You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/12/04 00:47:12 UTC
[1/2] ambari git commit: AMBARI-14072. Enforce granular role-based
access control for cluster functions (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk e62e8eaa3 -> 19194e0b2
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
index 84de604..827f979 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
@@ -30,6 +30,8 @@ import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.controller.spi.ResourceProvider;
import org.apache.ambari.server.controller.utilities.PredicateBuilder;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.SecurityType;
import org.apache.ambari.server.state.State;
@@ -48,6 +50,8 @@ import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import java.util.ArrayList;
import java.util.Collection;
@@ -108,6 +112,9 @@ public class ClusterResourceProviderTest {
public void tearDown() {
reset(request, topologyManager, topologyFactory, topologyRequest, blueprintFactory, securityFactory,
requestStatusResponse, blueprint);
+
+ // Clear the security context
+ SecurityContextHolder.getContext().setAuthentication(null);
}
private void replayAll() {
@@ -121,29 +128,13 @@ public class ClusterResourceProviderTest {
}
@Test
- public void testCreateResource_blueprint() throws Exception {
- Set<Map<String, Object>> requestProperties = createBlueprintRequestProperties(CLUSTER_NAME, BLUEPRINT_NAME);
- Map<String, Object> properties = requestProperties.iterator().next();
- Map<String, String> requestInfoProperties = new HashMap<String, String>();
- requestInfoProperties.put(Request.REQUEST_INFO_BODY_PROPERTY, "{}");
-
- // set expectations
- expect(request.getProperties()).andReturn(requestProperties).anyTimes();
- expect(request.getRequestInfoProperties()).andReturn(requestInfoProperties).anyTimes();
-
- expect(securityFactory.createSecurityConfigurationFromRequest(anyObject(HashMap.class), anyBoolean())).andReturn(null)
- .once();
- expect(topologyFactory.createProvisionClusterRequest(properties, null)).andReturn(topologyRequest).once();
- expect(topologyManager.provisionCluster(topologyRequest)).andReturn(requestStatusResponse).once();
- expect(requestStatusResponse.getRequestId()).andReturn(5150L).anyTimes();
-
- replayAll();
- RequestStatus requestStatus = provider.createResources(request);
- assertEquals(5150L, requestStatus.getRequestResource().getPropertyValue(PropertyHelper.getPropertyId("Requests", "id")));
- assertEquals(Resource.Type.Request, requestStatus.getRequestResource().getType());
- assertEquals("Accepted", requestStatus.getRequestResource().getPropertyValue(PropertyHelper.getPropertyId("Requests", "status")));
+ public void testCreateResource_blueprint_asAdministrator() throws Exception {
+ testCreateResource_blueprint(TestAuthenticationFactory.createAdministrator("admin"));
+ }
- verifyAll();
+ @Test(expected = AuthorizationException.class)
+ public void testCreateResource_blueprint__NonAdministrator() throws Exception {
+ testCreateResource_blueprint(TestAuthenticationFactory.createClusterAdministrator("User1"));
}
@Test(expected = IllegalArgumentException.class)
@@ -169,6 +160,7 @@ public class ClusterResourceProviderTest {
expect(requestStatusResponse.getRequestId()).andReturn(5150L).anyTimes();
replayAll();
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
RequestStatus requestStatus = provider.createResources(request);
}
@@ -193,6 +185,7 @@ public class ClusterResourceProviderTest {
expect(requestStatusResponse.getRequestId()).andReturn(5150L).anyTimes();
replayAll();
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
RequestStatus requestStatus = provider.createResources(request);
assertEquals(5150L, requestStatus.getRequestResource().getPropertyValue(PropertyHelper.getPropertyId("Requests", "id")));
assertEquals(Resource.Type.Request, requestStatus.getRequestResource().getType());
@@ -213,73 +206,18 @@ public class ClusterResourceProviderTest {
("test"));
replayAll();
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
provider.createResources(request);
}
@Test
- public void testCreateResources() throws Exception{
- Resource.Type type = Resource.Type.Cluster;
-
- AmbariManagementController managementController = createMock(AmbariManagementController.class);
- RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
-
- managementController.createCluster(
- AbstractResourceProviderTest.Matcher.getClusterRequest(null, "Cluster100", "HDP-0.1", null));
- managementController.createCluster(
- AbstractResourceProviderTest.Matcher.getClusterRequest(99L, null, "HDP-0.1", null));
-
- // replay
- replay(managementController, response);
-
- ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
- type,
- PropertyHelper.getPropertyIds(type),
- PropertyHelper.getKeyPropertyIds(type),
- managementController);
-
- AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
-
- ((ObservableResourceProvider)provider).addObserver(observer);
-
- // add the property map to a set for the request. add more maps for multiple creates
- Set<Map<String, Object>> propertySet = new LinkedHashSet<Map<String, Object>>();
-
- // Cluster 1: create a map of properties for the request
- Map<String, Object> properties = new LinkedHashMap<String, Object>();
-
- // add the cluster name to the properties map
- properties.put(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID, "Cluster100");
-
- // add the version to the properties map
- properties.put(ClusterResourceProvider.CLUSTER_VERSION_PROPERTY_ID, "HDP-0.1");
-
- propertySet.add(properties);
-
- // Cluster 2: create a map of properties for the request
- properties = new LinkedHashMap<String, Object>();
-
- // add the cluster id to the properties map
- properties.put(ClusterResourceProvider.CLUSTER_ID_PROPERTY_ID, 99L);
-
- // add the version to the properties map
- properties.put(ClusterResourceProvider.CLUSTER_VERSION_PROPERTY_ID, "HDP-0.1");
-
- propertySet.add(properties);
-
- // create the request
- Request request = PropertyHelper.getCreateRequest(propertySet, null);
-
- provider.createResources(request);
-
- ResourceProviderEvent lastEvent = observer.getLastEvent();
- Assert.assertNotNull(lastEvent);
- Assert.assertEquals(Resource.Type.Cluster, lastEvent.getResourceType());
- Assert.assertEquals(ResourceProviderEvent.Type.Create, lastEvent.getType());
- Assert.assertEquals(request, lastEvent.getRequest());
- Assert.assertNull(lastEvent.getPredicate());
+ public void testCreateResourcesAsAdministrator() throws Exception{
+ testCreateResources(TestAuthenticationFactory.createAdministrator("admin"));
+ }
- // verify
- verify(managementController, response);
+ @Test(expected = AuthorizationException.class)
+ public void testCreateResourcesAsNonAdministrator() throws Exception{
+ testCreateResources(TestAuthenticationFactory.createClusterAdministrator("User1"));
}
@Test
@@ -297,6 +235,8 @@ public class ClusterResourceProviderTest {
// replay
replay(managementController, response);
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
+
ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
type,
PropertyHelper.getPropertyIds(type),
@@ -341,7 +281,16 @@ public class ClusterResourceProviderTest {
}
@Test
- public void testGetResources() throws Exception{
+ public void testGetResourcesAsAdministrator() throws Exception{
+ testGetResources(TestAuthenticationFactory.createAdministrator("admin"));
+ }
+
+ @Test
+ public void testGetResourcesAsNonAdministrator() throws Exception{
+ testGetResources(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
+
+ public void testGetResources(Authentication authentication) throws Exception{
Resource.Type type = Resource.Type.Cluster;
AmbariManagementController managementController = createMock(AmbariManagementController.class);
@@ -369,15 +318,11 @@ public class ClusterResourceProviderTest {
expect(managementController.getClusters()).andReturn(clusters).anyTimes();
- expect(clusters.checkPermission("Cluster100", true)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster101", true)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster102", true)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster103", true)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster104", true)).andReturn(false).anyTimes();
-
// replay
replay(managementController, clusters);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
type,
PropertyHelper.getPropertyIds(type),
@@ -395,7 +340,7 @@ public class ClusterResourceProviderTest {
// get all ... no predicate
Set<Resource> resources = provider.getResources(request, null);
- Assert.assertEquals(4, resources.size());
+ Assert.assertEquals(5, resources.size());
for (Resource resource : resources) {
Long id = (Long) resource.getPropertyValue(ClusterResourceProvider.CLUSTER_ID_PROPERTY_ID);
String name = (String) resource.getPropertyValue(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID);
@@ -430,7 +375,181 @@ public class ClusterResourceProviderTest {
}
@Test
- public void testUpdateResources() throws Exception{
+ public void testUpdateResourcesAsAdministrator() throws Exception{
+ testUpdateResources(TestAuthenticationFactory.createAdministrator("admin"));
+ }
+
+ @Test
+ public void testUpdateResourcesAsClusterAdministrator() throws Exception{
+ testUpdateResources(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateResourcesAsServiceAdministrator() throws Exception {
+ testUpdateResources(TestAuthenticationFactory.createServiceAdministrator("User10"));
+ }
+
+ @Test
+ public void testUpdateWithConfigurationAsAdministrator() throws Exception {
+ testUpdateWithConfiguration(TestAuthenticationFactory.createAdministrator("admin"));
+ }
+
+ @Test
+ public void testUpdateWithConfigurationAsClusterAdministrator() throws Exception {
+ testUpdateWithConfiguration(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testUpdateWithConfigurationAsServiceAdministrator() throws Exception {
+ testUpdateWithConfiguration(TestAuthenticationFactory.createServiceAdministrator("User10"));
+ }
+
+ @Test
+ public void testDeleteResourcesAsAdministrator() throws Exception{
+ testDeleteResources(TestAuthenticationFactory.createAdministrator("admin"));
+ }
+
+ @Test(expected = AuthorizationException.class)
+ public void testDeleteResourcesAsNonAdministrator() throws Exception{
+ testDeleteResources(TestAuthenticationFactory.createClusterAdministrator("User1"));
+ }
+
+ //todo: configuration properties are not being added to props
+ private Set<Map<String, Object>> createBlueprintRequestProperties(String clusterName, String blueprintName) {
+ Set<Map<String, Object>> propertySet = new LinkedHashSet<Map<String, Object>>();
+ Map<String, Object> properties = new LinkedHashMap<String, Object>();
+
+ properties.put(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID, clusterName);
+ properties.put(ClusterResourceProvider.BLUEPRINT_PROPERTY_ID, blueprintName);
+ propertySet.add(properties);
+
+ Collection<Map<String, Object>> hostGroups = new ArrayList<Map<String, Object>>();
+ Map<String, Object> hostGroupProperties = new HashMap<String, Object>();
+ hostGroups.add(hostGroupProperties);
+ hostGroupProperties.put("name", "group1");
+ Collection<Map<String, String>> hostGroupHosts = new ArrayList<Map<String, String>>();
+ hostGroupProperties.put("hosts", hostGroupHosts);
+ Map<String, String> hostGroupHostProperties = new HashMap<String, String>();
+ hostGroupHostProperties.put("fqdn", "host.domain");
+ hostGroupHosts.add(hostGroupHostProperties);
+ properties.put("host_groups", hostGroups);
+
+ Map<String, String> mapGroupConfigProperties = new HashMap<String, String>();
+ mapGroupConfigProperties.put("myGroupProp", "awesomeValue");
+
+ // blueprint core-site cluster configuration properties
+ Map<String, String> blueprintCoreConfigProperties = new HashMap<String, String>();
+ blueprintCoreConfigProperties.put("property1", "value2");
+ blueprintCoreConfigProperties.put("new.property", "new.property.value");
+
+ Map<String, String> blueprintGlobalConfigProperties = new HashMap<String, String>();
+ blueprintGlobalConfigProperties.put("hive_database", "New MySQL Database");
+
+ Map<String, String> oozieEnvConfigProperties = new HashMap<String, String>();
+ oozieEnvConfigProperties.put("property1","value2");
+ Map<String, String> hbaseEnvConfigProperties = new HashMap<String, String>();
+ hbaseEnvConfigProperties.put("property1","value2");
+ Map<String, String> falconEnvConfigProperties = new HashMap<String, String>();
+ falconEnvConfigProperties.put("property1","value2");
+
+ return propertySet;
+ }
+
+ private void testCreateResource_blueprint(Authentication authentication) throws Exception {
+ Set<Map<String, Object>> requestProperties = createBlueprintRequestProperties(CLUSTER_NAME, BLUEPRINT_NAME);
+ Map<String, Object> properties = requestProperties.iterator().next();
+ Map<String, String> requestInfoProperties = new HashMap<String, String>();
+ requestInfoProperties.put(Request.REQUEST_INFO_BODY_PROPERTY, "{}");
+
+ // set expectations
+ expect(request.getProperties()).andReturn(requestProperties).anyTimes();
+ expect(request.getRequestInfoProperties()).andReturn(requestInfoProperties).anyTimes();
+
+ expect(securityFactory.createSecurityConfigurationFromRequest(anyObject(HashMap.class), anyBoolean())).andReturn(null)
+ .once();
+ expect(topologyFactory.createProvisionClusterRequest(properties, null)).andReturn(topologyRequest).once();
+ expect(topologyManager.provisionCluster(topologyRequest)).andReturn(requestStatusResponse).once();
+ expect(requestStatusResponse.getRequestId()).andReturn(5150L).anyTimes();
+
+ replayAll();
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ RequestStatus requestStatus = provider.createResources(request);
+ assertEquals(5150L, requestStatus.getRequestResource().getPropertyValue(PropertyHelper.getPropertyId("Requests", "id")));
+ assertEquals(Resource.Type.Request, requestStatus.getRequestResource().getType());
+ assertEquals("Accepted", requestStatus.getRequestResource().getPropertyValue(PropertyHelper.getPropertyId("Requests", "status")));
+
+ verifyAll();
+ }
+
+ private void testCreateResources(Authentication authentication) throws Exception{
