You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mp...@apache.org on 2015/12/14 22:39:59 UTC
ambari git commit: AMBARI-14320. Enforce granular role-based access
control for configuration functions. (mpapirkovskyy)
Repository: ambari
Updated Branches:
refs/heads/trunk 55b84c55b -> 24f0a1ca2
AMBARI-14320. Enforce granular role-based access control for configuration functions. (mpapirkovskyy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/24f0a1ca
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/24f0a1ca
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/24f0a1ca
Branch: refs/heads/trunk
Commit: 24f0a1ca2547b8fb85bb035423187f063336d0e7
Parents: 55b84c5
Author: Myroslav Papirkovskyy <mp...@hortonworks.com>
Authored: Fri Dec 11 12:40:28 2015 +0200
Committer: Myroslav Papirkovskyy <mp...@hortonworks.com>
Committed: Mon Dec 14 23:39:40 2015 +0200
----------------------------------------------------------------------
.../controller/AmbariManagementController.java | 11 ++-
.../AmbariManagementControllerImpl.java | 36 +++++++-
.../internal/ConfigGroupResourceProvider.java | 92 +++++++++++++++++---
.../internal/ConfigurationResourceProvider.java | 16 +++-
.../ServiceConfigVersionResourceProvider.java | 8 +-
.../internal/UpgradeResourceProvider.java | 7 +-
.../authorization/RoleAuthorization.java | 2 +
.../org/apache/ambari/server/state/Cluster.java | 3 +-
.../ambari/server/state/ConfigHelper.java | 62 ++++++-------
.../server/state/cluster/ClusterImpl.java | 6 +-
.../server/state/configgroup/ConfigGroup.java | 3 +
.../server/upgrade/AbstractUpgradeCatalog.java | 15 ++--
.../server/upgrade/UpgradeCatalog230.java | 1 +
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 5 ++
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 5 ++
.../resources/Ambari-DDL-Postgres-CREATE.sql | 5 ++
.../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 5 ++
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 5 ++
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 5 ++
.../ConfigGroupResourceProviderTest.java | 17 +++-
.../ConfigurationResourceProviderTest.java | 10 +++
.../upgrades/UpgradeActionTest.java | 13 +--
.../server/upgrade/UpgradeCatalog211Test.java | 29 +++---
.../server/upgrade/UpgradeCatalog220Test.java | 25 +++---
24 files changed, 284 insertions(+), 102 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
index cb197df..b80488f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
@@ -38,6 +38,7 @@ import org.apache.ambari.server.security.ldap.LdapSyncDto;
import org.apache.ambari.server.stageplanner.RoleGraphFactory;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
+import org.apache.ambari.server.state.Config;
import org.apache.ambari.server.state.ConfigHelper;
import org.apache.ambari.server.state.MaintenanceState;
import org.apache.ambari.server.state.Service;
@@ -96,7 +97,15 @@ public interface AmbariManagementController {
* @throws AmbariException when the configuration cannot be created.
*/
public ConfigurationResponse createConfiguration(ConfigurationRequest request)
- throws AmbariException;
+ throws AmbariException, AuthorizationException;
+
+ /**
+ * Create cluster config
+ * TODO move this method to Cluster? doesn't seem to be on its place
+ * @return config created
+ */
+ Config createConfig(Cluster cluster, String type, Map<String, String> properties,
+ String versionTag, Map<String, Map<String, String>> propertiesAttributes);
/**
* Creates users.
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 2616315..545a25e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -710,7 +710,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
@Override
public synchronized ConfigurationResponse createConfiguration(
- ConfigurationRequest request) throws AmbariException {
+ ConfigurationRequest request) throws AmbariException, AuthorizationException {
if (null == request.getClusterName() || request.getClusterName().isEmpty()
|| null == request.getType() || request.getType().isEmpty()
|| null == request.getProperties()) {
@@ -721,6 +721,34 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
Cluster cluster = clusters.getCluster(request.getClusterName());
+ String configType = request.getType();
+
+ // If the config type is for a service, then allow a user with SERVICE_MODIFY_CONFIGS to
+ // update, else ensure the user has CLUSTER_MODIFY_CONFIGS
+ String service = null;
+
+ try {
+ service = cluster.getServiceForConfigTypes(Collections.singleton(configType));
+ } catch (IllegalArgumentException e) {
+ // Ignore this since we may have hit a config type that spans multiple services. This may
+ // happen in unit test cases but should not happen with later versions of stacks.
