permissionDAO, permissionEntity, resourceEntity, resourceDAO, principalEntity, principalDAO, userDAO, userEntity, resourceTypeEntity);
+ verifyAll();
}
@Test
@@ -563,4 +517,386 @@ public class AmbariPrivilegeResourceProviderTest {
verify(permissionEntity, principalTypeEntity, principalEntity, resourceTypeEntity, viewInstanceEntity, viewEntity, resourceEntity, privilegeEntity);
}
+
+ private void createResourcesTest(Authentication authentication) throws Exception {
+ Injector injector = createInjector();
+
+ PrincipalEntity principalEntity = createMockPrincipalEntity(2L, createMockPrincipalTypeEntity("USER"));
+
+ ResourceTypeEntity clusterResourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity clusterResourceEntity = createMockResourceEntity(1L, clusterResourceTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.OPERATOR", "Cluster Operator", clusterResourceTypeEntity);
+
+ PrivilegeEntity privilegeEntity = createMockPrivilegeEntity(2, clusterResourceEntity, principalEntity, permissionEntity);
+
+ Set<PrivilegeEntity> privilegeEntities = new HashSet<PrivilegeEntity>();
+ privilegeEntities.add(privilegeEntity);
+
+ expect(principalEntity.getPrivileges()).andReturn(privilegeEntities).atLeastOnce();
+
+ UserEntity userEntity = createMockUserEntity(principalEntity, "User1");
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.exists(anyObject(PrivilegeEntity.class))).andReturn(false).atLeastOnce();
+ privilegeDAO.create(anyObject(PrivilegeEntity.class));
+ expectLastCall().once();
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUserByName("User1")).andReturn(userEntity).atLeastOnce();
+
+ PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
+ expect(principalDAO.findById(2L)).andReturn(principalEntity).atLeastOnce();
+ expect(principalDAO.merge(principalEntity)).andReturn(principalEntity).once();
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findAll()).andReturn(Collections.<ClusterEntity>emptyList()).atLeastOnce();
+
+ ResourceDAO resourceDAO = injector.getInstance(ResourceDAO.class);
+ expect(resourceDAO.findById(1L)).andReturn(clusterResourceEntity).atLeastOnce();
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", clusterResourceTypeEntity))
+ .andReturn(permissionEntity)
+ .atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ // add the property map to a set for the request.
+ Map<String, Object> properties = new LinkedHashMap<String, Object>();
+ properties.put(PrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID, "CLUSTER.OPERATOR");
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID, "User1");
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID, "USER");
+
+ // create the request
+ Request request = PropertyHelper.getUpdateRequest(properties, null);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ provider.createResources(request);
+
+ verifyAll();
+ }
+
+ private void getResourcesTest(Authentication authentication) throws Exception {
+ Injector injector = createInjector();
+
+ List<PrivilegeEntity> privilegeEntities = new LinkedList<PrivilegeEntity>();
+
+ PrincipalEntity principalEntity = createMockPrincipalEntity(1L, createMockPrincipalTypeEntity("USER"));
+
+ List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
+ principalEntities.add(principalEntity);
+
+ List<UserEntity> userEntities = new LinkedList<UserEntity>();
+ userEntities.add(createMockUserEntity(principalEntity, "User1"));
+
+ ResourceTypeEntity ambariResourceTypeEntity = createMockResourceTypeEntity(ResourceType.AMBARI);
+ ResourceEntity ambariResourceEntity = createMockResourceEntity(1L, ambariResourceTypeEntity);
+
+ privilegeEntities.add(createMockPrivilegeEntity(
+ 1, ambariResourceEntity,
+ principalEntity,
+ createMockPermissionEntity("AMBARI.ADMINISTRATOR", "Administrator", ambariResourceTypeEntity)));
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findAll()).andReturn(privilegeEntities).atLeastOnce();
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities).atLeastOnce();
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findAll()).andReturn(Collections.<ClusterEntity>emptyList()).atLeastOnce();
+
+ GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+ expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null);
+
+ Assert.assertEquals(1, resources.size());
+
+ Resource resource = resources.iterator().next();
+
+ Assert.assertEquals("AMBARI.ADMINISTRATOR", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID));
+ Assert.assertEquals("Administrator", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_LABEL_PROPERTY_ID));
+ Assert.assertEquals("User1", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID));
+ Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID));
+
+ verifyAll();
+ }
+
+ private void getResourceTest(Authentication authentication, String requestedUsername) throws Exception {
+ Injector injector = createInjector();
+
+ PrincipalEntity principalEntity1 = createMockPrincipalEntity(1L, createMockPrincipalTypeEntity("USER"));
+ PrincipalEntity principalEntity2 = createMockPrincipalEntity(2L, createMockPrincipalTypeEntity("USER"));
+
+ List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
+ principalEntities.add(principalEntity1);
+ principalEntities.add(principalEntity2);
+
+ List<UserEntity> userEntities = new LinkedList<UserEntity>();
+ userEntities.add(createMockUserEntity(principalEntity1, requestedUsername));
+ userEntities.add(createMockUserEntity(principalEntity2, "Not" + requestedUsername));
+
+ ResourceTypeEntity clusterResourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity clusterResourceEntity = createMockResourceEntity(1L, clusterResourceTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.OPERATOR", "Cluster Operator", clusterResourceTypeEntity);
+
+ List<PrivilegeEntity> privilegeEntities = new LinkedList<PrivilegeEntity>();
+ privilegeEntities.add(createMockPrivilegeEntity(1, clusterResourceEntity, principalEntity1, permissionEntity));
+ privilegeEntities.add(createMockPrivilegeEntity(2, clusterResourceEntity, principalEntity2, permissionEntity));