+ Resource.Type type = Resource.Type.Cluster;
+
+ AmbariManagementController managementController = createMock(AmbariManagementController.class);
+ RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
+
+ managementController.createCluster(
+ AbstractResourceProviderTest.Matcher.getClusterRequest(null, "Cluster100", "HDP-0.1", null));
+ managementController.createCluster(
+ AbstractResourceProviderTest.Matcher.getClusterRequest(99L, null, "HDP-0.1", null));
+
+ // replay
+ replay(managementController, response);
+
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
+ ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+ type,
+ PropertyHelper.getPropertyIds(type),
+ PropertyHelper.getKeyPropertyIds(type),
+ managementController);
+
+ AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
+
+ ((ObservableResourceProvider)provider).addObserver(observer);
+
+ // add the property map to a set for the request. add more maps for multiple creates
+ Set<Map<String, Object>> propertySet = new LinkedHashSet<Map<String, Object>>();
+
+ // Cluster 1: create a map of properties for the request
+ Map<String, Object> properties = new LinkedHashMap<String, Object>();
+
+ // add the cluster name to the properties map
+ properties.put(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID, "Cluster100");
+
+ // add the version to the properties map
+ properties.put(ClusterResourceProvider.CLUSTER_VERSION_PROPERTY_ID, "HDP-0.1");
+
+ propertySet.add(properties);
+
+ // Cluster 2: create a map of properties for the request
+ properties = new LinkedHashMap<String, Object>();
+
+ // add the cluster id to the properties map
+ properties.put(ClusterResourceProvider.CLUSTER_ID_PROPERTY_ID, 99L);
+
+ // add the version to the properties map
+ properties.put(ClusterResourceProvider.CLUSTER_VERSION_PROPERTY_ID, "HDP-0.1");
+
+ propertySet.add(properties);
+
+ // create the request
+ Request request = PropertyHelper.getCreateRequest(propertySet, null);
+
+ provider.createResources(request);
+
+ ResourceProviderEvent lastEvent = observer.getLastEvent();
+ Assert.assertNotNull(lastEvent);
+ Assert.assertEquals(Resource.Type.Cluster, lastEvent.getResourceType());
+ Assert.assertEquals(ResourceProviderEvent.Type.Create, lastEvent.getType());
+ Assert.assertEquals(request, lastEvent.getRequest());
+ Assert.assertNull(lastEvent.getPredicate());
+
+ // verify
+ verify(managementController, response);
+ }
+
+ public void testUpdateResources(Authentication authentication) throws Exception{
Resource.Type type = Resource.Type.Cluster;
Clusters clusters = createMock(Clusters.class);
@@ -458,15 +577,11 @@ public class ClusterResourceProviderTest {
expect(managementController.getClusters()).andReturn(clusters).anyTimes();
- expect(clusters.checkPermission("Cluster102", false)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster102", true)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster103", false)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster103", true)).andReturn(true).anyTimes();
- expect(clusters.checkPermission(null, false)).andReturn(true).anyTimes();
-
// replay
replay(managementController, response, clusters);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
type,
PropertyHelper.getPropertyIds(type),
@@ -505,8 +620,7 @@ public class ClusterResourceProviderTest {
verify(managementController, response, clusters);
}
- @Test
- public void testUpdateWithConfiguration() throws Exception {
+ public void testUpdateWithConfiguration(Authentication authentication) throws Exception {
AmbariManagementController managementController = createMock(AmbariManagementController.class);
Clusters clusters = createMock(Clusters.class);
RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
@@ -525,12 +639,11 @@ public class ClusterResourceProviderTest {
expect(managementController.getClusters()).andReturn(clusters).anyTimes();
- expect(clusters.checkPermission("Cluster100", true)).andReturn(true).anyTimes();
- expect(clusters.checkPermission("Cluster100", false)).andReturn(true).anyTimes();
-
// replay
replay(managementController, response, clusters);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
Map<String, Object> properties = new LinkedHashMap<String, Object>();
properties.put(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID, "Cluster100");
@@ -582,8 +695,7 @@ public class ClusterResourceProviderTest {
verify(managementController, response, clusters);
}
- @Test
- public void testDeleteResources() throws Exception{
+ public void testDeleteResources(Authentication authentication) throws Exception{
Resource.Type type = Resource.Type.Cluster;
AmbariManagementController managementController = createMock(AmbariManagementController.class);
@@ -598,12 +710,11 @@ public class ClusterResourceProviderTest {
expect(managementController.getClusters()).andReturn(clusters).anyTimes();
- expect(clusters.checkPermission("Cluster102", false)).andReturn(true).anyTimes();
- expect(clusters.checkPermission(null, false)).andReturn(true).anyTimes();
-
// replay
replay(managementController, response, clusters);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+
ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
type,
PropertyHelper.getPropertyIds(type),
@@ -634,733 +745,4 @@ public class ClusterResourceProviderTest {
// verify
verify(managementController, response, clusters);
}
-
- //todo: What are these testing and where do they go?
- //todo: these were added when the new security type property was added to enable/disable kerberos
-// @Test
-// public void testSetMissingConfigurationsOozieIncluded() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-//
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// AmbariManagementController mockManagementController =
-// mockSupport.createMock(AmbariManagementController.class);
-// StackServiceResponse mockStackServiceResponseOne =
-// mockSupport.createMock(StackServiceResponse.class);
-// StackServiceComponentResponse mockStackComponentResponse =
-// mockSupport.createMock(StackServiceComponentResponse.class);
-// AmbariMetaInfo mockAmbariMetaInfo =
-// mockSupport.createMock(AmbariMetaInfo.class);
-//
-// expect(mockStackComponentResponse.getComponentName()).andReturn("OOZIE_SERVER").atLeastOnce();
-// expect(mockStackComponentResponse.getCardinality()).andReturn("1");
-// expect(mockStackComponentResponse.getAutoDeploy()).andReturn(new AutoDeployInfo());
-//
-//
-// expect(mockStackServiceResponseOne.getServiceName()).andReturn("OOZIE").atLeastOnce();
-// expect(mockStackServiceResponseOne.getExcludedConfigTypes()).andReturn(Collections.<String>emptySet()).atLeastOnce();
-// expect(mockManagementController.getStackServices(isA(Set.class))).andReturn(Collections.singleton(mockStackServiceResponseOne));
-// expect(mockManagementController.getStackComponents(isA(Set.class))).andReturn(Collections.singleton(mockStackComponentResponse));
-// expect(mockManagementController.getStackConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-// expect(mockManagementController.getStackLevelConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-//
-// expect(mockAmbariMetaInfo.getComponentDependencies("HDP", "2.1", "OOZIE", "OOZIE_SERVER")).andReturn(Collections.<DependencyInfo>emptyList());
-//
-// mockSupport.replayAll();
-//
-//
-// ClusterResourceProvider.init(null, mockAmbariMetaInfo, null);
-//
-// Stack stack =
-// new Stack("HDP", "2.1", mockManagementController);
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-//
-// HostGroupEntity hostGroup = new HostGroupEntity();
-// hostGroup.setComponents(Collections.<HostGroupComponentEntity>emptyList());
-// HostGroupConfigEntity configEntity = new HostGroupConfigEntity();
-// configEntity.setConfigData("");
-//
-// hostGroup.setConfigurations(Collections.singletonList(configEntity));
-// BaseBlueprintProcessor.HostGroupImpl hostGroupImpl =
-// new BaseBlueprintProcessor.HostGroupImpl(hostGroup, stack, null);
-// hostGroupImpl.addComponent("OOZIE_SERVER");
-//
-// // add empty map for core-site, to simulate this configuration entry
-// clusterResourceProvider.getClusterConfigurations().put("core-site", new HashMap<String, String>());
-// clusterResourceProvider.getClusterConfigurations().put("oozie-env", new HashMap<String, String>());
-// clusterResourceProvider.getClusterConfigurations().get("oozie-env").put("oozie_user", "oozie");
-//
-// //clusterResourceProvider.setMissingConfigurations(Collections.singletonMap("host_group_one", hostGroupImpl));
-//
-// Map<String, String> mapCoreSiteConfig =
-// clusterResourceProvider.getClusterConfigurations().get("core-site");
-//
-// assertNotNull("core-site map was null.", mapCoreSiteConfig);
-// assertEquals("Incorrect number of entries in the core-site config map",
-// 2, mapCoreSiteConfig.size());
-// assertEquals("Incorrect value for proxy hosts",
-// "*", mapCoreSiteConfig.get("hadoop.proxyuser.oozie.hosts"));
-// assertEquals("Incorrect value for proxy hosts",
-// "users", mapCoreSiteConfig.get("hadoop.proxyuser.oozie.groups"));
-//
-// mockSupport.verifyAll();
-// }
-//
-//
-// @Test
-// public void testSetMissingConfigurationsFalconIncluded() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-//
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// AmbariManagementController mockManagementController =
-// mockSupport.createMock(AmbariManagementController.class);
-// StackServiceResponse mockStackServiceResponseOne =
-// mockSupport.createMock(StackServiceResponse.class);
-// StackServiceComponentResponse mockStackComponentResponse =
-// mockSupport.createMock(StackServiceComponentResponse.class);
-// AmbariMetaInfo mockAmbariMetaInfo =
-// mockSupport.createMock(AmbariMetaInfo.class);
-//
-// expect(mockStackComponentResponse.getComponentName()).andReturn("FALCON_SERVER").atLeastOnce();
-// expect(mockStackComponentResponse.getCardinality()).andReturn("1");
-// expect(mockStackComponentResponse.getAutoDeploy()).andReturn(new AutoDeployInfo());
-//
-//
-// expect(mockStackServiceResponseOne.getServiceName()).andReturn("FALCON").atLeastOnce();
-// expect(mockStackServiceResponseOne.getExcludedConfigTypes()).andReturn(Collections.<String>emptySet()).atLeastOnce();
-// expect(mockManagementController.getStackServices(isA(Set.class))).andReturn(Collections.singleton(mockStackServiceResponseOne));
-// expect(mockManagementController.getStackComponents(isA(Set.class))).andReturn(Collections.singleton(mockStackComponentResponse));
-// expect(mockManagementController.getStackConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-// expect(mockManagementController.getStackLevelConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-//
-// expect(mockAmbariMetaInfo.getComponentDependencies("HDP", "2.1", "FALCON", "FALCON_SERVER")).andReturn(Collections.<DependencyInfo>emptyList());
-//
-// mockSupport.replayAll();
-//
-// ClusterResourceProvider.init(null, mockAmbariMetaInfo, null);
-//
-// Stack stack =
-// new Stack("HDP", "2.1", mockManagementController);
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-// HostGroupEntity hostGroup = new HostGroupEntity();
-// hostGroup.setComponents(Collections.<HostGroupComponentEntity>emptyList());
-// HostGroupConfigEntity configEntity = new HostGroupConfigEntity();
-// configEntity.setConfigData("");
-//
-// hostGroup.setConfigurations(Collections.singletonList(configEntity));
-// BaseBlueprintProcessor.HostGroupImpl hostGroupImpl =
-// new BaseBlueprintProcessor.HostGroupImpl(hostGroup, stack, null);
-// hostGroupImpl.addComponent("FALCON_SERVER");
-//
-// // add empty map for core-site, to simulate this configuration entry
-// clusterResourceProvider.getClusterConfigurations().put("core-site", new HashMap<String, String>());
-// clusterResourceProvider.getClusterConfigurations().put("falcon-env", new HashMap<String, String>());
-// clusterResourceProvider.getClusterConfigurations().get("falcon-env").put("falcon_user", "falcon");
-//
-// //clusterResourceProvider.setMissingConfigurations(Collections.singletonMap("host_group_one", hostGroupImpl));
-//
-// Map<String, String> mapCoreSiteConfig =
-// clusterResourceProvider.getClusterConfigurations().get("core-site");
-//
-// assertNotNull("core-site map was null.", mapCoreSiteConfig);
-// assertEquals("Incorrect number of entries in the core-site config map",
-// 2, mapCoreSiteConfig.size());
-// assertEquals("Incorrect value for proxy hosts",
-// "*", mapCoreSiteConfig.get("hadoop.proxyuser.falcon.hosts"));
-// assertEquals("Incorrect value for proxy hosts",
-// "users", mapCoreSiteConfig.get("hadoop.proxyuser.falcon.groups"));
-//
-// mockSupport.verifyAll();
-// }
-//
-//
-// @Test
-// public void testSetMissingConfigurationsOozieNotIncluded() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-//
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// AmbariManagementController mockManagementController =
-// mockSupport.createMock(AmbariManagementController.class);
-// StackServiceResponse mockStackServiceResponseOne =
-// mockSupport.createMock(StackServiceResponse.class);
-// StackServiceComponentResponse mockStackComponentResponse =
-// mockSupport.createMock(StackServiceComponentResponse.class);
-// AmbariMetaInfo mockAmbariMetaInfo =
-// mockSupport.createMock(AmbariMetaInfo.class);
-//
-// expect(mockStackComponentResponse.getComponentName()).andReturn("OOZIE_SERVER");
-// expect(mockStackComponentResponse.getCardinality()).andReturn("1");
-// expect(mockStackComponentResponse.getAutoDeploy()).andReturn(new AutoDeployInfo());
-//
-//
-// expect(mockStackServiceResponseOne.getServiceName()).andReturn("OOZIE").atLeastOnce();
-// expect(mockStackServiceResponseOne.getExcludedConfigTypes()).andReturn(Collections.<String>emptySet()).atLeastOnce();
-// expect(mockManagementController.getStackServices(isA(Set.class))).andReturn(Collections.singleton(mockStackServiceResponseOne));
-// expect(mockManagementController.getStackComponents(isA(Set.class))).andReturn(Collections.singleton(mockStackComponentResponse));
-// expect(mockManagementController.getStackConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-// expect(mockManagementController.getStackLevelConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-//
