You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sw...@apache.org on 2014/08/22 18:14:20 UTC
[1/2] AMBARI-6984. Completely remove admin role from ambari.
Repository: ambari
Updated Branches:
refs/heads/trunk 9506a6b93 -> 73819ca33
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
index 816f3ab..bb178d6 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
@@ -17,49 +17,31 @@
*/
package org.apache.ambari.server.security.authorization;
-import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.dao.MemberDAO;
-import org.apache.ambari.server.orm.dao.PrincipalDAO;
-import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
-import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
-import org.easymock.Capture;
+import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.junit.Before;
import org.junit.Test;
import org.springframework.ldap.core.DirContextOperations;
import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
import static org.easymock.EasyMock.*;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
AuthorizationHelper helper = new AuthorizationHelper();
- Configuration configuration = createMock(Configuration.class);
UserDAO userDAO = createMock(UserDAO.class);
- RoleDAO roleDAO = createMock(RoleDAO.class);
- PrincipalDAO principalDAO = createMock(PrincipalDAO.class);
- PrincipalTypeDAO principalTypeDAO = createMock(PrincipalTypeDAO.class);
MemberDAO memberDAO = createMock(MemberDAO.class);
PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
- LdapServerProperties ldapServerProperties = createMock(LdapServerProperties.class);
DirContextOperations userData = createMock(DirContextOperations.class);
UserEntity userEntity = createMock(UserEntity.class);
PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
@@ -68,23 +50,9 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
GroupEntity groupEntity = createMock(GroupEntity.class);
PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
- Set<RoleEntity> roleSetStub = new HashSet<RoleEntity>();
- String username = "user";
- String adminRole = "role";
- String userRole = "userRole";
- Map<String, String> configs = new HashMap<String, String>();
-
- public TestAmbariLdapAuthoritiesPopulator() {
- configs.put(Configuration.ADMIN_ROLE_NAME_KEY, adminRole);
- configs.put(Configuration.USER_ROLE_NAME_KEY, userRole);
-
- }
-
@Before
public void setUp() throws Exception {
resetAll();
-
- expect(configuration.getConfigsMap()).andReturn(configs).anyTimes();
}
@Test
@@ -92,15 +60,7 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
String username = "user";
AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .addMockedMethod("createLdapUser")
- .withConstructor(
- configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO, memberDAO, privilegeDAO
- ).createMock();
-
-
- expect(ldapServerProperties.isGroupMappingEnabled()).andReturn(false).atLeastOnce();
-
- expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).atLeastOnce();
+ .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
expect(userEntity.getPrincipal()).andReturn(principalEntity);
expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
@@ -111,13 +71,9 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
principalEntityList.add(groupPrincipalEntity);
expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
- populator.createLdapUser(username);
- expectLastCall();
-
- expect(userDAO.findLdapUserByName(username)).andReturn(null).andReturn(userEntity);
+ expect(userDAO.findLdapUserByName(username)).andReturn(userEntity);
replayAll();
-
populator.getGrantedAuthorities(userData, username);
verifyAll();
@@ -127,20 +83,8 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
@Test
public void testGetGrantedAuthorities_mappingEnabled() throws Exception {
-
AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .addMockedMethod("createLdapUser")
- .addMockedMethod("addRole")
- .addMockedMethod("removeRole")
- .withConstructor(
- configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO, memberDAO, privilegeDAO
- ).createMock();
-
- expect(userData.getObjectAttribute("ambari_admin")).andReturn(Boolean.TRUE).andReturn(Boolean.FALSE);
-
- expect(ldapServerProperties.isGroupMappingEnabled()).andReturn(true).atLeastOnce();
-
- expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).atLeastOnce();
+ .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)).anyTimes();
@@ -151,158 +95,16 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
principalEntityList.add(groupPrincipalEntity);
expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)).anyTimes();
- expect(userDAO.findLdapUserByName(username)).andReturn(null).andReturn(userEntity).times(2);
-
- populator.createLdapUser(username);
- expectLastCall();
- populator.addRole(userEntity, adminRole);
- expectLastCall();
- populator.removeRole(userEntity, adminRole);
- expectLastCall();
+ expect(userDAO.findLdapUserByName(EasyMock.<String> anyObject())).andReturn(null).andReturn(userEntity).once();
replayAll();
//test with admin user
- populator.getGrantedAuthorities(userData, username);
+ populator.getGrantedAuthorities(userData, "admin");
//test with non-admin
- populator.getGrantedAuthorities(userData, username);
-
- verifyAll();
- }
-
- @Test
- public void testCreateLdapUser() throws Exception {
- AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .addMockedMethod("addRole")
- .addMockedMethod("removeRole")
- .withConstructor(
- configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO, memberDAO, privilegeDAO
- ).createMock();
-
- Capture<UserEntity> createEntity = new Capture<UserEntity>();
- Capture<UserEntity> addRoleEntity = new Capture<UserEntity>();
- Capture<PrincipalEntity> principalEntity = new Capture<PrincipalEntity>();
-
- userDAO.create(capture(createEntity));
- expectLastCall();
-
- populator.addRole(capture(addRoleEntity), eq(userRole));
- expectLastCall();
-
- PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
- principalTypeEntity.setId(PrincipalTypeEntity.USER_PRINCIPAL_TYPE);
- principalTypeEntity.setName(PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME);
-
- expect(principalTypeDAO.findById(1)).andReturn(principalTypeEntity);
-
- principalDAO.create(capture(principalEntity));
-
- replayAll();
-
- populator.createLdapUser(username);
-
- verifyAll();
-
- UserEntity capturedCreateEntity = createEntity.getValue();
- UserEntity capturedAddRoleEntity = addRoleEntity.getValue();
-
- assertTrue(capturedCreateEntity.getLdapUser());
- assertEquals(username, capturedCreateEntity.getUserName());
-
- assertEquals(capturedCreateEntity,capturedAddRoleEntity);
-
- }
-
-
- @Test
- public void testAddRole() throws Exception {
- AmbariLdapAuthoritiesPopulator populator =
- new AmbariLdapAuthoritiesPopulator(configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO,
- memberDAO, privilegeDAO);
-
- RoleEntity roleEntity = createMock(RoleEntity.class);
- Set<UserEntity> userEntities = createMock(Set.class);
- Set<RoleEntity> roleEntities = createMock(Set.class);
-
- Capture<RoleEntity> createdRole = new Capture<RoleEntity>();
-
- expect(roleDAO.findByName(adminRole)).andReturn(null).andReturn(roleEntity);
- expect(roleDAO.findByName(adminRole)).andReturn(roleEntity);
-
- roleDAO.create(capture(createdRole));
- expectLastCall();
-
- expect(userEntity.getUserName()).andReturn(username).anyTimes();
- expect(userEntity.getRoleEntities()).andReturn(roleEntities).anyTimes();
-
- expect(roleEntity.getUserEntities()).andReturn(userEntities).anyTimes();
-
- expect(roleEntities.contains(roleEntity)).andReturn(false);
- expect(roleEntities.contains(roleEntity)).andReturn(true);
-
- expect(userEntities.add(userEntity)).andReturn(true);
- expect(roleEntities.add(roleEntity)).andReturn(true);
-
- userDAO.merge(userEntity);
- expectLastCall().andReturn(userEntity);
- roleDAO.merge(roleEntity);
- expectLastCall().andReturn(roleEntity);
-
- expect(userDAO.findLdapUserByName(username)).andReturn(null).andReturn(userEntity);
- expect(userDAO.findLdapUserByName(username)).andReturn(userEntity);
-
- userDAO.create(userEntity);
- expectLastCall();
-
- replayAll();
-
- populator.addRole(userEntity, adminRole);
- populator.addRole(userEntity, adminRole);
+ populator.getGrantedAuthorities(userData, "user");
verifyAll();
-
- assertEquals(adminRole, createdRole.getValue().getRoleName());
-
}
-
- @Test
- public void testRemoveRole() throws Exception {
- int userId = 123;
-
- AmbariLdapAuthoritiesPopulator populator =
- new AmbariLdapAuthoritiesPopulator(configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO,
- memberDAO, privilegeDAO);
-
- RoleEntity roleEntity = createMock(RoleEntity.class);
- Set<UserEntity> userEntities = createMock(Set.class);
