You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/10/02 20:40:00 UTC
[49/50] [abbrv] ambari git commit: Merge branch 'trunk' into
branch-feature-AMBARI-20859
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
----------------------------------------------------------------------
diff --cc ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 8e30400,b2993e3..3955e81
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@@ -3596,38 -3683,22 +3609,7 @@@ public class AmbariManagementController
return deleteStatusMetaData;
}
- private void deleteHostComponent(ServiceComponent serviceComponent, ServiceComponentHost componentHost) throws AmbariException {
- String serviceName = serviceComponent.getServiceName();
- String master_component_name = null;
- String slave_component_name = componentHost.getServiceComponentName();
- HostComponentAdminState desiredAdminState = componentHost.getComponentAdminState();
- State slaveState = componentHost.getState();
- //Delete hostcomponents
- serviceComponent.deleteServiceComponentHosts(componentHost.getHostName());
- // If deleted hostcomponents support decomission and were decommited and stopped or in unknown state
- if (masterToSlaveMappingForDecom.containsValue(slave_component_name)
- && desiredAdminState.equals(HostComponentAdminState.DECOMMISSIONED)
- && (slaveState.equals(State.INSTALLED) || slaveState.equals(State.UNKNOWN))) {
- for (Entry<String, String> entrySet : masterToSlaveMappingForDecom.entrySet()) {
- if (entrySet.getValue().equals(slave_component_name)) {
- master_component_name = entrySet.getKey();
- }
- }
-
- //Mark master component as needed to restart for remove host info from components UI
- Cluster cluster = clusters.getCluster(serviceComponent.getClusterName());
- Service service = cluster.getService(serviceName);
- ServiceComponent sc = service.getServiceComponent(master_component_name);
-
- if (sc != null && sc.isMasterComponent()) {
- for (ServiceComponentHost sch : sc.getServiceComponentHosts().values()) {
- sch.setRestartRequired(true);
- }
- }
- }
- }
-
@Override
- public void deleteUsers(Set<UserRequest> requests)
- throws AmbariException {
-
- for (UserRequest r : requests) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Received a delete user request, username={}", r.getUsername());
- }
- User u = users.getAnyUser(r.getUsername());
- if (null != u) {
- users.removeUser(u);
- }
- }
- }
-
- @Override
public void deleteGroups(Set<GroupRequest> requests) throws AmbariException {
for (GroupRequest request: requests) {
LOG.debug("Received a delete group request, groupname={}", request.getGroupName());
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/controller/ResourceProviderFactory.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AbstractControllerResourceProvider.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
----------------------------------------------------------------------
diff --cc ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
index b9bcff6,8678294..0823729
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
@@@ -50,9 -52,11 +51,11 @@@ public class AmbariPamAuthenticationPro
@Inject
private Users users;
@Inject
- protected UserDAO userDAO;
+ private UserDAO userDAO;
@Inject
- protected GroupDAO groupDAO;
+ private GroupDAO groupDAO;
+ @Inject
+ private PamAuthenticationFactory pamAuthenticationFactory;
private static final Logger LOG = LoggerFactory.getLogger(AmbariPamAuthenticationProvider.class);
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
----------------------------------------------------------------------
diff --cc ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index d4eae9d,91cefe9..2dedc9e
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@@ -28,10 -27,11 +28,11 @@@ import java.util.List
import java.util.Map;
import java.util.Set;
-import javax.inject.Inject;
import javax.persistence.EntityManager;
+import javax.persistence.OptimisticLockException;
import org.apache.ambari.server.AmbariException;
+ import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.hooks.HookContextFactory;
import org.apache.ambari.server.hooks.HookService;
import org.apache.ambari.server.orm.dao.GroupDAO;