-// expect(mockAmbariMetaInfo.getComponentDependencies("HDP", "2.1", "OOZIE", "OOZIE_SERVER")).andReturn(Collections.<DependencyInfo>emptyList());
-//
-// mockSupport.replayAll();
-//
-// ClusterResourceProvider.init(null, mockAmbariMetaInfo, null);
-//
-// Stack stack =
-// new Stack("HDP", "2.1", mockManagementController);
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-//
-// HostGroupEntity hostGroup = new HostGroupEntity();
-// hostGroup.setComponents(Collections.<HostGroupComponentEntity>emptyList());
-// HostGroupConfigEntity configEntity = new HostGroupConfigEntity();
-// configEntity.setConfigData("");
-//
-// hostGroup.setConfigurations(Collections.singletonList(configEntity));
-// BaseBlueprintProcessor.HostGroupImpl hostGroupImpl =
-// new BaseBlueprintProcessor.HostGroupImpl(hostGroup, stack, null);
-// hostGroupImpl.addComponent("COMPONENT_ONE");
-//
-// // add empty map for core-site, to simulate this configuration entry
-// clusterResourceProvider.getClusterConfigurations().put("core-site", new HashMap<String, String>());
-//
-// //clusterResourceProvider.setMissingConfigurations(Collections.singletonMap("host_group_one", hostGroupImpl));
-//
-// Map<String, String> mapCoreSiteConfig =
-// clusterResourceProvider.getClusterConfigurations().get("core-site");
-//
-// assertNotNull("core-site map was null.", mapCoreSiteConfig);
-// assertEquals("Incorrect number of entries in the core-site config map",
-// 0, mapCoreSiteConfig.size());
-//
-// mockSupport.verifyAll();
-//
-// }
-//
-//
-// @Test
-// public void testSetMissingConfigurationsFalconNotIncluded() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-//
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// AmbariManagementController mockManagementController =
-// mockSupport.createMock(AmbariManagementController.class);
-// StackServiceResponse mockStackServiceResponseOne =
-// mockSupport.createMock(StackServiceResponse.class);
-// StackServiceComponentResponse mockStackComponentResponse =
-// mockSupport.createMock(StackServiceComponentResponse.class);
-// AmbariMetaInfo mockAmbariMetaInfo =
-// mockSupport.createMock(AmbariMetaInfo.class);
-//
-// expect(mockStackComponentResponse.getComponentName()).andReturn("FALCON_SERVER");
-// expect(mockStackComponentResponse.getCardinality()).andReturn("1");
-// expect(mockStackComponentResponse.getAutoDeploy()).andReturn(new AutoDeployInfo());
-//
-// expect(mockStackServiceResponseOne.getServiceName()).andReturn("FALCON").atLeastOnce();
-// expect(mockStackServiceResponseOne.getExcludedConfigTypes()).andReturn(Collections.<String>emptySet()).atLeastOnce();
-//
-// expect(mockManagementController.getStackServices(isA(Set.class))).andReturn(Collections.singleton(mockStackServiceResponseOne));
-// expect(mockManagementController.getStackComponents(isA(Set.class))).andReturn(Collections.singleton(mockStackComponentResponse));
-// expect(mockManagementController.getStackConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-// expect(mockManagementController.getStackLevelConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-//
-// expect(mockAmbariMetaInfo.getComponentDependencies("HDP", "2.1", "FALCON", "FALCON_SERVER")).andReturn(Collections.<DependencyInfo>emptyList());
-//
-// mockSupport.replayAll();
-//
-// ClusterResourceProvider.init(null, mockAmbariMetaInfo, null);
-//
-// Stack stack =
-// new Stack("HDP", "2.1", mockManagementController);
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-// HostGroupEntity hostGroup = new HostGroupEntity();
-// hostGroup.setComponents(Collections.<HostGroupComponentEntity>emptyList());
-// HostGroupConfigEntity configEntity = new HostGroupConfigEntity();
-// configEntity.setConfigData("");
-//
-// hostGroup.setConfigurations(Collections.singletonList(configEntity));
-// BaseBlueprintProcessor.HostGroupImpl hostGroupImpl =
-// new BaseBlueprintProcessor.HostGroupImpl(hostGroup, stack, null);
-// // blueprint request will not include a reference to FALCON_SERVER
-// hostGroupImpl.addComponent("COMPONENT_ONE");
-//
-// // add empty map for core-site, to simulate this configuration entry
-// clusterResourceProvider.getClusterConfigurations().put("core-site", new HashMap<String, String>());
-//
-// //clusterResourceProvider.setMissingConfigurations(Collections.singletonMap("host_group_one", hostGroupImpl));
-//
-// Map<String, String> mapCoreSiteConfig =
-// clusterResourceProvider.getClusterConfigurations().get("core-site");
-//
-// assertNotNull("core-site map was null.", mapCoreSiteConfig);
-// assertEquals("Incorrect number of entries in the core-site config map",
-// 0, mapCoreSiteConfig.size());
-//
-// mockSupport.verifyAll();
-//
-// }
-//
-//
-// @Test
-// public void testSetMissingConfigurationsHiveNotIncluded() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-//
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// AmbariManagementController mockManagementController =
-// mockSupport.createMock(AmbariManagementController.class);
-// StackServiceResponse mockStackServiceResponseOne =
-// mockSupport.createMock(StackServiceResponse.class);
-// StackServiceComponentResponse mockStackComponentResponse =
-// mockSupport.createMock(StackServiceComponentResponse.class);
-// AmbariMetaInfo mockAmbariMetaInfo =
-// mockSupport.createMock(AmbariMetaInfo.class);
-//
-// expect(mockStackComponentResponse.getComponentName()).andReturn("HIVE_SERVER");
-// expect(mockStackComponentResponse.getCardinality()).andReturn("1");
-// expect(mockStackComponentResponse.getAutoDeploy()).andReturn(new AutoDeployInfo());
-//
-// expect(mockStackServiceResponseOne.getServiceName()).andReturn("HIVE").atLeastOnce();
-// expect(mockStackServiceResponseOne.getExcludedConfigTypes()).andReturn(Collections.<String>emptySet()).atLeastOnce();
-// expect(mockManagementController.getStackServices(isA(Set.class))).andReturn(Collections.singleton(mockStackServiceResponseOne));
-// expect(mockManagementController.getStackComponents(isA(Set.class))).andReturn(Collections.singleton(mockStackComponentResponse));
-// expect(mockManagementController.getStackConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-// expect(mockManagementController.getStackLevelConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-//
-// expect(mockAmbariMetaInfo.getComponentDependencies("HDP", "2.1", "HIVE", "HIVE_SERVER")).andReturn(Collections.<DependencyInfo>emptyList());
-//
-// mockSupport.replayAll();
-//
-// ClusterResourceProvider.init(null, mockAmbariMetaInfo, null);
-//
-// Stack stack =
-// new Stack("HDP", "2.1", mockManagementController);
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-// HostGroupEntity hostGroup = new HostGroupEntity();
-// hostGroup.setComponents(Collections.<HostGroupComponentEntity>emptyList());
-// HostGroupConfigEntity configEntity = new HostGroupConfigEntity();
-// configEntity.setConfigData("");
-//
-// hostGroup.setConfigurations(Collections.singletonList(configEntity));
-// BaseBlueprintProcessor.HostGroupImpl hostGroupImpl =
-// new BaseBlueprintProcessor.HostGroupImpl(hostGroup, stack, null);
-// // blueprint request will not include a reference to a HIVE component
-// hostGroupImpl.addComponent("COMPONENT_ONE");
-//
-// // add empty map for core-site, to simulate this configuration entry
-// clusterResourceProvider.getClusterConfigurations().put("core-site", new HashMap<String, String>());
-//
-// //clusterResourceProvider.setMissingConfigurations(Collections.singletonMap("host_group_one", hostGroupImpl));
-//
-// Map<String, String> mapCoreSiteConfig =
-// clusterResourceProvider.getClusterConfigurations().get("core-site");
-//
-// assertNotNull("core-site map was null.", mapCoreSiteConfig);
-// assertEquals("Incorrect number of entries in the core-site config map",
-// 0, mapCoreSiteConfig.size());
-//
-// mockSupport.verifyAll();
-//
-// }
-//
-//
-// @Test
-// public void testSetMissingConfigurationsHBaseNotIncluded() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-//
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// AmbariManagementController mockManagementController =
-// mockSupport.createMock(AmbariManagementController.class);
-// StackServiceResponse mockStackServiceResponseOne =
-// mockSupport.createMock(StackServiceResponse.class);
-// StackServiceComponentResponse mockStackComponentResponse =
-// mockSupport.createMock(StackServiceComponentResponse.class);
-// AmbariMetaInfo mockAmbariMetaInfo =
-// mockSupport.createMock(AmbariMetaInfo.class);
-//
-// expect(mockStackComponentResponse.getComponentName()).andReturn("HBASE_SERVER");
-// expect(mockStackComponentResponse.getCardinality()).andReturn("1");
-// expect(mockStackComponentResponse.getAutoDeploy()).andReturn(new AutoDeployInfo());
-//
-// expect(mockStackServiceResponseOne.getServiceName()).andReturn("HBASE").atLeastOnce();
-// expect(mockStackServiceResponseOne.getExcludedConfigTypes()).andReturn(Collections.<String>emptySet()).atLeastOnce();
-//
-// expect(mockManagementController.getStackServices(isA(Set.class))).andReturn(Collections.singleton(mockStackServiceResponseOne));
-// expect(mockManagementController.getStackComponents(isA(Set.class))).andReturn(Collections.singleton(mockStackComponentResponse));
-// expect(mockManagementController.getStackConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-// expect(mockManagementController.getStackLevelConfigurations(isA(Set.class))).andReturn(Collections.<StackConfigurationResponse>emptySet());
-//
-// expect(mockAmbariMetaInfo.getComponentDependencies("HDP", "2.1", "HBASE", "HBASE_SERVER")).andReturn(Collections.<DependencyInfo>emptyList());
-//
-// mockSupport.replayAll();
-//
-// ClusterResourceProvider.init(null, mockAmbariMetaInfo, null);
-//
-// Stack stack =
-// new Stack("HDP", "2.1", mockManagementController);
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-// HostGroupEntity hostGroup = new HostGroupEntity();
-// hostGroup.setComponents(Collections.<HostGroupComponentEntity>emptyList());
-// HostGroupConfigEntity configEntity = new HostGroupConfigEntity();
-// configEntity.setConfigData("");
-//
-// hostGroup.setConfigurations(Collections.singletonList(configEntity));
-// BaseBlueprintProcessor.HostGroupImpl hostGroupImpl =
-// new BaseBlueprintProcessor.HostGroupImpl(hostGroup, stack, null);
-// // blueprint request will not include a reference to an HBASE component
-// hostGroupImpl.addComponent("COMPONENT_ONE");
-//
-// // add empty map for core-site, to simulate this configuration entry
-// clusterResourceProvider.getClusterConfigurations().put("core-site", new HashMap<String, String>());
-//
-// //clusterResourceProvider.setMissingConfigurations(Collections.singletonMap("host_group_one", hostGroupImpl));
-//
-// Map<String, String> mapCoreSiteConfig =
-// clusterResourceProvider.getClusterConfigurations().get("core-site");
-//
-// assertNotNull("core-site map was null.", mapCoreSiteConfig);
-// assertEquals("Incorrect number of entries in the core-site config map",
-// 0, mapCoreSiteConfig.size());
-//
-// mockSupport.verifyAll();
-//
-// }
-//
-// @Test
-// public void testSetConfigurationsOnClusterWithExcludedTypes() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// Stack mockStack =
-// mockSupport.createMock(Stack.class);
-// BaseBlueprintProcessor.HostGroupImpl mockHostGroupOne =
-// mockSupport.createMock(BaseBlueprintProcessor.HostGroupImpl.class);
-//
-// ArrayList<Capture<Set<ClusterRequest>>> listOfRequestCaptures =
-// new ArrayList<Capture<Set<ClusterRequest>>>();
-// for (int i = 0; i < 2; i++) {
-// listOfRequestCaptures.add(new Capture<Set<ClusterRequest>>());
-// }
-//
-// ArrayList<Capture<Map<String, String>>> listOfPropertiesCaptures =
-// new ArrayList<Capture<Map<String, String>>>();
-// for (int i = 0; i < 2; i++) {
-// listOfPropertiesCaptures.add(new Capture<Map<String, String>>());
-// }
-//
-// expect(mockHostGroupOne.getHostInfo()).andReturn(Collections.singleton("c6401.ambari.apache.org")).atLeastOnce();
-// expect(mockHostGroupOne.getComponents()).andReturn(Arrays.asList("FALCON_SERVER", "FALCON_CLIENT"));
-// expect(mockStack.getServicesForComponents(Arrays.asList("FALCON_SERVER", "FALCON_CLIENT")))
-// .andReturn(Arrays.asList("FALCON")).atLeastOnce();
-// expect(mockStack.getConfigurationTypes("FALCON")).andReturn(Arrays.asList("falcon-site", "falcon-env", "oozie-site")).atLeastOnce();
-// // configure falcon to include a single excluded config type
-// expect(mockStack.getExcludedConfigurationTypes("FALCON")).andReturn(Collections.<String>singleton("oozie-site")).atLeastOnce();
-//
-// // setup expectations for controller.updateClusters() calls
-// for (int i = 0; i < 2; i++) {
-// expect(mockMgmtController.updateClusters(capture(listOfRequestCaptures.get(i)), capture(listOfPropertiesCaptures.get(i)))).andReturn(null);
-// }
-//
-// Map<String, BaseBlueprintProcessor.HostGroupImpl> testMapOfHostGroups =
-// new HashMap<String, BaseBlueprintProcessor.HostGroupImpl>();
-// testMapOfHostGroups.put("host-group-one", mockHostGroupOne);
-//
-// mockSupport.replayAll();
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-// Map<String, Map<String, String>> clusterConfig =
-// clusterResourceProvider.getClusterConfigurations();
-// clusterConfig.put("falcon-site", Collections.singletonMap("key1", "value1"));
-// clusterConfig.put("falcon-env", Collections.singletonMap("envKey1", "envValue1"));
-// clusterConfig.put("oozie-site", Collections.singletonMap("oozie-key-one", "oozie-value-one"));
-// clusterConfig.put("cluster-env", Collections.<String, String>emptyMap());
-//
-// // call the method being tested
-// clusterResourceProvider.setConfigurationsOnCluster(clusterConfig, Collections.<String, Map<String,
-// Map<String, String>>>emptyMap(),"clusterone", mockStack, testMapOfHostGroups, "1");
-//
-// // verify that the ClusterRequest's passed to the controller include the expected information
-// for (Capture<Set<ClusterRequest>> requestCapture : listOfRequestCaptures) {
-// Set<ClusterRequest> request = requestCapture.getValue();