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findAll()).andReturn(privilegeEntities).atLeastOnce();
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities).atLeastOnce();
+
+ List<ClusterEntity> clusterEntities = new ArrayList<ClusterEntity>();
+ clusterEntities.add(createMockClusterEntity("c1", clusterResourceEntity));
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findAll()).andReturn(clusterEntities).atLeastOnce();
+
+ GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+ expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), createPredicate(1L));
+
+ Assert.assertEquals(1, resources.size());
+
+ Resource resource = resources.iterator().next();
+
+ Assert.assertEquals("CLUSTER.OPERATOR", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID));
+ Assert.assertEquals("Cluster Operator", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_LABEL_PROPERTY_ID));
+ Assert.assertEquals(requestedUsername, resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID));
+ Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID));
+
+ verifyAll();
+ }
+
+ private void updateResourcesTest(Authentication authentication, String requestedUsername) throws Exception {
+ Injector injector = createInjector();
+
+ PrincipalEntity principalEntity1 = createMockPrincipalEntity(1L, createMockPrincipalTypeEntity("USER"));
+ PrincipalEntity principalEntity2 = createMockPrincipalEntity(2L, createMockPrincipalTypeEntity("USER"));
+
+ ResourceTypeEntity clusterResourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity clusterResourceEntity = createMockResourceEntity(1L, clusterResourceTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.OPERATOR", "Cluster Operator", clusterResourceTypeEntity);
+
+ PrivilegeEntity privilegeEntity1 = createMockPrivilegeEntity(1, clusterResourceEntity, principalEntity1, permissionEntity);
+ PrivilegeEntity privilegeEntity2 = createMockPrivilegeEntity(2, clusterResourceEntity, principalEntity2, permissionEntity);
+
+ Set<PrivilegeEntity> privilege1Entities = new HashSet<PrivilegeEntity>();
+ privilege1Entities.add(privilegeEntity1);
+
+ Set<PrivilegeEntity> privilege2Entities = new HashSet<PrivilegeEntity>();
+ privilege2Entities.add(privilegeEntity2);
+
+ List<PrivilegeEntity> privilegeEntities = new LinkedList<PrivilegeEntity>();
+ privilegeEntities.addAll(privilege1Entities);
+ privilegeEntities.addAll(privilege2Entities);
+
+ expect(principalEntity2.getPrivileges()).andReturn(privilege2Entities).atLeastOnce();
+
+ UserEntity userEntity = createMockUserEntity(principalEntity1, requestedUsername);
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findByResourceId(1L)).andReturn(privilegeEntities).atLeastOnce();
+ privilegeDAO.remove(privilegeEntity2);
+ expectLastCall().atLeastOnce();
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUserByName(requestedUsername)).andReturn(userEntity).atLeastOnce();
+
+ PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
+ expect(principalDAO.findById(1L)).andReturn(principalEntity1).atLeastOnce();
+ expect(principalDAO.merge(principalEntity2)).andReturn(principalEntity2).atLeastOnce();
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findAll()).andReturn(Collections.<ClusterEntity>emptyList()).atLeastOnce();
+
+ ResourceDAO resourceDAO = injector.getInstance(ResourceDAO.class);
+ expect(resourceDAO.findById(1L)).andReturn(clusterResourceEntity).atLeastOnce();
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", clusterResourceTypeEntity))
+ .andReturn(permissionEntity)
+ .atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ // add the property map to a set for the request.
+ Map<String, Object> properties = new LinkedHashMap<String, Object>();
+ properties.put(PrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID, "CLUSTER.OPERATOR");
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID, requestedUsername);
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID, "USER");
+
+ // create the request
+ Request request = PropertyHelper.getUpdateRequest(properties, null);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ provider.updateResources(request, createPredicate(1L));
+
+ verifyAll();
+ }
+
+ private void deleteResourcesTest(Authentication authentication) throws Exception {
+ Injector injector = createInjector();
+
+ PrincipalEntity principalEntity1 = createMockPrincipalEntity(1L, createMockPrincipalTypeEntity("USER"));
+
+ ResourceTypeEntity clusterResourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity clusterResourceEntity = createMockResourceEntity(1L, clusterResourceTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.OPERATOR", "Cluster Operator", clusterResourceTypeEntity);
+
+ PrivilegeEntity privilegeEntity1 = createMockPrivilegeEntity(1, clusterResourceEntity, principalEntity1, permissionEntity);
+
+ Set<PrivilegeEntity> privilege1Entities = new HashSet<PrivilegeEntity>();
+ privilege1Entities.add(privilegeEntity1);
+
+ expect(principalEntity1.getPrivileges()).andReturn(privilege1Entities).atLeastOnce();
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findById(1)).andReturn(privilegeEntity1).atLeastOnce();
+ privilegeDAO.remove(privilegeEntity1);
+ expectLastCall().atLeastOnce();
+
+ PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
+ expect(principalDAO.merge(principalEntity1)).andReturn(principalEntity1).atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ provider.deleteResources(createPredicate(1L));
+
+ verifyAll();
+ }
+
+ private Predicate createPredicate(Long id) {
+ return new PredicateBuilder()
+ .property(AmbariPrivilegeResourceProvider.PRIVILEGE_ID_PROPERTY_ID)
+ .equals(id)
+ .toPredicate();
+ }
+
+ private ClusterEntity createMockClusterEntity(String clusterName, ResourceEntity resourceEntity) {
+ ClusterEntity clusterEntity = createMock(ClusterEntity.class);
+ expect(clusterEntity.getClusterName()).andReturn(clusterName).anyTimes();
+ expect(clusterEntity.getResource()).andReturn(resourceEntity).anyTimes();
+ return clusterEntity;
+ }
+
+ private UserEntity createMockUserEntity(PrincipalEntity principalEntity, String username) {
