Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: ambari-dev@ambari.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rlevas@apache.org
To: commits@ambari.apache.org
Date: Wed, 29 Apr 2015 17:02:12 -0000
Message-Id: <eadca2c3817a4a129a6b4301555d47d9@git.apache.org>
Subject: [1/2] ambari git commit: AMBARI-10576. Add the ability to obtain
 details about required Kerberos identities (rlevas)

Repository: ambari
Updated Branches:
  refs/heads/trunk 1e3afa867 -> 66e42cbab


http://git-wip-us.apache.org/repos/asf/ambari/blob/66e42cba/ambari-server/src/test/java/org/apache/ambari/server/api/services/HostKerberosIdentityServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/HostKerberosIdentityServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/HostKerberosIdentityServiceTest.java
new file mode 100644
index 0000000..012272c
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/HostKerberosIdentityServiceTest.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package org.apache.ambari.server.api.services;
+
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
+import org.apache.ambari.server.api.services.serializers.ResultSerializer;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.UriInfo;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Unit tests for HostKerberosIdentity.
+ */
+public class HostKerberosIdentityServiceTest extends BaseServiceTest {
+
+  public List<ServiceTestInvocation> getTestInvocations() throws Exception {
+    List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>();
+
+    //getComponent
+    HostKerberosIdentityService service = new TestHostKerberosIdentityService("clusterName", "hostName", "identityId");
+    Method m = service.getClass().getMethod("getKerberosIdentity", String.class, HttpHeaders.class, UriInfo.class, String.class, String.class);
+    Object[] args = new Object[] {null, getHttpHeaders(), getUriInfo(), "identityId", null};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.GET, service, m, args, null));
+
+    //getComponents
+    service = new TestHostKerberosIdentityService("clusterName", "hostName", null);
+    m = service.getClass().getMethod("getKerberosIdentities", String.class, HttpHeaders.class, UriInfo.class, String.class);
+    args = new Object[] {null, getHttpHeaders(), getUriInfo(), null};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.GET, service, m, args, null));
+
+    return listInvocations;
+  }
+
+  private class TestHostKerberosIdentityService extends HostKerberosIdentityService {
+    private String clusterId;
+    private String hostId;
+    private String identityId;
+
+    private TestHostKerberosIdentityService(String clusterId, String hostId, String identityId) {
+      super(clusterId, hostId);
+      this.clusterId = clusterId;
+      this.hostId = hostId;
+      this.identityId = identityId;
+    }
+
+    @Override
+    ResourceInstance createResource(String clusterId, String hostId, String identityId) {
+      assertEquals(this.clusterId, clusterId);
+      assertEquals(this.hostId, hostId);
+      assertEquals(this.identityId, identityId);
+      return getTestResource();
+    }
+
+    @Override
+    RequestFactory getRequestFactory() {
+      return getTestRequestFactory();
+    }
+
+    @Override
+    protected RequestBodyParser getBodyParser() {
+      return getTestBodyParser();
+    }
+
+    @Override
+    protected ResultSerializer getResultSerializer() {
+      return getTestResultSerializer();
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e42cba/ambari-server/src/test/java/org/apache/ambari/server/api/services/serializers/CsvSerializerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/serializers/CsvSerializerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/serializers/CsvSerializerTest.java
new file mode 100644
index 0000000..4647899
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/serializers/CsvSerializerTest.java
@@ -0,0 +1,258 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services.serializers;
+
+import org.apache.ambari.server.api.services.Result;
+import org.apache.ambari.server.api.services.ResultImpl;
+import org.apache.ambari.server.api.services.ResultStatus;
+import org.apache.ambari.server.api.util.TreeNode;
+import org.apache.ambari.server.controller.internal.ResourceImpl;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.commons.csv.CSVFormat;
+import org.apache.commons.csv.CSVParser;
+import org.apache.commons.csv.CSVRecord;
+import org.easymock.EasyMockSupport;
+import org.junit.Test;
+
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * CsvSerializer unit tests
+ */
+public class CsvSerializerTest extends EasyMockSupport {
+
+  @Test
+  public void testSerializeResources_NoColumnInfo() throws Exception {
+    Result result = new ResultImpl(true);
+    result.setResultStatus(new ResultStatus(ResultStatus.STATUS.OK));
+    TreeNode<Resource> tree = result.getResultTree();
+
+    List<TreeMap<String, Object>> data = new ArrayList<TreeMap<String, Object>>() {
+      {
+        add(new TreeMap<String, Object>() {
+          {
+            put("property1", "value1a");
+            put("property2", "value2a");
+            put("property3", "value3a");
+            put("property4", "value4a");
+          }
+        });
+        add(new TreeMap<String, Object>() {
+          {
+            put("property1", "value1'b");
+            put("property2", "value2'b");
+            put("property3", "value3'b");
+            put("property4", "value4'b");
+          }
+        });
+        add(new TreeMap<String, Object>() {
+          {
+            put("property1", "value1,c");
+            put("property2", "value2,c");
+            put("property3", "value3,c");
+            put("property4", "value4,c");
+          }
+        });
+      }
+    };
+
+    tree.setName("items");
+    tree.setProperty("isCollection", "true");
+
+    addChildResource(tree, "resource", 0, data.get(0));
+    addChildResource(tree, "resource", 1, data.get(1));
+    addChildResource(tree, "resource", 2, data.get(2));
+
+    replayAll();
+
+    //execute test
+    Object o = new CsvSerializer().serialize(result).toString().replace("\r", "");
+
+    verifyAll();
+
+    assertNotNull(o);
+
+    StringReader reader = new StringReader(o.toString());
+    CSVParser csvParser = new CSVParser(reader, CSVFormat.DEFAULT);
+    List<CSVRecord> records = csvParser.getRecords();
+
+    assertNotNull(records);
+    assertEquals(3, records.size());
+
+    int i = 0;
+    for (CSVRecord record : records) {