@@@ -57,9 -56,13 +58,11 @@@ import org.apache.ambari.server.securit
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
+ import com.google.common.base.Strings;
+ import com.google.common.collect.Sets;
+import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import com.google.inject.persist.Transactional;
@@@ -72,45 -75,34 +75,48 @@@ public class Users
private static final Logger LOG = LoggerFactory.getLogger(Users.class);
+ /**
+ * The maximum number of retries when handling OptimisticLockExceptions
+ */
+ private static final int MAX_RETRIES = 10;
+
@Inject
- Provider<EntityManager> entityManagerProvider;
+ private Provider<EntityManager> entityManagerProvider;
+
@Inject
- protected UserDAO userDAO;
+ private UserDAO userDAO;
+
@Inject
- protected GroupDAO groupDAO;
+ private UserAuthenticationDAO userAuthenticationDAO;
+
@Inject
- protected MemberDAO memberDAO;
+ private GroupDAO groupDAO;
+
@Inject
- protected PrincipalDAO principalDAO;
+ private MemberDAO memberDAO;
+
@Inject
- protected PermissionDAO permissionDAO;
+ private PrincipalDAO principalDAO;
+
@Inject
- protected PrivilegeDAO privilegeDAO;
+ private PermissionDAO permissionDAO;
+
@Inject
- protected ResourceDAO resourceDAO;
+ private PrivilegeDAO privilegeDAO;
+
@Inject
- protected ResourceTypeDAO resourceTypeDAO;
+ private ResourceDAO resourceDAO;
+
@Inject
- protected PrincipalTypeDAO principalTypeDAO;
+ private PrincipalTypeDAO principalTypeDAO;
+
@Inject
- protected PasswordEncoder passwordEncoder;
+ private PasswordEncoder passwordEncoder;
+
@Inject
+ protected Configuration configuration;
- @Inject
- private AmbariLdapAuthenticationProvider ldapAuthenticationProvider;
+
+ @Inject
private Provider<HookService> hookServiceProvider;
@Inject
@@@ -287,29 -355,13 +293,29 @@@
public synchronized void removeUser(User user) throws AmbariException {
UserEntity userEntity = userDAO.findByPK(user.getUserId());
if (userEntity != null) {
+ removeUser(userEntity);
+ } else {
+ throw new AmbariException("User " + user + " doesn't exist");
+ }
+ }
+
+ /**
+ * Removes a user from the Ambari database.
+ * <p>
+ * It is expected that the associated user authentication records are removed by this operation
+ * as well.
+ *
+ * @param userEntity the user to remove
+ * @throws AmbariException
+ */
+ @Transactional
+ public synchronized void removeUser(UserEntity userEntity) throws AmbariException {
+ if (userEntity != null) {
if (!isUserCanBeRemoved(userEntity)) {
throw new AmbariException("Could not remove user " + userEntity.getUserName() +
- ". System should have at least one administrator.");
+ ". System should have at least one administrator.");
}
userDAO.remove(userEntity);
- } else {
- throw new AmbariException("User " + user + " doesn't exist");
}
}
@@@ -665,38 -652,21 +671,38 @@@
allGroups.put(groupEntity.getGroupName(), groupEntity);
}
- final PrincipalTypeEntity userPrincipalType = principalTypeDAO
- .ensurePrincipalTypeCreated(PrincipalTypeEntity.USER_PRINCIPAL_TYPE);
final PrincipalTypeEntity groupPrincipalType = principalTypeDAO
- .ensurePrincipalTypeCreated(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE);
+ .ensurePrincipalTypeCreated(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE);
- // remove users
+ /* *****
+ * Remove users
+ * First remove the relevant LDAP entries for this user.
+ * If no more user authentication items exists for the user, then remove the user.
+ * ***** */
final Set<UserEntity> usersToRemove = new HashSet<>();
+ final Set<UserAuthenticationEntity> authenticationEntitiesToRemove = new HashSet<>();
for (String userName : batchInfo.getUsersToBeRemoved()) {
UserEntity userEntity = userDAO.findUserByName(userName);
- if (userEntity == null) {
- continue;
+ if (userEntity != null) {
+ List<UserAuthenticationEntity> authenticationEntities = userEntity.getAuthenticationEntities();
+ Iterator<UserAuthenticationEntity> iterator = authenticationEntities.iterator();
+ while (iterator.hasNext()) {
+ UserAuthenticationEntity authenticationEntity = iterator.next();
+
+ if (authenticationEntity.getAuthenticationType() == UserAuthenticationType.LDAP) {
+ // TODO: Determine if this is the _relevant_ LDAP authentication entry - for now there will only be one..