+ UserEntity userEntity = createMock(UserEntity.class);
+ expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+ expect(userEntity.getUserName()).andReturn(username).anyTimes();
+ return userEntity;
+ }
+
+ private PermissionEntity createMockPermissionEntity(String name, String label, ResourceTypeEntity resourceTypeEntity) {
+ PermissionEntity permissionEntity = createMock(PermissionEntity.class);
+ expect(permissionEntity.getPermissionName()).andReturn(name).anyTimes();
+ expect(permissionEntity.getPermissionLabel()).andReturn(label).anyTimes();
+ expect(permissionEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
+ return permissionEntity;
+ }
+
+ private PrincipalTypeEntity createMockPrincipalTypeEntity(String typeName) {
+ PrincipalTypeEntity principalTypeEntity = createMock(PrincipalTypeEntity.class);
+ expect(principalTypeEntity.getName()).andReturn(typeName).anyTimes();
+ return principalTypeEntity;
+ }
+
+ private PrincipalEntity createMockPrincipalEntity(Long id, PrincipalTypeEntity principalTypeEntity) {
+ PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
+ expect(principalEntity.getId()).andReturn(id).anyTimes();
+ expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
+ return principalEntity;
+ }
+
+ private ResourceTypeEntity createMockResourceTypeEntity(ResourceType resourceType) {
+ ResourceTypeEntity resourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(resourceTypeEntity.getId()).andReturn(resourceType.getId()).anyTimes();
+ expect(resourceTypeEntity.getName()).andReturn(resourceType.name()).anyTimes();
+ return resourceTypeEntity;
+ }
+
+ private ResourceEntity createMockResourceEntity(Long id, ResourceTypeEntity resourceTypeEntity) {
+ ResourceEntity resourceEntity = createMock(ResourceEntity.class);
+ expect(resourceEntity.getId()).andReturn(id).anyTimes();
+ expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
+ return resourceEntity;
+ }
+
+ private PrivilegeEntity createMockPrivilegeEntity(Integer id, ResourceEntity resourceEntity, PrincipalEntity principalEntity, PermissionEntity permissionEntity) {
+ PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
+ expect(privilegeEntity.getId()).andReturn(id).anyTimes();
+ expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes();
+ expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+ expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
+ return privilegeEntity;
+ }
+
+ private ResourceProvider getResourceProvider(Injector injector) {
+ ViewRegistry.initInstance(ViewRegistryTest.getRegistry(
+ injector.getInstance(ViewDAO.class),
+ injector.getInstance(ViewInstanceDAO.class),
+ injector.getInstance(UserDAO.class),
+ injector.getInstance(MemberDAO.class),
+ injector.getInstance(PrivilegeDAO.class),
+ injector.getInstance(ResourceDAO.class),
+ injector.getInstance(ResourceTypeDAO.class),
+ injector.getInstance(SecurityHelper.class),
+ injector.getInstance(ViewInstanceHandlerList.class),
+ null,
+ null,
+ null));
+ PrivilegeResourceProvider.init(injector.getInstance(PrivilegeDAO.class),
+ injector.getInstance(UserDAO.class),
+ injector.getInstance(GroupDAO.class),
+ injector.getInstance(PrincipalDAO.class),
+ injector.getInstance(PermissionDAO.class),
+ injector.getInstance(ResourceDAO.class));
+ AmbariPrivilegeResourceProvider.init(injector.getInstance(ClusterDAO.class));
+ return new AmbariPrivilegeResourceProvider();
+ }
+
+ private Injector createInjector() throws Exception {
+ return Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(SecurityHelper.class).toInstance(createNiceMock(SecurityHelper.class));
+ bind(ViewInstanceDAO.class).toInstance(createNiceMock(ViewInstanceDAO.class));
+ bind(ViewInstanceHandlerList.class).toInstance(createNiceMock(ViewInstanceHandlerList.class));
+ bind(MemberDAO.class).toInstance(createNiceMock(MemberDAO.class));
+
+ bind(PrivilegeDAO.class).toInstance(createMock(PrivilegeDAO.class));
+ bind(PrincipalDAO.class).toInstance(createMock(PrincipalDAO.class));
+ bind(PermissionDAO.class).toInstance(createMock(PermissionDAO.class));
+ bind(UserDAO.class).toInstance(createMock(UserDAO.class));
+ bind(GroupDAO.class).toInstance(createMock(GroupDAO.class));
+ bind(ResourceDAO.class).toInstance(createMock(ResourceDAO.class));
+ bind(ClusterDAO.class).toInstance(createMock(ClusterDAO.class));
+ }
+ });
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
index 1412470..c272f2b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -18,16 +18,25 @@
package org.apache.ambari.server.controller.internal;
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.Request;
import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.dao.ClusterDAO;
import org.apache.ambari.server.orm.dao.GroupDAO;
+import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PermissionDAO;
import org.apache.ambari.server.orm.dao.PrincipalDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.ResourceDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
+import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
import org.apache.ambari.server.orm.entities.ClusterEntity;
import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.PermissionEntity;
@@ -35,59 +44,191 @@ import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
+import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
+import org.apache.ambari.server.security.authorization.ResourceType;
+import org.apache.ambari.server.view.ViewInstanceHandlerList;
+import org.easymock.EasyMockSupport;
+import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
-import org.junit.BeforeClass;
import org.junit.Test;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import javax.persistence.EntityManager;
+import java.util.ArrayList;
import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import java.util.Set;
-import static org.easymock.EasyMock.createNiceMock;
-import static org.easymock.EasyMock.createStrictMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.reset;
-import static org.easymock.EasyMock.verify;
+import static org.easymock.EasyMock.*;
+import static org.easymock.EasyMock.anyObject;
/**
* ClusterPrivilegeResourceProvider tests.