+      TreeMap<String, Object> actualData = data.get(i++);
+      assertEquals(actualData.size(), record.size());
+
+      for (String item : record) {
+        assertTrue(actualData.containsValue(item));
+      }
+    }
+
+    csvParser.close();
+  }
+
+  @Test
+  public void testSerializeResources_HeaderInfo() throws Exception {
+    Result result = new ResultImpl(true);
+    result.setResultStatus(new ResultStatus(ResultStatus.STATUS.OK));
+    TreeNode<Resource> tree = result.getResultTree();
+    tree.setName("items");
+    tree.setProperty("isCollection", "true");
+    tree.setProperty(CsvSerializer.PROPERTY_COLUMN_MAP, new TreeMap<String, String>() {{
+      put("propertyD", "Property D");
+      put("propertyC", "Property C");
+      put("propertyB", "Property B");
+      put("propertyA", "Property A");
+    }});
+
+
+    List<Map<String, Object>> data = new ArrayList<Map<String, Object>>() {
+      {
+        add(new HashMap<String, Object>() {
+          {
+            put("propertyD", "value1a");
+            put("propertyC", "value2a");
+            put("propertyB", "value3a");
+            put("propertyA", "value4a");
+          }
+        });
+        add(new HashMap<String, Object>() {
+          {
+            put("propertyD", "value1'b");
+            put("propertyC", "value2'b");
+            put("propertyB", "value3'b");
+            put("propertyA", "value4'b");
+          }
+        });
+        add(new HashMap<String, Object>() {
+          {
+            put("propertyD", "value1,c");
+            put("propertyC", "value2,c");
+            put("propertyB", "value3,c");
+            put("propertyA", "value4,c");
+          }
+        });
+      }
+    };
+
+    addChildResource(tree, "resource", 0, data.get(0));
+    addChildResource(tree, "resource", 1, data.get(1));
+    addChildResource(tree, "resource", 2, data.get(2));
+
+    replayAll();
+
+    //execute test
+    Object o = new CsvSerializer().serialize(result).toString().replace("\r", "");
+
+    verifyAll();
+
+
+    String expected = "Property A,Property B,Property C,Property D\n" +
+        "value4a,value3a,value2a,value1a\n" +
+        "value4'b,value3'b,value2'b,value1'b\n" +
+        "\"value4,c\",\"value3,c\",\"value2,c\",\"value1,c\"\n";
+
+    assertEquals(expected, o);
+
+  }
+
+  @Test
+  public void testSerializeResources_HeaderOrderInfo() throws Exception {
+    Result result = new ResultImpl(true);
+    result.setResultStatus(new ResultStatus(ResultStatus.STATUS.OK));
+    TreeNode<Resource> tree = result.getResultTree();
+    tree.setName("items");
+    tree.setProperty("isCollection", "true");
+    tree.setProperty(CsvSerializer.PROPERTY_COLUMN_MAP, new HashMap<String, String>() {{
+      put("property1", "Property 1");
+      put("property2", "Property 2");
+      put("property3", "Property 3");
+      put("property4", "Property 4");
+    }});
+    tree.setProperty(CsvSerializer.PROPERTY_COLUMN_ORDER, Arrays.asList(
+        "property1",
+        "property2",
+        "property3",
+        "property4"));
+
+    addChildResource(tree, "resource", 0, new HashMap<String, Object>() {
+      {
+        put("property1", "value1a");
+        put("property2", "value2a");
+        put("property3", "value3a");
+        put("property4", "value4a");
+      }
+    });
+    addChildResource(tree, "resource", 1, new HashMap<String, Object>() {
+      {
+        put("property1", "value1'b");
+        put("property2", "value2'b");
+        put("property3", "value3'b");
+        put("property4", "value4'b");
+      }
+    });
+    addChildResource(tree, "resource", 2, new HashMap<String, Object>() {
+      {
+        put("property1", "value1,c");
+        put("property2", "value2,c");
+        put("property3", "value3,c");
+        put("property4", "value4,c");
+      }
+    });
+
+    replayAll();
+
+    //execute test
+    Object o = new CsvSerializer().serialize(result).toString().replace("\r", "");
+
+    String expected = "Property 1,Property 2,Property 3,Property 4\n" +
+        "value1a,value2a,value3a,value4a\n" +
+        "value1'b,value2'b,value3'b,value4'b\n" +
+        "\"value1,c\",\"value2,c\",\"value3,c\",\"value4,c\"\n";
+
+    assertEquals(expected, o);
+
+    verifyAll();
+  }
+
+
+  private void addChildResource(TreeNode<Resource> parent, String name, int index, final Map<String, Object> data) {
+    Resource resource = new ResourceImpl(Resource.Type.Cluster);
+
+    if (data != null) {
+      for (Map.Entry<String, Object> entry : data.entrySet()) {
+        resource.setProperty(entry.getKey(), entry.getValue());
+      }
+    }
+
+    parent.addChild(resource, String.format("%s:%d", name, index));
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e42cba/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index 47f051d..614ee57 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -415,6 +415,409 @@ public class KerberosHelperTest extends EasyMockSupport {
     testDeleteTestIdentity(new KerberosCredential("principal", "password", "keytab"));
   }
 
+  @Test(expected = IllegalArgumentException.class)
+  public void testGetActiveIdentities_MissingCluster() throws Exception {
+    testGetActiveIdentities(null, null, null, null, true);
+  }
+
+  @Test
+  public void testGetActiveIdentities_All() throws Exception {
+    Map<String, Collection<KerberosIdentityDescriptor>> identities = testGetActiveIdentities("c1", null, null, null, true);
+
+    Assert.assertNotNull(identities);
+    Assert.assertEquals(2, identities.size());
+
+    Collection<KerberosIdentityDescriptor> hostIdentities;
+
+    hostIdentities = identities.get("host1");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(3, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity1", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component1/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/component1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/component1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity2", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component2/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service2-site/component2.kerberos.principal");
+          put("principal_local_username", "service2");
+          put("keytab_file", "${keytab_dir}/service2.keytab");
+          put("keytab_owner_name", "service2");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service2-site/component2.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity3", new HashMap<String, Object>() {
+        {