+ }
+
+ if(StringUtils.isEmpty(service)) {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ EnumSet.of(RoleAuthorization.CLUSTER_MODIFY_CONFIGS))) {
+ throw new AuthorizationException("The authenticated user does not have authorization " +
+ "to create cluster configurations");
+ }
+ }
+ else {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS))) {
+ throw new AuthorizationException("The authenticated user does not have authorization " +
+ "to create service configurations");
+ }
+ }
+
Map<String, String> requestProperties = request.getProperties();
Map<PropertyInfo.PropertyType, Set<String>> propertiesTypes = cluster.getConfigPropertiesTypes(request.getType());
@@ -740,7 +768,6 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
-
Map<String, Config> configs = cluster.getConfigsByType(
request.getType());
if (null == configs) {
@@ -807,8 +834,9 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
}
}
- private Config createConfig(Cluster cluster, String type, Map<String, String> properties,
- String versionTag, Map<String, Map<String, String>> propertiesAttributes) {
+ @Override
+ public Config createConfig(Cluster cluster, String type, Map<String, String> properties,
+ String versionTag, Map<String, Map<String, String>> propertiesAttributes) {
Config config = configFactory.createNew(cluster, type,
properties, propertiesAttributes);
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
index 14a16c1..2677ec7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
@@ -41,6 +41,10 @@ import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
import org.apache.ambari.server.orm.dao.HostDAO;
import org.apache.ambari.server.orm.entities.HostEntity;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
+import org.apache.ambari.server.security.authorization.ResourceType;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
@@ -54,6 +58,7 @@ import org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -107,6 +112,18 @@ public class ConfigGroupResourceProvider extends
Map<Resource.Type, String> keyPropertyIds,
AmbariManagementController managementController) {
super(propertyIds, keyPropertyIds, managementController);
+
+ EnumSet<RoleAuthorization> manageGroupsAuthSet =
+ EnumSet.of(RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS, RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS);
+
+ setRequiredCreateAuthorizations(manageGroupsAuthSet);
+ setRequiredDeleteAuthorizations(manageGroupsAuthSet);
+ setRequiredUpdateAuthorizations(manageGroupsAuthSet);
+
+
+ setRequiredGetAuthorizations(EnumSet.of(RoleAuthorization.CLUSTER_VIEW_CONFIGS,
+ RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS, RoleAuthorization.SERVICE_VIEW_CONFIGS,
+ RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS, RoleAuthorization.SERVICE_COMPARE_CONFIGS));
}
@Override
@@ -115,7 +132,7 @@ public class ConfigGroupResourceProvider extends
}
@Override
- public RequestStatus createResources(Request request) throws
+ public RequestStatus createResourcesAuthorized(Request request) throws
SystemException, UnsupportedPropertyException,
ResourceAlreadyExistsException, NoSuchParentResourceException {
@@ -129,7 +146,7 @@ public class ConfigGroupResourceProvider extends
}
@Override
- public Set<Resource> getResources(Request request, Predicate predicate) throws
+ public Set<Resource> getResourcesAuthorized(Request request, Predicate predicate) throws
SystemException, UnsupportedPropertyException, NoSuchResourceException,
NoSuchParentResourceException {
@@ -177,7 +194,7 @@ public class ConfigGroupResourceProvider extends
}
@Override
- public RequestStatus updateResources(Request request, Predicate predicate) throws
+ public RequestStatus updateResourcesAuthorized(Request request, Predicate predicate) throws
SystemException, UnsupportedPropertyException,
NoSuchResourceException, NoSuchParentResourceException {
@@ -198,7 +215,7 @@ public class ConfigGroupResourceProvider extends
}
@Override
- public RequestStatus deleteResources(Predicate predicate) throws
+ public RequestStatus deleteResourcesAuthorized(Predicate predicate) throws
SystemException, UnsupportedPropertyException, NoSuchResourceException,
NoSuchParentResourceException {
@@ -207,7 +224,7 @@ public class ConfigGroupResourceProvider extends
modifyResources(new Command<Void>() {
@Override
- public Void invoke() throws AmbariException {
+ public Void invoke() throws AmbariException, AuthorizationException {
deleteConfigGroup(configGroupRequest);
return null;
}
@@ -252,7 +269,7 @@ public class ConfigGroupResourceProvider extends
Set<ConfigGroupResponse> responses =
createResources(new Command<Set<ConfigGroupResponse>>() {
@Override
- public Set<ConfigGroupResponse> invoke() throws AmbariException {
+ public Set<ConfigGroupResponse> invoke() throws AmbariException, AuthorizationException {
return createConfigGroups(requests);
}
});
@@ -275,7 +292,7 @@ public class ConfigGroupResourceProvider extends
modifyResources(new Command<Void>() {
@Override
- public Void invoke() throws AmbariException {
+ public Void invoke() throws AmbariException, AuthorizationException {
updateConfigGroups(requests);
return null;
}
@@ -410,7 +427,7 @@ public class ConfigGroupResourceProvider extends
}
private synchronized void deleteConfigGroup(ConfigGroupRequest request)
- throws AmbariException {
+ throws AmbariException, AuthorizationException {
if (request.getId() == null) {
throw new AmbariException("Config group id is a required field.");
}
@@ -431,6 +448,24 @@ public class ConfigGroupResourceProvider extends
+ ", id = " + request.getId()
+ ", user = " + getManagementController().getAuthName());
+ ConfigGroup configGroup = cluster.getConfigGroups().get(request.getId());
+
+ if (configGroup == null) {
+ throw new ConfigGroupNotFoundException(cluster.getClusterName(), request.getId().toString());
+ }
+
+ if (StringUtils.isEmpty(configGroup.getServiceName())) {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS)) {
+ throw new AuthorizationException("The authenticated user is not authorized to delete config groups");
+ }
+ } else {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS)) {
+ throw new AuthorizationException("The authenticated user is not authorized to delete config groups");
+ }
+ }
+
cluster.deleteConfigGroup(request.getId());
}
@@ -453,7 +488,7 @@ public class ConfigGroupResourceProvider extends
}
private synchronized Set<ConfigGroupResponse> createConfigGroups
- (Set<ConfigGroupRequest> requests) throws AmbariException {
+ (Set<ConfigGroupRequest> requests) throws AmbariException, AuthorizationException {
if (requests.isEmpty()) {
LOG.warn("Received an empty requests set");
@@ -508,15 +543,33 @@ public class ConfigGroupResourceProvider extends
verifyHostList(cluster, hosts, request);
+ String serviceName = null;
+ if (request.getConfigs() != null && !request.getConfigs().isEmpty()) {
+ try {
+ serviceName = cluster.getServiceForConfigTypes(request.getConfigs().keySet());
+ } catch (IllegalArgumentException e) {
+ // Ignore this since we may have hit a config type that spans multiple services. This may
+ // happen in unit test cases but should not happen with later versions of stacks.