+ authenticationEntitiesToRemove.add(authenticationEntity);
+ iterator.remove();
+ }
+ }
+
+ if (authenticationEntities.isEmpty()) {
+ allUsers.remove(userEntity.getUserName());
+ usersToRemove.add(userEntity);
+ }
}
- allUsers.remove(userEntity.getUserName());
- usersToRemove.add(userEntity);
}
+ userAuthenticationDAO.remove(authenticationEntitiesToRemove);
userDAO.remove(usersToRemove);
// remove groups
@@@ -830,8 -776,46 +840,40 @@@
// clear cached entities
entityManagerProvider.get().getEntityManagerFactory().getCache().evictAll();
-
- if (!usersToCreate.isEmpty()) {
- // entry point in the hook logic
- hookServiceProvider.get().execute(hookContextFactory.createBatchUserHookContext(getUsersToGroupMap(usersToCreate)));
- }
-
}
+ private void processLdapAdminGroupMappingRules(Set<MemberEntity> membershipsToCreate) {
+
+ String adminGroupMappings = configuration.getProperty(Configuration.LDAP_ADMIN_GROUP_MAPPING_RULES);
+ if (Strings.isNullOrEmpty(adminGroupMappings) || membershipsToCreate.isEmpty()) {
+ LOG.info("Nothing to do. LDAP admin group mappings: {}, Memberships to handle: {}", adminGroupMappings, membershipsToCreate.size());
+ return;
+ }
+
+ LOG.info("Processing admin group mapping rules [{}]. Membership entry count: [{}]", adminGroupMappings, membershipsToCreate.size());
+
+ // parse the comma separated list of mapping rules
+ Set<String> ldapAdminGroups = Sets.newHashSet(adminGroupMappings.split(","));
+
+ // LDAP users to become ambari administrators
+ Set<UserEntity> ambariAdminProspects = Sets.newHashSet();
+
+ // gathering all the users that need to be ambari admins
+ for (MemberEntity memberEntity : membershipsToCreate) {
+ if (ldapAdminGroups.contains(memberEntity.getGroup().getGroupName())) {
+ LOG.debug("Ambari admin user prospect: [{}] ", memberEntity.getUser().getUserName());
+ ambariAdminProspects.add(memberEntity.getUser());
+ }
+ }
+
+ // granting admin privileges to the admin prospects
+ for (UserEntity userEntity : ambariAdminProspects) {
+ LOG.info("Granting ambari admin roles to the user: {}", userEntity.getUserName());
+ grantAdminPrivilege(userEntity.getUserId());
+ }
+
+ }
+
/**
* Assembles a map where the keys are usernames and values are Lists with groups associated with users.
*
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/main/resources/properties.json
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ActiveWidgetLayoutResourceProviderTest.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --cc ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
index ea981e2,36f6a1e..1eea11c
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
@@@ -57,7 -52,6 +57,8 @@@ import org.apache.ambari.server.securit
import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.Users;
++import org.apache.ambari.server.state.stack.OsFamily;
+import org.easymock.EasyMockSupport;
import org.junit.Test;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
@@@ -339,31 -328,8 +340,32 @@@ public class GroupPrivilegeResourceProv
final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class);
final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
- final TestUsers users = new TestUsers();
- users.setPrivilegeDAO(privilegeDAO);
+ final Injector injector = Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
++ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(PasswordEncoder.class).toInstance(createNiceMock(PasswordEncoder.class));
+ bind(HookService.class).toInstance(createMock(HookService.class));
+ bind(HookContextFactory.class).toInstance(createMock(HookContextFactory.class));
+
+ bind(GroupDAO.class).toInstance(groupDAO);
+ bind(ClusterDAO.class).toInstance(clusterDAO);
+ bind(ViewInstanceDAO.class).toInstance(viewInstanceDAO);
+ bind(GroupEntity.class).toInstance(groupEntity);
+ bind(PrincipalEntity.class).toInstance(principalEntity);
+ bind(PrivilegeEntity.class).toInstance(privilegeEntity);
+ bind(PermissionEntity.class).toInstance(permissionEntity);
+ bind(PrincipalTypeEntity.class).toInstance(principalTypeEntity);
+ bind(ResourceEntity.class).toInstance(resourceEntity);
+ bind(ResourceTypeEntity.class).toInstance(resourceTypeEntity);
+ bind(PrivilegeDAO.class).toInstance(privilegeDAO);
+ }
+ }
