ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject [2/4] ambari git commit: AMBARI-13214. Create a credentials resource used to securely set, update, and remove credentials used by Ambari (rlevas)
Date Thu, 01 Oct 2015 21:35:03 GMT
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java b/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
deleted file mode 100644
index 08d84fc..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/encryption/InMemoryCredentialStoreService.java
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.security.encryption;
-
-import com.google.common.cache.Cache;
-import com.google.common.cache.CacheBuilder;
-import org.apache.ambari.server.AmbariException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.security.KeyStore;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ThreadFactory;
-import java.util.concurrent.TimeUnit;
-
-/**
- * InMemoryCredentialStoreService is a CredentialStoreService implementation that creates and manages
- * a JCEKS (Java Cryptography Extension KeyStore) in memory.  The key store and its contents are
- * encrypted using the key from the supplied {@link MasterKeyService}.
- * <p/>
- * This class handles the details of the in-memory storage buffer and associated input and output
- * streams. Each credential is stored in its own KeyStore that may be be purged upon some
- * retention timeout - if specified.
- */
-public class InMemoryCredentialStoreService extends CredentialStoreServiceImpl {
-  private static final Logger LOG = LoggerFactory.getLogger(InMemoryCredentialStoreService.class);
-
-  /**
-   * A cache containing the KeyStore data
-   */
-  private final Cache<String, KeyStore> cache;
-
-  /**
-   * Constructs a new InMemoryCredentialStoreService where credentials have no retention timeout
-   */
-  public InMemoryCredentialStoreService() {
-    this(0, TimeUnit.MINUTES, false);
-  }
-
-  /**
-   * Constructs a new InMemoryCredentialStoreService with a specified credential timeout
-   *
-   * @param retentionDuration the time in some units to keep stored credentials, from the time they are added
-   * @param units             the units for the retention duration (minutes, seconds, etc...)
-   * @param activelyPurge     true to actively purge credentials after the retention time has expired;
-   *                          otherwise false, to passively purge credentials after the retention time has expired
-   */
-  public InMemoryCredentialStoreService(final long retentionDuration, final TimeUnit units, boolean activelyPurge) {
-    CacheBuilder<Object, Object> builder = CacheBuilder.newBuilder();
-
-    // If the retentionDuration is less the 1, then no retention policy is to be enforced
-    if (retentionDuration > 0) {
-      // If actively purging expired credentials, set up a timer to periodically clean the cache
-      if (activelyPurge) {
-        ThreadFactory threadFactory = new ThreadFactory() {
-          @Override
-          public Thread newThread(Runnable runnable) {
-            Thread t = Executors.defaultThreadFactory().newThread(runnable);
-            if (t != null) {
-              t.setName(String.format("%s active cleanup timer", InMemoryCredentialStoreService.class.getSimpleName()));
-              t.setDaemon(true);
-            }
-            return t;
-          }
-        };
-        Runnable runnable = new Runnable() {
-          @Override
-          public void run() {
-            if (LOG.isDebugEnabled()) {
-              LOG.debug("Cleaning up cache due to retention timeout of {} milliseconds",
-                  units.toMillis(retentionDuration));
-            }
-            cache.cleanUp();
-          }
-        };
-
-        Executors.newSingleThreadScheduledExecutor(threadFactory).schedule(runnable, 1, TimeUnit.MINUTES);
-      }
-
-      builder.expireAfterWrite(retentionDuration, units);
-    }
-
-    cache = builder.build();
-  }
-
-  @Override
-  public void addCredential(String alias, char[] value) throws AmbariException {
-    if ((alias == null) || alias.isEmpty()) {
-      throw new IllegalArgumentException("Alias cannot be null or empty.");
-    }
-
-    KeyStore keyStore = loadKeyStore(null, DEFAULT_STORE_TYPE);
-    addCredential(keyStore, alias, value);
-    cache.put(alias, keyStore);
-  }
-
-  @Override
-  public char[] getCredential(String alias) throws AmbariException {
-    char[] credential = null;
-
-    if ((alias != null) && !alias.isEmpty()) {
-      KeyStore keyStore = cache.getIfPresent(alias);
-      if (keyStore != null) {
-        credential = getCredential(keyStore, alias);
-      }
-    }
-
-    return credential;
-  }
-
-  @Override
-  public void removeCredential(String alias) throws AmbariException {
-    if (alias != null) {
-      cache.invalidate(alias);
-    }
-  }
-
-  @Override
-  protected void persistCredentialStore(KeyStore keyStore) throws AmbariException {
-    throw new UnsupportedOperationException();
-  }
-
-  @Override
-  protected KeyStore loadCredentialStore() throws AmbariException {
-    throw new UnsupportedOperationException();
-  }
-}