+ }
+ }
+
+ if (StringUtils.isEmpty(serviceName)) {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS)) {
+ throw new AuthorizationException("The authenticated user is not authorized to create config groups");
+ }
+ } else {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS)) {
+ throw new AuthorizationException("The authenticated user is not authorized to create config groups");
+ }
+ }
+
ConfigGroup configGroup = configGroupFactory.createNew(cluster,
request.getGroupName(),
request.getTag(), request.getDescription(),
request.getConfigs(), hosts);
- String serviceName = null;
- if (request.getConfigs() != null && !request.getConfigs().isEmpty()) {
- serviceName = cluster.getServiceForConfigTypes(request.getConfigs().keySet());
- }
configGroup.setServiceName(serviceName);
// Persist before add, since id is auto-generated
@@ -546,7 +599,7 @@ public class ConfigGroupResourceProvider extends
return configGroupResponses;
}
- private synchronized void updateConfigGroups (Set<ConfigGroupRequest> requests) throws AmbariException {
+ private synchronized void updateConfigGroups (Set<ConfigGroupRequest> requests) throws AmbariException, AuthorizationException {
if (requests.isEmpty()) {
LOG.warn("Received an empty requests set");
return;
@@ -579,6 +632,17 @@ public class ConfigGroupResourceProvider extends
}
String serviceName = configGroup.getServiceName();
String requestServiceName = cluster.getServiceForConfigTypes(request.getConfigs().keySet());
+ if (StringUtils.isEmpty(serviceName) && StringUtils.isEmpty(requestServiceName)) {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS)) {
+ throw new AuthorizationException("The authenticated user is not authorized to update config groups");
+ }
+ } else {
+ if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
+ RoleAuthorization.SERVICE_MANAGE_CONFIG_GROUPS)) {
+ throw new AuthorizationException("The authenticated user is not authorized to update config groups");
+ }
+ }
if (serviceName != null && requestServiceName !=null && !StringUtils.equals(serviceName, requestServiceName)) {
throw new IllegalArgumentException("Config group " + configGroup.getId() +
" is mapped to service " + serviceName + ", " +
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java
index 4b5ee00..f9d12b5 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProvider.java
@@ -19,6 +19,7 @@
package org.apache.ambari.server.controller.internal;
import java.util.Arrays;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -40,6 +41,8 @@ import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
/**
* Resource provider for configuration resources.
@@ -102,13 +105,20 @@ public class ConfigurationResourceProvider extends
ConfigurationResourceProvider(AmbariManagementController managementController) {
super(PROPERTY_IDS, KEY_PROPERTY_IDS, managementController);
+ EnumSet<RoleAuthorization> createConfigsAuthSet =
+ EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS, RoleAuthorization.CLUSTER_MODIFY_CONFIGS);
+
+ setRequiredCreateAuthorizations(createConfigsAuthSet);
+ //update and delete are not supported for configs
+
+ setRequiredGetAuthorizations(EnumSet.of(RoleAuthorization.CLUSTER_VIEW_CONFIGS));
}
// ----- ResourceProvider --------------------------------------------------
@Override
- public RequestStatus createResources(Request request)
+ public RequestStatus createResourcesAuthorized(Request request)
throws SystemException,
UnsupportedPropertyException,
ResourceAlreadyExistsException,
@@ -147,7 +157,7 @@ public class ConfigurationResourceProvider extends
createResources(new Command<Void>() {
@Override
- public Void invoke() throws AmbariException {
+ public Void invoke() throws AmbariException, AuthorizationException {
getManagementController().createConfiguration(configRequest);
return null;
}
@@ -158,7 +168,7 @@ public class ConfigurationResourceProvider extends
}
@Override
- public Set<Resource> getResources(Request request, Predicate predicate)
+ public Set<Resource> getResourcesAuthorized(Request request, Predicate predicate)
throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
final Set<ConfigurationRequest> requests = new HashSet<ConfigurationRequest>();
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceConfigVersionResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceConfigVersionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceConfigVersionResourceProvider.java
index 6ce904b..beafb1f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceConfigVersionResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ServiceConfigVersionResourceProvider.java