- Set<RoleEntity> roleEntities = createMock(Set.class);
-
- expect(userEntity.getUserId()).andReturn(userId);
-
- expect(userDAO.findByPK(userId)).andReturn(userEntity);
-
- expect(roleDAO.findByName(adminRole)).andReturn(roleEntity);
-
- expect(userEntity.getRoleEntities()).andReturn(roleEntities);
-
- expect(roleEntities.contains(roleEntity)).andReturn(true);
-
- expect(userEntity.getUserName()).andReturn(username);
-
- expect(userEntity.getRoleEntities()).andReturn(roleEntities);
- expect(roleEntity.getUserEntities()).andReturn(userEntities);
-
- expect(userEntities.remove(userEntity)).andReturn(true);
- expect(roleEntities.remove(roleEntity)).andReturn(true);
-
- expect(userDAO.merge(userEntity)).andReturn(userEntity);
- expect(roleDAO.merge(roleEntity)).andReturn(roleEntity);
-
- replayAll();
-
- populator.removeRole(userEntity, adminRole);
-
- verifyAll();
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
index cf200d5..d1e9a97 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
@@ -35,11 +35,9 @@ import org.apache.ambari.server.orm.dao.GroupDAO;
import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PrincipalDAO;
import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.junit.After;
import org.junit.Before;
@@ -66,8 +64,6 @@ public class TestUsers {
@Inject
protected MemberDAO memberDAO;
@Inject
- protected RoleDAO roleDAO;
- @Inject
protected PrincipalTypeDAO principalTypeDAO;
@Inject
protected PrincipalDAO principalDAO;
@@ -82,7 +78,6 @@ public class TestUsers {
injector = Guice.createInjector(module);
injector.getInstance(GuiceJpaInitializer.class);
injector.injectMembers(this);
- users.createDefaultRoles();
Authentication auth = new UsernamePasswordAuthenticationToken("admin", null);
SecurityContextHolder.getContext().setAuthentication(auth);
}
@@ -214,83 +209,6 @@ public class TestUsers {
fail("Exception was not thrown");
}
- @Test(expected = AmbariException.class)
- public void testPromoteUser() throws Exception {
- users.createUser("admin", "admin");
- users.createUser("admin2", "admin2");
- User user = users.getLocalUser("admin");
- assertTrue(user.getRoles().contains(users.getUserRole()));
- assertFalse(user.getRoles().contains(users.getAdminRole()));
- users.promoteToAdmin(user);
- user = users.getLocalUser("admin2");
- users.promoteToAdmin(user);
-
- user = users.getLocalUser("admin");
- assertTrue(user.getRoles().contains(users.getAdminRole()));
-
- users.demoteAdmin(user);
-
- user = users.getLocalUser("admin");
- assertFalse(user.getRoles().contains(users.getAdminRole()));
-
- user = users.getLocalUser("admin2");
- users.demoteAdmin(user);
-
- }
-
- @Test(expected = AmbariException.class)
- public void testRemoveUser() throws Exception {
- users.createUser("admin", "admin");
- User user = users.getLocalUser("admin");
- users.promoteToAdmin(user);
-
- user = users.getLocalUser("admin");
- assertTrue(user.getRoles().contains(users.getAdminRole()));
-
- users.removeUser(user);
- }
-
-
- @Test
- public void testPromoteLdapUser() throws Exception {
- createLdapUser();
-
- User ldapUser = users.getLdapUser("ldapUser");
- users.createUser("localadmin", "admin");
- User localUser = users.getLocalUser("localadmin");
- users.promoteToAdmin(localUser);
-
- users.promoteToAdmin(ldapUser);
-
- ldapUser = users.getLdapUser("ldapUser");
- assertTrue(ldapUser.getRoles().contains(users.getAdminRole()));
-
- users.demoteAdmin(ldapUser);
-
- ldapUser = users.getLdapUser("ldapUser");
- assertFalse(ldapUser.getRoles().contains(users.getAdminRole()));
-
- users.removeUser(ldapUser);
-
- //toggle group mapping
- properties.setProperty(Configuration.LDAP_GROUP_BASE_KEY, "ou=groups,dc=ambari,dc=apache,dc=org");
- createLdapUser();
-
- try {
- users.promoteToAdmin(ldapUser);
- fail("Not allowed with mapping on");
- } catch (AmbariException e) {
- }
-
- try {
- users.demoteAdmin(ldapUser);
- fail("Not allowed with mapping on");
- } catch (AmbariException e) {
- }
-
-
- }
-
private void createLdapUser() {
PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
@@ -301,7 +219,6 @@ public class TestUsers {
principalEntity.setPrincipalType(principalTypeEntity);
principalDAO.create(principalEntity);
- RoleEntity role = roleDAO.findByName(users.getUserRole());
UserEntity ldapUser = new UserEntity();
ldapUser.setUserName("ldapUser");
@@ -312,10 +229,6 @@ public class TestUsers {
UserEntity userEntity = userDAO.findLdapUserByName("ldapUser");
- userEntity.getRoleEntities().add(role);
- role.getUserEntities().add(ldapUser);
-
userDAO.merge(ldapUser);
- roleDAO.merge(role);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java
index fbee5e2..13cb231 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog170Test.java
@@ -247,6 +247,7 @@ public class UpgradeCatalog170Test {
Order o = createNiceMock(Order.class);
TypedQuery<HostRoleCommandEntity> q = createNiceMock(TypedQuery.class);
List<HostRoleCommandEntity> r = new ArrayList<HostRoleCommandEntity>();
+ ResultSet userRolesResultSet = createNiceMock(ResultSet.class);
Method m = AbstractUpgradeCatalog.class.getDeclaredMethod
("updateConfigurationProperties", String.class, Map.class, boolean.class, boolean.class);
@@ -292,9 +293,11 @@ public class UpgradeCatalog170Test {
Collections.singletonMap("min_user_id", "1000"), false, false);
expectLastCall();
+ expect(dbAccessor.executeSelect("SELECT role_name, user_id FROM user_roles")).andReturn(userRolesResultSet).once();
expect(entityManager.getTransaction()).andReturn(trans).anyTimes();
expect(entityManager.getCriteriaBuilder()).andReturn(cb).anyTimes();
expect(entityManager.createQuery(cq)).andReturn(q).anyTimes();
+ expect(userRolesResultSet.next()).andReturn(false).once();
expect(trans.isActive()).andReturn(true).anyTimes();
expect(upgradeCatalog.getEntityManagerProvider()).andReturn(entityManagerProvider).anyTimes();
expect(cb.createQuery(HostRoleCommandEntity.class)).andReturn(cq).anyTimes();
@@ -362,7 +365,8 @@ public class UpgradeCatalog170Test {
keyValueDAO.remove(showJobsKeyValue);
privilegeDAO.create(anyObject(PrivilegeEntity.class));
- replay(entityManager, trans, upgradeCatalog, cb, cq, hrc, q);
+ replay(entityManager, trans, upgradeCatalog, cb, cq, hrc, q, userRolesResultSet);
+
replay(dbAccessor, configuration, injector, cluster, clusters, amc, config, configHelper, pigConfig);
replay(userDAO, clusterDAO, viewDAO, viewInstanceDAO, permissionDAO);
replay(resourceTypeDAO, resourceDAO, keyValueDAO, privilegeDAO);
@@ -382,7 +386,7 @@ public class UpgradeCatalog170Test {
upgradeCatalog.executeDMLUpdates();
verify(upgradeCatalog, dbAccessor, configuration, injector, cluster, clusters, amc, config, configHelper,
- jobsView, showJobsKeyValue, privilegeDAO, viewDAO, viewInstanceDAO, resourceDAO, keyValueDAO);
+ jobsView, showJobsKeyValue, privilegeDAO, viewDAO, viewInstanceDAO, resourceDAO, keyValueDAO, userRolesResultSet);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeTest.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeTest.java
index f651d10..c89a0b4 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeTest.java
@@ -23,15 +23,10 @@ import com.google.inject.Injector;
import com.google.inject.Key;
import com.google.inject.TypeLiteral;
import com.google.inject.persist.PersistService;
-import org.apache.ambari.server.configuration.ComponentSSLConfiguration;
import org.apache.ambari.server.configuration.Configuration;
-import org.apache.ambari.server.controller.AmbariServer;
import org.apache.ambari.server.controller.ControllerModule;
import org.apache.ambari.server.orm.DBAccessor;
-import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.orm.dao.*;
-import org.apache.ambari.server.security.CertificateManager;
-import org.apache.ambari.server.state.Config;
import org.apache.ambari.server.utils.VersionUtils;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -45,8 +40,6 @@ import java.sql.SQLException;
import java.sql.SQLNonTransientConnectionException;
import java.util.*;
-import static org.junit.Assert.assertTrue;
-
@RunWith(Parameterized.class)
public class UpgradeTest {
private static final Logger LOG = LoggerFactory.getLogger(UpgradeTest.class);
@@ -139,7 +132,6 @@ public class UpgradeTest {
requestDAO.findAllResourceFilters();
injector.getInstance(RequestScheduleBatchRequestDAO.class).findAll();
injector.getInstance(RequestScheduleDAO.class).findAll();
- injector.getInstance(RoleDAO.class).findAll();
injector.getInstance(RoleSuccessCriteriaDAO.class).findAll();
injector.getInstance(ServiceComponentDesiredStateDAO.class).findAll();
injector.getInstance(ServiceDesiredStateDAO.class).findAll();
[2/2] git commit: AMBARI-6984. Completely remove admin role from
ambari.
Posted by sw...@apache.org.