-// assertEquals("Incorrect number of cluster requests in this update",
-// 1, request.size());
-// }
-//
-//
-// for (Capture<Map<String, String>> propertiesCapture : listOfPropertiesCaptures) {
-// assertNull("Incorrect request properties sent with this update",
-// propertiesCapture.getValue());
-// }
-//
-// // verify that the config requests include the expected information
-// ClusterRequest requestOne = listOfRequestCaptures.get(0).getValue().iterator().next();
-// ClusterRequest requestTwo = listOfRequestCaptures.get(1).getValue().iterator().next();
-//
-// if (requestOne.getDesiredConfig().size() == 1) {
-// verifyClusterRequest(requestOne, "cluster-env");
-// // verify that the falcon config does not include oozie-site, since it is excluded
-// verifyClusterRequest(requestTwo, "falcon-site", "falcon-env");
-// } else {
-// verifyClusterRequest(requestTwo, "cluster-env");
-// // verify that the falcon config does not include oozie-site, since it is excluded
-// verifyClusterRequest(requestOne, "falcon-site", "falcon-env");
-// }
-//
-// mockSupport.verifyAll();
-// }
-//
-// @Test
-// public void testSetConfigurationsOnClusterWithNoExcludedTypes() throws Exception {
-// EasyMockSupport mockSupport = new EasyMockSupport();
-// AmbariManagementController mockMgmtController =
-// mockSupport.createMock(AmbariManagementController.class);
-// ResourceProvider mockServiceProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockHostComponentProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// ResourceProvider mockConfigGroupProvider =
-// mockSupport.createMock(ResourceProvider.class);
-// Stack mockStack =
-// mockSupport.createMock(Stack.class);
-// org.apache.ambari.server.topology.HostGroup mockHostGroupOne =
-// mockSupport.createMock(org.apache.ambari.server.topology.HostGroup.class);
-//
-// ArrayList<Capture<Set<ClusterRequest>>> listOfRequestCaptures =
-// new ArrayList<Capture<Set<ClusterRequest>>>();
-// for (int i = 0; i < 2; i++) {
-// listOfRequestCaptures.add(new Capture<Set<ClusterRequest>>());
-// }
-//
-// ArrayList<Capture<Map<String, String>>> listOfPropertiesCaptures =
-// new ArrayList<Capture<Map<String, String>>>();
-// for (int i = 0; i < 2; i++) {
-// listOfPropertiesCaptures.add(new Capture<Map<String, String>>());
-// }
-//
-// expect(mockHostGroupOne.getHostInfo()).andReturn(Collections.singleton("c6401.ambari.apache.org")).atLeastOnce();
-// expect(mockHostGroupOne.getComponents()).andReturn(Arrays.asList("FALCON_SERVER", "FALCON_CLIENT"));
-// expect(mockStack.getServicesForComponents(Arrays.asList("FALCON_SERVER", "FALCON_CLIENT")))
-// .andReturn(Arrays.asList("FALCON")).atLeastOnce();
-// expect(mockStack.getConfigurationTypes("FALCON")).andReturn(Arrays.asList("falcon-site", "falcon-env", "oozie-site")).atLeastOnce();
-// // configure falcon to NOT have any excluded types
-// expect(mockStack.getExcludedConfigurationTypes("FALCON")).andReturn(Collections.<String>emptySet()).atLeastOnce();
-//
-// // setup expectations for controller.updateClusters() calls
-// for (int i = 0; i < 2; i++) {
-// expect(mockMgmtController.updateClusters(capture(listOfRequestCaptures.get(i)), capture(listOfPropertiesCaptures.get(i)))).andReturn(null);
-// }
-//
-// Map<String, org.apache.ambari.server.topology.HostGroup> testMapOfHostGroups =
-// new HashMap<String, org.apache.ambari.server.topology.HostGroup>();
-// testMapOfHostGroups.put("host-group-one", mockHostGroupOne);
-//
-// mockSupport.replayAll();
-//
-// ClusterResourceProvider clusterResourceProvider =
-// new TestClusterResourceProvider(mockMgmtController, mockServiceProvider,
-// mockComponentProvider, mockHostProvider, mockHostComponentProvider, mockConfigGroupProvider);
-//
-// Map<String, Map<String, String>> clusterConfig =
-// clusterResourceProvider.getClusterConfigurations();
-//
-// clusterConfig.put("falcon-site", Collections.singletonMap("key1", "value1"));
-// clusterConfig.put("falcon-env", Collections.singletonMap("envKey1", "envValue1"));
-// clusterConfig.put("oozie-site", Collections.singletonMap("oozie-key-one", "oozie-value-one"));
-// clusterConfig.put("cluster-env", Collections.<String, String>emptyMap());
-//
-// // call the method being tested
-// clusterResourceProvider.setAllConfigurationsOnCluster(clusterConfig, Collections.<String, Map<String, Map<String, String>>>emptyMap(),
-// "clusterone", mockStack, testMapOfHostGroups, "1");
-//
-// // verify that the ClusterRequest's passed to the controller include the expected information
-// for (Capture<Set<ClusterRequest>> requestCapture : listOfRequestCaptures) {
-// Set<ClusterRequest> request = requestCapture.getValue();
-// assertEquals("Incorrect number of cluster requests in this update",
-// 1, request.size());
-// }
-//
-// for (Capture<Map<String, String>> propertiesCapture : listOfPropertiesCaptures) {
-// assertNull("Incorrect request properties sent with this update",
-// propertiesCapture.getValue());
-// }
-//
-// // verify that the config requests include the expected information
-// ClusterRequest requestOne = listOfRequestCaptures.get(0).getValue().iterator().next();
-// ClusterRequest requestTwo = listOfRequestCaptures.get(1).getValue().iterator().next();
-//
-// if (requestOne.getDesiredConfig().size() == 1) {
-// verifyClusterRequest(requestOne, "cluster-env");
-// // verify that the falcon config includes oozie-site, since nothing is excluded in this test
-// verifyClusterRequest(requestTwo, "falcon-site", "falcon-env", "oozie-site");
-// } else {
-// verifyClusterRequest(requestTwo, "cluster-env");
-// // verify that the falcon config includes oozie-site, since nothing is excluded in this test
-// verifyClusterRequest(requestOne, "falcon-site", "falcon-env", "oozie-site");
-// }
-//
-// mockSupport.verifyAll();
-// }
-//
-// private static void verifyClusterRequest(ClusterRequest request, String... expectedConfigTypes) throws Exception {
-// assertEquals("Incorrect number of cluster requests ",
-// expectedConfigTypes.length, request.getDesiredConfig().size());
-//
-// Set<String> foundConfigTypes = new HashSet<String>();
-// // build set of config types listed in this request
-// for (ConfigurationRequest configRequest : request.getDesiredConfig()) {
-// foundConfigTypes.add(configRequest.getType());
-// }
-//
-// // verify that the expected types are found
-// for (String expectedType : expectedConfigTypes) {
-// assertTrue("Expected config type not found in this config request",
-// foundConfigTypes.contains(expectedType));
-// }
-//
-// }
-
- //todo: configuration properties are not being added to props
- private Set<Map<String, Object>> createBlueprintRequestProperties(String clusterName, String blueprintName) {
- Set<Map<String, Object>> propertySet = new LinkedHashSet<Map<String, Object>>();
- Map<String, Object> properties = new LinkedHashMap<String, Object>();
-
- properties.put(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID, clusterName);
- properties.put(ClusterResourceProvider.BLUEPRINT_PROPERTY_ID, blueprintName);
- propertySet.add(properties);
-
- Collection<Map<String, Object>> hostGroups = new ArrayList<Map<String, Object>>();
- Map<String, Object> hostGroupProperties = new HashMap<String, Object>();
- hostGroups.add(hostGroupProperties);
- hostGroupProperties.put("name", "group1");
- Collection<Map<String, String>> hostGroupHosts = new ArrayList<Map<String, String>>();
- hostGroupProperties.put("hosts", hostGroupHosts);
- Map<String, String> hostGroupHostProperties = new HashMap<String, String>();
- hostGroupHostProperties.put("fqdn", "host.domain");
- hostGroupHosts.add(hostGroupHostProperties);
- properties.put("host_groups", hostGroups);
-
- Map<String, String> mapGroupConfigProperties = new HashMap<String, String>();
- mapGroupConfigProperties.put("myGroupProp", "awesomeValue");
-
- // blueprint core-site cluster configuration properties
- Map<String, String> blueprintCoreConfigProperties = new HashMap<String, String>();
- blueprintCoreConfigProperties.put("property1", "value2");
- blueprintCoreConfigProperties.put("new.property", "new.property.value");
-
- Map<String, String> blueprintGlobalConfigProperties = new HashMap<String, String>();
- blueprintGlobalConfigProperties.put("hive_database", "New MySQL Database");
-
- Map<String, String> oozieEnvConfigProperties = new HashMap<String, String>();
- oozieEnvConfigProperties.put("property1","value2");
- Map<String, String> hbaseEnvConfigProperties = new HashMap<String, String>();
- hbaseEnvConfigProperties.put("property1","value2");
- Map<String, String> falconEnvConfigProperties = new HashMap<String, String>();
- falconEnvConfigProperties.put("property1","value2");
-
- return propertySet;
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java
index 2c6905d..36286e7 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/JMXHostProviderTest.java
@@ -46,6 +46,8 @@ import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Service;
@@ -61,6 +63,7 @@ import org.junit.Test;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.persist.PersistService;
+import org.springframework.security.core.context.SecurityContextHolder;
public class JMXHostProviderTest {
private Injector injector;
@@ -81,11 +84,18 @@ public class JMXHostProviderTest {
clusters = injector.getInstance(Clusters.class);
controller = injector.getInstance(AmbariManagementController.class);
AmbariMetaInfo ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class);
+
+ // Set the authenticated user
+ // TODO: remove this or replace the authenticated user to test authorization rules
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
}
@After
public void teardown() {
injector.getInstance(PersistService.class).stop();
+
+ // Clear the authenticated user
+ SecurityContextHolder.getContext().setAuthentication(null);
}
private void createService(String clusterName,
@@ -130,7 +140,7 @@ public class JMXHostProviderTest {
controller.createHostComponents(requests);
}
- private void createHDFSServiceConfigs(boolean version1) throws AmbariException {
+ private void createHDFSServiceConfigs(boolean version1) throws AmbariException, AuthorizationException {
String clusterName = "c1";
ClusterRequest r = new ClusterRequest(null, clusterName, "HDP-0.1", null);
controller.createCluster(r);
@@ -207,7 +217,7 @@ public class JMXHostProviderTest {
}
}
- private void createConfigs() throws AmbariException {
+ private void createConfigs() throws AmbariException, AuthorizationException {
String clusterName = "c1";
ClusterRequest r = new ClusterRequest(null, clusterName, "HDP-2.0.6", null);
controller.createCluster(r);
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index 5b66a3f..03a7442 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -266,7 +266,7 @@ public class AmbariAuthorizationFilterTest {
public void testDoFilter_viewUserAccess() throws Exception {
final Table<String, String, Boolean> urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
- urlTests.put("/api/v1/clusters/cluster", "POST", false);
+ urlTests.put("/api/v1/clusters/cluster", "POST", true);
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", true);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
@@ -299,7 +299,7 @@ public class AmbariAuthorizationFilterTest {
public void testDoFilter_userNoPermissionsAccess() throws Exception {
final Table<String, String, Boolean> urlTests = HashBasedTable.create();
urlTests.put("/api/v1/clusters/cluster", "GET", true);
- urlTests.put("/api/v1/clusters/cluster", "POST", false);
+ urlTests.put("/api/v1/clusters/cluster", "POST", true);
urlTests.put("/api/v1/views", "GET", true);
urlTests.put("/api/v1/views", "POST", false);
urlTests.put("/api/v1/persist/SomeValue", "GET", true);
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/state/ConfigHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/ConfigHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/ConfigHelperTest.java
index bdb5156..bf023c2 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/state/ConfigHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/state/ConfigHelperTest.java
@@ -49,6 +49,7 @@ import org.apache.ambari.server.orm.DBAccessor;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
import org.apache.ambari.server.stack.StackManagerFactory;
import org.apache.ambari.server.state.cluster.ClusterFactory;
import org.apache.ambari.server.state.cluster.ClustersImpl;
@@ -67,6 +68,7 @@ import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.persist.PersistService;
import com.google.inject.persist.Transactional;
+import org.springframework.security.core.context.SecurityContextHolder;
@RunWith(Enclosed.class)
@@ -82,6 +84,10 @@ public class ConfigHelperTest {
@Before
public void setup() throws Exception {
+ // Set the authenticated user
+ // TODO: remove this or replace the authenticated user to test authorization rules
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
+
injector = Guice.createInjector(new InMemoryDefaultTestModule());
injector.getInstance(GuiceJpaInitializer.class);
clusters = injector.getInstance(Clusters.class);
@@ -189,6 +195,9 @@ public class ConfigHelperTest {
@After
public void tearDown() {
injector.getInstance(PersistService.class).stop();
+
+ // Clear the authenticated user
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Transactional
@@ -708,6 +717,15 @@ public class ConfigHelperTest {
}
});
+ // Set the authenticated user
+ // TODO: remove this or replace the authenticated user to test authorization rules
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
+ }
+
+ @After
+ public void teardown() {
+ // Clear the authenticated user
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Test
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/state/UpgradeHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/UpgradeHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/UpgradeHelperTest.java
index fa6598c..7e61942 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/state/UpgradeHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/state/UpgradeHelperTest.java