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java
new file mode 100644
index 0000000..00f5611
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/CredentialResourceDefinitionTest.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.resources;
+
+import org.apache.ambari.server.controller.spi.Resource;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Collection;
+
+/**
+ * CredentialResourceDefinitionTest tests.
+ */
+public class CredentialResourceDefinitionTest {
+
+  @Test
+  public void testGetType() throws Exception {
+    CredentialResourceDefinition definition = new CredentialResourceDefinition();
+    Assert.assertEquals(Resource.Type.Credential, definition.getType());
+  }
+
+  @Test
+  public void testGetPluralName() throws Exception {
+    CredentialResourceDefinition definition = new CredentialResourceDefinition();
+    Assert.assertEquals("credentials", definition.getPluralName());
+  }
+
+  @Test
+  public void testGetSingularName() throws Exception {
+    CredentialResourceDefinition definition = new CredentialResourceDefinition();
+    Assert.assertEquals("credential", definition.getSingularName());
+  }
+
+  @Test
+  public void testGetSubResourceDefinitions() {
+    CredentialResourceDefinition definition = new CredentialResourceDefinition();
+    Assert.assertTrue(definition.getSubResourceDefinitions().isEmpty());
+  }
+
+  @Test
+  public void testGetCreateDirectives() {
+    CredentialResourceDefinition definition = new CredentialResourceDefinition();
+    Collection<String> directives = definition.getCreateDirectives();
+    Assert.assertEquals(0, directives.size());
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java
new file mode 100644
index 0000000..3d218fb
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/CredentialServiceTest.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
+import org.apache.ambari.server.api.services.serializers.ResultSerializer;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.UriInfo;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Unit tests for CredentialService.
+ */
+public class CredentialServiceTest extends BaseServiceTest {
+
+
+  public List<ServiceTestInvocation> getTestInvocations() throws Exception {
+    List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>();
+
+    //getCredential
+    CredentialService CredentialService = new TestCredentialService("alias");
+    Method m = CredentialService.getClass().getMethod("getCredential", HttpHeaders.class, UriInfo.class, String.class);
+    Object[] args = new Object[]{getHttpHeaders(), getUriInfo(), "alias"};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.GET, CredentialService, m, args, null));
+
+    //getCredentials
+    CredentialService = new TestCredentialService(null);
+    m = CredentialService.getClass().getMethod("getCredentials", HttpHeaders.class, UriInfo.class);
+    args = new Object[]{getHttpHeaders(), getUriInfo()};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.GET, CredentialService, m, args, null));
+
+    //createCredential
+    CredentialService = new TestCredentialService("alias");
+    m = CredentialService.getClass().getMethod("createCredential", String.class, HttpHeaders.class, UriInfo.class, String.class);
+    args = new Object[]{"body", getHttpHeaders(), getUriInfo(), "alias"};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.POST, CredentialService, m, args, "body"));
+
+    //deleteCredential
+    CredentialService = new TestCredentialService("alias");
+    m = CredentialService.getClass().getMethod("deleteCredential", HttpHeaders.class, UriInfo.class, String.class);
+    args = new Object[]{getHttpHeaders(), getUriInfo(), "alias"};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.DELETE, CredentialService, m, args, null));
+
+    return listInvocations;
+  }
+
+
+  private class TestCredentialService extends CredentialService {
+    private String alias;
+
+    private TestCredentialService(String alias) {
+      super("C1");
+      this.alias = alias;
+    }
+
+    @Override
+    ResourceInstance createCredentialResource(String alias) {
+      assertEquals(this.alias, alias);
+      return getTestResource();
+    }
+
+    @Override
+    RequestFactory getRequestFactory() {
+      return getTestRequestFactory();
+    }
+
+    @Override
+    protected RequestBodyParser getBodyParser() {
+      return getTestBodyParser();
+    }
+
+    @Override
+    protected ResultSerializer getResultSerializer() {
+      return getTestResultSerializer();
+    }
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
index bd02749..573c02f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/configuration/ConfigurationTest.java
@@ -32,10 +32,11 @@ import java.lang.reflect.Method;
 import java.util.Map;
 import java.util.Properties;
 
+import junit.framework.Assert;
+
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.configuration.Configuration.ConnectionPoolType;
 import org.apache.ambari.server.configuration.Configuration.DatabaseType;
-import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
 import org.apache.ambari.server.security.authorization.LdapServerProperties;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.RandomStringUtils;
@@ -52,26 +53,14 @@ import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
-import com.google.inject.Guice;
-import com.google.inject.Inject;
-import com.google.inject.Injector;
-
-import junit.framework.Assert;
-
 @RunWith(PowerMockRunner.class)
 @PrepareForTest({ Configuration.class })
 @PowerMockIgnore( {"javax.management.*", "javax.crypto.*"})
 public class ConfigurationTest {
   public TemporaryFolder temp = new TemporaryFolder();
-  private Injector injector;
-
-  @Inject
-  private Configuration config;
 