+ );
+
+ final Users users = injector.getInstance(Users.class);
List<PrincipalEntity> groupPrincipals = new LinkedList<>();
groupPrincipals.add(principalEntity);
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestImplTest.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --cc ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
index 499354f,54726df..35b8234
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
@@@ -61,7 -55,6 +60,8 @@@ import org.apache.ambari.server.securit
import org.apache.ambari.server.security.authorization.AuthorizationException;
import org.apache.ambari.server.security.authorization.ResourceType;
import org.apache.ambari.server.security.authorization.Users;
++import org.apache.ambari.server.state.stack.OsFamily;
+import org.easymock.EasyMockSupport;
import org.junit.Test;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
@@@ -404,13 -381,23 +404,13 @@@ public class UserPrivilegeResourceProvi
expect(userEntity.getUserName()).andReturn("jdoe").atLeastOnce();
expect(userEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce();
- ClusterDAO clusterDAO = createMock(ClusterDAO.class);
- GroupDAO groupDAO = createMock(GroupDAO.class);
-
- ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class);
expect(viewInstanceDAO.findByResourceId(1L)).andReturn(viewInstanceEntity).atLeastOnce();
- final UserDAO userDAO = createNiceMock(UserDAO.class);
- expect(userDAO.findLocalUserByName("jdoe")).andReturn(userEntity).anyTimes();
+ expect(userDAO.findUserByName("jdoe")).andReturn(userEntity).anyTimes();
expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes();
- expect(userDAO.findAll()).andReturn(Collections.<UserEntity>emptyList()).anyTimes();
+ expect(userDAO.findAll()).andReturn(Collections.emptyList()).anyTimes();
- final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
- final MemberDAO memberDAO = createMock(MemberDAO.class);
-
- final TestUsers users = new TestUsers();
- users.setPrivilegeDAO(privilegeDAO);
- users.setMemberDAO(memberDAO);
+ final Users users = injector.getInstance(Users.class);
List<PrincipalEntity> rolePrincipals = new LinkedList<>();
rolePrincipals.add(rolePrincipalEntity);
@@@ -482,12 -468,12 +482,12 @@@
andReturn(Collections.singletonList(privilegeEntity))
.atLeastOnce();
expect(memberDAO.findAllMembersByUser(userEntity)).
- andReturn(Collections.<MemberEntity>emptyList())
+ andReturn(Collections.emptyList())
.atLeastOnce();
- expect(userDAO.findLocalUserByName(requestedUsername)).andReturn(userEntity).anyTimes();
+ expect(userDAO.findAll()).andReturn(Collections.emptyList()).anyTimes();
+ expect(userDAO.findUserByName(requestedUsername)).andReturn(userEntity).anyTimes();
- expect(userDAO.findAll()).andReturn(Collections.<UserEntity>emptyList()).anyTimes();
expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(userEntity.getMemberEntities()).andReturn(Collections.<MemberEntity>emptySet()).anyTimes();
+ expect(userEntity.getMemberEntities()).andReturn(Collections.emptySet()).anyTimes();
expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
@@@ -531,24 -517,4 +531,25 @@@
verifyAll();
}
+ private Injector createInjector() {
+ return Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
++ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(PasswordEncoder.class).toInstance(createNiceMock(PasswordEncoder.class));
+ bind(HookService.class).toInstance(createMock(HookService.class));
+ bind(HookContextFactory.class).toInstance(createMock(HookContextFactory.class));
+
+ bind(UserDAO.class).toInstance(createNiceMock(UserDAO.class));
+ bind(GroupDAO.class).toInstance(createNiceMock(GroupDAO.class));
+ bind(ClusterDAO.class).toInstance(createNiceMock(ClusterDAO.class));
+ bind(ViewInstanceDAO.class).toInstance(createNiceMock(ViewInstanceDAO.class));
+ bind(PrivilegeDAO.class).toInstance(createMock(PrivilegeDAO.class));
+ bind(MemberDAO.class).toInstance(createMock(MemberDAO.class));
+ }
+ });
+ }
+
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --cc ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
index 1145954,9cfd148..4e080b1
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
@@@ -17,23 -17,24 +17,29 @@@
*/
package org.apache.ambari.server.security.authorization;