@@ -44,6 +44,8 @@ import org.apache.ambari.server.controller.ConfigurationRequest;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.orm.OrmTestHelper;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.stack.HostsType;
import org.apache.ambari.server.stack.MasterHostResolver;
import org.apache.ambari.server.state.UpgradeHelper.UpgradeGroupHolder;
@@ -70,6 +72,7 @@ import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.persist.PersistService;
import com.google.inject.util.Modules;
+import org.springframework.security.core.context.SecurityContextHolder;
/**
* Tests the {@link UpgradeHelper} class
@@ -144,11 +147,18 @@ public class UpgradeHelperTest {
// repositoryVersionDAO.create(stackEntityTo, "2.2.0", "2.2.0", "");
//
// replay(m_configHelper);
+
+ // Set the authenticated user
+ // TODO: remove this or replace the authenticated user to test authorization rules
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
}
@After
public void teardown() {
injector.getInstance(PersistService.class).stop();
+
+ // Clear the authenticated user
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Test
@@ -876,7 +886,7 @@ public class UpgradeHelperTest {
}
- private Cluster makeCluster() throws AmbariException {
+ private Cluster makeCluster() throws AmbariException, AuthorizationException {
return makeCluster(true);
}
@@ -885,7 +895,7 @@ public class UpgradeHelperTest {
* Create an HA cluster
* @throws AmbariException
*/
- private Cluster makeCluster(boolean clean) throws AmbariException {
+ private Cluster makeCluster(boolean clean) throws AmbariException, AuthorizationException {
Clusters clusters = injector.getInstance(Clusters.class);
ServiceFactory serviceFactory = injector.getInstance(ServiceFactory.class);
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogTest.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogTest.java
index 319b9fe..1bd1395 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalogTest.java
@@ -30,12 +30,14 @@ import org.apache.ambari.server.controller.ClusterRequest;
import org.apache.ambari.server.controller.ConfigurationRequest;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import org.springframework.security.core.context.SecurityContextHolder;
import java.sql.SQLException;
import java.util.Collections;
@@ -100,11 +102,18 @@ public class UpgradeCatalogTest {
injector = Guice.createInjector(new UpgradeHelperModuleTest());
injector.getInstance(GuiceJpaInitializer.class);
metaInfo = injector.getInstance(AmbariMetaInfo.class);
+
+ // Set the authenticated user
+ // TODO: remove this or replace the authenticated user to test authorization rules
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
}
@After
public void teardown() throws AmbariException {
injector.getInstance(PersistService.class).stop();
+
+ // Clear the authenticated user
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Test
[2/2] ambari git commit: AMBARI-14072. Enforce granular role-based
access control for cluster functions (rlevas)
Posted by rl...@apache.org.
AMBARI-14072. Enforce granular role-based access control for cluster functions (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/19194e0b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/19194e0b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/19194e0b
Branch: refs/heads/trunk
Commit: 19194e0b2f370c3039596b755a86dcdf02f7d8dd
Parents: e62e8ea
Author: Robert Levas <rl...@hortonworks.com>
Authored: Thu Dec 3 18:46:59 2015 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu Dec 3 18:47:04 2015 -0500
----------------------------------------------------------------------
.../server/api/services/ClusterService.java | 84 +-
.../controller/AmbariManagementController.java | 11 +-
.../AmbariManagementControllerImpl.java | 77 +-
.../internal/ClusterResourceProvider.java | 114 +-
.../AmbariAuthorizationFilter.java | 2 +
.../AmbariCustomCommandExecutionHelperTest.java | 7 +-
.../AmbariManagementControllerImplTest.java | 1 +
.../AmbariManagementControllerTest.java | 85 +-
.../BackgroundCustomCommandExecutionTest.java | 7 +-
...hYarnCapacitySchedulerReleaseConfigTest.java | 20 +-
.../internal/ClusterResourceProviderTest.java | 1058 ++++--------------
.../internal/JMXHostProviderTest.java | 14 +-
.../AmbariAuthorizationFilterTest.java | 4 +-
.../ambari/server/state/ConfigHelperTest.java | 18 +
.../ambari/server/state/UpgradeHelperTest.java | 14 +-
.../server/upgrade/UpgradeCatalogTest.java | 9 +
16 files changed, 475 insertions(+), 1050 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
index 4954a96..7200b83 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
@@ -89,8 +89,6 @@ public class ClusterService extends BaseService {
@Produces("text/plain")
public Response getCluster(String body, @Context HttpHeaders headers, @Context UriInfo ui,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.GET, clusterName);
return handleRequest(headers, body, ui, Request.Type.GET, createClusterResource(clusterName));
}
@@ -106,8 +104,6 @@ public class ClusterService extends BaseService {
@GET
@Produces("text/plain")
public Response getClusters(String body, @Context HttpHeaders headers, @Context UriInfo ui) {
-
- hasPermission(Request.Type.GET, null);
return handleRequest(headers, body, ui, Request.Type.GET, createClusterResource(null));
}
@@ -126,8 +122,6 @@ public class ClusterService extends BaseService {
@Produces("text/plain")
public Response createCluster(String body, @Context HttpHeaders headers, @Context UriInfo ui,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.POST, clusterName);
return handleRequest(headers, body, ui, Request.Type.POST, createClusterResource(clusterName));
}
@@ -146,8 +140,6 @@ public class ClusterService extends BaseService {
@Produces("text/plain")
public Response updateCluster(String body, @Context HttpHeaders headers, @Context UriInfo ui,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.PUT, clusterName);
return handleRequest(headers, body, ui, Request.Type.PUT, createClusterResource(clusterName));
}
@@ -166,8 +158,6 @@ public class ClusterService extends BaseService {
@Produces("text/plain")
public Response deleteCluster(@Context HttpHeaders headers, @Context UriInfo ui,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.DELETE, clusterName);
return handleRequest(headers, null, ui, Request.Type.DELETE, createClusterResource(clusterName));
}
@@ -189,8 +179,6 @@ public class ClusterService extends BaseService {
@Context HttpHeaders headers,
@Context UriInfo ui,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.GET, clusterName);
return handleRequest(headers, body, ui, Request.Type.GET,
createArtifactResource(clusterName, null));
}
@@ -215,10 +203,7 @@ public class ClusterService extends BaseService {
@Context UriInfo ui,
@PathParam("clusterName") String clusterName,
@PathParam("artifactName") String artifactName) {
-
- hasPermission(Request.Type.GET, clusterName);
- return handleRequest(headers, body, ui, Request.Type.GET,
- createArtifactResource(clusterName, artifactName));
+ return handleRequest(headers, body, ui, Request.Type.GET, createArtifactResource(clusterName, artifactName));
}
/**
@@ -240,8 +225,6 @@ public class ClusterService extends BaseService {
@Context UriInfo ui,
@PathParam("clusterName") String clusterName,
@PathParam("artifactName") String artifactName) {
-
- hasPermission(Request.Type.POST, clusterName);
return handleRequest(headers, body, ui, Request.Type.POST,
createArtifactResource(clusterName, artifactName));
}
@@ -263,8 +246,6 @@ public class ClusterService extends BaseService {
@Context HttpHeaders headers,
@Context UriInfo ui,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.PUT, clusterName);
return handleRequest(headers, body, ui, Request.Type.PUT,
createArtifactResource(clusterName, null));
}
@@ -288,8 +269,6 @@ public class ClusterService extends BaseService {
@Context UriInfo ui,
@PathParam("clusterName") String clusterName,
@PathParam("artifactName") String artifactName) {
-
- hasPermission(Request.Type.PUT, clusterName);
return handleRequest(headers, body, ui, Request.Type.PUT,
createArtifactResource(clusterName, artifactName));
}
@@ -313,8 +292,6 @@ public class ClusterService extends BaseService {
@Context UriInfo ui,
@PathParam("clusterName") String clusterName,
@PathParam("artifactName") String artifactName) {
-
- hasPermission(Request.Type.DELETE, clusterName);
return handleRequest(headers, body, ui, Request.Type.DELETE,
createArtifactResource(clusterName, artifactName));
}
@@ -336,8 +313,6 @@ public class ClusterService extends BaseService {
@Context HttpHeaders headers,
@Context UriInfo ui,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.DELETE, clusterName);
return handleRequest(headers, body, ui, Request.Type.DELETE,
createArtifactResource(clusterName, null));
}
@@ -352,8 +327,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/hosts")
public HostService getHostHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new HostService(clusterName);
}
@@ -367,8 +340,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/services")
public ServiceService getServiceHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new ServiceService(clusterName);
}
@@ -382,8 +353,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/configurations")
public ConfigurationService getConfigurationHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new ConfigurationService(clusterName);
}
@@ -397,8 +366,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/requests")
public RequestService getRequestHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new RequestService(clusterName);
}
@@ -413,8 +380,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/host_components")
public HostComponentService getHostComponentHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new HostComponentService(clusterName, null);
}
@@ -429,8 +394,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/kerberos_identities")
public HostKerberosIdentityService getHostKerberosIdentityHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new HostKerberosIdentityService(clusterName, null);
}
@@ -445,8 +408,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/components")
public ComponentService getComponentHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new ComponentService(clusterName, null);
}
@@ -460,8 +421,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/workflows")
public WorkflowService getWorkflowHandler(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new WorkflowService(clusterName);
}
@@ -475,8 +434,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/config_groups")
public ConfigGroupService getConfigGroupService(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new ConfigGroupService(clusterName);
}
@@ -491,8 +448,6 @@ public class ClusterService extends BaseService {
@Path("{clusterName}/request_schedules")
public RequestScheduleService getRequestScheduleService
(@Context javax.ws.rs.core.Request request, @PathParam ("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new RequestScheduleService(clusterName);
}
@@ -507,8 +462,6 @@ public class ClusterService extends BaseService {
@Path("{clusterName}/alert_definitions")
public AlertDefinitionService getAlertDefinitionService(
@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new AlertDefinitionService(clusterName);
}
@@ -525,8 +478,6 @@ public class ClusterService extends BaseService {
public AlertGroupService getAlertGroups(
@Context javax.ws.rs.core.Request request,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new AlertGroupService(clusterName);
}
@@ -542,8 +493,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/privileges")
public PrivilegeService getPrivilegeService(@Context javax.ws.rs.core.Request request, @PathParam ("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new ClusterPrivilegeService(clusterName);
}
@@ -558,8 +507,6 @@ public class ClusterService extends BaseService {
@Path("{clusterName}/alerts")
public AlertService getAlertService(
@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new AlertService(clusterName, null, null);
}
@@ -577,8 +524,6 @@ public class ClusterService extends BaseService {
public AlertHistoryService getAlertHistoryService(
@Context javax.ws.rs.core.Request request,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new AlertHistoryService(clusterName, null, null);
}
@@ -596,8 +541,6 @@ public class ClusterService extends BaseService {
public AlertNoticeService getAlertNoticeService(
@Context javax.ws.rs.core.Request request,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new AlertNoticeService(clusterName);
}
@@ -614,8 +557,6 @@ public class ClusterService extends BaseService {
@Path("{clusterName}/stack_versions")
public ClusterStackVersionService getClusterStackVersionService(@Context javax.ws.rs.core.Request request,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new ClusterStackVersionService(clusterName);
}
@@ -631,8 +572,6 @@ public class ClusterService extends BaseService {
public UpgradeService getUpgradeService(
@Context javax.ws.rs.core.Request request,
@PathParam("clusterName") String clusterName) {
-
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new UpgradeService(clusterName);
}
@@ -646,7 +585,6 @@ public class ClusterService extends BaseService {
*/
@Path("{clusterName}/rolling_upgrades_check")
public PreUpgradeCheckService getPreUpgradeCheckService(@Context javax.ws.rs.core.Request request, @PathParam("clusterName") String clusterName) {
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new PreUpgradeCheckService(clusterName);
}
@@ -681,7 +619,6 @@ public class ClusterService extends BaseService {
public CredentialService getCredentials(
@Context javax.ws.rs.core.Request request,
@PathParam("clusterName") String clusterName) {
- hasPermission(Request.Type.valueOf(request.getMethod()), clusterName);
return new CredentialService(clusterName);
}
@@ -714,23 +651,4 @@ public class ClusterService extends BaseService {
return createResource(Resource.Type.Artifact, mapIds);
}
-
- /**
- * Determine whether or not the access specified by the given request type is
- * permitted for the current user on the cluster resource identified by the
- * given cluster name.