   @Before
   public void setup() throws Exception {
-    injector = Guice.createInjector(new InMemoryDefaultTestModule());
-    injector.injectMembers(this);
     temp.create();
   }
 
@@ -86,7 +75,7 @@ public class ConfigurationTest {
    */
   @Test
   public void testDefaultTwoWayAuthNotSet() throws Exception {
-    Assert.assertFalse(config.getTwoWaySsl());
+    Assert.assertFalse(new Configuration().getTwoWaySsl());
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
index 23ce914..10ede77 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariManagementControllerImplTest.java
@@ -44,6 +44,8 @@ import org.apache.ambari.server.orm.entities.ClusterVersionEntity;
 import org.apache.ambari.server.orm.entities.LdapSyncSpecEntity;
 import org.apache.ambari.server.orm.entities.RepositoryVersionEntity;
 import org.apache.ambari.server.security.authorization.Users;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreType;
 import org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator;
 import org.apache.ambari.server.security.ldap.LdapBatchDto;
 import org.apache.ambari.server.state.Cluster;
@@ -200,18 +202,26 @@ public class AmbariManagementControllerImplTest {
     expect(clusters.getCluster("cluster1")).andReturn(cluster);
     expect(cluster.convertToResponse()).andReturn(response);
 
+    CredentialStoreService credentialStoreService = createNiceMock(CredentialStoreService.class);
+    expect(credentialStoreService.isInitialized(anyObject(CredentialStoreType.class))).andReturn(true).anyTimes();
+
     // replay mocks
-    replay(injector, clusters, cluster, response);
+    replay(injector, clusters, cluster, response, credentialStoreService);
 
     // test
     AmbariManagementController controller = new AmbariManagementControllerImpl(null, clusters, injector);
+
+    Field f = controller.getClass().getDeclaredField("credentialStoreService");
+    f.setAccessible(true);
+    f.set(controller, credentialStoreService);
+
     Set<ClusterResponse> setResponses = controller.getClusters(setRequests);
 
     // assert and verify
     assertEquals(1, setResponses.size());
     assertTrue(setResponses.contains(response));
 
-    verify(injector, clusters, cluster, response);
+    verify(injector, clusters, cluster, response, credentialStoreService);
   }
 
   @Test
@@ -474,11 +484,20 @@ public class AmbariManagementControllerImplTest {
 
     expect(cluster.convertToResponse()).andReturn(response);
     expect(cluster2.convertToResponse()).andReturn(response2);
+
+    CredentialStoreService credentialStoreService = createNiceMock(CredentialStoreService.class);
+    expect(credentialStoreService.isInitialized(anyObject(CredentialStoreType.class))).andReturn(true).anyTimes();
+
     // replay mocks
-    replay(injector, clusters, cluster, cluster2, response, response2);
+    replay(injector, clusters, cluster, cluster2, response, response2, credentialStoreService);
 
     //test
     AmbariManagementController controller = new AmbariManagementControllerImpl(null, clusters, injector);
+
+    Field f = controller.getClass().getDeclaredField("credentialStoreService");
+    f.setAccessible(true);
+    f.set(controller, credentialStoreService);
+
     Set<ClusterResponse> setResponses = controller.getClusters(setRequests);
 
     // assert and verify
@@ -487,7 +506,7 @@ public class AmbariManagementControllerImplTest {
     assertTrue(setResponses.contains(response));
     assertTrue(setResponses.contains(response2));
 