*/
-public class ClusterPrivilegeResourceProviderTest {
- private final static PrivilegeDAO privilegeDAO = createStrictMock(PrivilegeDAO.class);
- private final static UserDAO userDAO = createStrictMock(UserDAO.class);
- private final static GroupDAO groupDAO = createStrictMock(GroupDAO.class);
- private final static PrincipalDAO principalDAO = createStrictMock(PrincipalDAO.class);
- private final static PermissionDAO permissionDAO = createStrictMock(PermissionDAO.class);
- private final static ResourceDAO resourceDAO = createStrictMock(ResourceDAO.class);
- private final static ClusterDAO clusterDAO = createStrictMock(ClusterDAO.class);
-
- @BeforeClass
- public static void initClass() {
- PrivilegeResourceProvider.init(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO);
- ClusterPrivilegeResourceProvider.init(clusterDAO);
- }
+public class ClusterPrivilegeResourceProviderTest extends EasyMockSupport {
@Before
public void resetGlobalMocks() {
- reset(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO);
+ resetAll();
+ }
+
+ @After
+ public void clearAuthentication() {
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Test
- public void testGetResources() throws Exception {
+ public void testCreateResources_Administrator() throws Exception {
+ createResourcesTest(TestAuthenticationFactory.createAdministrator("admin"));
+ }
- List<PrivilegeEntity> privilegeEntities = new LinkedList<PrivilegeEntity>();
+ @Test(expected = AuthorizationException.class)
+ public void testCreateResources_NonAdministrator() throws Exception {
+ createResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
+
+ @Test
+ public void testGetResources_Administrator() throws Exception {
+ getResourcesTest(TestAuthenticationFactory.createAdministrator("admin"));
+ }
- PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class);
- ClusterEntity clusterEntity = createNiceMock(ClusterEntity.class);
- ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class);
- UserEntity userEntity = createNiceMock(UserEntity.class);
- PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class);
- PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class);
- PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class);
+ @Test(expected = AuthorizationException.class)
+ public void testGetResources_NonAdministrator() throws Exception {
+ getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
+
+ @Test
+ public void testGetResource_Administrator_Self() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createAdministrator("admin"), "admin");
+ }
+
+ @Test
+ public void testGetResource_Administrator_Other() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createAdministrator("admin"), "User1");
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testGetResource_NonAdministrator_Self() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1");
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testGetResource_NonAdministrator_Other() throws Exception {
+ getResourceTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User10");
+ }
+
+ @Test
+ public void testUpdateResources_Administrator_Self() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "admin");
+ }
+
+ @Test
+ public void testUpdateResources_Administrator_Other() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "User1");
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateResources_NonAdministrator_Self() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1");
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateResources_NonAdministrator_Other() throws Exception {
+ updateResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User10");
+ }
+
+ @Test
+ public void testDeleteResources_Administrator() throws Exception {
+ deleteResourcesTest(TestAuthenticationFactory.createAdministrator("admin"));
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testDeleteResources_NonAdministrator() throws Exception {
+ deleteResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
+
+
+ private void createResourcesTest(Authentication authentication) throws Exception {
+ Injector injector = createInjector();
+
+ PrincipalEntity principalEntity = createMockPrincipalEntity(2L, createMockPrincipalTypeEntity("USER"));
+
+ ResourceTypeEntity clusterResourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity clusterResourceEntity = createMockResourceEntity(1L, clusterResourceTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.OPERATOR", "Cluster Operator", clusterResourceTypeEntity);
+ PrivilegeEntity privilegeEntity = createMockPrivilegeEntity(2, clusterResourceEntity, principalEntity, permissionEntity);
+ ClusterEntity clusterEntity = createMockClusterEntity("c1", clusterResourceEntity);
+ UserEntity userEntity = createMockUserEntity(principalEntity, "User1");
+
+ Set<PrivilegeEntity> privilegeEntities = new HashSet<PrivilegeEntity>();
+ privilegeEntities.add(privilegeEntity);
+
+ expect(principalEntity.getPrivileges()).andReturn(privilegeEntities).atLeastOnce();
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.exists(anyObject(PrivilegeEntity.class))).andReturn(false).atLeastOnce();
+ privilegeDAO.create(anyObject(PrivilegeEntity.class));
+ expectLastCall().once();
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUserByName("User1")).andReturn(userEntity).atLeastOnce();
+
+ PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
+ expect(principalDAO.findById(2L)).andReturn(principalEntity).atLeastOnce();
+ expect(principalDAO.merge(principalEntity)).andReturn(principalEntity).once();
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findByName("c1")).andReturn(clusterEntity).atLeastOnce();
+
+ ResourceDAO resourceDAO = injector.getInstance(ResourceDAO.class);
+ expect(resourceDAO.findById(1L)).andReturn(clusterResourceEntity).atLeastOnce();
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", clusterResourceTypeEntity))
+ .andReturn(permissionEntity)
+ .atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ // add the property map to a set for the request.