- *
- * @param requestType
- * the request method type
- * @param clusterName
- * the name of the cluster resource
- *
- * @throws WebApplicationException
- * if access is forbidden
- */
- private void hasPermission(Request.Type requestType, String clusterName) throws WebApplicationException {
- if (!clusters.checkPermission(clusterName, requestType == Request.Type.GET)) {
- throw new WebApplicationException(Response.Status.FORBIDDEN);
- }
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
index b446121..424678e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementController.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -74,8 +74,9 @@ public interface AmbariManagementController {
* @param request the request object which defines the cluster to be created
*
* @throws AmbariException thrown if the cluster cannot be created
+ * @throws AuthorizationException thrown if the authenticated user is not authorized to perform this operation
*/
- public void createCluster(ClusterRequest request) throws AmbariException;
+ public void createCluster(ClusterRequest request) throws AmbariException, AuthorizationException;
/**
* Create the host component defined by the attributes in the given request object.
@@ -135,9 +136,10 @@ public interface AmbariManagementController {
* @return a set of cluster responses
*
* @throws AmbariException thrown if the resource cannot be read
+ * @throws AuthorizationException thrown if the authenticated user is not authorized to perform this operation
*/
public Set<ClusterResponse> getClusters(Set<ClusterRequest> requests)
- throws AmbariException;
+ throws AmbariException, AuthorizationException;
/**
* Get the host components identified by the given request objects.
@@ -224,10 +226,11 @@ public interface AmbariManagementController {
* @return a track action response
*
* @throws AmbariException thrown if the resource cannot be updated
+ * @throws AuthorizationException thrown if the authenticated user is not authorized to perform this operation
*/
public RequestStatusResponse updateClusters(Set<ClusterRequest> requests,
Map<String, String> requestProperties)
- throws AmbariException;
+ throws AmbariException, AuthorizationException;
/**
* Updates the users specified.
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index de8b413..2266a13 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -48,6 +48,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -107,10 +108,10 @@ import org.apache.ambari.server.orm.entities.WidgetLayoutEntity;
import org.apache.ambari.server.orm.entities.WidgetLayoutUserWidgetEntity;
import org.apache.ambari.server.scheduler.ExecutionScheduleManager;
import org.apache.ambari.server.security.authorization.AuthorizationException;
-import org.apache.ambari.server.security.authorization.ResourceType;
-import org.apache.ambari.server.security.authorization.RoleAuthorization;
import org.apache.ambari.server.security.authorization.AuthorizationHelper;
import org.apache.ambari.server.security.authorization.Group;
+import org.apache.ambari.server.security.authorization.ResourceType;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
import org.apache.ambari.server.security.authorization.User;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
@@ -920,7 +921,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
}
private Set<ClusterResponse> getClusters(ClusterRequest request)
- throws AmbariException {
+ throws AmbariException, AuthorizationException {
Set<ClusterResponse> response = new HashSet<ClusterResponse>();
@@ -932,10 +933,21 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
}
Cluster singleCluster = null;
- if (request.getClusterName() != null) {
- singleCluster = clusters.getCluster(request.getClusterName());
- } else if (request.getClusterId() != null) {
- singleCluster = clusters.getClusterById(request.getClusterId());
+ try {
+ if (request.getClusterName() != null) {
+ singleCluster = clusters.getCluster(request.getClusterName());
+ } else if (request.getClusterId() != null) {
+ singleCluster = clusters.getClusterById(request.getClusterId());
+ }
+ }
+ catch(ClusterNotFoundException e) {
+ // the user shouldn't know the difference between a cluster that does not exist or one that
+ // he doesn't have access to.
+ if (AuthorizationHelper.isAuthorized(ResourceType.AMBARI, null, RoleAuthorization.AMBARI_ADD_DELETE_CLUSTERS)) {
+ throw e;
+ } else {
+ throw new AuthorizationException();
+ }
}
if (singleCluster != null) {
@@ -943,7 +955,19 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
cr.setDesiredConfigs(singleCluster.getDesiredConfigs());
cr.setDesiredServiceConfigVersions(singleCluster.getActiveServiceConfigVersions());
cr.setCredentialStoreServiceProperties(getCredentialStoreServiceProperties());
+
+ // If the user is authorized to view information about this cluster, add it to the respons
+// TODO: Uncomment this when the UI doesn't require view access for View-only users.
+// if (AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cr.getClusterId(),
+// RoleAuthorization.AUTHORIZATIONS_VIEW_CLUSTER)) {
response.add(cr);
+// }
+// else {
+// // the user shouldn't know the difference between a cluster that does not exist or one that
+// // he doesn't have access to.
+// throw new AuthorizationException();
+// }
+
return response;
}
@@ -957,7 +981,13 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
continue;
}
}
+
+// TODO: Uncomment this when the UI doesn't require view access for View-only users.
+// If the user is authorized to view information about this cluster, add it to the response
+// if (AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, c.getClusterId(),
+// RoleAuthorization.AUTHORIZATIONS_VIEW_CLUSTER)) {
response.add(c.convertToResponse());
+// }
}
StringBuilder builder = new StringBuilder();
if (LOG.isDebugEnabled()) {
@@ -1260,7 +1290,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
@Override
public synchronized RequestStatusResponse updateClusters(Set<ClusterRequest> requests,
Map<String, String> requestProperties)
- throws AmbariException {
+ throws AmbariException, AuthorizationException {
RequestStatusResponse response = null;
@@ -1337,7 +1367,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
}
private synchronized RequestStatusResponse updateCluster(ClusterRequest request, Map<String, String> requestProperties)
- throws AmbariException {
+ throws AmbariException, AuthorizationException {
RequestStageContainer requestStageContainer = null;
@@ -1375,6 +1405,11 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
if (LOG.isDebugEnabled()) {
LOG.debug("Received cluster name change request from " + cluster.getClusterName() + " to " + request.getClusterName());
}
+
+ if(!AuthorizationHelper.isAuthorized(ResourceType.AMBARI, null, EnumSet.of(RoleAuthorization.AMBARI_RENAME_CLUSTER))) {
+ throw new AuthorizationException("The authenticated user does not have authorization to rename the cluster");
+ }
+
cluster.setClusterName(request.getClusterName());
}
@@ -1469,6 +1504,10 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
configs.add(cluster.getConfig(cr.getType(), cr.getVersionTag()));
}
if (!configs.isEmpty()) {
+ if(!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getClusterId(), EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS))) {
+ throw new AuthorizationException("The authenticated user does not have authorization to modify service configurations");
+ }
+
String authName = getAuthName();
serviceConfigVersionResponse = cluster.addDesiredConfig(authName, configs, note);
if (serviceConfigVersionResponse != null) {
@@ -1488,6 +1527,10 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
// Set the current version value if its not already set
if (currentVersion == null) {
+ if(!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getClusterId(), EnumSet.of(RoleAuthorization.CLUSTER_UPGRADE_DOWNGRADE_STACK))) {
+ throw new AuthorizationException("The authenticated user does not have authorization to modify stack version");
+ }
+
cluster.setCurrentStackVersion(desiredVersion);
}
// Stack Upgrade: unlike the workflow for creating a cluster, updating a cluster via the API will not
@@ -1540,6 +1583,10 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
}
if (null != request.getServiceConfigVersionRequest()) {
+ if(!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getClusterId(), EnumSet.of(RoleAuthorization.SERVICE_MODIFY_CONFIGS))) {
+ throw new AuthorizationException("The authenticated user does not have authorization to modify service configurations");
+ }
+
ServiceConfigVersionRequest serviceConfigVersionRequest = request.getServiceConfigVersionRequest();
if (StringUtils.isEmpty(serviceConfigVersionRequest.getServiceName()) ||
null == serviceConfigVersionRequest.getVersion()) {
@@ -1579,6 +1626,10 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
// if any custom operations are valid and requested, the process of executing them should be initiated,
// most of the validation logic will be left to the KerberosHelper to avoid polluting the controller
if (kerberosHelper.shouldExecuteCustomOperations(securityType, requestProperties)) {
+ if(!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getClusterId(), EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS))) {
+ throw new AuthorizationException("The authenticated user does not have authorization to perform Kerberos-specific operations");
+ }
+
try {
requestStageContainer = kerberosHelper.executeCustomOperations(cluster, requestProperties, requestStageContainer,
kerberosHelper.getManageIdentitiesDirective(requestProperties));
@@ -1590,6 +1641,10 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
cluster.getSecurityType().name(), securityType.name());
if ((securityType == SecurityType.KERBEROS) || (securityType == SecurityType.NONE)) {
+ if(!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getClusterId(), EnumSet.of(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS))) {
+ throw new AuthorizationException("The authenticated user does not have authorization to enable or disable Kerberos");
+ }
+
// Since the security state of the cluster has changed, invoke toggleKerberos to handle
// adding or removing Kerberos from the cluster. This may generate multiple stages
// or not depending the current state of the cluster.