-    verify(injector, clusters, cluster, cluster2, response, response2);
+    verify(injector, clusters, cluster, cluster2, response, response2, credentialStoreService);
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
new file mode 100644
index 0000000..04ce22a
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/CredentialResourceProviderTest.java
@@ -0,0 +1,683 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import junit.framework.Assert;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.ResourceProviderFactory;
+import org.apache.ambari.server.controller.predicate.AndPredicate;
+import org.apache.ambari.server.controller.spi.NoSuchResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.security.SecurePasswordHelper;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl;
+import org.apache.ambari.server.security.encryption.CredentialStoreType;
+import org.apache.ambari.server.security.encryption.MasterKeyServiceImpl;
+import org.apache.ambari.server.state.stack.OsFamily;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.File;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import static org.easymock.EasyMock.*;
+
+
+/**
+ * CredentialResourceProviderTest unit tests.
+ */
+@SuppressWarnings("unchecked")
+public class CredentialResourceProviderTest {
+
+  @Rule
+  public TemporaryFolder tmpFolder = new TemporaryFolder();
+
+  private Injector injector;
+
+  @Before
+  public void setUp() throws Exception {
+    tmpFolder.create();
+    final File masterKeyFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+    Assert.assertTrue(MasterKeyServiceImpl.initializeMasterKeyFile(masterKeyFile, "secret"));
+
+    injector = Guice.createInjector(new AbstractModule() {
+      @Override
+      protected void configure() {
+        Properties properties = new Properties();
+
+        properties.setProperty(Configuration.MASTER_KEY_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+        properties.setProperty(Configuration.MASTER_KEYSTORE_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+
+        bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
+
+        bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+        bind(SecurePasswordHelper.class).toInstance(new SecurePasswordHelper());
+        bind(Configuration.class).toInstance(new Configuration(properties));
+      }
+    });
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    tmpFolder.delete();
+  }
+
+  @Test
+  public void testCreateResources() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    Set<Map<String, Object>> setProperties = getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY);
+
+    // set expectations
+    expect(request.getProperties()).andReturn(setProperties);
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
+    ((ObservableResourceProvider) provider).addObserver(observer);
+
+    provider.createResources(request);
+
+    ResourceProviderEvent lastEvent = observer.getLastEvent();
+    Assert.assertNotNull(lastEvent);
+    Assert.assertEquals(Resource.Type.Credential, lastEvent.getResourceType());
+    Assert.assertEquals(ResourceProviderEvent.Type.Create, lastEvent.getType());
+    Assert.assertEquals(request, lastEvent.getRequest());
+    Assert.assertNull(lastEvent.getPredicate());
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testCreateResources_FailMissingAlias() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    Set<Map<String, Object>> setProperties = getCredentialTestProperties("c1", null, "username1", "password1", CredentialStoreType.TEMPORARY);
+
+    // set expectations
+    expect(request.getProperties()).andReturn(setProperties);
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    try {
+      provider.createResources(request);
+      Assert.fail("Expected exception due to missing alias");
+    } catch (IllegalArgumentException e) {
+      // expected
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testCreateResources_FailMissingPrincipal() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    Set<Map<String, Object>> setProperties = getCredentialTestProperties("c1", "alias1", null, "password1", CredentialStoreType.TEMPORARY);
+
+    // set expectations
+    expect(request.getProperties()).andReturn(setProperties);
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    try {
+      provider.createResources(request);
+      Assert.fail("Expected exception due to missing alias");
+    } catch (IllegalArgumentException e) {
+      // expected
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testCreateResources_NotInitialized() throws Exception {
+
+    // Create injector where the Configuration object does not have the persisted CredentialStore
+    // details set.
+    Injector injector = Guice.createInjector(new AbstractModule() {
+      @Override
+      protected void configure() {
+        Properties properties = new Properties();
+
+        bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
+
+        bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+        bind(SecurePasswordHelper.class).toInstance(new SecurePasswordHelper());
+        bind(Configuration.class).toInstance(new Configuration(properties));
+      }
+    });
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    // Create resources requests
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.PERSISTED)).once();
+
+    // Get resources request
+    expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+
+    // The temporary store should always be initialized.... this should succeed.
+    provider.createResources(request);
+
+    try {
+      provider.createResources(request);
+      Assert.fail("Expected IllegalArgumentException thrown");
+    } catch (IllegalArgumentException e) {
+      Assert.assertEquals("Credentials cannot be stored in Ambari's persistent secure credential " +
+              "store since secure persistent storage has not yet be configured.  Use ambari-server " +
+              "setup-security to enable this feature.", e.getLocalizedMessage()
+      );
+    }
+
+    verify(request, factory, managementController);
+  }
+
+
+  @Test
+  public void testGetResources() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    // Create resources requests
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.PERSISTED)).once();
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY)).once();
+
+
+    // Get resources request
+    expect(request.getPropertyIds()).andReturn(null).once();
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    provider.createResources(request);
+    provider.createResources(request);
+    provider.createResources(request);
+
+    Predicate predicate = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+        .toPredicate();
+
+    Set<Resource> results = provider.getResources(request, predicate);
+    Assert.assertEquals(3, results.size());
+
+    for (Resource result : results) {
+      Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+      Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+      if ("alias1".equals(alias)) {
+        Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+      } else if ("alias2".equals(alias)) {
+        Assert.assertEquals(CredentialStoreType.PERSISTED.name().toLowerCase(), type);
+      } else if ("alias3".equals(alias)) {
+        Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+      } else {
+        Assert.fail("Unexpected alias in list: " + alias.toString());
+      }
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testGetResources_WithPredicate() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    // Create resources requests
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.PERSISTED)).once();
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY)).once();
+
+    // Get resources request
+    expect(request.getPropertyIds()).andReturn(null).once();
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    provider.createResources(request);
+    provider.createResources(request);
+    provider.createResources(request);
+
+    Predicate predicate1 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+        .toPredicate();
+    Predicate predicate2 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias1")
+        .toPredicate();
+    Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+
+    Set<Resource> results = provider.getResources(request, predicate);
+    Assert.assertEquals(1, results.size());
+
+    for (Resource result : results) {
+      Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+      Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+      if ("alias1".equals(alias)) {
+        Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+      } else {
+        Assert.fail("Unexpected alias in list: " + alias.toString());
+      }
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testGetResources_WithPredicateNoResults() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    // Create resources requests
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY)).once();