@@ -21,6 +21,7 @@ package org.apache.ambari.server.controller.internal;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
@@ -44,6 +45,7 @@ import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
public class ServiceConfigVersionResourceProvider extends
AbstractControllerResourceProvider {
@@ -113,6 +115,10 @@ public class ServiceConfigVersionResourceProvider extends
ServiceConfigVersionResourceProvider(
AmbariManagementController managementController) {
super(PROPERTY_IDS, KEY_PROPERTY_IDS, managementController);
+
+ setRequiredGetAuthorizations(EnumSet.of(RoleAuthorization.CLUSTER_VIEW_CONFIGS,
+ RoleAuthorization.SERVICE_VIEW_CONFIGS,
+ RoleAuthorization.SERVICE_COMPARE_CONFIGS));
}
@@ -127,7 +133,7 @@ public class ServiceConfigVersionResourceProvider extends
}
@Override
- public Set<Resource> getResources(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+ public Set<Resource> getResourcesAuthorized(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
final Set<ServiceConfigVersionRequest> requests = new HashSet<ServiceConfigVersionRequest>();
for (Map<String, Object> properties : getPropertyMaps(predicate)) {
requests.add(createRequest(properties));
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeResourceProvider.java
index 9c25382..1e59b58 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeResourceProvider.java
@@ -77,6 +77,7 @@ import org.apache.ambari.server.orm.entities.StackEntity;
import org.apache.ambari.server.orm.entities.UpgradeEntity;
import org.apache.ambari.server.orm.entities.UpgradeGroupEntity;
import org.apache.ambari.server.orm.entities.UpgradeItemEntity;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.stack.MasterHostResolver;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
@@ -292,7 +293,7 @@ public class UpgradeResourceProvider extends AbstractControllerResourceProvider
UpgradeEntity entity = createResources(new Command<UpgradeEntity>() {
@Override
- public UpgradeEntity invoke() throws AmbariException {
+ public UpgradeEntity invoke() throws AmbariException, AuthorizationException {
String forceDowngrade = requestInfoProps.get(UpgradeResourceDefinition.DOWNGRADE_DIRECTIVE);
Direction direction = Boolean.parseBoolean(forceDowngrade) ? Direction.DOWNGRADE
@@ -653,7 +654,7 @@ public class UpgradeResourceProvider extends AbstractControllerResourceProvider
}
private UpgradeEntity createUpgrade(Direction direction, UpgradePack pack,
- Map<String, Object> requestMap) throws AmbariException {
+ Map<String, Object> requestMap) throws AmbariException, AuthorizationException {
String clusterName = (String) requestMap.get(UPGRADE_CLUSTER_NAME);
@@ -905,7 +906,7 @@ public class UpgradeResourceProvider extends AbstractControllerResourceProvider
* @throws AmbariException
*/
public void applyStackAndProcessConfigurations(String stackName, Cluster cluster, String version, Direction direction, UpgradePack upgradePack, String userName)
- throws AmbariException {
+ throws AmbariException {
RepositoryVersionEntity targetRve = s_repoVersionDAO.findByStackNameAndVersion(stackName, version);
if (null == targetRve) {
LOG.info("Could not find version entity for {}; not setting new configs", version);
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
index 02eb5b4..795db77 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/RoleAuthorization.java
@@ -40,6 +40,7 @@ public enum RoleAuthorization {
AMBARI_SET_SERVICE_USERS_GROUPS("AMBARI.SET_SERVICE_USERS_GROUPS"),
CLUSTER_MANAGE_CREDENTIALS("CLUSTER.MANAGE_CREDENTIALS"),
CLUSTER_MODIFY_CONFIGS("CLUSTER.MODIFY_CONFIGS"),
+ CLUSTER_MANAGE_CONFIG_GROUPS("CLUSTER.MANAGE_CONFIG_GROUPS"),
CLUSTER_TOGGLE_ALERTS("CLUSTER.TOGGLE_ALERTS"),
CLUSTER_TOGGLE_KERBEROS("CLUSTER.TOGGLE_KERBEROS"),
CLUSTER_UPGRADE_DOWNGRADE_STACK("CLUSTER.UPGRADE_DOWNGRADE_STACK"),
@@ -79,6 +80,7 @@ public enum RoleAuthorization {
CLUSTER_VIEW_METRICS,
CLUSTER_VIEW_STACK_DETAILS,
CLUSTER_MODIFY_CONFIGS,
+ CLUSTER_MANAGE_CONFIG_GROUPS,
CLUSTER_TOGGLE_ALERTS,
CLUSTER_TOGGLE_KERBEROS,
CLUSTER_UPGRADE_DOWNGRADE_STACK);
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java b/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
index 17fc741..3203dff 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
@@ -32,6 +32,7 @@ import org.apache.ambari.server.orm.entities.HostEntity;
import org.apache.ambari.server.orm.entities.HostVersionEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.RepositoryVersionEntity;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.configgroup.ConfigGroup;