- import static org.easymock.EasyMock.createNiceMock;
+ import static org.easymock.EasyMock.anyObject;
+ import static org.easymock.EasyMock.eq;
import static org.easymock.EasyMock.expect;
+ import static org.easymock.EasyMock.expectLastCall;
- import java.util.Collection;
import java.util.Collections;
- import org.apache.ambari.server.H2DatabaseCleaner;
- import org.apache.ambari.server.audit.AuditLoggerModule;
+ import javax.persistence.EntityManager;
+
import org.apache.ambari.server.configuration.Configuration;
- import org.apache.ambari.server.orm.GuiceJpaInitializer;
+ import org.apache.ambari.server.hooks.HookContextFactory;
+ import org.apache.ambari.server.hooks.HookService;
+ import org.apache.ambari.server.orm.DBAccessor;
++import org.apache.ambari.server.orm.dao.MemberDAO;
++import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
+import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
- import org.easymock.EasyMock;
- import org.junit.After;
+ import org.apache.ambari.server.security.authentication.pam.PamAuthenticationFactory;
+ import org.apache.ambari.server.state.stack.OsFamily;
+ import org.easymock.EasyMockSupport;
import org.junit.Before;
import org.junit.Test;
import org.jvnet.libpam.PAM;
@@@ -47,22 -52,32 +57,34 @@@ import com.google.inject.Injector
import junit.framework.Assert;
- public class AmbariPamAuthenticationProviderTest {
-
- private static Injector injector;
-
- @Inject
- private AmbariPamAuthenticationProvider authenticationProvider;
- @Inject
- private Configuration configuration;
+ public class AmbariPamAuthenticationProviderTest extends EasyMockSupport {
private static final String TEST_USER_NAME = "userName";
+ private static final String TEST_USER_PASS = "userPass";
+ private static final String TEST_USER_INCORRECT_PASS = "userIncorrectPass";
+
+ private Injector injector;
@Before
- public void setUp() {
- injector = Guice.createInjector(new AuditLoggerModule(), new AuthorizationTestModule());
- injector.injectMembers(this);
- injector.getInstance(GuiceJpaInitializer.class);
+ public void setup() {
+ injector = Guice.createInjector(new AbstractModule() {
+
+ @Override
+ protected void configure() {
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(HookContextFactory.class).toInstance(createNiceMock(HookContextFactory.class));
+ bind(HookService.class).toInstance(createNiceMock(HookService.class));
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ bind(UserDAO.class).toInstance(createNiceMock(UserDAO.class));
++ bind(MemberDAO.class).toInstance(createNiceMock(MemberDAO.class));
++ bind(PrivilegeDAO.class).toInstance(createNiceMock(PrivilegeDAO.class));
+ bind(PamAuthenticationFactory.class).toInstance(createMock(PamAuthenticationFactory.class));
+ bind(PasswordEncoder.class).toInstance(new StandardPasswordEncoder());
+ }
+ });
+
+ Configuration configuration = injector.getInstance(Configuration.class);
configuration.setClientSecurityType(ClientSecurityType.PAM);
configuration.setProperty(Configuration.PAM_CONFIGURATION_FILE, "ambari-pam");
}
@@@ -83,23 -107,33 +114,35 @@@
@Test
public void testAuthenticate() throws Exception {
- PAM pam = createNiceMock(PAM.class);
+
UnixUser unixUser = createNiceMock(UnixUser.class);
- expect(unixUser.getGroups()).andReturn(Collections.singleton("group")).atLeastOnce();
+ expect(unixUser.getUserName()).andReturn(TEST_USER_NAME).atLeastOnce();
+
+ PAM pam = createMock(PAM.class);
- expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_PASS)))
- .andReturn(unixUser)
- .once();
- pam.dispose();
- expectLastCall().once();
++ expect(pam.authenticate(eq(TEST_USER_NAME), eq(TEST_USER_PASS))).andReturn(unixUser).once();
+
- PamAuthenticationFactory pamAuthenticationFactory = injector.getInstance(PamAuthenticationFactory.class);
- expect(pamAuthenticationFactory.createInstance(anyObject(String.class))).andReturn(pam).once();
+ UserEntity userEntity = combineUserEntity();
- User user = new User(userEntity);
- UserDAO userDAO = createNiceMock(UserDAO.class);
- Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
- expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce();
- expect(unixUser.getGroups()).andReturn(Collections.singleton("group")).atLeastOnce();