+ Map<String, Object> properties = new LinkedHashMap<String, Object>();
+ properties.put(PrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID, "CLUSTER.OPERATOR");
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID, "User1");
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID, "USER");
+ properties.put(ClusterPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID, "c1");
+
+ // create the request
+ Request request = PropertyHelper.getUpdateRequest(properties, null);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ provider.createResources(request);
+
+ verifyAll();
+ }
+
+ private void getResourcesTest(Authentication authentication) throws Exception {
+ Injector injector = createInjector();
+
+ ResourceTypeEntity resourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity resourceEntity = createMockResourceEntity(20L, resourceTypeEntity);
+ PrincipalTypeEntity principalTypeEntity = createMockPrincipalTypeEntity("USER");
+ PrincipalEntity principalEntity = createMockPrincipalEntity(20L, principalTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.ADMINISTRATOR", "Cluster Administrator", resourceTypeEntity);
+ PrivilegeEntity privilegeEntity = createMockPrivilegeEntity(1, resourceEntity, principalEntity, permissionEntity);
+ ClusterEntity clusterEntity = createMockClusterEntity("c1", resourceEntity);
+ UserEntity userEntity = createMockUserEntity(principalEntity, "joe");
List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
principalEntities.add(principalEntity);
@@ -95,37 +236,29 @@ public class ClusterPrivilegeResourceProviderTest {
List<UserEntity> userEntities = new LinkedList<UserEntity>();
userEntities.add(userEntity);
+ List<PrivilegeEntity> privilegeEntities = new LinkedList<PrivilegeEntity>();
privilegeEntities.add(privilegeEntity);
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
expect(privilegeDAO.findAll()).andReturn(privilegeEntities);
- expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes();
- expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
- expect(resourceEntity.getId()).andReturn(20L).anyTimes();
- expect(principalEntity.getId()).andReturn(20L).anyTimes();
- expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(userEntity.getUserName()).andReturn("joe").anyTimes();
- expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").anyTimes();
- expect(permissionEntity.getPermissionLabel()).andReturn("Cluster Administrator").anyTimes();
- expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
- expect(principalTypeEntity.getName()).andReturn("USER").anyTimes();
- expect(clusterEntity.getResource()).andReturn(resourceEntity);
List<ClusterEntity> clusterEntities = new LinkedList<ClusterEntity>();
clusterEntities.add(clusterEntity);
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
expect(clusterDAO.findAll()).andReturn(clusterEntities);
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
- expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
- expect(permissionDAO.findById(2)).andReturn(permissionEntity);
- expect(permissionDAO.findById(3)).andReturn(permissionEntity);
+ GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+ expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
- replay(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO, privilegeEntity,
- clusterEntity, resourceEntity, userEntity, principalEntity, permissionEntity, principalTypeEntity);
+ replayAll();
+ SecurityContextHolder.getContext().setAuthentication(authentication);
- PrivilegeResourceProvider provider = new ClusterPrivilegeResourceProvider();
+ ResourceProvider provider = getResourceProvider(injector);
Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null);
Assert.assertEquals(1, resources.size());
@@ -137,33 +270,251 @@ public class ClusterPrivilegeResourceProviderTest {
Assert.assertEquals("joe", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID));
Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID));
- verify(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO, privilegeEntity,
- resourceEntity, clusterEntity, userEntity, principalEntity, permissionEntity, principalTypeEntity);
- reset(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO);
+ verifyAll();
}
- @Test
- public void testUpdateResources() throws Exception {
- PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class);
- Request request = createNiceMock(Request.class);
-
- expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").anyTimes();
- expect(permissionDAO.findById(2)).andReturn(permissionEntity);
- expect(permissionDAO.findById(3)).andReturn(permissionEntity);
-
- replay(permissionDAO, permissionEntity, request);
-
- PrivilegeResourceProvider provider = new ClusterPrivilegeResourceProvider();
- try {
- provider.updateResources(request, null);
- } catch (Exception ex) {
- // omit the exception, this method is from abstract class and tested in
- // AmbariPrivilegeResourceProvider#testUpdateResources
- // just check that permissions are okay
- }
-
- verify(permissionDAO, permissionEntity, request);
- reset(permissionDAO);
+ private void getResourceTest(Authentication authentication, String requestedUsername) throws Exception {
+ Injector injector = createInjector();
+
+ ResourceTypeEntity resourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity resourceEntity = createMockResourceEntity(20L, resourceTypeEntity);
+ PrincipalTypeEntity principalTypeEntity = createMockPrincipalTypeEntity("USER");
+ PrincipalEntity principalEntity = createMockPrincipalEntity(20L, principalTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.ADMINISTRATOR", "Cluster Administrator", resourceTypeEntity);
+ PrivilegeEntity privilegeEntity = createMockPrivilegeEntity(1, resourceEntity, principalEntity, permissionEntity);
+ ClusterEntity clusterEntity = createMockClusterEntity("c1", resourceEntity);
+ UserEntity userEntity = createMockUserEntity(principalEntity, requestedUsername);
+
+ List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
+ principalEntities.add(principalEntity);
+