import org.apache.ambari.server.state.scheduler.RequestExecution;
@@ -510,7 +511,7 @@ public interface Cluster {
* @param id
* @throws AmbariException
*/
- void deleteConfigGroup(Long id) throws AmbariException;
+ void deleteConfigGroup(Long id) throws AmbariException, AuthorizationException;
/**
* Find all config groups associated with the give hostname
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java
index 57d4db4..83d3a3a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java
@@ -27,12 +27,13 @@ import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.api.services.AmbariMetaInfo;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.AmbariManagementController;
-import org.apache.ambari.server.controller.ConfigurationRequest;
import org.apache.ambari.server.orm.dao.ClusterDAO;
import org.apache.ambari.server.orm.entities.ClusterConfigEntity;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.PropertyInfo.PropertyType;
import org.apache.ambari.server.state.configgroup.ConfigGroup;
import org.apache.ambari.server.upgrade.UpgradeCatalog170;
+import org.apache.ambari.server.utils.SecretReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -726,23 +727,9 @@ public class ConfigHelper {
String serviceVersionNote) throws AmbariException {
String tag = "version1";
- if (cluster.getConfigsByType(configType) != null) {
- tag = "version" + System.currentTimeMillis();
- }
-
- // update the configuration
- ConfigurationRequest configurationRequest = new ConfigurationRequest();
- configurationRequest.setClusterName(cluster.getClusterName());
- configurationRequest.setVersionTag(tag);
- configurationRequest.setType(configType);
- configurationRequest.setProperties(properties);
- configurationRequest.setPropertiesAttributes(propertyAttributes);
- configurationRequest.setServiceConfigVersionNote(serviceVersionNote);
- controller.createConfiguration(configurationRequest);
// create the configuration history entry
- Config baseConfig = cluster.getConfig(configurationRequest.getType(),
- configurationRequest.getVersionTag());
+ Config baseConfig = createConfig(cluster, controller, configType, tag, properties, propertyAttributes);
if (baseConfig != null) {
cluster.addDesiredConfig(authenticatedUserName,
@@ -797,22 +784,10 @@ public class ConfigHelper {
for (Map.Entry<String, Map<String, String>> entry : batchProperties.entrySet()) {
String type = entry.getKey();
String tag = "version1";
+ Map<String, String> properties = entry.getValue();
- if (cluster.getConfigsByType(type) != null) {
- tag = "version" + System.currentTimeMillis();
- }
-
- // create the configuration
- ConfigurationRequest configurationRequest = new ConfigurationRequest();
- configurationRequest.setClusterName(cluster.getClusterName());
- configurationRequest.setVersionTag(tag);
- configurationRequest.setType(type);
- configurationRequest.setProperties(entry.getValue());
- configurationRequest.setServiceConfigVersionNote(serviceVersionNote);
- controller.createConfiguration(configurationRequest);
-
- Config baseConfig = cluster.getConfig(configurationRequest.getType(),
- configurationRequest.getVersionTag());
+ Config baseConfig = createConfig(cluster, controller, type, tag, properties,
+ Collections.<String, Map<String,String>>emptyMap());
if (null != baseConfig) {
try {
@@ -837,6 +812,31 @@ public class ConfigHelper {
}
+ Config createConfig(Cluster cluster, AmbariManagementController controller, String type, String tag,
+ Map<String, String> properties, Map<String, Map<String, String>> propertyAttributes) throws AmbariException {
+ if (cluster.getConfigsByType(type) != null) {
+ tag = "version" + System.currentTimeMillis();
+ }
+
+ Map<PropertyType, Set<String>> propertiesTypes = cluster.getConfigPropertiesTypes(type);
+ if(propertiesTypes.containsKey(PropertyType.PASSWORD)) {
+ for(String passwordProperty : propertiesTypes.get(PropertyType.PASSWORD)) {
+ if(properties.containsKey(passwordProperty)) {
+ String passwordPropertyValue = properties.get(passwordProperty);
+ if (!SecretReference.isSecret(passwordPropertyValue)) {
+ continue;
+ }
+ SecretReference ref = new SecretReference(passwordPropertyValue, cluster);
+ String refValue = ref.getValue();
+ properties.put(passwordProperty, refValue);
+ }
+ }
+ }
+
+ return controller.createConfig(cluster, type, properties, tag, propertyAttributes);
+ }
+
+
/**
* Since global configs are deprecated since 1.7.0, but still supported.