AMBARI-6984. Completely remove admin role from ambari.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/73819ca3
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/73819ca3
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/73819ca3
Branch: refs/heads/trunk
Commit: 73819ca33f22556194bf59440403a35571a8ed18
Parents: 9506a6b
Author: Siddharth Wagle <sw...@hortonworks.com>
Authored: Thu Aug 21 23:00:22 2014 -0700
Committer: Siddharth Wagle <sw...@hortonworks.com>
Committed: Fri Aug 22 09:13:38 2014 -0700
----------------------------------------------------------------------
.../server/configuration/Configuration.java | 8 -
.../ambari/server/controller/AmbariServer.java | 3 +-
.../ambari/server/orm/dao/PrincipalDAO.java | 16 +-
.../apache/ambari/server/orm/dao/RoleDAO.java | 69 ------
.../apache/ambari/server/orm/dao/UserDAO.java | 8 -
.../server/orm/entities/PrincipalEntity.java | 5 +
.../ambari/server/orm/entities/RoleEntity.java | 70 ------
.../ambari/server/orm/entities/UserEntity.java | 11 -
.../AmbariLdapAuthoritiesPopulator.java | 134 +-----------
.../AmbariLocalUserDetailsService.java | 8 +-
.../server/security/authorization/User.java | 9 -
.../server/security/authorization/Users.java | 147 +------------
.../server/upgrade/UpgradeCatalog170.java | 45 ++--
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 12 --
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 12 --
.../resources/Ambari-DDL-Postgres-CREATE.sql | 14 --
.../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 16 --
.../src/main/resources/META-INF/persistence.xml | 1 -
.../AmbariManagementControllerTest.java | 25 +--
.../apache/ambari/server/orm/OrmTestHelper.java | 26 +--
.../ambari/server/orm/dao/UserDAOTest.java | 40 +---
...uthenticationProviderForDNWithSpaceTest.java | 38 ----
.../AmbariLdapAuthenticationProviderTest.java | 39 ----
.../AmbariLdapDataPopulatorTest.java | 2 -
.../AmbariLocalUserDetailsServiceTest.java | 7 -
.../TestAmbariLdapAuthoritiesPopulator.java | 212 +------------------
.../security/authorization/TestUsers.java | 87 --------
.../server/upgrade/UpgradeCatalog170Test.java | 8 +-
.../ambari/server/upgrade/UpgradeTest.java | 8 -
29 files changed, 93 insertions(+), 987 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index b378970..d23ac6c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -149,10 +149,6 @@ public class Configuration {
"authorization.ldap.adminGroupMappingRules";
public static final String LDAP_GROUP_SEARCH_FILTER_KEY =
"authorization.ldap.groupSearchFilter";
- public static final String USER_ROLE_NAME_KEY =
- "authorization.userRoleName";
- public static final String ADMIN_ROLE_NAME_KEY =
- "authorization.adminRoleName";
public static final String SERVER_EC_CACHE_SIZE = "server.ecCacheSize";
public static final String SERVER_STALE_CONFIG_CACHE_ENABLED_KEY =
"server.cache.isStale.enabled";
@@ -349,10 +345,6 @@ public class Configuration {
PASSPHRASE_ENV_KEY, PASSPHRASE_ENV_DEFAULT));
configsMap.put(PASSPHRASE_KEY, System.getenv(configsMap.get(
PASSPHRASE_ENV_KEY)));
- configsMap.put(USER_ROLE_NAME_KEY, properties.getProperty(
- USER_ROLE_NAME_KEY, USER_ROLE_NAME_DEFAULT));
- configsMap.put(ADMIN_ROLE_NAME_KEY, properties.getProperty(
- ADMIN_ROLE_NAME_KEY, ADMIN_ROLE_NAME_DEFAULT));
configsMap.put(RESOURCES_DIR_KEY, properties.getProperty(
RESOURCES_DIR_KEY, RESOURCES_DIR_DEFAULT));
configsMap.put(SRVR_CRT_PASS_LEN_KEY, properties.getProperty(
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index e0049ec..07de5cb 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -457,7 +457,7 @@ public class AmbariServer {
}
/**
- * Creates default users and roles if in-memory database is used
+ * Creates default users if in-memory database is used
*/
@Transactional
protected void initDB() {
@@ -465,7 +465,6 @@ public class AmbariServer {
LOG.info("Database init needed - creating default data");
Users users = injector.getInstance(Users.class);
- users.createDefaultRoles();
users.createUser("admin", "admin", true, true);
users.createUser("user", "user", true, false);
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
index 13ebf09..334e978 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
@@ -22,10 +22,11 @@ import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import com.google.inject.persist.Transactional;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
+
import java.util.List;
/**
@@ -44,7 +45,6 @@ public class PrincipalDAO {
/**
* Find a principal with the given id.
*
- *
* @param id type id
*
* @return a matching principal type or null
@@ -64,6 +64,18 @@ public class PrincipalDAO {
}
/**
+ * Find principals having specified permission.
+ *
+ * @param id permission id
+ * @return all principals having specified permission
+ */
+ public List<PrincipalEntity> findByPermissionId(Integer id) {
+ TypedQuery<PrincipalEntity> query = entityManagerProvider.get().createNamedQuery("principalByPrivilegeId", PrincipalEntity.class);
+ query.setParameter("permission_id", id);
+ return daoUtils.selectList(query);
+ }
+
+ /**
* Make an instance managed and persistent.
*
* @param entity entity to store
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java
deleted file mode 100644
index d8e17e8..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleDAO.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.ambari.server.orm.dao;
-
-import com.google.inject.Inject;
-import com.google.inject.Provider;
-import com.google.inject.Singleton;
-import com.google.inject.persist.Transactional;
-import org.apache.ambari.server.orm.RequiresSession;
-import org.apache.ambari.server.orm.entities.RoleEntity;
-
-import javax.persistence.EntityManager;
-import java.util.List;
-
-@Singleton
-public class RoleDAO {
-
- @Inject
- Provider<EntityManager> entityManagerProvider;
- @Inject
- DaoUtils daoUtils;
-
- @RequiresSession
- public RoleEntity findByName(String roleName) {
- return entityManagerProvider.get().find(RoleEntity.class, roleName.toLowerCase());
- }
-
- @RequiresSession
- public List<RoleEntity> findAll() {
- return daoUtils.selectAll(entityManagerProvider.get(), RoleEntity.class);
- }
-
- @Transactional
- public void create(RoleEntity role) {
- role.setRoleName(role.getRoleName().toLowerCase());
- entityManagerProvider.get().persist(role);
- }
-
- @Transactional
- public RoleEntity merge(RoleEntity role) {
- return entityManagerProvider.get().merge(role);
- }
-
- @Transactional
- public void remove(RoleEntity role) {
- entityManagerProvider.get().remove(merge(role));
- }
-
- @Transactional
- public void removeByName(String roleName) {
- remove(findByName(roleName));
- }
-
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
index 55c2560..0aa7216 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
@@ -30,7 +30,6 @@ import javax.persistence.NoResultException;
import javax.persistence.TypedQuery;
import java.util.Collections;
import java.util.List;
-import org.apache.ambari.server.orm.entities.RoleEntity;
@Singleton
public class UserDAO {
@@ -52,13 +51,6 @@ public class UserDAO {
}
@RequiresSession
- public List<UserEntity> findAllLocalUsersByRole(RoleEntity roleEntity) {
- TypedQuery<UserEntity> query = entityManagerProvider.get().createQuery("SELECT role.userEntities FROM RoleEntity role WHERE role = :roleEntity", UserEntity.class);
- query.setParameter("roleEntity", roleEntity);
- return query.getResultList();
- }
-
- @RequiresSession
public UserEntity findLocalUserByName(String userName) {
TypedQuery<UserEntity> query = entityManagerProvider.get().createNamedQuery("localUserByName", UserEntity.class);
query.setParameter("username", userName.toLowerCase());
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
index e0767a3..d05ff5c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
@@ -29,6 +29,8 @@ import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinColumns;
import javax.persistence.ManyToOne;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.TableGenerator;
@@ -44,6 +46,9 @@ import javax.persistence.TableGenerator;
, initialValue = 2
, allocationSize = 1
)
+@NamedQueries({
+ @NamedQuery(name = "principalByPrivilegeId", query = "SELECT principal FROM PrincipalEntity principal JOIN principal.privileges privilege WHERE privilege.permission.id=:permission_id")
+})
public class PrincipalEntity {
/**
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java
deleted file mode 100644
index 98fcd76..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleEntity.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.orm.entities;
-
-import javax.persistence.*;
-import java.util.Set;
-
-@javax.persistence.Table(name = "roles")
-@Entity
-public class RoleEntity {
-
- @Column(name = "role_name")
- @Id
- private String roleName;
-
- @JoinTable(name = "user_roles",
- joinColumns = {@JoinColumn(name = "role_name", referencedColumnName = "role_name")},
- inverseJoinColumns = {@JoinColumn(name = "user_id", referencedColumnName = "user_id")})
- @ManyToMany(cascade = CascadeType.ALL)
- private Set<UserEntity> userEntities;
-
- public String getRoleName() {
- return roleName;
- }
-
- public void setRoleName(String roleName) {
- this.roleName = roleName;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- RoleEntity that = (RoleEntity) o;
-
- if (roleName != null ? !roleName.equals(that.roleName) : that.roleName != null) return false;
-
- return true;
- }
-
- @Override
- public int hashCode() {
- return roleName != null ? roleName.hashCode() : 0;
- }
-
- public Set<org.apache.ambari.server.orm.entities.UserEntity> getUserEntities() {
- return userEntities;
- }
-
- public void setUserEntities(Set<org.apache.ambari.server.orm.entities.UserEntity> userEntities) {
- this.userEntities = userEntities;
- }
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
index a6c5548..4e1f1f3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/UserEntity.java
@@ -59,9 +59,6 @@ public class UserEntity {
@Column(name = "active")
private Integer active = 1;
- @ManyToMany(mappedBy = "userEntities")
- private Set<RoleEntity> roleEntities;
-
@OneToMany(mappedBy = "user", cascade = CascadeType.ALL)
private Set<MemberEntity> memberEntities;
@@ -118,14 +115,6 @@ public class UserEntity {
this.createTime = createTime;
}
- public Set<RoleEntity> getRoleEntities() {
- return roleEntities;
- }
-
- public void setRoleEntities(Set<RoleEntity> roleEntities) {
- this.roleEntities = roleEntities;
- }
-
public Set<MemberEntity> getMemberEntities() {
return memberEntities;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
index 0b65d05..487e703 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
@@ -18,19 +18,12 @@
package org.apache.ambari.server.security.authorization;
import com.google.inject.Inject;
-import com.google.inject.persist.Transactional;
-import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.dao.MemberDAO;
-import org.apache.ambari.server.orm.dao.PrincipalDAO;
-import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
-import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -39,6 +32,7 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import java.util.Collection;
+import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
@@ -48,61 +42,31 @@ import java.util.List;
public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
private static final Logger log = LoggerFactory.getLogger(AmbariLdapAuthoritiesPopulator.class);
- Configuration configuration;
private AuthorizationHelper authorizationHelper;
UserDAO userDAO;
- RoleDAO roleDAO;
- PrincipalDAO principalDAO;
- PrincipalTypeDAO principalTypeDAO;
MemberDAO memberDAO;
PrivilegeDAO privilegeDAO;
- private static final String AMBARI_ADMIN_LDAP_ATTRIBUTE_KEY = "ambari_admin";
-
@Inject
- public AmbariLdapAuthoritiesPopulator(Configuration configuration, AuthorizationHelper authorizationHelper,
- UserDAO userDAO, RoleDAO roleDAO,
- PrincipalDAO principalDAO, PrincipalTypeDAO principalTypeDAO,
- MemberDAO memberDAO, PrivilegeDAO privilegeDAO) {
- this.configuration = configuration;
+ public AmbariLdapAuthoritiesPopulator(AuthorizationHelper authorizationHelper,
+ UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO) {
this.authorizationHelper = authorizationHelper;
this.userDAO = userDAO;
- this.roleDAO = roleDAO;
- this.principalDAO = principalDAO;
- this.principalTypeDAO = principalTypeDAO;
this.memberDAO = memberDAO;
this.privilegeDAO = privilegeDAO;
}
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
- log.info("Get roles for user " + username + " from local DB");
+ log.info("Get authorities for user " + username + " from local DB");
UserEntity user;
user = userDAO.findLdapUserByName(username);
if (user == null) {
- log.info("User " + username + " not present in local DB - creating");
-
- createLdapUser(username);
- user = userDAO.findLdapUserByName(username);
- }
-
- //don't remove admin role from user if group mapping was not configured
- if (configuration.getLdapServerProperties().isGroupMappingEnabled()) {
- //Adding an "admin" user role if user is a member of ambari administrators
- // LDAP group
- Boolean isAdmin =
- (Boolean) userData.getObjectAttribute(AMBARI_ADMIN_LDAP_ATTRIBUTE_KEY);
- if ((isAdmin != null) && isAdmin) {
- log.info("Adding admin role to LDAP user " + username);
- addRole(user, configuration.getConfigsMap().