- EasyMock.replay(unixUser);
- EasyMock.replay(pam);
- Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities);
- Authentication result = authenticationProvider.authenticateViaPam(pam,authentication);
- expect(userDAO.findUserByName("userName")).andReturn(null).once();
+
- replayAll();
++ UserDAO userDAO = injector.getInstance(UserDAO.class);
++ expect(userDAO.findUserByName(TEST_USER_NAME)).andReturn(userEntity).once();
+
- Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS);
++ MemberDAO memberDAO = injector.getInstance(MemberDAO.class);
++ expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.emptyList()).once();
+
- AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class);
++ PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
++ expect(privilegeDAO.findAllByPrincipal(anyObject())).andReturn(Collections.emptyList()).once();
+
- Authentication result = authenticationProvider.authenticate(authentication);
++ replayAll();
+
- verifyAll();
++ Authentication authentication = new UsernamePasswordAuthenticationToken(TEST_USER_NAME, TEST_USER_PASS);
++ AmbariPamAuthenticationProvider authenticationProvider = injector.getInstance(AmbariPamAuthenticationProvider.class);
+
++ Authentication result = authenticationProvider.authenticateViaPam(pam, authentication);
Assert.assertNotNull(result);
Assert.assertEquals(true, result.isAuthenticated());
Assert.assertTrue(result instanceof AmbariUserAuthentication);
++
++ verifyAll();
}
@Test
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java
----------------------------------------------------------------------
diff --cc ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java
index ffa68fa,29c21a7..4283788
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/UsersTest.java
@@@ -161,11 -161,12 +161,11 @@@ public class UsersTest extends EasyMock
@Test(expected = AmbariException.class)
public void testCreateUser_Duplicate() throws Exception {
UserEntity existing = new UserEntity();
- existing.setUserName(UserName.fromString(SERVICEOP_USER_NAME));
- existing.setUserType(UserType.LDAP);
+ existing.setUserName(UserName.fromString(SERVICEOP_USER_NAME).toString());
existing.setUserId(1);
- existing.setMemberEntities(Collections.<MemberEntity>emptySet());
+ existing.setMemberEntities(Collections.emptySet());
PrincipalEntity principal = new PrincipalEntity();
- principal.setPrivileges(Collections.<PrivilegeEntity>emptySet());
+ principal.setPrivileges(Collections.emptySet());
existing.setPrincipal(principal);
initForCreateUser(existing);
http://git-wip-us.apache.org/repos/asf/ambari/blob/17243c68/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
----------------------------------------------------------------------
diff --cc ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
index cf05425,afd6f6d..34bbe97
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/ldap/AmbariLdapDataPopulatorTest.java
@@@ -52,8 -52,6 +52,7 @@@ import org.apache.ambari.server.configu
import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
- import org.apache.ambari.server.orm.entities.PrivilegeEntity;
+import org.apache.ambari.server.orm.entities.UserAuthenticationEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.authorization.AmbariLdapUtils;
import org.apache.ambari.server.security.authorization.Group;
@@@ -1973,15 -1970,14 +1972,15 @@@ public class AmbariLdapDataPopulatorTes
private User createUser(String name, boolean ldapUser, GroupEntity group) {
final UserEntity userEntity = new UserEntity();
userEntity.setUserId(userIdCounter++);
- userEntity.setUserName(UserName.fromString(name));
+ userEntity.setUserName(UserName.fromString(name).toString());
userEntity.setCreateTime(new Date());
- userEntity.setLdapUser(ldapUser);
userEntity.setActive(true);
- userEntity.setMemberEntities(new HashSet<MemberEntity>());
+ userEntity.setMemberEntities(new HashSet<>());
+
final PrincipalEntity principalEntity = new PrincipalEntity();
- principalEntity.setPrivileges(new HashSet<PrivilegeEntity>());
+ principalEntity.setPrivileges(new HashSet<>());
userEntity.setPrincipal(principalEntity);
+
if (group != null) {
final MemberEntity member = new MemberEntity();
member.setUser(userEntity);