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
index 9820da4..b2a8485 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
@@ -90,7 +90,10 @@ import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.ServiceConfigEntity;
import org.apache.ambari.server.orm.entities.StackEntity;
import org.apache.ambari.server.orm.entities.TopologyRequestEntity;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.security.authorization.AuthorizationHelper;
+import org.apache.ambari.server.security.authorization.ResourceType;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.ClusterHealthReport;
import org.apache.ambari.server.state.Clusters;
@@ -579,7 +582,7 @@ public class ClusterImpl implements Cluster {
}
@Override
- public void deleteConfigGroup(Long id) throws AmbariException {
+ public void deleteConfigGroup(Long id) throws AmbariException, AuthorizationException {
loadConfigGroups();
clusterGlobalLock.writeLock().lock();
try {
@@ -587,6 +590,7 @@ public class ClusterImpl implements Cluster {
if (configGroup == null) {
throw new ConfigGroupNotFoundException(getClusterName(), id.toString());
}
+
LOG.debug("Deleting Config group" + ", clusterName = " + getClusterName()
+ ", groupName = " + configGroup.getName() + ", groupId = "
+ configGroup.getId() + ", tag = " + configGroup.getTag());
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/state/configgroup/ConfigGroup.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/configgroup/ConfigGroup.java b/ambari-server/src/main/java/org/apache/ambari/server/state/configgroup/ConfigGroup.java
index 7ed7ba5..1b29c9b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/configgroup/ConfigGroup.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/configgroup/ConfigGroup.java
@@ -152,6 +152,9 @@ public interface ConfigGroup {
*/
public void removeHost(Long hostId) throws AmbariException;
+ /**
+ * Name of service which config group is wired to
+ */
String getServiceName();
void setServiceName(String serviceName);
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
index 7cbdd33..8489486 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
@@ -462,17 +462,16 @@ public abstract class AbstractUpgradeCatalog implements UpgradeCatalog {
LOG.info("Applying configuration with tag '{}' to " +
"cluster '{}'", newTag, cluster.getClusterName());
- ConfigurationRequest cr = new ConfigurationRequest();
- cr.setClusterName(cluster.getClusterName());
- cr.setVersionTag(newTag);
- cr.setType(configType);
- cr.setProperties(mergedProperties);
+ Map<String, Map<String, String>> propertiesAttributes;
if (oldConfig != null) {
- cr.setPropertiesAttributes(oldConfig.getPropertiesAttributes());
+ propertiesAttributes = oldConfig.getPropertiesAttributes();
+ } else {
+ propertiesAttributes = Collections.emptyMap();
}
- controller.createConfiguration(cr);
- Config baseConfig = cluster.getConfig(cr.getType(), cr.getVersionTag());
+ controller.createConfig(cluster, configType, mergedProperties, newTag, propertiesAttributes);
+
+ Config baseConfig = cluster.getConfig(configType, newTag);
if (baseConfig != null) {
String authName = AUTHENTICATED_USER_NAME;
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
index ee2b9b1..57eafa6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog230.java
@@ -273,6 +273,7 @@ public class UpgradeCatalog230 extends AbstractUpgradeCatalog {
map.put("SERVICE.RUN_CUSTOM_COMMAND", serviceOperatorAndUp);
map.put("SERVICE.MODIFY_CONFIGS", serviceAdministratorAndUp);
map.put("SERVICE.MANAGE_CONFIG_GROUPS", serviceAdministratorAndUp);
+ map.put("CLUSTER.MANAGE_CONFIG_GROUPS", serviceAdministratorAndUp);
map.put("SERVICE.MOVE", serviceAdministratorAndUp);
map.put("SERVICE.ENABLE_HA", serviceAdministratorAndUp);
map.put("SERVICE.TOGGLE_ALERTS", serviceAdministratorAndUp);
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index 788c2a7..4a980ec 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -1049,6 +1049,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name)
SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+ SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
@@ -1127,6 +1128,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
-- Set authorizations for Cluster Operator role
@@ -1156,6 +1158,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
-- Set authorizations for Cluster Administrator role
@@ -1189,6 +1192,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
@@ -1225,6 +1229,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index ae560d9..60bbd30 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -1041,6 +1041,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name)
SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' FROM dual UNION ALL
SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' from dual UNION ALL
SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' from dual UNION ALL
+ SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' from dual UNION ALL
SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' FROM dual UNION ALL
SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' FROM dual UNION ALL
SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' FROM dual UNION ALL
@@ -1119,6 +1120,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
-- Set authorizations for Cluster Operator role
@@ -1148,6 +1150,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
-- Set authorizations for Cluster Administrator role
@@ -1181,6 +1184,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
@@ -1217,6 +1221,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index 155a6a7..f1fb358 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -1085,6 +1085,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name)
SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+ SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
@@ -1163,6 +1164,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
-- Set authorizations for Cluster Operator role
@@ -1192,6 +1194,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
-- Set authorizations for Cluster Administrator role
@@ -1225,6 +1228,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
@@ -1261,6 +1265,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index 4c20767..1d9cc71 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -1183,6 +1183,7 @@ INSERT INTO ambari.roleauthorization(authorization_id, authorization_name)
SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+ SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
@@ -1261,6 +1262,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
-- Set authorizations for Cluster Operator role
@@ -1290,6 +1292,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR';
-- Set authorizations for Cluster Administrator role
@@ -1323,6 +1326,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
@@ -1359,6 +1363,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
index dc08960..55846c0 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