+          put("principal_name", "service1/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/service1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.service.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/service1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});
+    
+    hostIdentities = identities.get("host2");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(3, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity1", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component1/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/component1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/component1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity2", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component2/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service2-site/component2.kerberos.principal");
+          put("principal_local_username", "service2");
+          put("keytab_file", "${keytab_dir}/service2.keytab");
+          put("keytab_owner_name", "service2");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service2-site/component2.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity3", new HashMap<String, Object>() {
+        {
+          put("principal_name", "service1/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/service1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.service.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/service1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});
+  }
+
+  @Test
+  public void testGetActiveIdentities_SingleHost() throws Exception {
+    Map<String, Collection<KerberosIdentityDescriptor>> identities = testGetActiveIdentities("c1", "host1", null, null, true);
+
+    Assert.assertNotNull(identities);
+    Assert.assertEquals(1, identities.size());
+
+    Collection<KerberosIdentityDescriptor> hostIdentities;
+
+    hostIdentities = identities.get("host1");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(3, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity1", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component1/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/component1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/component1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity2", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component2/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service2-site/component2.kerberos.principal");
+          put("principal_local_username", "service2");
+          put("keytab_file", "${keytab_dir}/service2.keytab");
+          put("keytab_owner_name", "service2");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service2-site/component2.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity3", new HashMap<String, Object>() {
+        {
+          put("principal_name", "service1/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/service1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.service.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/service1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});
+  }
+
+  @Test
+  public void testGetActiveIdentities_SingleService() throws Exception {
+    Map<String, Collection<KerberosIdentityDescriptor>> identities = testGetActiveIdentities("c1", null, "SERVICE1", null, true);
+
+    Assert.assertNotNull(identities);
+    Assert.assertEquals(2, identities.size());
+
+    Collection<KerberosIdentityDescriptor> hostIdentities;
+
+    hostIdentities = identities.get("host1");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(2, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity1", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component1/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/component1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/component1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity3", new HashMap<String, Object>() {
+        {
+          put("principal_name", "service1/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/service1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.service.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/service1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});
+    
+    hostIdentities = identities.get("host2");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(2, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity1", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component1/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/component1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/component1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity3", new HashMap<String, Object>() {
+        {
+          put("principal_name", "service1/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/service1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.service.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/service1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});  }
+
+  @Test
+  public void testGetActiveIdentities_SingleServiceSingleHost() throws Exception {
+    Map<String, Collection<KerberosIdentityDescriptor>> identities = testGetActiveIdentities("c1", "host2", "SERVICE1", null, true);
+
+    Assert.assertNotNull(identities);
+    Assert.assertEquals(1, identities.size());
+
+    Collection<KerberosIdentityDescriptor> hostIdentities;
+
+    hostIdentities = identities.get("host2");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(2, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity1", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component1/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/component1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/component1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+
+      put("identity3", new HashMap<String, Object>() {
+        {
+          put("principal_name", "service1/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service1-site/service1.kerberos.principal");
+          put("principal_local_username", "service1");
+          put("keytab_file", "${keytab_dir}/service1.service.keytab");
+          put("keytab_owner_name", "service1");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service1-site/service1.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});
+  }
+
+  @Test
+  public void testGetActiveIdentities_SingleComponent() throws Exception {
+    Map<String, Collection<KerberosIdentityDescriptor>> identities = testGetActiveIdentities("c1", null, null, "COMPONENT2", true);
+
+    Assert.assertNotNull(identities);
+    Assert.assertEquals(2, identities.size());
+
+    Collection<KerberosIdentityDescriptor> hostIdentities;