+ List<UserEntity> userEntities = new LinkedList<UserEntity>();
+ userEntities.add(userEntity);
+
+ List<PrivilegeEntity> privilegeEntities = new LinkedList<PrivilegeEntity>();
+ privilegeEntities.add(privilegeEntity);
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findAll()).andReturn(privilegeEntities);
+
+ List<ClusterEntity> clusterEntities = new LinkedList<ClusterEntity>();
+ clusterEntities.add(clusterEntity);
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findAll()).andReturn(clusterEntities);
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
+
+ GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+ expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null);
+
+ Assert.assertEquals(1, resources.size());
+
+ Resource resource = resources.iterator().next();
+
+ Assert.assertEquals("CLUSTER.ADMINISTRATOR", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID));
+ Assert.assertEquals("Cluster Administrator", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_LABEL_PROPERTY_ID));
+ Assert.assertEquals(requestedUsername, resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID));
+ Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID));
+
+ verifyAll();
+ }
+
+ private void updateResourcesTest(Authentication authentication, String requestedUsername) throws Exception {
+ Injector injector = createInjector();
+
+ ResourceTypeEntity resourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.ADMINISTRATOR", "Cluster Administrator", resourceTypeEntity);
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", resourceTypeEntity)).andReturn(permissionEntity);
+
+ ResourceEntity resourceEntity = createMockResourceEntity(2L, resourceTypeEntity);
+ ClusterEntity clusterEntity = createMockClusterEntity("c1", resourceEntity);
+
+ List<ClusterEntity> clusterEntities = new LinkedList<ClusterEntity>();
+ clusterEntities.add(clusterEntity);
+
+ PrincipalTypeEntity principalTypeEntity = createMockPrincipalTypeEntity("USER");
+ PrincipalEntity principalEntity = createMockPrincipalEntity(2L, principalTypeEntity);
+ UserEntity userEntity = createMockUserEntity(principalEntity, requestedUsername);
+ PrivilegeEntity privilegeEntity = createMockPrivilegeEntity(1, resourceEntity, principalEntity, permissionEntity);
+
+ List<PrivilegeEntity> privilegeEntities = new ArrayList<PrivilegeEntity>();
+ privilegeEntities.add(privilegeEntity);
+
+ UserDAO userDAO = injector.getInstance(UserDAO.class);
+ expect(userDAO.findUserByName(requestedUsername)).andReturn(userEntity).atLeastOnce();
+
+ ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
+ expect(clusterDAO.findAll()).andReturn(clusterEntities);
+
+ ResourceDAO resourceDAO = injector.getInstance(ResourceDAO.class);
+ expect(resourceDAO.findById(2L)).andReturn(resourceEntity).atLeastOnce();
+
+ PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
+ expect(principalDAO.findById(2L)).andReturn(principalEntity).atLeastOnce();
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findByResourceId(2L)).andReturn(privilegeEntities).atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ Map<String, Object> properties = new LinkedHashMap<String, Object>();
+ properties.put(PrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID, "CLUSTER.OPERATOR");
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID, requestedUsername);
+ properties.put(PrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID, "USER");
+
+ Request request = PropertyHelper.getUpdateRequest(properties, null);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ provider.updateResources(request, null);
+
+ verifyAll();
+ }
+
+ private void deleteResourcesTest(Authentication authentication) throws Exception {
+ Injector injector = createInjector();
+
+ PrincipalEntity principalEntity1 = createMockPrincipalEntity(1L, createMockPrincipalTypeEntity("USER"));
+
+ ResourceTypeEntity clusterResourceTypeEntity = createMockResourceTypeEntity(ResourceType.CLUSTER);
+ ResourceEntity clusterResourceEntity = createMockResourceEntity(1L, clusterResourceTypeEntity);
+ PermissionEntity permissionEntity = createMockPermissionEntity("CLUSTER.OPERATOR", "Cluster Operator", clusterResourceTypeEntity);
+
+ PrivilegeEntity privilegeEntity1 = createMockPrivilegeEntity(1, clusterResourceEntity, principalEntity1, permissionEntity);
+
+ Set<PrivilegeEntity> privilege1Entities = new HashSet<PrivilegeEntity>();
+ privilege1Entities.add(privilegeEntity1);
+
+ expect(principalEntity1.getPrivileges()).andReturn(privilege1Entities).atLeastOnce();
+
+ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
+ expect(privilegeDAO.findById(1)).andReturn(privilegeEntity1).atLeastOnce();
+ privilegeDAO.remove(privilegeEntity1);
+ expectLastCall().atLeastOnce();
+
+ PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
+ expect(principalDAO.merge(principalEntity1)).andReturn(principalEntity1).atLeastOnce();
+
+ replayAll();
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ ResourceProvider provider = getResourceProvider(injector);
+ provider.deleteResources(createPredicate(1L));
+
+ verifyAll();
+ }
+
+
+ private ResourceEntity createMockResourceEntity(Long id, ResourceTypeEntity resourceTypeEntity) {
+ ResourceEntity resourceEntity = createMock(ResourceEntity.class);
+ expect(resourceEntity.getId()).andReturn(id).anyTimes();
+ expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
+ return resourceEntity;
+ }
+
+ private ResourceTypeEntity createMockResourceTypeEntity(ResourceType resourceType) {
+ ResourceTypeEntity resourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(resourceTypeEntity.getId()).andReturn(resourceType.getId()).anyTimes();
+ expect(resourceTypeEntity.getName()).andReturn(resourceType.name()).anyTimes();
+ return resourceTypeEntity;
+ }
+
+ private PermissionEntity createMockPermissionEntity(String name, String label, ResourceTypeEntity resourceTypeEntity) {
+ PermissionEntity permissionEntity = createMock(PermissionEntity.class);
+ expect(permissionEntity.getPermissionName()).andReturn(name).anyTimes();