@@ -1037,6 +1037,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+ SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
@@ -1115,6 +1116,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
-- Set authorizations for Cluster Operator role
@@ -1144,6 +1146,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
-- Set authorizations for Cluster Administrator role
@@ -1177,6 +1180,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
@@ -1213,6 +1217,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
index 10b1ac6..9f289bc 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
@@ -1146,6 +1146,7 @@ BEGIN TRANSACTION
SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+ SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
@@ -1224,6 +1225,7 @@ BEGIN TRANSACTION
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
-- Set authorizations for Cluster Operator role
@@ -1253,6 +1255,7 @@ BEGIN TRANSACTION
SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
-- Set authorizations for Cluster Administrator role
@@ -1288,6 +1291,7 @@ BEGIN TRANSACTION
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
-- Set authorizations for Administrator role
@@ -1322,6 +1326,7 @@ BEGIN TRANSACTION
SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
index 4bf3f15..5b9785e 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProviderTest.java
@@ -38,6 +38,7 @@ import org.apache.ambari.server.controller.utilities.PropertyHelper;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.orm.dao.HostDAO;
import org.apache.ambari.server.orm.entities.HostEntity;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
@@ -49,10 +50,13 @@ import org.easymock.Capture;
import org.easymock.IAnswer;
import org.junit.Assert;
import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
+import org.springframework.security.core.context.SecurityContextHolder;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
@@ -80,6 +84,12 @@ public class ConfigGroupResourceProviderTest {
private HostDAO hostDAO = null;
+ @BeforeClass
+ public static void setupAuthentication() {
+ // Set authenticated user so that authorization checks will pass
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+ }
+
@Before
public void setup() throws Exception {
hostDAO = createStrictMock(HostDAO.class);
@@ -687,13 +697,16 @@ public class ConfigGroupResourceProviderTest {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
Clusters clusters = createNiceMock(Clusters.class);
Cluster cluster = createNiceMock(Cluster.class);
+ ConfigGroup configGroup = createNiceMock(ConfigGroup.class);
expect(managementController.getAuthName()).andReturn("admin").anyTimes();
expect(managementController.getClusters()).andReturn(clusters).anyTimes();
expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
+ expect(cluster.getConfigGroups()).andReturn(Collections.singletonMap(1L, configGroup));
+
cluster.deleteConfigGroup(1L);
- replay(managementController, clusters, cluster);
+ replay(managementController, clusters, cluster, configGroup);
ResourceProvider resourceProvider = getConfigGroupResourceProvider
(managementController);
@@ -716,7 +729,7 @@ public class ConfigGroupResourceProviderTest {
Assert.assertEquals(predicate, lastEvent.getPredicate());
Assert.assertNull(lastEvent.getRequest());
- verify(managementController, clusters, cluster);
+ verify(managementController, clusters, cluster, configGroup);
}
@Test
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProviderTest.java
index 8d4dc9b..6f7db80 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ConfigurationResourceProviderTest.java
@@ -46,15 +46,25 @@ import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.controller.spi.ResourceProvider;
import org.apache.ambari.server.controller.utilities.PredicateBuilder;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
import org.apache.ambari.server.state.StackId;
import org.easymock.Capture;
import org.junit.Assert;
+import org.junit.BeforeClass;
import org.junit.Test;
+import org.springframework.security.core.context.SecurityContextHolder;
/**
* Tests for the configuration resource provider.
*/
public class ConfigurationResourceProviderTest {
+
+ @BeforeClass
+ public static void setupAuthentication() {
+ // Set authenticated user so that authorization checks will pass
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+ }
+
@Test
public void testCreateResources() throws Exception {
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeActionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeActionTest.java
index 520959c..7a1958f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeActionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/UpgradeActionTest.java
@@ -401,21 +401,16 @@ public class UpgradeActionTest {
action.setExecutionCommand(executionCommand);
action.setHostRoleCommand(hostRoleCommand);
+ List<ServiceConfigVersionResponse> configVersionsBefore = cluster.getServiceConfigVersions();
+
CommandReport report = action.execute(null);
assertNotNull(report);
assertEquals(HostRoleStatus.COMPLETED.name(), report.getStatus());
List<ServiceConfigVersionResponse> configVersionsAfter = cluster.getServiceConfigVersions();
Assert.assertFalse(configVersionsAfter.isEmpty());
- boolean atLeastOneCreated = false;
- for (ServiceConfigVersionResponse configResponse : configVersionsAfter) {
- if (configResponse.getIsCurrent() && configResponse.getVersion() > 1L && configResponse.getUserName().equals(userName)) {
- atLeastOneCreated = true;
- break;
- }
- }
- // The user should have created at least one version.
- Assert.assertTrue(atLeastOneCreated);
+
+ assertTrue(configVersionsAfter.size() - configVersionsBefore.size() >= 1);
}
@Test
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog211Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog211Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog211Test.java
index b692368..616d37f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog211Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog211Test.java
@@ -18,11 +18,6 @@
package org.apache.ambari.server.upgrade;
-import static org.easymock.EasyMock.anyObject;
-import static org.easymock.EasyMock.capture;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.sql.Connection;
@@ -40,7 +35,6 @@ import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.configuration.Configuration.DatabaseType;
import org.apache.ambari.server.controller.AmbariManagementController;
import org.apache.ambari.server.controller.ConfigurationRequest;
-import org.apache.ambari.server.controller.ConfigurationResponse;
import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
@@ -62,6 +56,12 @@ import com.google.inject.Module;
import com.google.inject.Provider;
import com.google.inject.persist.PersistService;
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.expectLastCall;
+import static org.easymock.EasyMock.capture;
+import static org.easymock.EasyMock.newCapture;
+
/**
* {@link UpgradeCatalog211} unit tests.