+
+    hostIdentities = identities.get("host1");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(1, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity2", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component2/host1@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service2-site/component2.kerberos.principal");
+          put("principal_local_username", "service2");
+          put("keytab_file", "${keytab_dir}/service2.keytab");
+          put("keytab_owner_name", "service2");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service2-site/component2.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});
+
+    hostIdentities = identities.get("host2");
+    Assert.assertNotNull(hostIdentities);
+    Assert.assertEquals(1, hostIdentities.size());
+
+    validateIdentities(hostIdentities, new HashMap<String, Map<String, Object>>() {{
+      put("identity2", new HashMap<String, Object>() {
+        {
+          put("principal_name", "component2/host2@EXAMPLE.COM");
+          put("principal_type", KerberosPrincipalType.SERVICE);
+          put("principal_configuration", "service2-site/component2.kerberos.principal");
+          put("principal_local_username", "service2");
+          put("keytab_file", "${keytab_dir}/service2.keytab");
+          put("keytab_owner_name", "service2");
+          put("keytab_owner_access", "rw");
+          put("keytab_group_name", "hadoop");
+          put("keytab_group_access", "");
+          put("keytab_configuration", "service2-site/component2.keytab.file");
+          put("keytab_cachable", false);
+        }
+      });
+    }});
+  }
+
+  private void validateIdentities(Collection<KerberosIdentityDescriptor> identities, HashMap<String, Map<String, Object>> expectedDataMap) {
+
+    Assert.assertEquals(expectedDataMap.size(), identities.size());
+
+    for(KerberosIdentityDescriptor identity: identities) {
+      Map<String, Object> expectedData = expectedDataMap.get(identity.getName());
+
+      Assert.assertNotNull(expectedData);
+
+      KerberosPrincipalDescriptor principal = identity.getPrincipalDescriptor();
+      Assert.assertNotNull(principal);
+      Assert.assertEquals(expectedData.get("principal_name"), principal.getName());
+      Assert.assertEquals(expectedData.get("principal_type"), principal.getType());
+      Assert.assertEquals(expectedData.get("principal_configuration"), principal.getConfiguration());
+      Assert.assertEquals(expectedData.get("principal_local_username"), principal.getLocalUsername());
+
+      KerberosKeytabDescriptor keytab = identity.getKeytabDescriptor();
+      Assert.assertNotNull(keytab);
+      Assert.assertEquals(expectedData.get("keytab_file"), keytab.getFile());
+      Assert.assertEquals(expectedData.get("keytab_owner_name"), keytab.getOwnerName());
+      Assert.assertEquals(expectedData.get("keytab_owner_access"), keytab.getOwnerAccess());
+      Assert.assertEquals(expectedData.get("keytab_group_name"), keytab.getGroupName());
+      Assert.assertEquals(expectedData.get("keytab_group_access"), keytab.getGroupAccess());
+      Assert.assertEquals(expectedData.get("keytab_configuration"), keytab.getConfiguration());
+      Assert.assertEquals(Boolean.TRUE.equals(expectedData.get("keytab_cachable")), keytab.isCachable());
+    }
+  }
+
+
   private void testEnableKerberos(final KerberosCredential kerberosCredential,
                                   boolean getClusterDescriptor,
                                   boolean getStackDescriptor) throws Exception {
@@ -2473,4 +2876,232 @@ public class KerberosHelperTest extends EasyMockSupport {
 
     verifyAll();
   }
+
+  private Map<String, Collection<KerberosIdentityDescriptor>> testGetActiveIdentities(String clusterName, String hostName, String serviceName, String compnentName, boolean replaceHostnames) throws Exception {
+
+    KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
+
+    final ServiceComponentHost schKerberosClient1 = createMock(ServiceComponentHost.class);
+    expect(schKerberosClient1.getServiceName()).andReturn(Service.Type.KERBEROS.name()).anyTimes();
+    expect(schKerberosClient1.getServiceComponentName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes();
+
+    final ServiceComponentHost schKerberosClient2 = createMock(ServiceComponentHost.class);
+    expect(schKerberosClient2.getServiceName()).andReturn(Service.Type.KERBEROS.name()).anyTimes();
+    expect(schKerberosClient2.getServiceComponentName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes();
+
+    final ServiceComponentHost sch1a = createMock(ServiceComponentHost.class);
+    expect(sch1a.getServiceName()).andReturn("SERVICE1").anyTimes();
+    expect(sch1a.getServiceComponentName()).andReturn("COMPONENT1").anyTimes();
+
+    final ServiceComponentHost sch1b = createMock(ServiceComponentHost.class);
+    expect(sch1b.getServiceName()).andReturn("SERVICE2").anyTimes();
+    expect(sch1b.getServiceComponentName()).andReturn("COMPONENT2").anyTimes();
+
+    final ServiceComponentHost sch2a = createMock(ServiceComponentHost.class);
+    expect(sch2a.getServiceName()).andReturn("SERVICE1").anyTimes();
+    expect(sch2a.getServiceComponentName()).andReturn("COMPONENT1").anyTimes();
+
+    final ServiceComponentHost sch2b = createMock(ServiceComponentHost.class);
+    expect(sch2b.getServiceName()).andReturn("SERVICE2").anyTimes();
+    expect(sch2b.getServiceComponentName()).andReturn("COMPONENT2").anyTimes();
+
+    final Host host1 = createNiceMock(Host.class);
+    expect(host1.getHostName()).andReturn("host1").anyTimes();
+    expect(host1.getState()).andReturn(HostState.HEALTHY).anyTimes();
+
+    final Host host2 = createNiceMock(Host.class);
+    expect(host2.getHostName()).andReturn("host2").anyTimes();
+    expect(host2.getState()).andReturn(HostState.HEALTHY).anyTimes();
+
+    final ServiceComponent serviceComponentKerberosClient = createMock(ServiceComponent.class);
+    expect(serviceComponentKerberosClient.getName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes();
+    expect(serviceComponentKerberosClient.getServiceComponentHosts()).andReturn(Collections.singletonMap("host1", schKerberosClient1)).anyTimes();
+
+    final Service serviceKerberos = createStrictMock(Service.class);
+    expect(serviceKerberos.getName()).andReturn(Service.Type.KERBEROS.name()).anyTimes();
+    expect(serviceKerberos.getServiceComponents())
+        .andReturn(Collections.singletonMap(Role.KERBEROS_CLIENT.name(), serviceComponentKerberosClient))
+        .anyTimes();
+