- get(Configuration.ADMIN_ROLE_NAME_KEY));
- } else {
- removeRole(user, configuration.getConfigsMap().
- get(Configuration.ADMIN_ROLE_NAME_KEY));
- }
+ log.error("Can't get authorities for user " + username + ", he is not present in local DB");
+ return Collections.emptyList();
}
// get all of the privileges for the user
@@ -120,90 +84,4 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
return authorizationHelper.convertPrivilegesToAuthorities(privilegeEntities);
}
-
- /**
- * Creates record in local DB for LDAP user
- * @param username - name of user to create
- */
- @Transactional
- void createLdapUser(String username) {
- // create an admin principal to represent this user
- PrincipalTypeEntity principalTypeEntity = principalTypeDAO.findById(PrincipalTypeEntity.USER_PRINCIPAL_TYPE);
- if (principalTypeEntity == null) {
- principalTypeEntity = new PrincipalTypeEntity();
- principalTypeEntity.setId(PrincipalTypeEntity.USER_PRINCIPAL_TYPE);
- principalTypeEntity.setName(PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME);
- principalTypeDAO.create(principalTypeEntity);
- }
- PrincipalEntity principalEntity = new PrincipalEntity();
- principalEntity.setPrincipalType(principalTypeEntity);
- principalDAO.create(principalEntity);
-
- UserEntity newUser = new UserEntity();
- newUser.setLdapUser(true);
- newUser.setUserName(username);
- newUser.setPrincipal(principalEntity);
-
- userDAO.create(newUser);
-
- //Adding a default "user" role
- addRole(newUser, configuration.getConfigsMap().
- get(Configuration.USER_ROLE_NAME_KEY));
- }
-
- /**
- * Adds role to user's role entities
- * Adds user to roleName's user entities
- *
- * @param user - the user entity to be modified
- * @param roleName - the role to add to user's roleEntities
- */
- @Transactional
- void addRole(UserEntity user, String roleName) {
- log.info("Using default role name " + roleName);
-
- RoleEntity roleEntity = roleDAO.findByName(roleName);
-
- if (roleEntity == null) {
- log.info("Role " + roleName + " not present in local DB - creating");
- roleEntity = new RoleEntity();
- roleEntity.setRoleName(roleName);
- roleDAO.create(roleEntity);
- roleEntity = roleDAO.findByName(roleEntity.getRoleName());
- }
-
- UserEntity userEntity = userDAO.findLdapUserByName(user.getUserName());
- if (userEntity == null) {
- userDAO.create(user);
- userEntity = userDAO.findLdapUserByName(user.getUserName());
- }
-
- if (!userEntity.getRoleEntities().contains(roleEntity)) {
- userEntity.getRoleEntities().add(roleEntity);
- roleEntity.getUserEntities().add(userEntity);
- roleDAO.merge(roleEntity);
- userDAO.merge(userEntity);
- }
- }
-
- /**
- * Remove role "roleName" from user "user"
- *
- * @param user the user entity
- * @param roleName the role name
- */
- @Transactional
- void removeRole(UserEntity user, String roleName) {
- UserEntity userEntity = userDAO.findByPK(user.getUserId());
- RoleEntity roleEntity = roleDAO.findByName(roleName);
-
- if (userEntity.getRoleEntities().contains(roleEntity)) {
- log.info("Removing admin role from LDAP user " + user.getUserName());
- userEntity.getRoleEntities().remove(roleEntity);
- roleEntity.getUserEntities().remove(userEntity);
- userDAO.merge(userEntity);
- roleDAO.merge(roleEntity);
- }
-
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java
index af663bf..55707f8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsService.java
@@ -22,7 +22,6 @@ import com.google.inject.Injector;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
@@ -46,19 +45,17 @@ public class AmbariLocalUserDetailsService implements UserDetailsService {
Configuration configuration;
private AuthorizationHelper authorizationHelper;
UserDAO userDAO;
- RoleDAO roleDAO;
MemberDAO memberDAO;
PrivilegeDAO privilegeDAO;
@Inject
public AmbariLocalUserDetailsService(Injector injector, Configuration configuration,
AuthorizationHelper authorizationHelper, UserDAO userDAO,
- RoleDAO roleDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO) {
+ MemberDAO memberDAO, PrivilegeDAO privilegeDAO) {
this.injector = injector;
this.configuration = configuration;
this.authorizationHelper = authorizationHelper;
this.userDAO = userDAO;
- this.roleDAO = roleDAO;
this.memberDAO = memberDAO;
this.privilegeDAO = privilegeDAO;
}
@@ -79,9 +76,6 @@ public class AmbariLocalUserDetailsService implements UserDetailsService {
if (user == null) {
log.info("user not found ");
throw new UsernameNotFoundException("Username " + username + " not found");
- }else if (user.getRoleEntities().isEmpty()) {
- log.info("No authorities for user");
- throw new UsernameNotFoundException("Username " + username + " has no roles");
}
// get all of the privileges for the user
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
index 00f1ee1..db8ad19 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java
@@ -24,7 +24,6 @@ import java.util.Date;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
/**
@@ -36,7 +35,6 @@ public class User {
final boolean ldapUser;
final Date createTime;
final boolean active;
- final Collection<String> roles = new ArrayList<String>();
final Collection<String> groups = new ArrayList<String>();
boolean admin = false;
@@ -46,9 +44,6 @@ public class User {
createTime = userEntity.getCreateTime();
ldapUser = userEntity.getLdapUser();
active = userEntity.getActive();
- for (RoleEntity roleEntity : userEntity.getRoleEntities()) {
- roles.add(roleEntity.getRoleName());
- }
for (MemberEntity memberEntity : userEntity.getMemberEntities()) {
groups.add(memberEntity.getGroup().getGroupName());
}
@@ -84,10 +79,6 @@ public class User {
return admin;
}
- public Collection<String> getRoles() {
- return roles;
- }
-
public Collection<String> getGroups() {
return groups;
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
index 2f60571..4fd5f47 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
@@ -32,7 +32,6 @@ import org.apache.ambari.server.orm.dao.PrincipalDAO;
import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.ResourceDAO;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.MemberEntity;
@@ -40,7 +39,6 @@ import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,8 +63,6 @@ public class Users {
@Inject
protected UserDAO userDAO;
@Inject
- protected RoleDAO roleDAO;
- @Inject
protected GroupDAO groupDAO;
@Inject
protected MemberDAO memberDAO;
@@ -260,27 +256,16 @@ public class Users {
UserEntity userEntity = new UserEntity();
userEntity.setUserName(userName);
userEntity.setUserPassword(passwordEncoder.encode(password));
- userEntity.setRoleEntities(new HashSet<RoleEntity>());
userEntity.setPrincipal(principalEntity);
if (active != null) {
userEntity.setActive(active);
}
- RoleEntity roleEntity = roleDAO.findByName(getUserRole());
- if (roleEntity == null) {
- createRole(getUserRole());
- }
- roleEntity = roleDAO.findByName(getUserRole());
-
- userEntity.getRoleEntities().add(roleEntity);
userDAO.create(userEntity);
if (admin != null && admin) {
grantAdminPrivilege(userEntity.getUserId());
}
-
- roleEntity.getUserEntities().add(userEntity);
- roleDAO.merge(roleEntity);
}
@Transactional
@@ -289,7 +274,7 @@ public class Users {
if (userEntity != null) {
if (!isUserCanBeRemoved(userEntity)){
throw new AmbariException("Could not remove user " + userEntity.getUserName() +
- ". System should have at least one user with administrator role.");
+ ". System should have at least one administrator.");
}
userDAO.remove(userEntity);
} else {
@@ -430,58 +415,6 @@ public class Users {
}
}
- /**
- * Grants ADMIN role to provided user
- * @throws AmbariException
- */
- public synchronized void promoteToAdmin(User user) throws AmbariException{
- addRoleToUser(user, getAdminRole());
- }
-
- /**
- * Removes ADMIN role form provided user
- * @throws AmbariException
- */
- public synchronized void demoteAdmin(User user) throws AmbariException {
- removeRoleFromUser(user, getAdminRole());
- }
-
- @Transactional
- public synchronized void addRoleToUser(User user, String role)
- throws AmbariException {
-
- if (configuration.getLdapServerProperties().isGroupMappingEnabled() &&
- userDAO.findLdapUserByName(user.getUserName()) != null) {
- LOG.warn("Trying to add a role to the LDAP user"
- + ", user=" + user.getUserName());
- throw new AmbariException("Ldap group mapping is enabled, " +
- "roles for LDAP users should be managed on LDAP server");
- }
-
- UserEntity userEntity = userDAO.findByPK(user.getUserId());
- if (userEntity == null) {
- throw new AmbariException("User " + user + " doesn't exist");
- }
-
- RoleEntity roleEntity = roleDAO.findByName(role);
- if (roleEntity == null) {
- LOG.warn("Trying to add user to non-existent role"
- + ", user=" + user.getUserName()
- + ", role=" + role);
- throw new AmbariException("Role " + role + " doesn't exist");
- }
-
- if (!userEntity.getRoleEntities().contains(roleEntity)) {
- userEntity.getRoleEntities().add(roleEntity);
- roleEntity.getUserEntities().add(userEntity);
- userDAO.merge(userEntity);
- roleDAO.merge(roleEntity);
- } else {
- throw new AmbariException("User " + user + " already owns role " + role);
- }
-
- }
-
@Transactional
public synchronized void addMemberToGroup(String groupName, String userName)
throws AmbariException {
@@ -514,45 +447,6 @@ public class Users {
}
@Transactional
- public synchronized void removeRoleFromUser(User user, String role)
- throws AmbariException {
-
- if (configuration.getLdapServerProperties().isGroupMappingEnabled() &&
- userDAO.findLdapUserByName(user.getUserName()) != null) {
- LOG.warn("Trying to add a role to the LDAP user"
- + ", user=" + user.getUserName());
- throw new AmbariException("Ldap group mapping is enabled, " +
- "roles for LDAP users should be managed on LDAP server");
- }
-
- UserEntity userEntity = userDAO.findByPK(user.getUserId());
- if (userEntity == null) {
- throw new AmbariException("User " + user + " doesn't exist");
- }
-
- RoleEntity roleEntity = roleDAO.findByName(role);
- if (roleEntity == null) {
- throw new AmbariException("Role " + role + " doesn't exist");
- }
- if (role.equals(getAdminRole())){
- if (!isUserCanBeRemoved(userEntity)){
- throw new AmbariException("Could not remove admin role from user " + userEntity.getUserName() +
- ". System should have at least one user with administrator role.");
- }
- }
-
- if (userEntity.getRoleEntities().contains(roleEntity)) {
- userEntity.getRoleEntities().remove(roleEntity);
- roleEntity.getUserEntities().remove(userEntity);
- userDAO.merge(userEntity);
- roleDAO.merge(roleEntity);
- } else {
- throw new AmbariException("User " + user + " doesn't own role " + role);
- }
-
- }
-
- @Transactional
public synchronized void removeMemberFromGroup(String groupName, String userName)
throws AmbariException {
@@ -588,10 +482,15 @@ public class Users {
}
+ /**
+ * Performs a check if the user can be removed. Do not allow removing all admins from database.