@@ -3050,7 +3105,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
}
@Override
- public Set<ClusterResponse> getClusters(Set<ClusterRequest> requests) throws AmbariException {
+ public Set<ClusterResponse> getClusters(Set<ClusterRequest> requests) throws AmbariException, AuthorizationException {
Set<ClusterResponse> response = new HashSet<ClusterResponse>();
for (ClusterRequest request : requests) {
try {
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java
index 84c13b9..2add289 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterResourceProvider.java
@@ -36,6 +36,10 @@ import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
+import org.apache.ambari.server.security.authorization.ResourceType;
+import org.apache.ambari.server.security.authorization.RoleAuthorization;
+import org.apache.ambari.server.security.authorization.AuthorizationHelper;
import org.apache.ambari.server.state.SecurityType;
import org.apache.ambari.server.topology.InvalidTopologyException;
import org.apache.ambari.server.topology.InvalidTopologyTemplateException;
@@ -43,10 +47,12 @@ import org.apache.ambari.server.topology.SecurityConfiguration;
import org.apache.ambari.server.topology.SecurityConfigurationFactory;
import org.apache.ambari.server.topology.TopologyManager;
import org.apache.ambari.server.topology.TopologyRequestFactory;
+import org.springframework.security.core.Authentication;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
+import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -154,13 +160,53 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
*/
ClusterResourceProvider(AmbariManagementController managementController) {
super(propertyIds, keyPropertyIds, managementController);
- }
+ setRequiredCreateAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_ADD_DELETE_CLUSTERS));
+ setRequiredDeleteAuthorizations(EnumSet.of(RoleAuthorization.AMBARI_ADD_DELETE_CLUSTERS));
+ setRequiredGetAuthorizations(RoleAuthorization.AUTHORIZATIONS_VIEW_CLUSTER);
+ setRequiredUpdateAuthorizations(RoleAuthorization.AUTHORIZATIONS_UPDATE_CLUSTER);
+ }
// ----- ResourceProvider ------------------------------------------------
@Override
- public RequestStatus createResources(Request request)
+ protected Set<String> getPKPropertyIds() {
+ return pkPropertyIds;
+ }
+
+ /**
+ * {@inheritDoc} Overridden to support configuration.
+ */
+ @Override
+ public Set<String> checkPropertyIds(Set<String> propertyIds) {
+ Set<String> baseUnsupported = super.checkPropertyIds(propertyIds);
+
+ // extract to own method
+ baseUnsupported.remove("blueprint");
+ baseUnsupported.remove("host_groups");
+ baseUnsupported.remove("default_password");
+ baseUnsupported.remove("configurations");
+ baseUnsupported.remove("credentials");
+ baseUnsupported.remove("config_recommendation_strategy");
+
+ return checkConfigPropertyIds(baseUnsupported, "Clusters");
+ }
+
+
+ // ----- AbstractAuthorizedResourceProvider ------------------------------------------------
+
+ @Override
+ protected boolean isAuthorizedToCreateResources(Authentication authentication, Request request) {
+ return AuthorizationHelper.isAuthorized(authentication, ResourceType.AMBARI, null, getRequiredCreateAuthorizations());
+ }
+
+ @Override
+ protected boolean isAuthorizedToDeleteResources(Authentication authentication, Predicate predicate) throws SystemException {
+ return AuthorizationHelper.isAuthorized(authentication, ResourceType.AMBARI, null, getRequiredDeleteAuthorizations());
+ }
+
+ @Override
+ protected RequestStatus createResourcesAuthorized(Request request)
throws SystemException,
UnsupportedPropertyException,
ResourceAlreadyExistsException,
@@ -194,9 +240,11 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
}
Set<String> requestedIds = getRequestPropertyIds(request, predicate);
+ // Authorization checks are performed internally. If the user is not allowed to access a particular
+ // cluster, it should not show up in the responses.
Set<ClusterResponse> responses = getResources(new Command<Set<ClusterResponse>>() {
@Override
- public Set<ClusterResponse> invoke() throws AmbariException {
+ public Set<ClusterResponse> invoke() throws AmbariException, AuthorizationException {
return getManagementController().getClusters(requests);
}
});
@@ -208,10 +256,6 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
}
// Allow internal call to bypass permissions check.
- Map<String, String> requestInfoProperties = request.getRequestInfoProperties();
- boolean ignorePermissions = requestInfoProperties == null ? false :
- Boolean.valueOf(requestInfoProperties.get(GET_IGNORE_PERMISSIONS_PROPERTY_ID));
-
for (ClusterResponse response : responses) {
String clusterName = response.getClusterName();
@@ -235,15 +279,14 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
LOG.debug("Adding ClusterResponse to resource"
+ ", clusterResponse=" + response.toString());
}
- if (ignorePermissions || includeCluster(clusterName, true)) {
- resources.add(resource);
- }
+
+ resources.add(resource);
}
return resources;
}
@Override
- public RequestStatus updateResources(final Request request, Predicate predicate)
+ protected RequestStatus updateResourcesAuthorized(final Request request, Predicate predicate)
throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
final Set<ClusterRequest> requests = new HashSet<ClusterRequest>();
@@ -253,14 +296,12 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
Set<Map<String, Object>> propertyMaps = getPropertyMaps(requestPropertyMap, predicate);
for (Map<String, Object> propertyMap : propertyMaps) {
ClusterRequest clusterRequest = getRequest(propertyMap);
- if (includeCluster(clusterRequest.getClusterName(), false)) {
- requests.add(clusterRequest);
- }
+ requests.add(clusterRequest);
}
}
response = modifyResources(new Command<RequestStatusResponse>() {
@Override
- public RequestStatusResponse invoke() throws AmbariException {
+ public RequestStatusResponse invoke() throws AmbariException, AuthorizationException {
return getManagementController().updateClusters(requests, request.getRequestInfoProperties());
}
});
@@ -304,12 +345,11 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
}
@Override
- public RequestStatus deleteResources(Predicate predicate)
+ protected RequestStatus deleteResourcesAuthorized(Predicate predicate)
throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
for (Map<String, Object> propertyMap : getPropertyMaps(predicate)) {
final ClusterRequest clusterRequest = getRequest(propertyMap);
- if (includeCluster(clusterRequest.getClusterName(), false)) {
modifyResources(new Command<Void>() {
@Override
public Void invoke() throws AmbariException {
@@ -317,35 +357,11 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
return null;
}
});
- }
}
notifyDelete(Resource.Type.Cluster, predicate);
return getRequestStatus(null);
}
- @Override
- protected Set<String> getPKPropertyIds() {
- return pkPropertyIds;
- }
-
- /**
- * {@inheritDoc} Overridden to support configuration.
- */
- @Override
- public Set<String> checkPropertyIds(Set<String> propertyIds) {
- Set<String> baseUnsupported = super.checkPropertyIds(propertyIds);
-
- // extract to own method
- baseUnsupported.remove("blueprint");
- baseUnsupported.remove("host_groups");
- baseUnsupported.remove("default_password");
- baseUnsupported.remove("configurations");
- baseUnsupported.remove("credentials");
- baseUnsupported.remove("config_recommendation_strategy");
-
- return checkConfigPropertyIds(baseUnsupported, "Clusters");
- }
-
// ----- ClusterResourceProvider -------------------------------------------
@@ -534,26 +550,12 @@ public class ClusterResourceProvider extends AbstractControllerResourceProvider
createResources(new Command<Void>() {
@Override
- public Void invoke() throws AmbariException {
+ public Void invoke() throws AmbariException, AuthorizationException {
getManagementController().createCluster(getRequest(properties));
return null;
}
});
}
- /**
- * Determine whether or not the cluster resource identified
- * by the given cluster name should be included based on the
- * permissions granted to the current user.
- *
- * @param clusterName the cluster name
- * @param readOnly indicate whether or not this is for a read only operation
- *
- * @return true if the cluster should be included based on the permissions of the current user
- */
- private boolean includeCluster(String clusterName, boolean readOnly) {
- return getManagementController().getClusters().checkPermission(clusterName, readOnly);
- }
-
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 15f0fe6..2bc749f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -64,6 +64,7 @@ public class AmbariAuthorizationFilter implements Filter {
private static final String API_USERS_ALL_PATTERN = API_VERSION_PREFIX + "/users.*";
private static final String API_PRIVILEGES_ALL_PATTERN = API_VERSION_PREFIX + "/privileges.*";
private static final String API_GROUPS_ALL_PATTERN = API_VERSION_PREFIX + "/groups.*";
+ private static final String API_CLUSTERS_PATTERN = API_VERSION_PREFIX + "/clusters/(\\w+)?";
private static final String API_CLUSTERS_ALL_PATTERN = API_VERSION_PREFIX + "/clusters.*";
private static final String API_VIEWS_ALL_PATTERN = API_VERSION_PREFIX + "/views.*";
private static final String API_PERSIST_ALL_PATTERN = API_VERSION_PREFIX + "/persist.*";
@@ -252,6 +253,7 @@ public class AmbariAuthorizationFilter implements Filter {
return requestURI.matches(API_USERS_ALL_PATTERN) ||
requestURI.matches(API_GROUPS_ALL_PATTERN) ||
requestURI.matches(API_CREDENTIALS_ALL_PATTERN) ||
+ requestURI.matches(API_CLUSTERS_PATTERN) ||
requestURI.matches(API_PRIVILEGES_ALL_PATTERN);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
index baa394c..ba952c0 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariCustomCommandExecutionHelperTest.java
@@ -43,6 +43,7 @@ import org.apache.ambari.server.controller.internal.ServiceResourceProviderTest;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Host;
import org.apache.ambari.server.state.HostState;
@@ -144,7 +145,7 @@ public class AmbariCustomCommandExecutionHelperTest {
Assert.assertEquals(1, command.getForceRefreshConfigTags().size());
Assert.assertEquals("capacity-scheduler", command.getForceRefreshConfigTags().iterator().next());
- } catch (AmbariException e) {
+ } catch (Exception e) {
Assert.fail(e.getMessage());
}
}
@@ -289,7 +290,7 @@ public class AmbariCustomCommandExecutionHelperTest {
Assert.assertFalse(helper.isTopologyRefreshRequired("STOP", "c1", "HDFS"));
}
- private void createClusterFixture(String stackVersion) throws AmbariException {
+ private void createClusterFixture(String stackVersion) throws AmbariException, AuthorizationException {
createCluster("c1", stackVersion);
addHost("c6401","c1");
addHost("c6402","c1");
@@ -329,7 +330,7 @@ public class AmbariCustomCommandExecutionHelperTest {
host.setHostAttributes(hostAttributes);
}
- private void createCluster(String clusterName, String stackVersion) throws AmbariException {
+ private void createCluster(String clusterName, String stackVersion) throws AmbariException, AuthorizationException {
ClusterRequest r = new ClusterRequest(null, clusterName, State.INSTALLED.name(),
SecurityType.NONE, stackVersion, null);
controller.createCluster(r);
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
index e2ec5e0..6d6cea6 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
@@ -896,6 +896,7 @@ public class AmbariManagementControllerImplTest {
expect(clusterRequest.getClusterId()).andReturn(1L).times(6);
expect(clusterRequest.getSecurityType()).andReturn(SecurityType.NONE).anyTimes();
expect(clusters.getClusterById(1L)).andReturn(cluster).times(2);
+ expect(cluster.getClusterId()).andReturn(1L).times(2);
expect(cluster.getClusterName()).andReturn("cluster").times(2);
expect(cluster.getSecurityType()).andReturn(SecurityType.KERBEROS).anyTimes();
expect(cluster.getCurrentClusterVersion()).andReturn(null).anyTimes();
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
index bed55c5..9dbfcff 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
@@ -104,6 +104,7 @@ import org.apache.ambari.server.orm.entities.HostRoleCommandEntity;
import org.apache.ambari.server.orm.entities.WidgetEntity;
import org.apache.ambari.server.orm.entities.WidgetLayoutEntity;
import org.apache.ambari.server.orm.entities.WidgetLayoutUserWidgetEntity;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.ambari.server.security.authorization.internal.InternalAuthenticationToken;
import org.apache.ambari.server.serveraction.ServerAction;
@@ -293,7 +294,7 @@ public class AmbariManagementControllerTest {
* @param clusterName Cluster name
* @throws AmbariException
*/
- private void createCluster(String clusterName) throws AmbariException {
+ private void createCluster(String clusterName) throws AmbariException, AuthorizationException {
ClusterRequest r = new ClusterRequest(null, clusterName, State.INSTALLED.name(), SecurityType.NONE, "HDP-0.1", null);
controller.createCluster(r);
}
@@ -546,7 +547,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testCreateClusterSimple() throws AmbariException {
+ public void testCreateClusterSimple() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
Set<ClusterResponse> r =
@@ -570,7 +571,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testCreateClusterWithHostMapping() throws AmbariException {
+ public void testCreateClusterWithHostMapping() throws AmbariException, AuthorizationException {
Set<String> hostNames = new HashSet<String>();
hostNames.add("h1");
hostNames.add("h2");
@@ -648,7 +649,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testCreateServicesSimple() throws AmbariException {
+ public void testCreateServicesSimple() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
String serviceName = "HDFS";
@@ -779,7 +780,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testCreateServiceWithInvalidInfo() throws AmbariException {
+ public void testCreateServiceWithInvalidInfo() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
String serviceName = "HDFS";
@@ -849,7 +850,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testCreateServiceComponentSimple() throws AmbariException {
+ public void testCreateServiceComponentSimple() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
String serviceName = "HDFS";
@@ -1289,7 +1290,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testCreateServiceComponentHostSimple() throws AmbariException {