+    final Service service1 = createStrictMock(Service.class);
+    expect(service1.getName()).andReturn("SERVICE1").anyTimes();
+    expect(service1.getServiceComponents())
+        .andReturn(Collections.<String, ServiceComponent>emptyMap())
+        .anyTimes();
+
+    final Service service2 = createStrictMock(Service.class);
+    expect(service2.getName()).andReturn("SERVICE2").anyTimes();
+    expect(service2.getServiceComponents())
+        .andReturn(Collections.<String, ServiceComponent>emptyMap())
+        .anyTimes();
+
+    final Cluster cluster = createMock(Cluster.class);
+    expect(cluster.getSecurityType()).andReturn(SecurityType.KERBEROS).anyTimes();
+    expect(cluster.getClusterName()).andReturn(clusterName).anyTimes();
+    expect(cluster.getServiceComponentHosts("host1"))
+        .andReturn(new ArrayList<ServiceComponentHost>() {
+          {
+            add(schKerberosClient1);
+            add(sch1a);
+            add(sch1b);
+          }
+        })
+        .anyTimes();
+    expect(cluster.getServiceComponentHosts("host2"))
+        .andReturn(new ArrayList<ServiceComponentHost>() {
+          {
+            add(schKerberosClient2);
+            add(sch2a);
+            add(sch2b);
+          }
+        })
+        .anyTimes();
+    expect(cluster.getCurrentStackVersion())
+        .andReturn(new StackId("HDP", "2.2"))
+        .anyTimes();
+    expect(cluster.getServices())
+        .andReturn(new HashMap<String, Service>() {
+          {
+            put(Service.Type.KERBEROS.name(), serviceKerberos);
+            put("SERVICE1", service1);
+            put("SERVICE2", service2);
+          }
+        })
+        .anyTimes();
+
+    final Clusters clusters = injector.getInstance(Clusters.class);
+    expect(clusters.getCluster(clusterName)).andReturn(cluster).times(1);
+
+    if(hostName == null) {
+      expect(clusters.getHostsForCluster(clusterName))
+          .andReturn(new HashMap<String, Host>() {
+            {
+              put("host1", host1);
+              put("host2", host2);
+            }
+          })
+          .once();
+    }
+
+    final AmbariManagementController ambariManagementController = injector.getInstance(AmbariManagementController.class);
+    expect(ambariManagementController.findConfigurationTagsWithOverrides(cluster, "host1"))
+        .andReturn(Collections.<String, Map<String, String>>emptyMap())
+        .anyTimes();
+    expect(ambariManagementController.findConfigurationTagsWithOverrides(cluster, "host2"))
+        .andReturn(Collections.<String, Map<String, String>>emptyMap())
+        .anyTimes();
+    expect(ambariManagementController.findConfigurationTagsWithOverrides(cluster, null))
+        .andReturn(Collections.<String, Map<String, String>>emptyMap())
+        .anyTimes();
+
+    final ConfigHelper configHelper = injector.getInstance(ConfigHelper.class);
+    expect(configHelper.getEffectiveConfigProperties(anyObject(Cluster.class), anyObject(Map.class)))
+        .andReturn(new HashMap<String, Map<String, String>>() {
+          {
+            put("cluster-env", new HashMap<String, String>() {{
+              put("kerberos_domain", "FOOBAR.COM");
+            }});
+          }
+        })
+        .anyTimes();
+
+    final KerberosPrincipalDescriptor principalDescriptor1 = createMock(KerberosPrincipalDescriptor.class);
+    expect(principalDescriptor1.getValue()).andReturn("component1/_HOST@${realm}").anyTimes();
+    expect(principalDescriptor1.getType()).andReturn(KerberosPrincipalType.SERVICE).anyTimes();
+    expect(principalDescriptor1.getConfiguration()).andReturn("service1-site/component1.kerberos.principal").anyTimes();
+    expect(principalDescriptor1.getLocalUsername()).andReturn("service1").anyTimes();
+
+    final KerberosPrincipalDescriptor principalDescriptor2 = createMock(KerberosPrincipalDescriptor.class);
+    expect(principalDescriptor2.getValue()).andReturn("component2/${host}@${realm}").anyTimes();
+    expect(principalDescriptor2.getType()).andReturn(KerberosPrincipalType.SERVICE).anyTimes();
+    expect(principalDescriptor2.getConfiguration()).andReturn("service2-site/component2.kerberos.principal").anyTimes();
+    expect(principalDescriptor2.getLocalUsername()).andReturn("service2").anyTimes();
+
+    final KerberosPrincipalDescriptor principalDescriptorService1 = createMock(KerberosPrincipalDescriptor.class);
+    expect(principalDescriptorService1.getValue()).andReturn("service1/_HOST@${realm}").anyTimes();
+    expect(principalDescriptorService1.getType()).andReturn(KerberosPrincipalType.SERVICE).anyTimes();
+    expect(principalDescriptorService1.getConfiguration()).andReturn("service1-site/service1.kerberos.principal").anyTimes();
+    expect(principalDescriptorService1.getLocalUsername()).andReturn("service1").anyTimes();
+
+    final KerberosKeytabDescriptor keytabDescriptor1 = createMock(KerberosKeytabDescriptor.class);
+    expect(keytabDescriptor1.getFile()).andReturn("${keytab_dir}/service1.keytab").anyTimes();
+    expect(keytabDescriptor1.getOwnerName()).andReturn("service1").anyTimes();
+    expect(keytabDescriptor1.getOwnerAccess()).andReturn("rw").anyTimes();
+    expect(keytabDescriptor1.getGroupName()).andReturn("hadoop").anyTimes();
+    expect(keytabDescriptor1.getGroupAccess()).andReturn("").anyTimes();
+    expect(keytabDescriptor1.getConfiguration()).andReturn("service1-site/component1.keytab.file").anyTimes();
+    expect(keytabDescriptor1.isCachable()).andReturn(false).anyTimes();
+
+    final KerberosKeytabDescriptor keytabDescriptor2 = createMock(KerberosKeytabDescriptor.class);
+    expect(keytabDescriptor2.getFile()).andReturn("${keytab_dir}/service2.keytab").anyTimes();
+    expect(keytabDescriptor2.getOwnerName()).andReturn("service2").anyTimes();
+    expect(keytabDescriptor2.getOwnerAccess()).andReturn("rw").anyTimes();
+    expect(keytabDescriptor2.getGroupName()).andReturn("hadoop").anyTimes();
+    expect(keytabDescriptor2.getGroupAccess()).andReturn("").anyTimes();
+    expect(keytabDescriptor2.getConfiguration()).andReturn("service2-site/component2.keytab.file").anyTimes();
+    expect(keytabDescriptor2.isCachable()).andReturn(false).anyTimes();
+
+    final KerberosKeytabDescriptor keytabDescriptorService1 = createMock(KerberosKeytabDescriptor.class);
+    expect(keytabDescriptorService1.getFile()).andReturn("${keytab_dir}/service1.service.keytab").anyTimes();
+    expect(keytabDescriptorService1.getOwnerName()).andReturn("service1").anyTimes();
+    expect(keytabDescriptorService1.getOwnerAccess()).andReturn("rw").anyTimes();