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.PERSISTED)).once();
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY)).once();
+
+    // Get resources request
+    expect(request.getPropertyIds()).andReturn(null).once();
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    provider.createResources(request);
+    provider.createResources(request);
+    provider.createResources(request);
+
+    Predicate predicate1 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+        .toPredicate();
+    Predicate predicate2 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias4")
+        .toPredicate();
+    Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+    try {
+      provider.getResources(request, predicate);
+      Assert.fail("Expected NoSuchResourceException not thrown");
+    } catch (NoSuchResourceException e) {
+      // expected
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testUpdateResources() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    // Create resources requests
+    Set<Map<String, Object>> properties = new HashSet<Map<String, Object>>();
+    properties.addAll(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY));
+    properties.addAll(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.TEMPORARY));
+    properties.addAll(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY));
+    expect(request.getProperties()).andReturn(properties).once();
+
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", null, "username1", "password1", CredentialStoreType.PERSISTED)).once();
+
+    // Get resources request
+    expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    provider.createResources(request);
+
+    Predicate predicate1 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+        .toPredicate();
+    Predicate predicate2 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias1")
+        .toPredicate();
+    Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+    Set<Resource> results = provider.getResources(request, predicate);
+    Assert.assertEquals(1, results.size());
+
+    for (Resource result : results) {
+      Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+      Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+      if ("alias1".equals(alias)) {
+        Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+      } else {
+        Assert.fail("Unexpected alias in list: " + alias.toString());
+      }
+    }
+
+    provider.updateResources(request, predicate);
+
+    results = provider.getResources(request, predicate);
+    Assert.assertEquals(1, results.size());
+
+    for (Resource result : results) {
+      Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+      Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+      if ("alias1".equals(alias)) {
+        Assert.assertEquals(CredentialStoreType.PERSISTED.name().toLowerCase(), type);
+      } else {
+        Assert.fail("Unexpected alias in list: " + alias.toString());
+      }
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testUpdateResources_ResourceNotFound() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    // Create resources requests
+    Set<Map<String, Object>> properties = new HashSet<Map<String, Object>>();
+    properties.addAll(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY));
+    properties.addAll(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.TEMPORARY));
+    properties.addAll(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY));
+    expect(request.getProperties()).andReturn(properties).once();
+
+    expect(request.getProperties()).andReturn(getCredentialTestProperties("c1", null, "username1", "password1", CredentialStoreType.PERSISTED)).once();
+
+    // Get resources request
+    expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    provider.createResources(request);
+
+    Predicate predicate1 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+        .toPredicate();
+    Predicate predicate2 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias4")
+        .toPredicate();
+    Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+    try {
+      provider.updateResources(request, predicate);
+      Assert.fail("Expected NoSuchResourceException thrown");
+    } catch (NoSuchResourceException e) {
+      // expected
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  @Test
+  public void testDeleteResources() throws Exception {
+
+    AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Request request = createMock(Request.class);
+
+    CredentialResourceProvider credentialResourceProvider = new CredentialResourceProvider(managementController);
+    injector.injectMembers(credentialResourceProvider);
+
+    // Create resources requests
+    Set<Map<String, Object>> properties = new HashSet<Map<String, Object>>();
+    properties.addAll(getCredentialTestProperties("c1", "alias1", "username1", "password1", CredentialStoreType.TEMPORARY));
+    properties.addAll(getCredentialTestProperties("c1", "alias2", "username2", "password2", CredentialStoreType.TEMPORARY));
+    properties.addAll(getCredentialTestProperties("c1", "alias3", "username3", "password3", CredentialStoreType.TEMPORARY));
+    expect(request.getProperties()).andReturn(properties).once();
+
+    // Get resources request
+    expect(request.getPropertyIds()).andReturn(null).anyTimes();
+
+    ResourceProviderFactory factory = createMock(ResourceProviderFactory.class);
+    expect(factory.getCredentialResourceProvider(anyObject(AmbariManagementController.class))).andReturn(credentialResourceProvider);
+
+    replay(request, factory, managementController);
+    // end expectations
+
+    AbstractControllerResourceProvider.init(factory);
+
+    ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
+        Resource.Type.Credential,
+        PropertyHelper.getPropertyIds(Resource.Type.Credential),
+        PropertyHelper.getKeyPropertyIds(Resource.Type.Credential),
+        managementController);
+
+    provider.createResources(request);
+
+    Predicate predicate1 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID).equals("c1")
+        .toPredicate();
+    Predicate predicate2 = new PredicateBuilder()
+        .property(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID).equals("alias1")
+        .toPredicate();
+    Predicate predicate = new AndPredicate(predicate1, predicate2);
+
+    Set<Resource> results = provider.getResources(request, predicate);
+    Assert.assertEquals(1, results.size());
+
+    for (Resource result : results) {
+      Object alias = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID);
+      Object type = result.getPropertyValue(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID);
+
+      if ("alias1".equals(alias)) {
+        Assert.assertEquals(CredentialStoreType.TEMPORARY.name().toLowerCase(), type);
+      } else {
+        Assert.fail("Unexpected alias in list: " + alias.toString());
+      }
+    }
+
+    provider.deleteResources(predicate);
+
+    try {
+      provider.getResources(request, predicate);
+      Assert.fail("Expected NoSuchResourceException thrown");
+    } catch (NoSuchResourceException e) {
+      // expected
+    }
+
+    verify(request, factory, managementController);
+  }
+
+  private Set<Map<String, Object>> getCredentialTestProperties(String clusterName, String alias, String principal, String password, CredentialStoreType credentialStoreType) {
+    Map<String, Object> mapProperties = new HashMap<String, Object>();
+
+    if (clusterName != null) {
+      mapProperties.put(CredentialResourceProvider.CREDENTIAL_CLUSTER_NAME_PROPERTY_ID, clusterName);
+    }
+
+    if (alias != null) {
+      mapProperties.put(CredentialResourceProvider.CREDENTIAL_ALIAS_PROPERTY_ID, alias);
+    }
+
+    if (password != null) {
+      mapProperties.put(CredentialResourceProvider.CREDENTIAL_KEY_PROPERTY_ID, password);
+    }
+
+    if (principal != null) {
+      mapProperties.put(CredentialResourceProvider.CREDENTIAL_PRINCIPAL_PROPERTY_ID, principal);
+    }
+
+    if (credentialStoreType != null) {
+      mapProperties.put(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID, credentialStoreType.name().toLowerCase());
+    }
+
+    return Collections.singleton(mapProperties);
+  }
+}
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
index b0e1018..a84cc3f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java
@@ -46,6 +46,8 @@ import org.apache.ambari.server.security.SecurityHelper;
 import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
 import org.apache.ambari.server.security.authorization.User;
 import org.apache.ambari.server.security.authorization.Users;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl;
 import org.apache.ambari.server.stack.StackManagerFactory;
 import org.apache.ambari.server.stageplanner.RoleGraphFactory;
 import org.apache.ambari.server.stageplanner.RoleGraphFactoryImpl;
@@ -536,6 +538,7 @@ public class UserResourceProviderTest {
         bind(Users.class).toInstance(createMock(Users.class));
 