+ public void testCreateServiceComponentHostSimple() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -1390,7 +1391,7 @@ public class AmbariManagementControllerTest {
@Test
public void testCreateServiceComponentHostMultiple()
- throws AmbariException {
+ throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
String serviceName = "HDFS";
@@ -2117,7 +2118,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testGetClusters() throws AmbariException {
+ public void testGetClusters() throws AmbariException, AuthorizationException {
clusters.addCluster("c1", new StackId("HDP-0.1"));
Cluster c1 = clusters.getCluster("c1");
@@ -2141,7 +2142,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testGetClustersWithFilters() throws AmbariException {
+ public void testGetClustersWithFilters() throws AmbariException, AuthorizationException {
clusters.addCluster("c1", new StackId("HDP-0.1"));
clusters.addCluster("c2", new StackId("HDP-0.1"));
clusters.addCluster("c3", new StackId("HDP-1.2.0"));
@@ -2446,7 +2447,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testGetServiceComponentHosts() throws AmbariException {
+ public void testGetServiceComponentHosts() throws AmbariException, AuthorizationException {
Cluster c1 = setupClusterWithHosts("c1", "HDP-0.1", new ArrayList<String>() {{
add("h1");
}}, "centos5");
@@ -2495,7 +2496,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testGetServiceComponentHostsWithStaleConfigFilter() throws AmbariException {
+ public void testGetServiceComponentHostsWithStaleConfigFilter() throws AmbariException, AuthorizationException {
final String host1 = "h1";
final String host2 = "h2";
@@ -2681,7 +2682,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testHbaseDecommission() throws AmbariException {
+ public void testHbaseDecommission() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -2830,7 +2831,7 @@ public class AmbariManagementControllerTest {
}
private Cluster setupClusterWithHosts(String clusterName, String stackId, List<String> hosts,
- String osType) throws AmbariException {
+ String osType) throws AmbariException, AuthorizationException {
ClusterRequest r = new ClusterRequest(null, clusterName, stackId, null);
controller.createCluster(r);
Cluster c1 = clusters.getCluster(clusterName);
@@ -2841,7 +2842,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testGetServiceComponentHostsWithFilters() throws AmbariException {
+ public void testGetServiceComponentHostsWithFilters() throws AmbariException, AuthorizationException {
Cluster c1 = setupClusterWithHosts("c1", "HDP-0.2",
new ArrayList<String>() {{
add("h1");
@@ -2998,7 +2999,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testGetHosts() throws AmbariException {
+ public void testGetHosts() throws AmbariException, AuthorizationException {
setupClusterWithHosts("c1", "HDP-0.2",
new ArrayList<String>() {{
add("h1");
@@ -3062,7 +3063,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testServiceUpdateBasic() throws AmbariException {
+ public void testServiceUpdateBasic() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
String serviceName = "HDFS";
@@ -3105,7 +3106,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testServiceUpdateInvalidRequest() throws AmbariException {
+ public void testServiceUpdateInvalidRequest() throws AmbariException, AuthorizationException {
// multiple clusters
// dup services
// multiple diff end states
@@ -3191,7 +3192,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testServiceUpdateRecursive() throws AmbariException {
+ public void testServiceUpdateRecursive() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -3441,7 +3442,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testServiceComponentUpdateRecursive() throws AmbariException {
+ public void testServiceComponentUpdateRecursive() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
String serviceName1 = "HDFS";
@@ -4301,7 +4302,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testComponentCategorySentWithRestart() throws AmbariException {
+ public void testComponentCategorySentWithRestart() throws AmbariException, AuthorizationException {
setupClusterWithHosts("c1", "HDP-2.0.7",
new ArrayList<String>() {{
add("h1");
@@ -4851,7 +4852,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testRcaOnJobtrackerHost() throws AmbariException {
+ public void testRcaOnJobtrackerHost() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
Cluster cluster = clusters.getCluster(clusterName);
@@ -5430,7 +5431,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testReConfigureServiceClient() throws AmbariException {
+ public void testReConfigureServiceClient() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
Cluster cluster = clusters.getCluster(clusterName);
@@ -5715,7 +5716,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testClientServiceSmokeTests() throws AmbariException {
+ public void testClientServiceSmokeTests() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -5808,7 +5809,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testSkipTaskOnUnhealthyHosts() throws AmbariException {
+ public void testSkipTaskOnUnhealthyHosts() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -5943,7 +5944,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testServiceCheckWhenHostIsUnhealthy() throws AmbariException {
+ public void testServiceCheckWhenHostIsUnhealthy() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -6049,7 +6050,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testReInstallForInstallFailedClient() throws AmbariException {
+ public void testReInstallForInstallFailedClient() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -6178,7 +6179,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testReInstallClientComponentFromServiceChange() throws AmbariException {
+ public void testReInstallClientComponentFromServiceChange() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -6411,7 +6412,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testResourceFiltersWithCustomActions() throws AmbariException {
+ public void testResourceFiltersWithCustomActions() throws AmbariException, AuthorizationException {
setupClusterWithHosts("c1", "HDP-2.0.6",
new ArrayList<String>() {{
add("h1");
@@ -6513,7 +6514,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testResourceFiltersWithCustomCommands() throws AmbariException {
+ public void testResourceFiltersWithCustomCommands() throws AmbariException, AuthorizationException {
setupClusterWithHosts("c1", "HDP-2.0.6",
new ArrayList<String>() {{
add("h1");
@@ -6624,7 +6625,7 @@ public class AmbariManagementControllerTest {
@Test
- public void testConfigsAttachedToServiceChecks() throws AmbariException {
+ public void testConfigsAttachedToServiceChecks() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
Cluster cluster = clusters.getCluster(clusterName);
@@ -6706,7 +6707,7 @@ public class AmbariManagementControllerTest {
@Test
@Ignore("Unsuported feature !")
- public void testConfigsAttachedToServiceNotCluster() throws AmbariException {
+ public void testConfigsAttachedToServiceNotCluster() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName).setDesiredStackVersion(new StackId("HDP-0.1"));
@@ -6786,7 +6787,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testHostLevelParamsSentWithCommands() throws AmbariException {
+ public void testHostLevelParamsSentWithCommands() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
clusters.getCluster(clusterName)
@@ -6844,7 +6845,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testConfigGroupOverridesWithHostActions() throws AmbariException {
+ public void testConfigGroupOverridesWithHostActions() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
Cluster cluster = clusters.getCluster(clusterName);
@@ -7011,7 +7012,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testConfigGroupOverridesWithDecommissionDatanode() throws AmbariException {
+ public void testConfigGroupOverridesWithDecommissionDatanode() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
Cluster cluster = clusters.getCluster(clusterName);
@@ -7114,7 +7115,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testConfigGroupOverridesWithServiceCheckActions() throws AmbariException {
+ public void testConfigGroupOverridesWithServiceCheckActions() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
createCluster(clusterName);
Cluster cluster = clusters.getCluster(clusterName);
@@ -7455,7 +7456,7 @@ public class AmbariManagementControllerTest {
// disabled as upgrade feature is disabled
@Ignore
@Test
- public void testUpdateClusterVersionBasic() throws AmbariException {
+ public void testUpdateClusterVersionBasic() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
String serviceName = "MAPREDUCE";
String host1 = "h1";
@@ -7587,7 +7588,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testUpdateClusterUpgradabilityCheck() throws AmbariException {
+ public void testUpdateClusterUpgradabilityCheck() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
StackId currentStackId = new StackId("HDP-0.2");
@@ -7619,7 +7620,7 @@ public class AmbariManagementControllerTest {
// disabled as cluster upgrade feature is disabled
@Ignore
@Test
- public void testUpdateClusterVersionCombinations() throws AmbariException {
+ public void testUpdateClusterVersionCombinations() throws AmbariException, AuthorizationException {
String clusterName = "foo1";
String pigServiceName = "PIG";
String mrServiceName = "MAPREDUCE";
@@ -8912,7 +8913,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testApplyConfigurationWithTheSameTag() {
+ public void testApplyConfigurationWithTheSameTag() throws AuthorizationException {
Injector injector = Guice.createInjector(new AbstractModule() {
@Override
protected void configure() {
@@ -10457,7 +10458,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testConfigAttributesStaleConfigFilter() throws AmbariException {
+ public void testConfigAttributesStaleConfigFilter() throws AmbariException, AuthorizationException {
final String host1 = "h1";
final String host2 = "h2";
@@ -10556,7 +10557,7 @@ public class AmbariManagementControllerTest {
}
@Test
- public void testSecretReferences() throws AmbariException {
+ public void testSecretReferences() throws AmbariException, AuthorizationException {
final String host1 = "h1";
final String host2 = "h2";
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
index 30be261..e1e9104 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/BackgroundCustomCommandExecutionTest.java
@@ -42,6 +42,7 @@ import org.apache.ambari.server.controller.internal.RequestResourceFilter;
import org.apache.ambari.server.controller.internal.ServiceResourceProviderTest;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Host;
import org.apache.ambari.server.state.HostState;
@@ -148,12 +149,12 @@ public class BackgroundCustomCommandExecutionTest {
Assert.assertEquals(AgentCommandType.BACKGROUND_EXECUTION_COMMAND, command.getCommandType());
Assert.assertEquals("{\"threshold\":13}", command.getCommandParams().get("namenode"));
- } catch (AmbariException e) {
+ } catch (Exception e) {
Assert.fail(e.getMessage());
}
}
- private void createClusterFixture() throws AmbariException {
+ private void createClusterFixture() throws AmbariException, AuthorizationException {
createCluster("c1");
addHost("c6401","c1");
addHost("c6402","c1");
@@ -182,7 +183,7 @@ public class BackgroundCustomCommandExecutionTest {
host.setHostAttributes(hostAttributes);
}
- private void createCluster(String clusterName) throws AmbariException {
+ private void createCluster(String clusterName) throws AmbariException, AuthorizationException {
ClusterRequest r = new ClusterRequest(null, clusterName, State.INSTALLED.name(), SecurityType.NONE, "HDP-2.0.6", null);
controller.createCluster(r);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/19194e0b/ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java
index e93a479..c871ec7 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/RefreshYarnCapacitySchedulerReleaseConfigTest.java
@@ -32,6 +32,8 @@ import org.apache.ambari.server.controller.internal.ComponentResourceProviderTes
import org.apache.ambari.server.controller.internal.ServiceResourceProviderTest;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.ConfigHelper;
@@ -49,6 +51,8 @@ import org.junit.Test;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.persist.PersistService;
+import org.springframework.security.core.context.SecurityContextHolder;
+
@SuppressWarnings("serial")
public class RefreshYarnCapacitySchedulerReleaseConfigTest {
@@ -68,16 +72,24 @@ public class RefreshYarnCapacitySchedulerReleaseConfigTest {
clusters = injector.getInstance(Clusters.class);
configHelper = injector.getInstance(ConfigHelper.class);
ambariMetaInfo = injector.getInstance(AmbariMetaInfo.class);
+
+ // Set the authenticated user
+ // TODO: remove this or replace the authenticated user to test authorization rules
+ SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
}
+
@After
public void teardown() {
injector.getInstance(PersistService.class).stop();
+
+ // Clear the authenticated user
+ SecurityContextHolder.getContext().setAuthentication(null);
}
@Test
- public void testRMRequiresRestart() throws AmbariException{
+ public void testRMRequiresRestart() throws AmbariException, AuthorizationException {
createClusterFixture("HDP-2.0.7");
@@ -100,7 +112,7 @@ public class RefreshYarnCapacitySchedulerReleaseConfigTest {
}
@Test
- public void testAllRequiresRestart() throws AmbariException{
+ public void testAllRequiresRestart() throws AmbariException, AuthorizationException {
createClusterFixture("HDP-2.0.7");
Cluster cluster = clusters.getCluster("c1");
@@ -145,7 +157,7 @@ public class RefreshYarnCapacitySchedulerReleaseConfigTest {
}
}
- private void createClusterFixture(String stackName) throws AmbariException {
+ private void createClusterFixture(String stackName) throws AmbariException, AuthorizationException {
createCluster("c1", stackName);
addHost("c6401","c1");
addHost("c6402","c1");
@@ -182,7 +194,7 @@ public class RefreshYarnCapacitySchedulerReleaseConfigTest {
host.setHostAttributes(hostAttributes);
}
- private void createCluster(String clusterName, String stackName) throws AmbariException {
+ private void createCluster(String clusterName, String stackName) throws AmbariException, AuthorizationException {
ClusterRequest r = new ClusterRequest(null, clusterName, State.INSTALLED.name(), SecurityType.NONE, stackName, null);
controller.createCluster(r);
}