+    expect(keytabDescriptorService1.getGroupName()).andReturn("hadoop").anyTimes();
+    expect(keytabDescriptorService1.getGroupAccess()).andReturn("").anyTimes();
+    expect(keytabDescriptorService1.getConfiguration()).andReturn("service1-site/service1.keytab.file").anyTimes();
+    expect(keytabDescriptorService1.isCachable()).andReturn(false).anyTimes();
+
+    final KerberosIdentityDescriptor identityDescriptor1 = createMock(KerberosIdentityDescriptor.class);
+    expect(identityDescriptor1.getName()).andReturn("identity1").anyTimes();
+    expect(identityDescriptor1.getPrincipalDescriptor()).andReturn(principalDescriptor1).anyTimes();
+    expect(identityDescriptor1.getKeytabDescriptor()).andReturn(keytabDescriptor1).anyTimes();
+
+    final KerberosIdentityDescriptor identityDescriptor2 = createMock(KerberosIdentityDescriptor.class);
+    expect(identityDescriptor2.getName()).andReturn("identity2").anyTimes();
+    expect(identityDescriptor2.getPrincipalDescriptor()).andReturn(principalDescriptor2).anyTimes();
+    expect(identityDescriptor2.getKeytabDescriptor()).andReturn(keytabDescriptor2).anyTimes();
+
+    final KerberosIdentityDescriptor identityDescriptorService1 = createMock(KerberosIdentityDescriptor.class);
+    expect(identityDescriptorService1.getName()).andReturn("identity3").anyTimes();
+    expect(identityDescriptorService1.getPrincipalDescriptor()).andReturn(principalDescriptorService1).anyTimes();
+    expect(identityDescriptorService1.getKeytabDescriptor()).andReturn(keytabDescriptorService1).anyTimes();
+
+    final KerberosComponentDescriptor componentDescriptor1 = createMock(KerberosComponentDescriptor.class);
+    expect(componentDescriptor1.getIdentities(true)).andReturn(Collections.singletonList(identityDescriptor1)).anyTimes();
+
+    final KerberosComponentDescriptor componentDescriptor2 = createMock(KerberosComponentDescriptor.class);
+    expect(componentDescriptor2.getIdentities(true)).andReturn(Collections.singletonList(identityDescriptor2)).anyTimes();
+
+    final KerberosServiceDescriptor serviceDescriptor1 = createMock(KerberosServiceDescriptor.class);
+    expect(serviceDescriptor1.getComponent("COMPONENT1")).andReturn(componentDescriptor1).anyTimes();
+    expect(serviceDescriptor1.getIdentities(true)).andReturn(Collections.singletonList(identityDescriptorService1)).anyTimes();
+
+    final KerberosServiceDescriptor serviceDescriptor2 = createMock(KerberosServiceDescriptor.class);
+    expect(serviceDescriptor2.getComponent("COMPONENT2")).andReturn(componentDescriptor2).anyTimes();
+    expect(serviceDescriptor2.getIdentities(true)).andReturn(null).anyTimes();
+
+    final KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class);
+    expect(kerberosDescriptor.getProperties()).andReturn(new HashMap<String, String>(){
+      {
+        put("realm", "EXAMPLE.COM");
+      }
+    }).anyTimes();
+    expect(kerberosDescriptor.getService("KERBEROS")).andReturn(null).anyTimes();
+    expect(kerberosDescriptor.getService("SERVICE1")).andReturn(serviceDescriptor1).anyTimes();
+    expect(kerberosDescriptor.getService("SERVICE2")).andReturn(serviceDescriptor2).anyTimes();
+
+    setupGetDescriptorFromCluster(kerberosDescriptor);
+
+    replayAll();
+
+    // Needed by infrastructure
+    metaInfo.init();
+
+    Map<String, Collection<KerberosIdentityDescriptor>> identities;
+    identities = kerberosHelper.getActiveIdentities(clusterName, hostName, serviceName, compnentName, replaceHostnames);
+
+    verifyAll();
+
+    return identities;
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e42cba/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java
new file mode 100644
index 0000000..1b1b4ac
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/HostKerberosIdentityResourceProviderTest.java
@@ -0,0 +1,362 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.KerberosHelper;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.dao.HostDAO;
+import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO;
+import org.apache.ambari.server.orm.dao.KerberosPrincipalHostDAO;
+import org.apache.ambari.server.orm.entities.HostEntity;
+import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosKeytabDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosPrincipalType;
+import org.easymock.EasyMockSupport;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+
+import static org.easymock.EasyMock.expect;
+
+
+/**
+ * Tests for the host Kerberos identity resource provider.
+ */
+public class HostKerberosIdentityResourceProviderTest extends EasyMockSupport {
+  @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
+  public void testCreateResources() throws Exception {
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+
+    ResourceProvider provider = new HostKerberosIdentityResourceProvider(managementController);
+
+    // Create a property set of an single empty map.  It shouldn't make a difference what this is
+    // since this HostKerberosIdentityResourceProvider is a read-only provider and should throw
+    // a org.apache.ambari.server.controller.spi.SystemException exception
+    Set<Map<String, Object>> propertySet = Collections.singleton(Collections.<String, Object>emptyMap());
+
+    Request request = PropertyHelper.getCreateRequest(propertySet, null);
+
+    provider.createResources(request);
+  }
+
+  @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
+  public void testUpdateResources() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+
+    Map<String, String> mapRequestProps = new HashMap<String, String>();
+    mapRequestProps.put("context", "Called from a test");
+
+    ResourceProvider provider = new HostKerberosIdentityResourceProvider(managementController);
+
+    Map<String, Object> properties = new LinkedHashMap<String, Object>();
+
+    properties.put(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_CLUSTER_NAME_PROPERTY_ID, "Cluster100");
+    properties.put(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_HOST_NAME_PROPERTY_ID, "Host100");
+    properties.put(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_NAME_PROPERTY_ID, "principal@REALM");
+    properties.put(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_LOCAL_USERNAME_PROPERTY_ID, "userA");
+
+    // create the request
+    Request request = PropertyHelper.getUpdateRequest(properties, mapRequestProps);
+
+    Predicate predicate = new PredicateBuilder()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_CLUSTER_NAME_PROPERTY_ID)
+        .equals("Cluster100")