         bind(AmbariManagementController.class).to(AmbariManagementControllerImpl.class);
+        bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
       }
     });
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
index 1824486..251692f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java
@@ -136,7 +136,7 @@ public class AmbariAuthorizationFilterTest {
     expect(securityContext.getAuthentication()).andReturn(authentication);
 
 
-    expect(request.getMethod()).andReturn("POST");
+    expect(request.getMethod()).andReturn("POST").anyTimes();
     expect(permission.getId()).andReturn(PermissionEntity.VIEW_USE_PERMISSION);
 
     // expect permission denial
@@ -163,6 +163,14 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/views", "POST", true);
     urlTests.put("/api/v1/persist/SomeValue", "GET", true);
     urlTests.put("/api/v1/persist/SomeValue", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", true);
@@ -188,6 +196,14 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/views", "POST", false);
     urlTests.put("/api/v1/persist/SomeValue", "GET", true);
     urlTests.put("/api/v1/persist/SomeValue", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", false);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", false);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", false);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);
@@ -213,6 +229,14 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/views", "POST", false);
     urlTests.put("/api/v1/persist/SomeValue", "GET", true);
     urlTests.put("/api/v1/persist/SomeValue", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", true);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", false);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", false);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);
@@ -238,6 +262,14 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/views", "POST", true);
     urlTests.put("/api/v1/persist/SomeValue", "GET", true);
     urlTests.put("/api/v1/persist/SomeValue", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", false);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", true);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", true);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);
@@ -263,6 +295,14 @@ public class AmbariAuthorizationFilterTest {
     urlTests.put("/api/v1/views", "POST", false);
     urlTests.put("/api/v1/persist/SomeValue", "GET", true);
     urlTests.put("/api/v1/persist/SomeValue", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "PUT", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "GET", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/ambari.credential", "DELETE", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "POST", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "PUT", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "GET", false);
+    urlTests.put("/api/v1/clusters/c1/credentials/cluster.credential", "DELETE", false);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "GET", false);
     urlTests.put("/views/AllowedView/SomeVersion/SomeInstance", "POST", false);
     urlTests.put("/views/DeniedView/AnotherVersion/AnotherInstance", "GET", false);