+ expect(permissionEntity.getPermissionLabel()).andReturn(label).anyTimes();
+ expect(permissionEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
+ return permissionEntity;
+ }
+
+ private PrincipalTypeEntity createMockPrincipalTypeEntity(String typeName) {
+ PrincipalTypeEntity principalTypeEntity = createMock(PrincipalTypeEntity.class);
+ expect(principalTypeEntity.getName()).andReturn(typeName).anyTimes();
+ return principalTypeEntity;
+ }
+
+ private PrincipalEntity createMockPrincipalEntity(Long id, PrincipalTypeEntity principalTypeEntity) {
+ PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
+ expect(principalEntity.getId()).andReturn(id).anyTimes();
+ expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
+ return principalEntity;
+ }
+
+ private PrivilegeEntity createMockPrivilegeEntity(Integer id, ResourceEntity resourceEntity, PrincipalEntity principalEntity, PermissionEntity permissionEntity) {
+ PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
+ expect(privilegeEntity.getId()).andReturn(id).anyTimes();
+ expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes();
+ expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+ expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
+ return privilegeEntity;
+ }
+
+ private ClusterEntity createMockClusterEntity(String clusterName, ResourceEntity resourceEntity) {
+ ClusterEntity clusterEntity = createMock(ClusterEntity.class);
+ expect(clusterEntity.getClusterName()).andReturn(clusterName).anyTimes();
+ expect(clusterEntity.getResource()).andReturn(resourceEntity).anyTimes();
+ return clusterEntity;
+ }
+
+ private UserEntity createMockUserEntity(PrincipalEntity principalEntity, String username) {
+ UserEntity userEntity = createMock(UserEntity.class);
+ expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+ expect(userEntity.getUserName()).andReturn(username).anyTimes();
+ return userEntity;
+ }
+
+
+ private Predicate createPredicate(Long id) {
+ return new PredicateBuilder()
+ .property(ClusterPrivilegeResourceProvider.PRIVILEGE_ID_PROPERTY_ID)
+ .equals(id)
+ .toPredicate();
+ }
+
+ private ResourceProvider getResourceProvider(Injector injector) {
+ PrivilegeResourceProvider.init(injector.getInstance(PrivilegeDAO.class),
+ injector.getInstance(UserDAO.class),
+ injector.getInstance(GroupDAO.class),
+ injector.getInstance(PrincipalDAO.class),
+ injector.getInstance(PermissionDAO.class),
+ injector.getInstance(ResourceDAO.class));
+ ClusterPrivilegeResourceProvider.init(injector.getInstance(ClusterDAO.class));
+ return new ClusterPrivilegeResourceProvider();
+ }
+
+ private Injector createInjector() throws Exception {
+ return Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(SecurityHelper.class).toInstance(createNiceMock(SecurityHelper.class));
+ bind(ViewInstanceDAO.class).toInstance(createNiceMock(ViewInstanceDAO.class));
+ bind(ViewInstanceHandlerList.class).toInstance(createNiceMock(ViewInstanceHandlerList.class));
+ bind(MemberDAO.class).toInstance(createNiceMock(MemberDAO.class));
+
+ bind(PrivilegeDAO.class).toInstance(createMock(PrivilegeDAO.class));
+ bind(PrincipalDAO.class).toInstance(createMock(PrincipalDAO.class));
+ bind(PermissionDAO.class).toInstance(createMock(PermissionDAO.class));
+ bind(UserDAO.class).toInstance(createMock(UserDAO.class));
+ bind(GroupDAO.class).toInstance(createMock(GroupDAO.class));
+ bind(ResourceDAO.class).toInstance(createMock(ResourceDAO.class));
+ bind(ClusterDAO.class).toInstance(createMock(ClusterDAO.class));
+ }
+ });
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/7d45f1f7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
index e71c219..1b1bdc3 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
@@ -21,26 +21,54 @@ package org.apache.ambari.server.controller.internal;
import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
-import com.google.inject.util.Modules;
+import org.apache.ambari.server.actionmanager.ActionDBAccessor;
+import org.apache.ambari.server.actionmanager.ActionManager;
+import org.apache.ambari.server.actionmanager.StageFactory;
+import org.apache.ambari.server.api.services.AmbariMetaInfo;
+import org.apache.ambari.server.controller.AbstractRootServiceResponseFactory;
import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.AmbariManagementControllerImpl;
+import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.controller.spi.ClusterController;
import org.apache.ambari.server.controller.spi.Predicate;
import org.apache.ambari.server.controller.spi.Request;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.utilities.PredicateBuilder;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
import org.apache.ambari.server.orm.DBAccessor;
-import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.orm.dao.PermissionDAO;
import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+import org.apache.ambari.server.scheduler.ExecutionScheduler;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
+import org.apache.ambari.server.security.authorization.Users;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl;
+import org.apache.ambari.server.stack.StackManagerFactory;
+import org.apache.ambari.server.stageplanner.RoleGraphFactory;
+import org.apache.ambari.server.stageplanner.RoleGraphFactoryImpl;
+import org.apache.ambari.server.state.Clusters;
+import org.apache.ambari.server.state.ConfigFactory;
+import org.apache.ambari.server.state.ServiceComponentFactory;
+import org.apache.ambari.server.state.ServiceComponentHostFactory;
+import org.apache.ambari.server.state.ServiceFactory;
+import org.apache.ambari.server.state.configgroup.ConfigGroupFactory;
+import org.apache.ambari.server.state.scheduler.RequestExecutionFactory;
+import org.apache.ambari.server.state.stack.OsFamily;
import org.easymock.EasyMockSupport;
+import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.crypto.password.PasswordEncoder;
import javax.persistence.EntityManager;
import java.lang.reflect.Field;
@@ -57,30 +85,73 @@ import static org.easymock.EasyMock.*;
* UserAuthorizationResourceProvider tests.