+        .and()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_HOST_NAME_PROPERTY_ID)
+        .equals("Host100")
+        .and()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_NAME_PROPERTY_ID)
+        .equals("principal@REALM").toPredicate();
+
+    provider.updateResources(request, predicate);
+  }
+
+  @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
+  public void testDeleteResources() throws Exception {
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+
+    ResourceProvider provider = new HostKerberosIdentityResourceProvider(managementController);
+
+    AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
+
+    ((ObservableResourceProvider) provider).addObserver(observer);
+
+    Predicate predicate = new PredicateBuilder()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_CLUSTER_NAME_PROPERTY_ID)
+        .equals("Cluster100")
+        .and()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_HOST_NAME_PROPERTY_ID)
+        .equals("Host100")
+        .and()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_NAME_PROPERTY_ID)
+        .equals("principal@REALM").toPredicate();
+
+    provider.deleteResources(predicate);
+  }
+
+
+  @Test
+  public void testGetResources() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+
+    KerberosPrincipalDescriptor principalDescriptor1 = createStrictMock(KerberosPrincipalDescriptor.class);
+    expect(principalDescriptor1.getValue()).andReturn("principal1@EXAMPLE.COM");
+    expect(principalDescriptor1.getType()).andReturn(KerberosPrincipalType.USER).times(1);
+    expect(principalDescriptor1.getLocalUsername()).andReturn("principal1");
+
+    KerberosKeytabDescriptor keytabDescriptor1 = createStrictMock(KerberosKeytabDescriptor.class);
+    expect(keytabDescriptor1.getOwnerAccess()).andReturn("rw").times(1);
+    expect(keytabDescriptor1.getGroupAccess()).andReturn("r").times(1);
+    expect(keytabDescriptor1.getFile()).andReturn("/etc/security/keytabs/principal1.headless.keytab").times(1);
+    expect(keytabDescriptor1.getOwnerName()).andReturn("principal1").times(1);
+    expect(keytabDescriptor1.getGroupName()).andReturn("principal1").times(1);
+
+    KerberosIdentityDescriptor identity1 = createStrictMock(KerberosIdentityDescriptor.class);
+    expect(identity1.getPrincipalDescriptor()).andReturn(principalDescriptor1).times(1);
+    expect(identity1.getKeytabDescriptor()).andReturn(keytabDescriptor1).times(1);
+    expect(identity1.getName()).andReturn("identity1").times(1);
+
+    KerberosPrincipalDescriptor principalDescriptor2 = createStrictMock(KerberosPrincipalDescriptor.class);
+    expect(principalDescriptor2.getValue()).andReturn("principal2/Host100@EXAMPLE.COM");
+    expect(principalDescriptor2.getType()).andReturn(KerberosPrincipalType.SERVICE).times(1);
+    expect(principalDescriptor2.getLocalUsername()).andReturn("principal2");
+
+    KerberosIdentityDescriptor identity2 = createStrictMock(KerberosIdentityDescriptor.class);
+    expect(identity2.getPrincipalDescriptor()).andReturn(principalDescriptor2).times(1);
+    expect(identity2.getKeytabDescriptor()).andReturn(null).times(1);
+    expect(identity2.getName()).andReturn("identity2").times(1);
+
+    KerberosIdentityDescriptor identity3 = createStrictMock(KerberosIdentityDescriptor.class);
+    expect(identity3.getPrincipalDescriptor()).andReturn(null).times(1);
+
+    KerberosIdentityDescriptor identity4 = createStrictMock(KerberosIdentityDescriptor.class);
+    expect(identity4.getPrincipalDescriptor()).andReturn(null).times(1);
+
+    KerberosPrincipalDescriptor principalDescriptor5 = createStrictMock(KerberosPrincipalDescriptor.class);
+    expect(principalDescriptor5.getValue()).andReturn("principal5@EXAMPLE.COM");
+    expect(principalDescriptor5.getType()).andReturn(KerberosPrincipalType.USER).times(1);
+    expect(principalDescriptor5.getLocalUsername()).andReturn("principal5");
+
+    KerberosKeytabDescriptor keytabDescriptor5 = createStrictMock(KerberosKeytabDescriptor.class);
+    expect(keytabDescriptor5.getOwnerAccess()).andReturn("r").times(1);
+    expect(keytabDescriptor5.getGroupAccess()).andReturn("r").times(1);
+    expect(keytabDescriptor5.getFile()).andReturn("/etc/security/keytabs/principal5.headless.keytab").times(1);
+    expect(keytabDescriptor5.getOwnerName()).andReturn("principal5").times(1);
+    expect(keytabDescriptor5.getGroupName()).andReturn("hadoop").times(1);
+
+    KerberosIdentityDescriptor identity5 = createStrictMock(KerberosIdentityDescriptor.class);
+    expect(identity5.getPrincipalDescriptor()).andReturn(principalDescriptor5).times(1);
+    expect(identity5.getKeytabDescriptor()).andReturn(keytabDescriptor5).times(1);
+    expect(identity5.getName()).andReturn("identity5").times(1);
+
+    KerberosPrincipalDAO kerberosPrincipalDAO = createStrictMock(KerberosPrincipalDAO.class);
+    expect(kerberosPrincipalDAO.exists("principal1@EXAMPLE.COM")).andReturn(true).times(1);
+    expect(kerberosPrincipalDAO.exists("principal2/Host100@EXAMPLE.COM")).andReturn(true).times(1);
+    expect(kerberosPrincipalDAO.exists("principal5@EXAMPLE.COM")).andReturn(false).times(1);
+
+    KerberosPrincipalHostDAO kerberosPrincipalHostDAO = createStrictMock(KerberosPrincipalHostDAO.class);
+    expect(kerberosPrincipalHostDAO.exists("principal1@EXAMPLE.COM", 100L)).andReturn(true).times(1);
+    expect(kerberosPrincipalHostDAO.exists("principal2/Host100@EXAMPLE.COM", 100L)).andReturn(false).times(1);
+
+    HostEntity host100 = createStrictMock(HostEntity.class);
+    expect(host100.getHostId()).andReturn(100L).times(1);
+
+    HostDAO hostDAO = createStrictMock(HostDAO.class);
+    expect(hostDAO.findByName("Host100")).andReturn(host100).times(1);
+
+    Collection<KerberosIdentityDescriptor> identities = new ArrayList<KerberosIdentityDescriptor>();
+    identities.add(identity1);
+    identities.add(identity2);
+    identities.add(identity3);
+    identities.add(identity4);
+    identities.add(identity5);
+
+    Map<String, Collection<KerberosIdentityDescriptor>> activeIdentities = new HashMap<String, Collection<KerberosIdentityDescriptor>>();
+    activeIdentities.put("Host100", identities);
+
+    KerberosHelper kerberosHelper = createStrictMock(KerberosHelper.class);
+    expect(kerberosHelper.getActiveIdentities("Cluster100", "Host100", null, null, true))
+        .andReturn(activeIdentities)
+        .times(1);
+
+    // replay
+    replayAll();
+
+    ResourceProvider provider = new HostKerberosIdentityResourceProvider(managementController);
+
+    // Set injected values...