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
index ef1a9c8..884cffa 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialProviderTest.java
@@ -50,20 +50,22 @@ public class CredentialProviderTest {
   public void testInitialization() throws Exception {
     CredentialProvider cr;
     File msFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+    File mksFile = tmpFolder.newFile(Configuration.MASTER_KEYSTORE_FILENAME_DEFAULT);
     try {
-      new CredentialProvider(null, null, true);
+      new CredentialProvider(null, null, true, null);
       Assert.fail("Expected an exception");
     } catch (Throwable t) {
       Assert.assertTrue(t instanceof IllegalArgumentException);
     }
     // Without master key persisted
-    cr = new CredentialProvider("blahblah!", msFile.getAbsolutePath(), false);
+    cr = new CredentialProvider("blahblah!", msFile, false, mksFile);
     Assert.assertNotNull(cr);
     Assert.assertNotNull(cr.getKeystoreService());
     // With master key persisted
     msFile.delete();
+    mksFile.delete();
     createMasterKey();
-    cr = new CredentialProvider(null, msFile.getAbsolutePath(), true);
+    cr = new CredentialProvider(null, msFile, true, mksFile);
     Assert.assertNotNull(cr);
     Assert.assertNotNull(cr.getKeystoreService());
   }
@@ -87,10 +89,11 @@ public class CredentialProviderTest {
   @Test
   public void testCredentialStore() throws Exception {
     File msFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+    File mksFile = tmpFolder.newFile(Configuration.MASTER_KEYSTORE_FILENAME_DEFAULT);
 