*/
public class UserAuthorizationResourceProviderTest extends EasyMockSupport {
- private Injector injector;
@Before
- public void setup() {
- reset();
-
- injector = Guice.createInjector(Modules.override(new InMemoryDefaultTestModule())
- .with(new AbstractModule() {
- @Override
- protected void configure() {
- AmbariManagementController managementController = createNiceMock(AmbariManagementController.class);
-
- bind(AmbariManagementController.class).toInstance(managementController);
- bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
- bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
- bind(PermissionDAO.class).toInstance(createMock(PermissionDAO.class));
- bind(ResourceTypeDAO.class).toInstance(createMock(ResourceTypeDAO.class));
- }
- }));
+ public void setup() throws Exception {
+ resetAll();
}
+ @After
+ public void cleanup() {
+ SecurityContextHolder.getContext().setAuthentication(null);
+ }
+
+ @Test
+ public void testGetResources_Administrator() throws Exception {
+ getResourcesTest(TestAuthenticationFactory.createAdministrator("admin"), "User1");
+ }
@Test
- public void testGetResources() throws Exception {
+ public void testGetResources_NonAdministrator_Self() throws Exception {
+ getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User1");
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testGetResources_NonAdministrator_Other() throws Exception {
+ getResourcesTest(TestAuthenticationFactory.createClusterAdministrator("User1"), "User10");
+ }
+
+ @Test(expected = SystemException.class)
+ public void testCreateResources() throws Exception {
+ Injector injector = createInjector();
+
+ replayAll();
+ // Set the authenticated user to a non-administrator
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("user1"));
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
+ provider.createResources(createNiceMock(Request.class));
+ verifyAll();
+ }
+
+ @Test(expected = SystemException.class)
+ public void testUpdateResources() throws Exception {
+ Injector injector = createInjector();
+
+ replayAll();
+ // Set the authenticated user to a non-administrator
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("user1"));
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
+ provider.updateResources(createNiceMock(Request.class), null);
+ verifyAll();
+ }
+
+ @Test(expected = SystemException.class)
+ public void testDeleteResources() throws Exception {
+ Injector injector = createInjector();
+
+ replayAll();
+ // Set the authenticated user to a non-administrator
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("user1"));
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
+ provider.deleteResources(null);
+ verifyAll();
+ }
+
+ private void getResourcesTest(Authentication authentication, String requestedUsername) throws Exception {
+ Injector injector = createInjector();
Resource clusterResource = createMock(Resource.class);
expect(clusterResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID))
@@ -233,12 +304,20 @@ public class UserAuthorizationResourceProviderTest extends EasyMockSupport {
replayAll();
+ AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class);
+ ambariMetaInfo.init();
+
+ // Set the authenticated user to a administrator
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+
+ UserAuthorizationResourceProvider.init(permissionDAO, resourceTypeDAO);
UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
setClusterController(provider, clusterController);
Predicate predicate = new PredicateBuilder()
- .property(UserAuthorizationResourceProvider.USERNAME_PROPERTY_ID).equals("jdoe")
+ .property(UserAuthorizationResourceProvider.USERNAME_PROPERTY_ID).equals(requestedUsername)
.toPredicate();
Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), predicate);
@@ -288,23 +367,6 @@ public class UserAuthorizationResourceProviderTest extends EasyMockSupport {
verifyAll();
}
- @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
- public void testUpdateResources() throws Exception {
- replayAll();
- AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
- UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
- provider.updateResources(createNiceMock(Request.class), null);
- }
-
- @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
- public void testDeleteResources() throws Exception {
- replayAll();
- AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
- UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
- provider.deleteResources(null);
- }
-
-
private void setClusterController(UserAuthorizationResourceProvider provider, ClusterController clusterController) throws Exception {
Class<?> c = provider.getClass();
Field f = c.getDeclaredField("clusterController");
@@ -312,4 +374,38 @@ public class UserAuthorizationResourceProviderTest extends EasyMockSupport {
f.set(provider, clusterController);
}
+ private Injector createInjector() throws Exception {
+ return Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(ActionDBAccessor.class).toInstance(createNiceMock(ActionDBAccessor.class));
+ bind(ExecutionScheduler.class).toInstance(createNiceMock(ExecutionScheduler.class));
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(AmbariMetaInfo.class).toInstance(createMock(AmbariMetaInfo.class));
+ bind(ActionManager.class).toInstance(createNiceMock(ActionManager.class));
+ bind(org.apache.ambari.server.actionmanager.RequestFactory.class).toInstance(createNiceMock(org.apache.ambari.server.actionmanager.RequestFactory.class));
+ bind(RequestExecutionFactory.class).toInstance(createNiceMock(RequestExecutionFactory.class));
+ bind(StageFactory.class).toInstance(createNiceMock(StageFactory.class));
+ bind(RoleGraphFactory.class).to(RoleGraphFactoryImpl.class);
+ bind(Clusters.class).toInstance(createNiceMock(Clusters.class));
+ bind(AbstractRootServiceResponseFactory.class).toInstance(createNiceMock(AbstractRootServiceResponseFactory.class));
+ bind(StackManagerFactory.class).toInstance(createNiceMock(StackManagerFactory.class));
+ bind(ConfigFactory.class).toInstance(createNiceMock(ConfigFactory.class));
+ bind(ConfigGroupFactory.class).toInstance(createNiceMock(ConfigGroupFactory.class));
+ bind(ServiceFactory.class).toInstance(createNiceMock(ServiceFactory.class));
+ bind(ServiceComponentFactory.class).toInstance(createNiceMock(ServiceComponentFactory.class));
+ bind(ServiceComponentHostFactory.class).toInstance(createNiceMock(ServiceComponentHostFactory.class));
+ bind(PasswordEncoder.class).toInstance(createNiceMock(PasswordEncoder.class));
+ bind(KerberosHelper.class).toInstance(createNiceMock(KerberosHelper.class));
+ bind(Users.class).toInstance(createMock(Users.class));
+ bind(AmbariManagementController.class).to(AmbariManagementControllerImpl.class);
+ bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
+ bind(UserDAO.class).toInstance(createMock(UserDAO.class));
+ bind(ResourceTypeDAO.class).toInstance(createMock(ResourceTypeDAO.class));
+ bind(PermissionDAO.class).toInstance(createMock(PermissionDAO.class));
+ }
+ });
+ }
}