+ *
+ * @param userEntity user to be checked
+ * @return true if user can be removed
+ */
public synchronized boolean isUserCanBeRemoved(UserEntity userEntity){
- RoleEntity roleEntity = new RoleEntity();
- roleEntity.setRoleName(getAdminRole());
- Set<UserEntity> userEntitysSet = new HashSet<UserEntity>(userDAO.findAllLocalUsersByRole(roleEntity));
+ List<PrincipalEntity> adminPrincipals = principalDAO.findByPermissionId(PermissionEntity.AMBARI_ADMIN_PERMISSION);
+ Set<UserEntity> userEntitysSet = new HashSet<UserEntity>(userDAO.findUsersByPrincipal(adminPrincipals));
return (userEntitysSet.contains(userEntity) && userEntitysSet.size() < 2) ? false : true;
}
@@ -611,32 +510,4 @@ public class Users {
return false;
}
- public String getUserRole() {
- return configuration.getConfigsMap().get(Configuration.USER_ROLE_NAME_KEY);
- }
-
- public String getAdminRole() {
- return configuration.getConfigsMap().get(Configuration.ADMIN_ROLE_NAME_KEY);
- }
-
- /**
- * Creates new role
- */
- public void createRole(String role) {
- RoleEntity roleEntity = new RoleEntity();
- roleEntity.setRoleName(role);
- roleDAO.create(roleEntity);
- }
-
- /**
- * Creates ADMIN adn USER roles if not present
- */
- public synchronized void createDefaultRoles() {
- if (roleDAO.findByName(getUserRole()) == null) {
- createRole(getUserRole());
- }
- if (roleDAO.findByName(getAdminRole()) == null) {
- createRole(getAdminRole());
- }
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
index eb3a578..33f79f4 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog170.java
@@ -66,7 +66,6 @@ import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.orm.entities.ViewEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
@@ -503,8 +502,6 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
@Override
protected void executeDMLUpdates() throws AmbariException, SQLException {
- String dbType = getDbType();
-
// Update historic records with the log paths, but only enough so as to not prolong the upgrade process
executeInTransaction(new Runnable() {
@Override
@@ -897,7 +894,7 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
return result;
}
- private void upgradePermissionModel() {
+ private void upgradePermissionModel() throws SQLException {
final UserDAO userDAO = injector.getInstance(UserDAO.class);
final PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
final PrincipalTypeDAO principalTypeDAO = injector.getInstance(PrincipalTypeDAO.class);
@@ -949,17 +946,32 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
final PermissionEntity clusterOperatePermission = permissionDAO.findClusterOperatePermission();
final PermissionEntity clusterReadPermission = permissionDAO.findClusterReadPermission();
final ResourceEntity ambariResource = resourceDAO.findAmbariResource();
- for (UserEntity user: userDAO.findAll()) {
- boolean hasAdminRole = false;
- boolean hasUserRole = false;
- for (RoleEntity role: user.getRoleEntities()) {
- if (role.getRoleName().equals("admin")) {
- hasAdminRole = true;
- }
- if (role.getRoleName().equals("user")) {
- hasUserRole = true;
+
+ final Map<UserEntity, List<String>> roles = new HashMap<UserEntity, List<String>>();
+ ResultSet resultSet = null;
+ try {
+ resultSet = dbAccessor.executeSelect("SELECT role_name, user_id FROM user_roles");
+ while (resultSet.next()) {
+ final String roleName = resultSet.getString(1);
+ final int userId = resultSet.getInt(2);
+
+ final UserEntity user = userDAO.findByPK(userId);
+ List<String> userRoles = roles.get(user);
+ if (userRoles == null) {
+ userRoles = new ArrayList<String>();
+ roles.put(user, userRoles);
}
- if (hasAdminRole) {
+ userRoles.add(roleName);
+ }
+ } finally {
+ if (resultSet != null) {
+ resultSet.close();
+ }
+ }
+
+ for (UserEntity user: userDAO.findAll()) {
+ for (String role: roles.get(user)) {
+ if (role.equals("admin")) {
final PrivilegeEntity privilege = new PrivilegeEntity();
privilege.setPermission(adminPermission);
privilege.setPrincipal(user.getPrincipal());
@@ -975,7 +987,7 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
user.getPrincipal().getPrivileges().add(clusterPrivilege);
}
userDAO.merge(user);
- } else if (hasUserRole) {
+ } else if (role.equals("user")) {
for (ClusterEntity cluster: clusterDAO.findAll()) {
final PrivilegeEntity privilege = new PrivilegeEntity();
privilege.setPermission(clusterReadPermission);
@@ -988,6 +1000,9 @@ public class UpgradeCatalog170 extends AbstractUpgradeCatalog {
}
}
}
+
+ dbAccessor.dropTable("user_roles");
+ dbAccessor.dropTable("roles");
}
protected void addJobsViewPermissions() {
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index dec0fcd..f513711 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -39,7 +39,6 @@ CREATE TABLE hosts (host_name VARCHAR(255) NOT NULL, cpu_count INTEGER NOT NULL,
CREATE TABLE hoststate (agent_version VARCHAR(255) NOT NULL, available_mem BIGINT NOT NULL, current_state VARCHAR(255) NOT NULL, health_status VARCHAR(255), host_name VARCHAR(255) NOT NULL, time_in_state BIGINT NOT NULL, maintenance_state VARCHAR(512), PRIMARY KEY (host_name));
CREATE TABLE servicecomponentdesiredstate (component_name VARCHAR(255) NOT NULL, cluster_id BIGINT NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, PRIMARY KEY (component_name, cluster_id, service_name));
CREATE TABLE servicedesiredstate (cluster_id BIGINT NOT NULL, desired_host_role_mapping INTEGER NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, maintenance_state VARCHAR(32) NOT NULL DEFAULT 'ACTIVE', PRIMARY KEY (cluster_id, service_name));
-CREATE TABLE roles (role_name VARCHAR(255) NOT NULL, PRIMARY KEY (role_name));
CREATE TABLE users (user_id INTEGER, principal_id BIGINT NOT NULL, create_time TIMESTAMP DEFAULT NOW(), ldap_user INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL, user_password VARCHAR(255), active INTEGER NOT NULL DEFAULT 1, PRIMARY KEY (user_id));
CREATE TABLE groups (group_id INTEGER, principal_id BIGINT NOT NULL, group_name VARCHAR(255) NOT NULL, ldap_group INTEGER NOT NULL DEFAULT 0, PRIMARY KEY (group_id));
CREATE TABLE members (member_id INTEGER, group_id INTEGER NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (member_id));
@@ -55,7 +54,6 @@ CREATE TABLE clusterconfigmapping (type_name VARCHAR(255) NOT NULL, create_times
CREATE TABLE hostconfigmapping (create_timestamp BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, cluster_id BIGINT NOT NULL, type_name VARCHAR(255) NOT NULL, selected INTEGER NOT NULL DEFAULT 0, service_name VARCHAR(255), version_tag VARCHAR(255) NOT NULL, user_name VARCHAR(255) NOT NULL DEFAULT '_db', PRIMARY KEY (create_timestamp, host_name, cluster_id, type_name));
CREATE TABLE metainfo (`metainfo_key` VARCHAR(255), `metainfo_value` LONGTEXT, PRIMARY KEY (`metainfo_key`));
CREATE TABLE ClusterHostMapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, PRIMARY KEY (cluster_id, host_name));
-CREATE TABLE user_roles (role_name VARCHAR(255) NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (role_name, user_id));
CREATE TABLE ambari_sequences (sequence_name VARCHAR(255), sequence_value DECIMAL(38) NOT NULL, PRIMARY KEY (sequence_name));
CREATE TABLE confgroupclusterconfigmapping (config_group_id BIGINT NOT NULL, cluster_id BIGINT NOT NULL, config_type VARCHAR(255) NOT NULL, version_tag VARCHAR(255) NOT NULL, user_name VARCHAR(255) DEFAULT '_db', create_timestamp BIGINT NOT NULL, PRIMARY KEY(config_group_id, cluster_id, config_type));
CREATE TABLE configgroup (group_id BIGINT, cluster_id BIGINT NOT NULL, group_name VARCHAR(255) NOT NULL, tag VARCHAR(1024) NOT NULL, description VARCHAR(1024), create_timestamp BIGINT NOT NULL, PRIMARY KEY(group_id));
@@ -114,8 +112,6 @@ ALTER TABLE stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request_id) RE
ALTER TABLE request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES requestschedule (schedule_id);
ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name);
-ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES users (user_id);
-ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES roles (role_name);
ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name);
ALTER TABLE serviceconfigmapping ADD CONSTRAINT FK_scvm_scv FOREIGN KEY (service_config_id) REFERENCES serviceconfig(service_config_id);
@@ -287,11 +283,6 @@ insert into adminresourcetype (resource_type_id, resource_type_name)
insert into adminresource (resource_id, resource_type_id)
select 1, 1;
-insert into roles(role_name)
- select 'admin'
- union all
- select 'user';
-
insert into adminprincipaltype (principal_type_id, principal_type_name)
select 1, 'USER'