     // With master key persisted
     createMasterKey();
-    CredentialProvider cr = new CredentialProvider(null, msFile.getAbsolutePath(), true);
+    CredentialProvider cr = new CredentialProvider(null, msFile, true, mksFile);
     Assert.assertNotNull(cr);
     Assert.assertNotNull(cr.getKeystoreService());
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/7a962380/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
new file mode 100644
index 0000000..daea963
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/encryption/CredentialStoreServiceImplTest.java
@@ -0,0 +1,293 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.security.encryption;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import junit.framework.Assert;
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.SecurePasswordHelper;
+import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
+import org.apache.ambari.server.state.stack.OsFamily;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+import java.io.File;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+import static org.easymock.EasyMock.createNiceMock;
+
+public class CredentialStoreServiceImplTest {
+
+  @Rule
+  public TemporaryFolder tmpFolder = new TemporaryFolder();
+
+  private CredentialStoreServiceImpl credentialStoreService;
+
+  private static final String CLUSTER_NAME = "C1";
+
+  @Before
+  public void setUp() throws Exception {
+    tmpFolder.create();
+    final File masterKeyFile = tmpFolder.newFile(Configuration.MASTER_KEY_FILENAME_DEFAULT);
+    Assert.assertTrue(MasterKeyServiceImpl.initializeMasterKeyFile(masterKeyFile, "secret"));
+
+    Injector injector = Guice.createInjector(new AbstractModule() {
+      @Override
+      protected void configure() {
+        Properties properties = new Properties();
+
+        properties.setProperty(Configuration.MASTER_KEY_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+        properties.setProperty(Configuration.MASTER_KEYSTORE_LOCATION, tmpFolder.getRoot().getAbsolutePath());
+
+        bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+        bind(SecurePasswordHelper.class).toInstance(new SecurePasswordHelper());
+        bind(Configuration.class).toInstance(new Configuration(properties));
+      }
+    });
+
+
+    // Test to make sure the MasterKey file is ok...
+    MasterKeyService masterKeyService = new MasterKeyServiceImpl(masterKeyFile);
+    Assert.assertTrue(masterKeyService.isMasterKeyInitialized());
+
+    credentialStoreService = injector.getInstance(CredentialStoreServiceImpl.class);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    credentialStoreService = null;
+    tmpFolder.delete();
+  }
+
+  @Test
+  public void testSetAndGetCredential_Temporary() throws Exception {
+    PrincipalKeyCredential credential = new PrincipalKeyCredential("username", "password");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential, CredentialStoreType.TEMPORARY);
+
+    Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+  }
+
+  @Test
+  public void testSetAndGetCredential_Persisted() throws Exception {
+    PrincipalKeyCredential credential = new PrincipalKeyCredential("username", "password");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential, CredentialStoreType.PERSISTED);
+
+    Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertEquals(credential, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+  }
+
+  @Test
+  public void testRemoveCredential_Temporary() throws Exception {
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+    PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.TEMPORARY);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.TEMPORARY);
+
+    // Nothing should happen if forcing remove from persistent CredentialStore
+    credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED);
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+    // Remove should happen if forcing remove from temporary CredentialStore
+    credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY);
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+    // The other credentials should remain untouched
+    Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+  }
+
+  @Test
+  public void testRemoveCredential_Persisted() throws Exception {
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+    PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+
+    // Nothing should happen if forcing remove from temporary CredentialStore
+    credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY);
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+    // Remove should happen if forcing remove from persistent CredentialStore
+    credentialStoreService.removeCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED);
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+    // The other credentials should remain untouched
+    Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+  }
+
+  @Test
+  public void testRemoveCredential_Either() throws Exception {
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+    PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+    PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+    PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+    credentialStoreService.removeCredential(CLUSTER_NAME, "test1");
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+    Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+    Assert.assertEquals(credential3, credentialStoreService.getCredential(CLUSTER_NAME, "test3"));
+    Assert.assertEquals(credential4, credentialStoreService.getCredential(CLUSTER_NAME, "test4"));
+
+    credentialStoreService.removeCredential(CLUSTER_NAME, "test3");
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+    Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test2"));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test3"));
+    Assert.assertEquals(credential4, credentialStoreService.getCredential(CLUSTER_NAME, "test4"));
+  }
+
+
+  @Test
+  public void testUpdateCredential() throws Exception {
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+    PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.TEMPORARY);
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertEquals(credential1, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential2, CredentialStoreType.PERSISTED);
+    Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertNull(credentialStoreService.getCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertEquals(credential2, credentialStoreService.getCredential(CLUSTER_NAME, "test1"));
+  }
+
+
+  @Test
+  public void testContainsCredential() throws Exception {
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+    PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+    PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+    PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+
+    Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test1", CredentialStoreType.PERSISTED));
+    Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test3", CredentialStoreType.PERSISTED));
+
+    Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test1", CredentialStoreType.TEMPORARY));
+    Assert.assertFalse(credentialStoreService.containsCredential(CLUSTER_NAME, "test3", CredentialStoreType.PERSISTED));
+    Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test3", CredentialStoreType.TEMPORARY));
+
+    Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test1"));
+    Assert.assertTrue(credentialStoreService.containsCredential(CLUSTER_NAME, "test3"));
+  }
+
+
+  @Test
+  public void testIsCredentialPersisted() throws Exception {
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+    PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+    PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+    PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+    Assert.assertEquals(CredentialStoreType.PERSISTED, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test1"));
+    Assert.assertEquals(CredentialStoreType.PERSISTED, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test2"));
+    Assert.assertEquals(CredentialStoreType.TEMPORARY, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test3"));
+    Assert.assertEquals(CredentialStoreType.TEMPORARY, credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test4"));
+
+    try {
+      credentialStoreService.getCredentialStoreType(CLUSTER_NAME, "test5");
+      Assert.fail("Expected AmbariException to be thrown");
+    } catch (AmbariException e) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testListCredentials() throws Exception {
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+    PrincipalKeyCredential credential2 = new PrincipalKeyCredential("username2", "password2");
+    PrincipalKeyCredential credential3 = new PrincipalKeyCredential("username3", "password3");
+    PrincipalKeyCredential credential4 = new PrincipalKeyCredential("username4", "password4");
+    credentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test2", credential2, CredentialStoreType.PERSISTED);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test3", credential3, CredentialStoreType.TEMPORARY);
+    credentialStoreService.setCredential(CLUSTER_NAME, "test4", credential4, CredentialStoreType.TEMPORARY);
+
+    Map<String, CredentialStoreType> credentials = credentialStoreService.listCredentials(CLUSTER_NAME);
+    Assert.assertNotNull(credentials);
+    Assert.assertEquals(4, credentials.size());
+    Assert.assertEquals(CredentialStoreType.PERSISTED, credentials.get("test1"));
+    Assert.assertEquals(CredentialStoreType.PERSISTED, credentials.get("test2"));
+    Assert.assertEquals(CredentialStoreType.TEMPORARY, credentials.get("test3"));
+    Assert.assertEquals(CredentialStoreType.TEMPORARY, credentials.get("test4"));
+  }
+
+  @Test(expected = AmbariException.class)
+  public void testFailToReinitialize_Persisted() throws Exception {
+    // This should throw an exception not matter what the arguments are....
+    credentialStoreService.initializePersistedCredentialStore(null, null);
+  }
+
+  @Test(expected = AmbariException.class)
+  public void testFailToReinitialize_Temporary() throws Exception {
+    // This should throw an exception not matter what the arguments are....
+    credentialStoreService.initializeTemporaryCredentialStore(1, TimeUnit.MINUTES, false);
+  }
+
+  @Test
+  public void testFailNotInitialized() throws Exception {
+    Configuration configuration = new Configuration(new Properties());
+    CredentialStoreService uninitializedCredentialStoreService = new CredentialStoreServiceImpl(configuration, new SecurePasswordHelper());
+    PrincipalKeyCredential credential1 = new PrincipalKeyCredential("username1", "password1");
+
+    // The temporary store should always be initialized.... this should succeed.
+    uninitializedCredentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.TEMPORARY);
+
+    try {
+      uninitializedCredentialStoreService.setCredential(CLUSTER_NAME, "test1", credential1, CredentialStoreType.PERSISTED);
+      Assert.fail("AmbariException should have been thrown");
+    } catch (AmbariException e) {
+      // This is expected...
+    }
+  }
+}
\ No newline at end of file


Mime
View raw message