@@ -260,8 +260,16 @@ public class UpgradeCatalog211Test extends EasyMockSupport {
.once();
Capture<ConfigurationRequest> captureCR = new Capture<ConfigurationRequest>();
- expect(controller.createConfiguration(capture(captureCR)))
- .andReturn(createNiceMock(ConfigurationResponse.class))
+ Capture<Cluster> clusterCapture = newCapture();
+ Capture<String> typeCapture = newCapture();
+ Capture<Map> propertiesCapture = newCapture();
+ Capture<String> tagCapture = newCapture();
+ Capture<Map> attributesCapture = newCapture();
+
+
+ expect(controller.createConfig(capture(clusterCapture), capture(typeCapture),
+ capture(propertiesCapture), capture(tagCapture), capture(attributesCapture) ))
+ .andReturn(createNiceMock(Config.class))
.once();
/* ****
@@ -274,10 +282,7 @@ public class UpgradeCatalog211Test extends EasyMockSupport {
verifyAll();
- ConfigurationRequest capturedCR = captureCR.getValue();
- Assert.assertNotNull(capturedCR);
-
- Map<String, String> capturedCRProperties = capturedCR.getProperties();
+ Map<String, String> capturedCRProperties = propertiesCapture.getValue();
Assert.assertNotNull(capturedCRProperties);
Assert.assertFalse(capturedCRProperties.containsKey("create_attributes_template"));
Assert.assertTrue(capturedCRProperties.containsKey("ad_create_attributes_template"));
http://git-wip-us.apache.org/repos/asf/ambari/blob/24f0a1ca/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
index c68ff0e..896011a 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
@@ -98,6 +98,7 @@ import static junit.framework.Assert.assertNotNull;
import static junit.framework.Assert.assertNull;
import static org.easymock.EasyMock.anyLong;
import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.anyString;
import static org.easymock.EasyMock.capture;
import static org.easymock.EasyMock.createMockBuilder;
import static org.easymock.EasyMock.createNiceMock;
@@ -681,23 +682,23 @@ public class UpgradeCatalog220Test {
AmbariManagementControllerImpl controller = createMockBuilder(AmbariManagementControllerImpl.class)
.addMockedMethod("createConfiguration")
.addMockedMethod("getClusters", new Class[] { })
+ .addMockedMethod("createConfig")
.withConstructor(createNiceMock(ActionManager.class), clusters, injector)
.createNiceMock();
Injector injector2 = easyMockSupport.createNiceMock(Injector.class);
- Capture<ConfigurationRequest> configurationRequestCapture = EasyMock.newCapture();
- ConfigurationResponse configurationResponseMock = easyMockSupport.createMock(ConfigurationResponse.class);
+ Capture<Map> propertiesCapture = EasyMock.newCapture();
expect(injector2.getInstance(AmbariManagementController.class)).andReturn(controller).anyTimes();
expect(controller.getClusters()).andReturn(clusters).anyTimes();
- expect(controller.createConfiguration(capture(configurationRequestCapture))).andReturn(configurationResponseMock).once();
+ expect(controller.createConfig(anyObject(Cluster.class), anyString(), capture(propertiesCapture), anyString(),
+ anyObject(Map.class))).andReturn(createNiceMock(Config.class)).once();
- replay(controller, injector2, configurationResponseMock);
+ replay(controller, injector2);
new UpgradeCatalog220(injector2).updateAMSConfigs();
easyMockSupport.verifyAll();
- ConfigurationRequest configurationRequest = configurationRequestCapture.getValue();
- Map<String, String> updatedProperties = configurationRequest.getProperties();
+ Map<String, String> updatedProperties = propertiesCapture.getValue();
assertTrue(Maps.difference(newPropertiesAmsSite, updatedProperties).areEqual());
}
@@ -742,23 +743,23 @@ public class UpgradeCatalog220Test {
AmbariManagementControllerImpl controller = createMockBuilder(AmbariManagementControllerImpl.class)
.addMockedMethod("createConfiguration")
.addMockedMethod("getClusters", new Class[] { })
+ .addMockedMethod("createConfig")
.withConstructor(createNiceMock(ActionManager.class), clusters, injector)
.createNiceMock();
Injector injector2 = easyMockSupport.createNiceMock(Injector.class);
- Capture<ConfigurationRequest> configurationRequestCapture = EasyMock.newCapture();
- ConfigurationResponse configurationResponseMock = easyMockSupport.createMock(ConfigurationResponse.class);
+ Capture<Map> propertiesCapture = EasyMock.newCapture();
expect(injector2.getInstance(AmbariManagementController.class)).andReturn(controller).anyTimes();
expect(controller.getClusters()).andReturn(clusters).anyTimes();
- expect(controller.createConfiguration(capture(configurationRequestCapture))).andReturn(configurationResponseMock).once();
+ expect(controller.createConfig(anyObject(Cluster.class), anyString(), capture(propertiesCapture), anyString(),
+ anyObject(Map.class))).andReturn(createNiceMock(Config.class)).once();
- replay(controller, injector2, configurationResponseMock);
+ replay(controller, injector2);
new UpgradeCatalog220(injector2).updateAMSConfigs();
easyMockSupport.verifyAll();
- ConfigurationRequest configurationRequest = configurationRequestCapture.getValue();
- Map<String, String> updatedProperties = configurationRequest.getProperties();
+ Map<String, String> updatedProperties = propertiesCapture.getValue();
assertTrue(Maps.difference(newPropertiesAmsSite, updatedProperties).areEqual());
}