union all
@@ -303,9 +294,6 @@ insert into adminprincipal (principal_id, principal_type_id)
insert into users(user_id, principal_id, user_name, user_password)
select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
-insert into user_roles(role_name, user_id)
- select 'admin',1;
-
insert into adminpermission(permission_id, permission_name, resource_type_id)
select 1, 'AMBARI.ADMIN', 1
union all
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index 0c35023..7ac557d 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -30,7 +30,6 @@ CREATE TABLE hosts (host_name VARCHAR2(255) NOT NULL, cpu_count INTEGER NOT NULL
CREATE TABLE hoststate (agent_version VARCHAR2(255) NULL, available_mem NUMBER(19) NOT NULL, current_state VARCHAR2(255) NOT NULL, health_status VARCHAR2(255) NULL, host_name VARCHAR2(255) NOT NULL, time_in_state NUMBER(19) NOT NULL, maintenance_state VARCHAR2(512), PRIMARY KEY (host_name));
CREATE TABLE servicecomponentdesiredstate (component_name VARCHAR2(255) NOT NULL, cluster_id NUMBER(19) NOT NULL, desired_stack_version VARCHAR2(255) NULL, desired_state VARCHAR2(255) NOT NULL, service_name VARCHAR2(255) NOT NULL, PRIMARY KEY (component_name, cluster_id, service_name));
CREATE TABLE servicedesiredstate (cluster_id NUMBER(19) NOT NULL, desired_host_role_mapping NUMBER(10) NOT NULL, desired_stack_version VARCHAR2(255) NULL, desired_state VARCHAR2(255) NOT NULL, service_name VARCHAR2(255) NOT NULL, maintenance_state VARCHAR2(32) NOT NULL, PRIMARY KEY (cluster_id, service_name));
-CREATE TABLE roles (role_name VARCHAR2(255) NOT NULL, PRIMARY KEY (role_name));
CREATE TABLE users (user_id NUMBER(10) NOT NULL, principal_id NUMBER(19) NOT NULL, create_time TIMESTAMP NULL, ldap_user NUMBER(10) DEFAULT 0, user_name VARCHAR2(255) NULL, user_password VARCHAR2(255) NULL, active INTEGER DEFAULT 1 NOT NULL, PRIMARY KEY (user_id));
CREATE TABLE groups (group_id NUMBER(10) NOT NULL, principal_id NUMBER(19) NOT NULL, group_name VARCHAR2(255) NOT NULL, ldap_group NUMBER(10) DEFAULT 0, PRIMARY KEY (group_id));
CREATE TABLE members (member_id NUMBER(10), group_id NUMBER(10) NOT NULL, user_id NUMBER(10) NOT NULL, PRIMARY KEY (member_id));
@@ -46,7 +45,6 @@ CREATE TABLE clusterconfigmapping (type_name VARCHAR2(255) NOT NULL, create_time
CREATE TABLE hostconfigmapping (create_timestamp NUMBER(19) NOT NULL, host_name VARCHAR2(255) NOT NULL, cluster_id NUMBER(19) NOT NULL, type_name VARCHAR2(255) NOT NULL, selected NUMBER(10) NOT NULL, service_name VARCHAR2(255) NULL, version_tag VARCHAR2(255) NOT NULL, user_name VARCHAR(255) DEFAULT '_db', PRIMARY KEY (create_timestamp, host_name, cluster_id, type_name));
CREATE TABLE metainfo ("metainfo_key" VARCHAR2(255) NOT NULL, "metainfo_value" CLOB NULL, PRIMARY KEY ("metainfo_key"));
CREATE TABLE ClusterHostMapping (cluster_id NUMBER(19) NOT NULL, host_name VARCHAR2(255) NOT NULL, PRIMARY KEY (cluster_id, host_name));
-CREATE TABLE user_roles (role_name VARCHAR2(255) NOT NULL, user_id NUMBER(10) NOT NULL, PRIMARY KEY (role_name, user_id));
CREATE TABLE ambari_sequences (sequence_name VARCHAR2(50) NOT NULL, sequence_value NUMBER(38) NULL, PRIMARY KEY (sequence_name));
CREATE TABLE configgroup (group_id NUMBER(19), cluster_id NUMBER(19) NOT NULL, group_name VARCHAR2(255) NOT NULL, tag VARCHAR2(1024) NOT NULL, description VARCHAR2(1024), create_timestamp NUMBER(19) NOT NULL, PRIMARY KEY(group_id));
CREATE TABLE confgroupclusterconfigmapping (config_group_id NUMBER(19) NOT NULL, cluster_id NUMBER(19) NOT NULL, config_type VARCHAR2(255) NOT NULL, version_tag VARCHAR2(255) NOT NULL, user_name VARCHAR2(255) DEFAULT '_db', create_timestamp NUMBER(19) NOT NULL, PRIMARY KEY(config_group_id, cluster_id, config_type));
@@ -106,8 +104,6 @@ ALTER TABLE stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request_id) RE
ALTER TABLE request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES requestschedule (schedule_id);
ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name);
-ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES users (user_id);
-ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES roles (role_name);
ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name);
ALTER TABLE serviceconfigmapping ADD CONSTRAINT FK_scvm_scv FOREIGN KEY (service_config_id) REFERENCES serviceconfig(service_config_id);
@@ -281,11 +277,6 @@ insert into adminresourcetype (resource_type_id, resource_type_name)
insert into adminresource (resource_id, resource_type_id)
select 1, 1 from dual;
-insert into Roles(role_name)
-select 'admin' from dual
-union all
-select 'user' from dual;
-
insert into adminprincipaltype (principal_type_id, principal_type_name)
select 1, 'USER' from dual
union all
@@ -297,9 +288,6 @@ insert into adminprincipal (principal_id, principal_type_id)
insert into users(user_id, principal_id, user_name, user_password)
select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual;
-insert into user_roles(role_name, user_id)
-select 'admin',1 from dual;
-
insert into adminpermission(permission_id, permission_name, resource_type_id)
select 1, 'AMBARI.ADMIN', 1 from dual
union all
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index 9b5e8bd..aa742f7 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -45,8 +45,6 @@ CREATE TABLE servicecomponentdesiredstate (component_name VARCHAR(255) NOT NULL,
CREATE TABLE servicedesiredstate (cluster_id BIGINT NOT NULL, desired_host_role_mapping INTEGER NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, maintenance_state VARCHAR(32) NOT NULL, PRIMARY KEY (cluster_id, service_name));
-CREATE TABLE roles (role_name VARCHAR(255) NOT NULL, PRIMARY KEY (role_name));
-
CREATE TABLE users (user_id INTEGER, principal_id BIGINT NOT NULL, ldap_user INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL, create_time TIMESTAMP DEFAULT NOW(), user_password VARCHAR(255), PRIMARY KEY (user_id), active INTEGER NOT NULL DEFAULT 1, UNIQUE (ldap_user, user_name));
CREATE TABLE groups (group_id INTEGER, principal_id BIGINT NOT NULL, group_name VARCHAR(255) NOT NULL, ldap_group INTEGER NOT NULL DEFAULT 0, PRIMARY KEY (group_id), UNIQUE (ldap_group, group_name));
@@ -69,8 +67,6 @@ CREATE TABLE requestoperationlevel (operation_level_id BIGINT NOT NULL, request_
CREATE TABLE ClusterHostMapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, PRIMARY KEY (cluster_id, host_name));
-CREATE TABLE user_roles (role_name VARCHAR(255) NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (role_name, user_id));
-
CREATE TABLE key_value_store ("key" VARCHAR(255), "value" VARCHAR, PRIMARY KEY ("key"));
CREATE TABLE hostconfigmapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, type_name VARCHAR(255) NOT NULL, version_tag VARCHAR(255) NOT NULL, service_name VARCHAR(255), create_timestamp BIGINT NOT NULL, selected INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL DEFAULT '_db', PRIMARY KEY (cluster_id, host_name, type_name, create_timestamp));
@@ -139,8 +135,6 @@ ALTER TABLE role_success_criteria ADD CONSTRAINT role_success_criteria_stage_id
ALTER TABLE stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request_id) REFERENCES request (request_id);
ALTER TABLE request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES requestschedule (schedule_id);
ALTER TABLE ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
-ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES users (user_id);
-ALTER TABLE user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES roles (role_name);
ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
ALTER TABLE hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES hosts (host_name);
ALTER TABLE configgroup ADD CONSTRAINT FK_configgroup_cluster_id FOREIGN KEY (cluster_id) REFERENCES clusters (cluster_id);
@@ -339,11 +333,6 @@ BEGIN;
INSERT INTO adminresource (resource_id, resource_type_id)
SELECT 1, 1;
- INSERT INTO Roles (role_name)
- SELECT 'admin'
- UNION ALL
- SELECT 'user';
-
INSERT INTO adminprincipaltype (principal_type_id, principal_type_name)
SELECT 1, 'USER'
UNION ALL
@@ -355,9 +344,6 @@ BEGIN;
INSERT INTO Users (user_id, principal_id, user_name, user_password)
SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
- INSERT INTO user_roles (role_name, user_id)
- SELECT 'admin', 1;
-
INSERT INTO adminpermission(permission_id, permission_name, resource_type_id)
SELECT 1, 'AMBARI.ADMIN', 1
UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index b927672..c421cc9 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -70,9 +70,6 @@ GRANT ALL PRIVILEGES ON TABLE ambari.servicecomponentdesiredstate TO :username;