+    Field field;
+    field = HostKerberosIdentityResourceProvider.class.getDeclaredField("kerberosHelper");
+    field.setAccessible(true);
+    field.set(provider, kerberosHelper);
+
+    field = HostKerberosIdentityResourceProvider.class.getDeclaredField("kerberosPrincipalDAO");
+    field.setAccessible(true);
+    field.set(provider, kerberosPrincipalDAO);
+
+    field = HostKerberosIdentityResourceProvider.class.getDeclaredField("kerberosPrincipalHostDAO");
+    field.setAccessible(true);
+    field.set(provider, kerberosPrincipalHostDAO);
+
+    field = HostKerberosIdentityResourceProvider.class.getDeclaredField("hostDAO");
+    field.setAccessible(true);
+    field.set(provider, hostDAO);
+
+    Set<String> propertyIds = new HashSet<String>();
+
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_CLUSTER_NAME_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_HOST_NAME_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_DESCRIPTION_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_NAME_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_TYPE_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_LOCAL_USERNAME_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_PATH_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_ACCESS_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_ACCESS_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_MODE_PROPERTY_ID);
+    propertyIds.add(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_INSTALLED_PROPERTY_ID);
+
+    Predicate predicate = new PredicateBuilder()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_CLUSTER_NAME_PROPERTY_ID)
+        .equals("Cluster100")
+        .and()
+        .property(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_HOST_NAME_PROPERTY_ID)
+        .equals("Host100").toPredicate();
+
+    Request request = PropertyHelper.getReadRequest(propertyIds);
+    Set<Resource> resources = provider.getResources(request, predicate);
+
+    Assert.assertEquals(3, resources.size());
+
+    for (Resource resource : resources) {
+      Assert.assertEquals("Cluster100",
+          resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_CLUSTER_NAME_PROPERTY_ID));
+      Assert.assertEquals("Host100",
+          resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_HOST_NAME_PROPERTY_ID));
+
+      String principal = (String) resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_NAME_PROPERTY_ID);
+
+      if ("principal1@EXAMPLE.COM".equals(principal)) {
+        Assert.assertEquals("identity1",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_DESCRIPTION_PROPERTY_ID));
+
+        Assert.assertEquals(KerberosPrincipalType.USER,
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_TYPE_PROPERTY_ID));
+
+        Assert.assertEquals("principal1",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_LOCAL_USERNAME_PROPERTY_ID));
+
+        Assert.assertEquals("/etc/security/keytabs/principal1.headless.keytab",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_PATH_PROPERTY_ID));
+
+        Assert.assertEquals("principal1",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_PROPERTY_ID));
+
+        Assert.assertEquals("rw",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_ACCESS_PROPERTY_ID));
+
+        Assert.assertEquals("principal1",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_PROPERTY_ID));
+
+        Assert.assertEquals("r",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_ACCESS_PROPERTY_ID));
+
+        Assert.assertEquals("640",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_MODE_PROPERTY_ID));
+
+        Assert.assertEquals("true",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_INSTALLED_PROPERTY_ID));
+      } else if ("principal2/Host100@EXAMPLE.COM".equals(principal)) {
+        Assert.assertEquals("identity2",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_DESCRIPTION_PROPERTY_ID));
+
+        Assert.assertEquals(KerberosPrincipalType.SERVICE,
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_TYPE_PROPERTY_ID));
+
+        Assert.assertEquals("principal2",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_LOCAL_USERNAME_PROPERTY_ID));
+
+        Assert.assertNull(resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_PATH_PROPERTY_ID));
+        Assert.assertNull(resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_PROPERTY_ID));
+        Assert.assertNull(resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_ACCESS_PROPERTY_ID));
+        Assert.assertNull(resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_PROPERTY_ID));
+        Assert.assertNull(resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_ACCESS_PROPERTY_ID));
+        Assert.assertNull(resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_MODE_PROPERTY_ID));
+
+        Assert.assertEquals("false",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_INSTALLED_PROPERTY_ID));
+      } else if ("principal5@EXAMPLE.COM".equals(principal)) {
+        Assert.assertEquals("identity5",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_DESCRIPTION_PROPERTY_ID));
+
+        Assert.assertEquals(KerberosPrincipalType.USER,
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_TYPE_PROPERTY_ID));
+
+        Assert.assertEquals("principal5",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_PRINCIPAL_LOCAL_USERNAME_PROPERTY_ID));
+
+        Assert.assertEquals("/etc/security/keytabs/principal5.headless.keytab",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_PATH_PROPERTY_ID));
+
+        Assert.assertEquals("principal5",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_PROPERTY_ID));
+
+        Assert.assertEquals("r",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_OWNER_ACCESS_PROPERTY_ID));
+
+        Assert.assertEquals("hadoop",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_PROPERTY_ID));
+
+        Assert.assertEquals("r",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_GROUP_ACCESS_PROPERTY_ID));
+
+        Assert.assertEquals("440",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_MODE_PROPERTY_ID));
+
+        Assert.assertEquals("unknown",
+            resource.getPropertyValue(HostKerberosIdentityResourceProvider.KERBEROS_IDENTITY_KEYTAB_FILE_INSTALLED_PROPERTY_ID));
+      } else {
+        Assert.fail("Unexpected principal: " + principal);
+      }
+    }
+
+    // verify
+    verifyAll();
+  }
+}