CREATE TABLE ambari.servicedesiredstate (cluster_id BIGINT NOT NULL, desired_host_role_mapping INTEGER NOT NULL, desired_stack_version VARCHAR(255) NOT NULL, desired_state VARCHAR(255) NOT NULL, service_name VARCHAR(255) NOT NULL, maintenance_state VARCHAR(32) NOT NULL, PRIMARY KEY (cluster_id, service_name));
GRANT ALL PRIVILEGES ON TABLE ambari.servicedesiredstate TO :username;
-CREATE TABLE ambari.roles (role_name VARCHAR(255) NOT NULL, PRIMARY KEY (role_name));
-GRANT ALL PRIVILEGES ON TABLE ambari.roles TO :username;
-
CREATE TABLE ambari.users (user_id INTEGER, principal_id BIGINT NOT NULL, ldap_user INTEGER NOT NULL DEFAULT 0, user_name VARCHAR(255) NOT NULL, create_time TIMESTAMP DEFAULT NOW(), user_password VARCHAR(255), active INTEGER NOT NULL DEFAULT 1, PRIMARY KEY (user_id), UNIQUE (ldap_user, user_name));
GRANT ALL PRIVILEGES ON TABLE ambari.users TO :username;
@@ -106,9 +103,6 @@ GRANT ALL PRIVILEGES ON TABLE ambari.requestoperationlevel TO :username;
CREATE TABLE ambari.ClusterHostMapping (cluster_id BIGINT NOT NULL, host_name VARCHAR(255) NOT NULL, PRIMARY KEY (cluster_id, host_name));
GRANT ALL PRIVILEGES ON TABLE ambari.ClusterHostMapping TO :username;
-CREATE TABLE ambari.user_roles (role_name VARCHAR(255) NOT NULL, user_id INTEGER NOT NULL, PRIMARY KEY (role_name, user_id));
-GRANT ALL PRIVILEGES ON TABLE ambari.user_roles TO :username;
-
CREATE TABLE ambari.key_value_store ("key" VARCHAR(255), "value" VARCHAR, PRIMARY KEY ("key"));
GRANT ALL PRIVILEGES ON TABLE ambari.key_value_store TO :username;
@@ -205,8 +199,6 @@ ALTER TABLE ambari.stage ADD CONSTRAINT FK_stage_request_id FOREIGN KEY (request
ALTER TABLE ambari.request ADD CONSTRAINT FK_request_schedule_id FOREIGN KEY (request_schedule_id) REFERENCES ambari.requestschedule (schedule_id);
ALTER TABLE ambari.ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_cluster_id FOREIGN KEY (host_name) REFERENCES ambari.hosts (host_name);
ALTER TABLE ambari.ClusterHostMapping ADD CONSTRAINT ClusterHostMapping_host_name FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id);
-ALTER TABLE ambari.user_roles ADD CONSTRAINT FK_user_roles_user_id FOREIGN KEY (user_id) REFERENCES ambari.users (user_id);
-ALTER TABLE ambari.user_roles ADD CONSTRAINT FK_user_roles_role_name FOREIGN KEY (role_name) REFERENCES ambari.roles (role_name);
ALTER TABLE ambari.hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_cluster_id FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id);
ALTER TABLE ambari.hostconfigmapping ADD CONSTRAINT FK_hostconfmapping_host_name FOREIGN KEY (host_name) REFERENCES ambari.hosts (host_name);
ALTER TABLE ambari.configgroup ADD CONSTRAINT FK_configgroup_cluster_id FOREIGN KEY (cluster_id) REFERENCES ambari.clusters (cluster_id);
@@ -414,11 +406,6 @@ INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name)
INSERT INTO ambari.adminresource (resource_id, resource_type_id)
SELECT 1, 1;
-INSERT INTO ambari.Roles (role_name)
- SELECT 'admin'
- UNION ALL
- SELECT 'user';
-
INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name)
SELECT 1, 'USER'
UNION ALL
@@ -430,9 +417,6 @@ INSERT INTO ambari.adminprincipal (principal_id, principal_type_id)
INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password)
SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
-INSERT INTO ambari.user_roles (role_name, user_id)
- SELECT 'admin', 1;
-
INSERT INTO ambari.adminpermission(permission_id, permission_name, resource_type_id)
SELECT 1, 'AMBARI.ADMIN', 1
UNION ALL
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/main/resources/META-INF/persistence.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/META-INF/persistence.xml b/ambari-server/src/main/resources/META-INF/persistence.xml
index 3fb5ef9..dfbf93e 100644
--- a/ambari-server/src/main/resources/META-INF/persistence.xml
+++ b/ambari-server/src/main/resources/META-INF/persistence.xml
@@ -24,7 +24,6 @@
<class>org.apache.ambari.server.orm.entities.HostStateEntity</class>
<class>org.apache.ambari.server.orm.entities.ServiceComponentDesiredStateEntity</class>
<class>org.apache.ambari.server.orm.entities.ServiceDesiredStateEntity</class>
- <class>org.apache.ambari.server.orm.entities.RoleEntity</class>
<class>org.apache.ambari.server.orm.entities.UserEntity</class>
<class>org.apache.ambari.server.orm.entities.GroupEntity</class>
<class>org.apache.ambari.server.orm.entities.MemberEntity</class>
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
index 9ca5348..3aafb9a 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerTest.java
@@ -88,9 +88,7 @@ import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
import org.apache.ambari.server.orm.dao.ExecutionCommandDAO;
import org.apache.ambari.server.orm.dao.HostDAO;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.entities.ExecutionCommandEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.security.authorization.Users;
import org.apache.ambari.server.serveraction.ServerAction;
import org.apache.ambari.server.serveraction.ServerActionManager;
@@ -4593,7 +4591,6 @@ public class AmbariManagementControllerTest {
@Test
public void testUpdateUsers() throws Exception {
createUser("user1");
- users.createDefaultRoles();
UserRequest request = new UserRequest("user1");
@@ -4606,8 +4603,6 @@ public class AmbariManagementControllerTest {
public void testDeleteUsers() throws Exception {
createUser("user1");
- users.createDefaultRoles();
-
UserRequest request = new UserRequest("user1");
controller.updateUsers(Collections.singleton(request));
@@ -4618,12 +4613,6 @@ public class AmbariManagementControllerTest {
Collections.singleton(new UserRequest(null)));
Assert.assertEquals(0, responses.size());
-
- RoleDAO roleDao = injector.getInstance(RoleDAO.class);
- RoleEntity re1 = roleDao.findByName("user");
- RoleEntity re2 = roleDao.findByName("admin");
- Assert.assertNotNull(re1);
- Assert.assertNotNull(re2);
}
@Test
@@ -10329,7 +10318,7 @@ public class AmbariManagementControllerTest {
// Start
startService(clusterName, serviceName, false, false);
-
+
ServiceComponentHostRequest req = new ServiceComponentHostRequest(clusterName, serviceName,
componentName1, host1, "INSTALLED");
@@ -10339,24 +10328,24 @@ public class AmbariManagementControllerTest {
// succeed in creating a task
assertNotNull(resp);
-
+
// manually change live state to stopped as no running action manager
for (ServiceComponentHost sch :
clusters.getCluster(clusterName).getServiceComponentHosts(host1)) {
sch.setState(State.INSTALLED);
}
-
+
// no new commands since no targeted info
resp = controller.updateHostComponents(Collections.singleton(req), new HashMap<String, String>(), false);
assertNull(resp);
-
+
// role commands added for targeted command
resp = controller.updateHostComponents(Collections.singleton(req), requestProperties, false);
assertNotNull(resp);
-
+
}
-
-
+
+
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java b/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java
index 7d84823..526104f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/orm/OrmTestHelper.java
@@ -39,7 +39,6 @@ import org.apache.ambari.server.orm.dao.HostDAO;
import org.apache.ambari.server.orm.dao.HostRoleCommandDAO;
import org.apache.ambari.server.orm.dao.RequestDAO;
import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.StageDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
@@ -55,7 +54,6 @@ import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
import org.apache.ambari.server.orm.entities.RequestEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.StageEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.state.HostState;
@@ -82,9 +80,6 @@ public class OrmTestHelper {
public UserDAO userDAO;
@Inject
- public RoleDAO roleDAO;
-
- @Inject
public AlertDefinitionDAO alertDefinitionDAO;
@Inject
@@ -175,25 +170,16 @@ public class OrmTestHelper {
PasswordEncoder encoder = injector.getInstance(PasswordEncoder.class);
- RoleEntity adminRole = new RoleEntity();
- adminRole.setRoleName("admin");
-
UserEntity admin = new UserEntity();
admin.setUserName("administrator");
admin.setUserPassword(encoder.encode("admin"));
admin.setPrincipal(principalEntity);
- Set<RoleEntity> roles = new HashSet<RoleEntity>();
Set<UserEntity> users = new HashSet<UserEntity>();
- roles.add(adminRole);
users.add(admin);
- admin.setRoleEntities(roles);
- adminRole.setUserEntities(users);
-
userDAO.create(admin);
- roleDAO.create(adminRole);
principalEntity = new PrincipalEntity();
principalEntity.setPrincipalType(principalTypeEntity);
@@ -274,7 +260,7 @@ public class OrmTestHelper {
/**
* Creates an empty cluster with an ID.
- *
+ *
* @return the cluster ID.
*/
@Transactional
@@ -306,7 +292,7 @@ public class OrmTestHelper {
/**
* Creates an alert target.
- *
+ *
* @return
*/
@Transactional
@@ -320,10 +306,10 @@ public class OrmTestHelper {
alertDispatchDAO.create(target);
return alertDispatchDAO.findTargetById(target.getTargetId());
}
-
+
/**
* Creates an alert definition.
- *
+ *
* @param clusterId
* @return
* @throws Exception
@@ -342,14 +328,14 @@ public class OrmTestHelper {
definition.setScope(Scope.SERVICE);
definition.setSource("Source " + System.currentTimeMillis());
definition.setSourceType("SCRIPT");
-
+
alertDefinitionDAO.create(definition);
return alertDefinitionDAO.findById(definition.getDefinitionId());
}
/**
* Creates an alert group.
- *
+ *
* @param clusterId
* @param targets
* @return
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java b/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java
index a123507..b46f816 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/orm/dao/UserDAOTest.java
@@ -21,25 +21,14 @@ package org.apache.ambari.server.orm.dao;
import com.google.inject.Inject;
import com.google.inject.Provider;
import org.junit.Before;
-import org.junit.Test;
import static org.easymock.EasyMock.createStrictMock;
-import static org.easymock.EasyMock.eq;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.reset;
-import static org.easymock.EasyMock.verify;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertSame;
-
import javax.persistence.EntityManager;
-import javax.persistence.TypedQuery;
-import java.util.Collections;
-import java.util.List;
-import org.apache.ambari.server.orm.entities.RoleEntity;
-import org.apache.ambari.server.orm.entities.UserEntity;
/**
- * BlueprintDAO unit tests.
+ * UserDAO unit tests.
*/
public class UserDAOTest {
@@ -56,31 +45,4 @@ public class UserDAOTest {
replay(entityManagerProvider);
}
-
- @Test
- public void testfindAllLocalUsersByRole() {
- UserEntity entity = new UserEntity();
- RoleEntity roleEntity = new RoleEntity();
- TypedQuery<UserEntity> query = createStrictMock(TypedQuery.class);
-
- // set expectations
- expect(entityManager.createQuery(eq("SELECT role.userEntities FROM RoleEntity role WHERE role = :roleEntity"), eq(UserEntity.class))).andReturn(query);
- roleEntity.setRoleName("admin");
- expect(query.setParameter("roleEntity", roleEntity)).andReturn(query);
- expect(query.getResultList()).andReturn(Collections.singletonList(entity));
-
- replay(entityManager, query);
-
- UserDAO dao = new UserDAO();
- dao.entityManagerProvider = entityManagerProvider;
- roleEntity.setRoleName("admin");
-
- List<UserEntity> results = dao.findAllLocalUsersByRole(roleEntity);
-
- assertEquals(1, results.size());
- assertSame(entity, results.get(0));
-
- verify(entityManagerProvider, entityManager, query);
- }
-
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
index c904774..ae8054b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderForDNWithSpaceTest.java
@@ -23,9 +23,7 @@ import com.google.inject.Injector;
import com.google.inject.persist.PersistService;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
import org.junit.*;
@@ -45,8 +43,6 @@ public class AmbariLdapAuthenticationProviderForDNWithSpaceTest {
@Inject
private UserDAO userDAO;
@Inject
- private RoleDAO roleDAO;
- @Inject
Configuration configuration;
@BeforeClass
@@ -81,7 +77,6 @@ public class AmbariLdapAuthenticationProviderForDNWithSpaceTest {
Authentication authentication = new UsernamePasswordAuthenticationToken("the allowedUser", "password");
Authentication result = authenticationProvider.authenticate(authentication);
assertTrue(result.isAuthenticated());
- assertNotNull("User was not created", userDAO.findLdapUserByName("the allowedUser"));
result = authenticationProvider.authenticate(authentication);
assertTrue(result.isAuthenticated());
}
@@ -94,39 +89,6 @@ public class AmbariLdapAuthenticationProviderForDNWithSpaceTest {
assertTrue(auth == null);
}
- @Test
- public void testLdapAdminGroupToRolesMapping() throws Exception {
-
- Authentication authentication;
-
- authentication =
- new UsernamePasswordAuthenticationToken("allowedAdmin", "password");
- Authentication result = authenticationProvider.authenticate(authentication);
- assertTrue(result.isAuthenticated());
-
- UserEntity allowedAdminEntity = userDAO.findLdapUserByName("allowedAdmin");
-
- authentication =
- new UsernamePasswordAuthenticationToken("the allowedUser", "password");
- authenticationProvider.authenticate(authentication);
- UserEntity allowedUserEntity = userDAO.findLdapUserByName("the allowedUser");
-
-
- RoleEntity adminRole = roleDAO.findByName(
- configuration.getConfigsMap().get(Configuration.ADMIN_ROLE_NAME_KEY));
- RoleEntity userRole = roleDAO.findByName(
- configuration.getConfigsMap().get(Configuration.USER_ROLE_NAME_KEY));
-
-
- assertTrue(allowedAdminEntity.getRoleEntities().contains(userRole));
- assertTrue(allowedAdminEntity.getRoleEntities().contains(adminRole));
-
- assertTrue(allowedUserEntity.getRoleEntities().contains(userRole));
- assertFalse(allowedUserEntity.getRoleEntities().contains(adminRole));
-
-
- }
-
@AfterClass
public static void afterClass() {
apacheDSContainer.stop();
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
index 93d4f5f..2a2d3dd 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthenticationProviderTest.java
@@ -25,10 +25,7 @@ import com.google.inject.Inject;
import com.google.inject.Injector;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
-import org.apache.ambari.server.orm.dao.RoleDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.RoleEntity;
-import org.apache.ambari.server.orm.entities.UserEntity;
import org.apache.ambari.server.security.ClientSecurityType;
import org.easymock.EasyMockSupport;
import org.easymock.IAnswer;
@@ -56,8 +53,6 @@ public class AmbariLdapAuthenticationProviderTest extends EasyMockSupport {
@Inject
private UserDAO userDAO;
@Inject
- private RoleDAO roleDAO;
- @Inject
Configuration configuration;
@BeforeClass
@@ -161,7 +156,6 @@ public class AmbariLdapAuthenticationProviderTest extends EasyMockSupport {
Authentication authentication = new UsernamePasswordAuthenticationToken("allowedUser", "password");
Authentication result = authenticationProvider.authenticate(authentication);
assertTrue(result.isAuthenticated());
- assertNotNull("User was not created", userDAO.findLdapUserByName("allowedUser"));
result = authenticationProvider.authenticate(authentication);
assertTrue(result.isAuthenticated());
}
@@ -174,39 +168,6 @@ public class AmbariLdapAuthenticationProviderTest extends EasyMockSupport {
Assert.assertTrue(auth == null);
}
- @Test
- public void testLdapAdminGroupToRolesMapping() throws Exception {
-
- Authentication authentication;
-
- authentication =
- new UsernamePasswordAuthenticationToken("allowedAdmin", "password");
- Authentication result = authenticationProvider.authenticate(authentication);
- assertTrue(result.isAuthenticated());
-
- UserEntity allowedAdminEntity = userDAO.findLdapUserByName("allowedAdmin");
-
- authentication =
- new UsernamePasswordAuthenticationToken("allowedUser", "password");
- authenticationProvider.authenticate(authentication);
- UserEntity allowedUserEntity = userDAO.findLdapUserByName("allowedUser");
-
-
- RoleEntity adminRole = roleDAO.findByName(
- configuration.getConfigsMap().get(Configuration.ADMIN_ROLE_NAME_KEY));
- RoleEntity userRole = roleDAO.findByName(
- configuration.getConfigsMap().get(Configuration.USER_ROLE_NAME_KEY));
-
-
- assertTrue(allowedAdminEntity.getRoleEntities().contains(userRole));
- assertTrue(allowedAdminEntity.getRoleEntities().contains(adminRole));
-
- assertTrue(allowedUserEntity.getRoleEntities().contains(userRole));
- assertFalse(allowedUserEntity.getRoleEntities().contains(adminRole));
-
-
- }
-
@AfterClass
public static void afterClass() {
apacheDSContainer.stop();
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java
index e8f0525..868df06 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLdapDataPopulatorTest.java
@@ -34,7 +34,6 @@ import org.apache.ambari.server.orm.entities.GroupEntity;
import org.apache.ambari.server.orm.entities.MemberEntity;
import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.RoleEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.easymock.Capture;
import org.easymock.EasyMock;
@@ -229,7 +228,6 @@ public class AmbariLdapDataPopulatorTest {
userEntity.setLdapUser(ldapUser);
userEntity.setActive(true);
userEntity.setMemberEntities(new HashSet<MemberEntity>());
- userEntity.setRoleEntities(new HashSet<RoleEntity>());
final PrincipalEntity principalEntity = new PrincipalEntity();
principalEntity.setPrivileges(new HashSet<PrivilegeEntity>());
userEntity.setPrincipal(principalEntity);
http://git-wip-us.apache.org/repos/asf/ambari/blob/73819ca3/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java
index 4843a8f..c410f5b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariLocalUserDetailsServiceTest.java
@@ -23,7 +23,6 @@ import com.google.inject.Injector;
import org.apache.ambari.server.orm.GuiceJpaInitializer;
import org.apache.ambari.server.orm.OrmTestHelper;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.UserEntity;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -70,10 +69,4 @@ public class AmbariLocalUserDetailsServiceTest {
public void testUsernameNotFound() throws Exception {
userDetailsService.loadUserByUsername("notExists_123123123");
}
-
- @Test(expected = UsernameNotFoundException.class)
- public void testEmptyRoles() throws Exception {
- UserEntity user = userDAO.findLocalUserByName("userWithoutRoles");
- userDetailsService.loadUserByUsername(user.getUserName());
- }
}